“DP Law” means data protection law applicable to Morfin, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts. Personal Data” has the meaning set forth in DP Law. This notice covers our use of your personal data arising from use of the Morfin mobile application, website (www.Morfin.io) as well as registering / subscribing / buying / using our products and services. If you have any questions or need any further clarity please get in touch. Contact details are set out below in the Contact Us section.
- The types of Personal Data we collect and how it may be used;
- How and why we may disclose your Personal Data to third parties;
- The transfer of your Personal Data within and outside of the European Economic Area (“EEA”);
- Your statutory rights concerning your Personal Data;
- The security measures we use to protect and prevent the loss, misuse, or alteration of Personal Data; and
- Morfin’s retention of your Personal Data.
As a registered user on the Morfin platform, when you join a community and add it to your dashboard you become a member of that community and can take part on challenges posted in it.
B. Community Administrator
As a registered user on the Morfin platform, when you create a new community you become a Community Administrator and you can post challenges for the members and manage members. (accept members or exclude them from the community)
C. Shop Administrator
As a registered user on the Morfin platform, when you create a shop you become a Shop Administrator. As a shop user you can join communities to offer products and services against tokens.
Collection and use of personal information and user created data
A. Personal Information and User Created Data (content) We Collect
Content and data/information submitted by users to Morfin are referred to in this policy as “Content”. For instance Content can be: any data and content created with the platform tools like the Scenario Designer, uploaded directly(such as files), or otherwise made available by Community Administrators through the Morfin platform administration interfaces, and any data and content by Community Administrators and Community Members including text, photos, sounds, music, videos, audiovisual combinations, interactive features, profile information and anything else entered or uploaded onto the Morfin Mobile Application or Morfin Platform.
We collect the Personal Data you provide directly to us or which we generate when you open a Morfin Account, perform any tasks and challenges on the Morfin Platform, win rewards, redeem rewards, or use other Morfin Services or our website. This may include:
- Contact information, such as name, home address, and email address, phone number. In order to prevent certain type of fraud we rely on phone numbers instead of usernames, so the phone number is used for security reasons and to prevent fraud. Your name is requested but not verified and home address and email address are optional and required only for certain application features – such as delivery of rewards, account recovery, orders confirmation and so on. No marketing emails or SMSs will be send by Morfin or any community administrators.
- Account information, such as password, account settings, avatar and preferences: account information generally consist in points, achievements, token balance, coupons, all of them are created only when the user participates to challenges, tasks as a member of a community. Passwords are encrypted one way (cannot be decrypted).
- Geolocation information: in case a challenge or a task require location for validation of the task or action we take the location via phone GPS or bluetooth beacon with user consent. The location is not saved and the user is not tracked.
- Fitness activity information: if a task or a challenge requires the number of steps or to measure activities such as biking we the application will ask for that information from the phone sensors or from the operating system services with the user consent. This information is used only in the context of the challenge or task.
- Billing information: we limit the information collected here to the legal requirements. This is applicable just to the users that are purchasing products and services inside the platform for instance community administrators with premium subscriptions.
- Information regarding the way in which you use our services, such as when you used our services and the specific services used; and
- Information relating to communications with us, whether through the Morfin website or via e-mail, over the phone or via any other medium.
We also automatically collect certain computer, device and browsing information when you access the Morfin website or use Morfin Services. This information is aggregated to provide statistical data about our users’ browsing actions and patterns, and does not personally identify individuals. This information may include:
- Computer or mobile device information, including IP address, operating system, network system, browser type and settings;
- Website usage information.
- Location information
The Morfin website is using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features or our website or services, such as logging on to your Morfin Account or making transactions. Your use of our website or service with a browser that is configure to accept cookies constitutes an acceptance of our and third-party cookies.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features or our website or Services, such as logging on to your Morfin Account or making Transactions.
C. How We Use Your Personal Information
We collect and use your information for a variety of reasons. We need some information to enter into and perform a contract/subscription – for example your contact and payment details. Some information processing is required by law due to our anti-fraud screening obligations or in the public interest such as making sure we verify our customers’ identities – especially for community administrators and community owners to try the best in protecting community members from different types of fraud by the community owners.
Some information is processed because you’ve given your consent to that, which can be withdrawn inside the mobile application.
We may use your Personal Information to:
- Create and administer your Morfin account and generally for accounting, billing, maintenance of legal documentation and claim and dispute management. Related processing operations are necessary for the performance of a contract with you (or to take steps at your request prior to entering into a contract), and for compliance with legal obligations to which we are subject;
- Process your token transactions on the platform.
- The user generated contest may be used for : maintain and improve Morfin services. Prevent or address service, security, technical issues or at a Community Administrator’s or Member’s request in connection with customer support matters. To comply with the law.
- Your content created in the context of a community might be removed by the community administrator if it does not comply with the community rules or with the community code of conduct. For example it’s offensive or inappropriate.
