PRIVACY AND COOKIES NOTICE

This Privacy and Cookies Notice ("Notice") explains how WalletConnect Foundation ("Foundation", “we", “us”, “our") collects, uses, discloses retains and secures information about individuals who use our website(s), applications, services, tools and features, or otherwise interact with us (collectively, the “Services"). It also explains how we use cookies and other tracking technologies.

For the purposes of this Notice, “you” and “your” means you as the user of the Services, whether you are a customer, website visitor or another individual whose information we have collected pursuant to this Notice. The policy articulates the legal justifications for the processing of your Personal Data and also lists your data subject rights under the Cayman Islands' Data Protection Act as amended (“DPA”).

Please read this Notice carefully. By using, accessing, connecting to, or use any of the Services, you agree and consent to the collection, use, disclosure, retention and security of your information as described in this Notice. If you do not agree to this Notice, please do not use, access, or connect to any of the Services.

DEFINITIONS
1. For the purposes of this Notice, the following terms have the following meanings:
  1. "Appropriate Safeguards" means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time.
  2. "Data Controller" has the meaning given in applicable Data Protection Laws from time to time.
  3. "Data Protection Laws" means, as binding on either party or the Services provided under the Agreement:
    1. the DPA and the DPR;
    2. any laws which implement any such law;
    3. any laws that replace, extend, re-enact, consolidate or amend any of the foregoing; any ‘code of practice’ promulgated under section 42 of DPA; and any binding decision of the courts and tribunals of the Cayman Islands that relate to the application or interpretation of any of the foregoing.
  4. "Data Subject" has the meaning given in applicable Data Protection Laws from time to time.
  5. "Personal Data" has the meaning given in applicable Data Protection Laws from time to time.
  6. “Processing" (or to “Process”) means obtaining, recording or holding Personal Data, or carrying out any operation or set of operations on Personal Data, including – organising, adapting or altering the Personal Data; retrieving, consulting or using the Personal Data; disclosing the Personal Data by transmission, dissemination or otherwise making it available; or aligning, combining, blocking, erasing or destroying the Personal Data.
DATA PROTECTION PRINCIPLES
1. The Foundation respects your privacy, and you are entitled to have your Personal Data processed in accordance with the DPA. The key principles the Foundation applies when processing your Personal Data are as follows:
  1. Lawfulness: The Foundation will only collect Personal Data in a fair, lawful and transparent manner.
  2. Data minimisation: The Foundation will limit the collection of Personal Data to what is directly relevant and necessary for the Services provided.
  3. Purpose limitation: The Foundation will only collect Personal Data for specified, explicit and legitimate purposes.
  4. Accuracy: The Foundation will keep Personal Data accurate and up to date while there continues to be a client relationship, and in certain circumstances, after that relationship has ended.
  5. Data security and protection: The Foundation will implement technical and organisational measures to ensure an appropriate level of data security and protection considering the sensitivity of the Personal Data. Such measures provide for the prevention of any unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to that data.
  6. Access and rectification: The Foundation will process Personal Data in line with clients' legal rights.
  7. Retention limitation: The Foundation will retain Personal Data in a manner consistent with the applicable DPA and DPA Regulations and no longer than is necessary for the purposes for which it has been collected in accordance with its retention policy.
COLLECTION OF PERSONAL DATA
1. The Foundation collects various Personal Data which may include the following:
  1. Information you provide to us - Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you may directly submit through our Services includes:
    1. Basic identifying details, such as your name, age and email address, including any information provided through a Know Your Customer process;
    2. Profile data, such as any username, profile picture, avatar, or information that you may provide, set or create in relation to an online account on the Service.
    3. Blockchain activity data, such as information relating to or needed to complete your transactions on or through the Service (including wallet address, transaction number, transaction sender and recipient, transaction amount, and transaction history), as well as information relating to other on-chain activity associated with your publicly available wallet address, such as applications you have interacted with on the blockchain.
    4. Communications data based on our exchanges with you, including when you contact us through the Service or otherwise.
    5. Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
    6. Other Personal Data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
  2. Information we collect automatically - We may also automatically collect certain information about your interaction with the Services (“Usage Data”). Usage Data may include:
    1. Device information, such as device type, operating system, unique device identifier, and internet protocol (IP) address, and geographical location information.
    2. Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
    3. Communication interaction data, such as your interactions with our email, text or other communications - we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
    4. Communications Tracking data, such as data collected through Meta Pixel, Reddit Tag Manager, Google Audience Tag, and other similar tools to measure the effectiveness of our marketing campaigns and understand user conversion patterns.
