VeWorld Privacy Policy

Last Updated: February 16, 2023

This privacy policy ("Privacy Policy") is effective as of the date shown above, and describes how VeChain Foundation San Marino S.r.l. ("VeChain," "we," "our," or "us,") collects, uses, shares and otherwise processes information collected about you when you download our digital wallet browser extension VeWorld (herein referred to as "VeWorld" or the "Service").

If you are a data subject in the United Kingdom ("UK") or any part of the European Economic Area ("EEA") and/or in any case Regulation (EU) 2016/679 applies ("GDPR"), please also see paragraph 10 below entitled Additional Disclosures for People in Europe.

PRODUCT OVERVIEW

VeWorld is a non-custodial digital wallet compatible with the VeChainThor Blockchain or other authorized blockchains by VeChain (the "Blockchain") and is provided as a downloadable browser extension governed under the VeWorld Digital Wallet Terms of Service ("Terms"). Upon setting-up your VeWorld digital wallet, you will be assigned a private key and public digital wallet address. We are not provided with a copy of your private key and we are unable to recover any private key in the event it is lost.

THE INFORMATION WE COLLECT ABOUT YOU

We limit what personal data is required to use VeWorld. While you may voluntarily provide to us certain information that includes personal data like contact information and communications as described below, such personal data is not required to use the Service. However, in order to provide the Service, there is limited information, which may include personal data that must be collected automatically. Please read the below carefully to understand what may be collected and how it is used:

(a) Information You May Voluntarily Provide

When you reach out to VeChain in connection with VeWorld, our Terms, or this Privacy Policy, we may collect certain information from you that you are voluntarily providing including:

i. Contact Information, including name or email > address when you reach out to us for support or other > communications; and

ii. Content, including any content in communications > with us that you provide;

(b) Information We Collect Automatically.

When you use VeWorld as the digital wallet for a given transaction on the Blockchain, we will process limited information automatically including:

i. Use Data, including data about analytic data use, browser type, > operating system, time stamps, and your referring and exiting > pages;

ii. Log Files, which are files that record events that occur in > connection with your use of the Services; and

iii. Transaction Data, including information related to transactions > such as public wallet addresses.

Use Data and Log Files, and to the extent you share them with us, Contact Information and Content are used to maintain, improve and enhance our Service and develop new products, prevent fraud, for analytics, and to generally comply with applicable laws.

Transaction Data is not stored by VeChain, and is only used as necessary to forward data to the Blockchain when you engage in a transaction using your VeWorld digital wallet.

We also collect non-identifying aggregate information which we may us for the exclusive purpose of improving the security, compatibility or interoperability of the VeWorld software.

HOW WE USE THE INFORMATION WE COLLECT ABOUT YOU

We use the information we collect from and about you for the following business purposes:

(a) To provide, maintain, improve, and enhance our Service;

(b) To understand and analyze how our Service is used and develop new products, services, features, and functionality;

(c) To communicate with you, provide you with updates and other information relating to our Service, provide information that you request, respond to comments and questions, and otherwise provide customer support;

(d) To find and prevent fraud, and respond to trust and safety issues that may arise; and

(e) For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

For information on your rights and choices regarding how we use personal data about you, please see the paragraph 5 below entitled Your Rights and Choices.

SHARING OF PERSONAL AND NON-PERSONAL DATA

We share information we collect in accordance with the practices described in this Privacy Policy. The types of entities we may have shared information with or may share information with in the future include the following:

(a) Third Parties Providing Services On Our Behalf. In order to make various features, services and materials available to you through the Service, perform analytics, host the Service, and respond to your requests and inquiries, we may share your information you provide with third parties that perform functions on our behalf;

(b) Blockchain Platform. When you engage in a transaction that is recorded on the Blockchain, certain information that may be considered personal data related to that transaction will be published on the blockchain and may be accessible to third parties not controlled by VeChain, and will be recorded on the Blockchain permanently across a wide network of computer systems and be incapable of deletion. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal data, especially when blockchain data is combined with other data;

(c) Business Transfers. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition, business combination of all or any portion of our business or assets, change of control, or a transfer of all or a portion of our business or assets to another third party (including in the case of any bankruptcy proceeding);

(d) Legal Disclosure. Under certain circumstances, we may be required to cooperate with legal investigations and/or we may be subject to legal requirements to disclose information collected through the Service, such as a by court or a governmental agency. We may also disclose personal data to investigate any violation or potential violation of the law, this Privacy Policy, or applicable VeWorld Digital Wallet Terms of Use or to protect or defend the rights and property of VeChain; and

(e) Consent. We share information with notice to you and your consent.