- Personalise your Morfin Services experience. Related processing operations are necessary for purposes of our legitimate interests (that is, improving our services);
- Analyse Morfin website usage, and improve our website and website offerings. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our services);
- Analyse Morfin mobile application usage, and improve our application and offerings. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our services);
- Help us respond to your customer service requests and support needs. Related processing operations are necessary for the performance of a contract with you, and for purposes of our legitimate interests (that is, improving our services and offering you the best experience);
- Contact you about Morfin Services. The email address you provide may be used to communicate information and updates related to your use of the Morfin Services.
Automated Decisions Making
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our services to you based on a credit check/risk profiling. Depending on the outcome of the credit check/risk profiling, a decision will be reached automatically as to whether we are able to provide products or services to you based on your credit worthiness.
If you disagree with the decision you are entitled to contest this by contacting us at following email address: firstname.lastname@example.org
We may also occasionally communicate company news, updates, promotions and related information relating to similar products and services provided by Morfin. We may also administer a contest, promotion, survey or other site features as will be more explained on the website. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under DP Law in pursuit of our legitimate interests (that is, promoting our services).
We may share personal data with third parties to help us with our marketing and promotional projects, or sending marketing communications.
If you want to opt out of receiving promotional and marketing emails, text messages, post and other forms of communications from us (or our promotional partners) in relation to which you might receive in accordance with this section, you can best opt out by using one of the following ways:
- Log into your account and update your profile.
- Click “unsubscribe” at the bottom of an email we sent you.
- contact us at email@example.com to opt-out.
If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as account status and activity updates, survey requests in respect of products and services we have provided to you after you reserve from us, reservation confirmations or respond to your inquiries or complaints, and similar communications.
Disclosing and transferring personal data
We may disclose your Personal Data to third parties and legal and regulatory authorities, and transfer your Personal Data outside the EEA, as described below.
A. Disclosures to Third Parties
There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties.
- We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other recipients/service providers include advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centers. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function;
- We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
Your personal data may be transferred to other third party organizations in certain scenarios:
- If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
- If we are reorganized or sold, information may be transferred to a buyer who can continue to provide services to you;
- If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
- If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide Morfin Services or as required by law.
Morfin’s third party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with DP Law.
B. Disclosures to Legal Authorities
We may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:
- Compelled by court order, or other legal procedure.
- Disclosure is necessary to report suspected illegal activity.
C. International Transfers of Personal Data
We store and process your Personal Data in data centers around the world, wherever Morfin facilities or service providers are located. As such, we may transfer your Personal Data outside of the European Union. Some of the countries to which your personal data may be transferred for these purposes that are located outside the EU do not benefit from an adequacy decision issued by the EU Commission regarding protection afforded to personal data in that country. Details of these specific countries can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Such transfers are undertaken in accordance with our legal and regulatory obligations and appropriate safeguards under DP Law will be implemented, such as standard data protection clauses with data recipients or processors approved by competent authorities. A copy may be requested at the address set out in the Contact Us section.
Your statutory rights
You have certain rights concerning your Personal Data under DP Law as mentioned below, and can exercise them by contacting us at firstname.lastname@example.org
Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it to check that we are lawfully processing it. We process a large quantity of information, and can thus request, in accordance with DP Law, that before the information is delivered, you specify the information or processing activities to which your request relates.
Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Transfer: you may request the transfer of certain of your personal data to another party.
Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) you may challenge this. However we may be entitled to continue processing your information based on the our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.
Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place. In Luxembourg you can make a complaint to the Luxembourg data protection authority (Commission nationale pour la protection des données, Tel: 00352 26 10 60 1 or at www.cnpd.public.lu).
Security of personal data
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorized access, misuse, alteration or destruction. These security measures include, but are not limited to:
- Password protected directories and databases;
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely;
- PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized Morfin personnel are permitted access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
You are responsible for keeping your account passcode, membership numbers and pin numbers safe and secure. Do not share those with anyone. If there is an unauthorized use or any other breach of security involving your information, you must notify us below as soon as possible.
Retention of personal data
- How long you have been a Morfin member;
- whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time;
- whether there is any ongoing legal or financial claim that relates to your relationship with us;
- whether any applicable law, statute, or regulation allows for a specific retention period; and
- what the expectation for retention was at the time the data was provided to us.
In accordance with our record keeping obligations, we will retain Account and other Personal Data for at least five years (and some up to ten years, as required by applicable law) after an Account is closed.
DP Law. means data protection law applicable to Morfin, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts as well as equivalent legislation, which is applies to the processing of Personal Data by Morfin.
Personal Data. Information that identifies an individual, such as name, address, e-mail address, trading information, and banking details. Personal Data does not include anonymized and/or aggregated data that does not identify a specific user;
Service(s). The technological platform, functional rules and market managed by Morfin to permit its users to perform purchase and sale transactions of Bitcoins, other virtual currencies, FIAT money transactions through provided IBAN, currency exchange and use of debit cards.
Transaction. Includes the following:
- The agreement between buyers and the sellers to exchange Bitcoins through the Service for currencies at a commonly agreed rate;
- The conversion of currencies into virtual currencies deposited by members on their account;
- The transfer of currencies and virtual currencies among members;
- Payments via SEPA transfer or via debit cards
- The transfer of currencies among members; and
- The purchase of ancillary products.