    5. Other information regarding your interaction with the Services, such as browser type, log data, date and time stamps, clickstream data, interactions with marketing emails, and ad impressions.
  3. Information collected from other sources - We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. Such information may include:
    1. Public sources, such as public records, social media platforms, public blockchains, and other publicly available sources.
    2. Partners, such as marketing, development and software partners, or other third parties with which we integrate or otherwise connect in order to provide the Services.
    3. Service providers that provide services on our behalf or help us operate the Services or our business. including analytics providers such as Google Analytics.
    4. Third-party services, such as social media services, that you use to log into, or otherwise link to the Services, and any virtual asset wallet(s) or services that you link to the Services.
USE OF PERSONAL DATA
1. We may use Personal Data for the following purposes or as otherwise described at the time of collection:
  1. Service delivery and operations: We may use your personal information to provide the Services; enable security features of the Services; communicate with you about the Services, including by sending announcements related to the Services, updates, security alerts, and support and administrative messages; communicate with you about events or contests in which you participate; and provide support for the Services, and respond to your requests, questions and feedback.
  2. Service personalisation: We may use your personal information to: understand your needs and interests; personalise your experience with the Services and our related communications; and remember your selections and preferences as you navigate webpages.
  3. Service improvement and analytics: We may use your personal information to analyse your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails, and to develop new products and services.
  4. Marketing: We, together with our service providers and our partners, may collect and use your personal information for marketing and advertising purposes. For example, we may send you direct marketing communications and may personalise these messages based on your needs and interests.
  5. Events, promotions and contests: We may use your personal information to administer promotions and contests; communicate with you about promotions or contests in which you participate; and contact or market to you after collecting your personal information at an event, including an online event.
  6. Compliance and protection: We may use your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protect our, your or others' rights, privacy, safety or property; audit our internal processes for compliance with legal and contractual requirements or our internal policies; enforce the terms and conditions that govern the Services; and prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.
  7. Aggregation: We may use your personal information to create aggregated, de-identified and/or anonymised data from your personal information and other individuals whose personal information we collect. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyse and improve the Services and promote our business.
  8. Further uses: We may use your personal information for further uses, in which case, if they are not compatible with the initial purpose for which information was collected, we will ask for your consent to use of your personal information for those further purposes.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
1. We consider it necessary to collect and use Personal Data for the purposes described, and we do so on the following legal bases:
  1. Consent: You as a Data Subject have agreed and consented to the Processing of your Personal Data for specified purposes.
  2. Contractual Necessity: Processing is necessary for the performance of a contract to which you as a Data Subject is party or for the Foundation or its service providers to responsibly enter into a contract.
  3. Compliance with Legal Obligations: Processing is necessary for compliance with a legal obligation to which the Foundation or its affiliates are subject.
  4. Vital Interests: Processing is necessary in order to protect the vital interests of you as a Data Subject or of another natural person.
  5. Public or Legitimate Interests: Processing is necessary for the performance of a task carried out in the public interest or is necessary for legitimate interests pursued by the Foundation or a third party, except where such interests are outweighed by your countervailing interests or fundamental rights and freedoms as a Data Subject and require protection of your Personal Data from Processing.
2. The Processing of Personal Data may be permissible under several of the above legal bases.
DISCLOSURE OF PERSONAL DATA
1. We may disclose your Personal Data to third parties for legitimate purposes subject to this Notice, including the following categories of third parties:
  1. Third-party blockchain networks, applications, platforms and systems, including third-party wallet providers;
  2. Third-party service providers, including providers of user support, payment processing, payment networks, web analytics, security, marketing, analytics and cloud storage;
  3. Third-party entities affiliated with us, whether or not part of the same corporate group;
  4. Third party advisors, such as auditors, law firms or accounting firms;
  5. Third parties in connection with or anticipation of an asset sale, merger or other business transaction, including in the context of a liquidation or bankruptcy.
  6. Third parties to whom you request or direct us to disclose information, including through your use of social media widgets or login integration.
2. We may also disclose your Personal Data as needed to comply with applicable law or any obligations thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any applicable Terms of Use, and to ensure the safety and security of our business, employees, and users.