If GDPR applies to you, you can also contact us to receive additional information on subjects for we share your personal data.

YOUR RIGHTS AND CHOICES

(a) Uninstalling Your VeWorld Digital Wallet

You may uninstall your VeWorld digital wallet browser extension at any time. Please note that any transactions made on the Blockchain while using your VeWorld digital wallet are permanently recorded on the Blockchain, and deleting your VeWorld digital wallet will have no effect on the Blockchain ledger or any digital assets still associated with your VeWorld digital wallet following any uninstallation; and

(b) Communications.

E-mails: You can opt-out of receiving promotional emails from us at any time by following the removal instructions in the specific communication that you receive, or emailing us at the email address provided in paragraph 9 below entitled Contact Us with the word UNSUBSCRIBE in the subject field of the email. Note that your opt out is limited to the email address used.

DATA SECURITY

VeChain uses reasonable security measures designed to prevent unauthorized intrusion to the Service and the alteration, acquisition or misuse of personal data. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you, collected from you, or submitted by you. We will not be responsible for loss, corruption or unauthorized acquisition or misuse of information that you provide or that we collect through the Service that is stored by us or our service providers, or for any damages resulting from such loss, corruption or unauthorized acquisition or misuse.

CHILDREN'S PRIVACY

VeWorld is not directed towards, nor was it designed to attract the attention of any children, and we do not knowingly collect or maintain personal data from any person under the age of thirteen.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address, by informing you about such changes through our website and/or via other channels we may use to communicate with you.

CONTACT US

Please contact us at veworld@vechain.org if you have any questions or concerns about this Privacy Policy.

ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN EUROPE

(a) Roles

GDPR and data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). VeChain acts as a controller with respect to personal data collected as you interact with our Service;

(b) Lawful Basis for Processing

GDPR and data protection laws in Europe require a "lawful basis" for processing personal data. Our lawful bases include the following:

(i) To fulfill obligation in the contract between you and VeChain. To download the VeWorld digital wallet browser extension, you and VeChain entered into an agreement under the VeWorld Digital Wallet Terms of Use, and in order for VeChain to fulfill its obligations with respect to providing the Service under such agreement, we have to collect your Log Data, and Transaction Data to provide the necessary functionality as further described in subparagraph 2(b) above entitled Information Collected Automatically

(ii) To pursue our legitimate interests. We rely on legitimate interests pursued by us to process your information, including understanding how our Service is functioning, improving our Service, developing new products and preventing fraud. Information we will use include Use Data and Log Data. Where we solely rely on legitimate interest, we carry out a balancing test to weight our interests against your right to personal data protection, our processing will never override your fundamental rights and freedoms, and you can always exercise your right to object to such processing;

(iii) Consent. In certain situations where you provide us with consent, we may process your information; and

(iv) To comply with law. In limited circumstances, we may process information in order to comply with legal obligations. To the extent we have received such information from third parties where we have agreed to contractual requirements such as standard contractual clauses, we will use our reasonable efforts to dispute making such disclosures unless legally required to do so;

(c) Retention of Information

Once the purpose of processing is fulfilled, we retain personal data for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or anonymize personal data once the applicable retention period has expired.

Note that blockchains (including our Blockchain) are designed by default to permanently record information across a wide network of computer systems; therefore, while we commit not to store immediately identifiable personal data, some pseudonymized information will be stored across the Blockchain and therefore it will not be possible to delete such information;

(d) Data Transfer

If GDPR applies and your data is transferred outside UK or the EEA to the United States or any other country, we will transfer your personal data subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of article 45 the GDPR, or Standard Contractual Clauses as provided from time to time by the European Commission. You can receive additional information on where your data is transferred, and which are the appropriate safeguards by contacting us;

(e) Your Data Subject Rights

(i) Your Rights to Your Information.

If you are a data subject according to the GDPR, subject to certain conditions you have the right to:

1. access, rectify, or erase any personal data we process about you;
2. data portability, asking us to transfer to any third party at your choice
3. restrict or object to our processing of personal data we process about you; and
4. where applicable, withdraw your consent at any time for any data processing; and

(ii) How to Exercise Your Rights.

You may exercise your rights by submitting a written request to us at the email address set out in paragraph 9 above entitled Contact Us. We will respond to your request within thirty (30) days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions;

(iii) When Information May Be Retained.

Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes including to perform under the contract, as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements;

(f) Complaints

If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the Data Protection Supervisory Authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.