3. For the purposes of the DPA, third parties who receive Personal Data in accordance with this Notice are considered joint Data Controllers of such Personal Data. Although joint Data Controllers have shared discretion over the purposes of Processing, all such Data Controllers should Process such shared Personal Data in accordance with Data Protection Laws applicable to you as a Data Subject. We will provide you the names of the third parties Processing your Personal Data upon written request. We invite you to review the privacy policies of those third parties. s
RETENTION AND SECURITY OF PERSONAL DATA
1. The Foundation retains your Personal Data for as long as a relationship exists between you and us, and the Personal Data is necessary to manage that relationship. When there is no longer a relationship, the Foundation will retain certain types of Personal Data for varying periods depending on legal requirements and business needs. Personal Data that is no longer needed will be destroyed. The Foundation will always hold your Personal Data for the least amount of time necessary in accordance with its retention policy. For specific retention periods, clients should contact the Foundation at our Notice Address (below).
2. The Foundation employs appropriate technical and organisational measures to protect against unauthorized processing, accidental loss or destruction of, or damage to, your Personal Data in accordance with its Information Technology policies. Despite our reasonable efforts to protect your Personal Data, no security measures are impenetrable, and we cannot guarantee “perfect security.” Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information.
3. In the case of a known data breach involving any loss, misuse, or alteration of your Personal Data that is likely to result in a material risk to your rights and freedoms, and unless Data Protection Laws require otherwise, the Foundation will use reasonable endeavours to notify you and applicable supervisory or data protection authorities within five days barring exigent circumstances.
THIRD PARTY WEBSITES, LINKS, APPLICATIONS AND WALLETS
1. Our Services may contain links to websites, applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
2. Certain transactions conducted via our Services may require you to connect a compatible third-party virtual asset wallet to the Services ("Wallet"). By using such Wallet to conduct such transactions via the Services, you agree that your interactions with such third-party Wallets are governed by the privacy policy for the applicable Wallet, and you agree that you are using the Wallet in accordance with the terms and conditions of the applicable third-party provider of such Wallet. Wallets are not maintained or supported by, or associated or affiliated with, the Foundation. We expressly disclaim any and all liability for actions arising from your use of third-party Wallets, including but without limitation, actions relating to the use or disclosure of Personal Data by such third-party Wallets.
COOKIES AND OTHER TRACKING TECHNOLOGIES
1. To enhance your experience on our website and ensure the functionality of the services, we may use the following tracking technologies (collectively, the "Tracking Technologies"):
  1. Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
  2. Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  3. Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
  4. Software development kits, which are third-party computer code that may be used for a variety of purposes, including to provide analytics regarding the use of Services, to integrate with third-parties, and to add features or functionality to the Services.
2. You have several options for managing the use of Tracking Technologies:
  1. Browser Settings: Most web browsers allow you to control cookies through your settings. You can set your browser to notify you when a cookie is being set or to block or delete all cookies; however, blocking or deleting cookies may cause some of the Services, including certain features and general functionality, to work incorrectly.
  2. Opt-out Mechanisms: You can opt-out of certain Tracking Technologies by using the following links:
  3. If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us at our Notice Address (below)
  4. Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or other mechanism for exercising your choice regarding the collection of your information when you visit various websites. Like many websites, our website is not designed to respond to such signals, and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference signals.
INTERNATIONAL TRANSFER OF PERSONAL DATA
1. Your Personal Data is stored in the Cayman Islands unless it is transferred to another country for legitimate purposes we consider necessary in accordance with this Notice. If at any time the Foundation transfers Personal Data outside the Cayman Islands, it will use reasonable endeavours to ensure that there are Adequate Safeguards for the rights and freedoms of Data Subjects as required by the DPA.
PERSONAL DATA OF CHILDREN
1. The Services are not generally intended for use by anyone under eighteen (18) years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us at our Notice Address.
2. If we learn that we have collected personal information through the Services from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
YOUR RIGHTS AS A DATA SUBJECT
1. You have a right to be informed how your Personal Data is processed and this Notice fulfils the Foundation's obligation in that respect. If you have further questions or concerns not addressed in this notice, you may contact us at our Notice Address.
2. You have a right to request access to your Personal Data, the right to request rectification/correction of your Personal Data, the right to request that processing of your Personal Data be stopped or restricted, deleted and the right to require the Foundation to cease processing your Personal Data for direct marketing purposes. If you wish to exercise any of these rights, please contact us at our Notice Address.
CHANGES TO THIS NOTICE
1. We may modify this Notice from time to time, in which case we will update the “Last Updated” date at the top of this Notice. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you by posting notice of such changes on the Services, or by other means consistent with applicable law. If you do not agree to any updates to this Notice, please do not continue using or accessing the Services.
CONTACT INFORMATION
1. Should you have any questions about our privacy practices or this Notice, please email us at [email protected] ("Notice Address")