Grand Time
Privacy Notice

Version: 1.01
Last revised: 27.07.2021

Introduction

This Privacy Notice describes how Grand Time Group LTD collects and processes users’ data through https://grandtime.org/ website, including all services and functions of the platform (the “Website”). The terms “we”, “us”, “our” refer to Grand Time
Group LTD, a legal person registered under the laws of Seychelles.

The Privacy Notice provides you (a user or a visitor on our Website) with details about the personal information we collect from you in the process of the Token Sale and/or directly on our request, how we use your personal information and your rights to control the personal information we hold about you. This Privacy Notice is part of the agreement between you and us, Grand Token Sale Terms and Conditions (the “Terms and Conditions”). Unless explicitly stated otherwise, the terms in this Privacy Notice have the same meaning as in the Terms and Conditions.

Please read this Privacy Notice carefully. By accessing or browsing this Website and participating in the Token Sale, you confirm that you have read, understood and agree to this Privacy Notice in its entirety. If you do not agree to this Privacy Notice in its entirety, you must not use this Website.

We may change this Privacy Notice from time to time, and you agree that by accessing or using the Website and participating in the Token Sale at any time after a change, you will be confirming your acceptance of the new version of the Privacy Notice. We respect your right to privacy and will only process personal information you provide to us in accordance with this Privacy Notice and applicable privacy laws.

You can contact us at:

Grand Time Group LTD
Registered address: Room B11, First Floor Providence Complex, Providence, Mahe, Seychelles
Contact email address: [email protected]

Information we collect from you

Account Set Up & Participation in the Token Sale

If you want to use Website’s functionality and participate in the Token Sale, you will have to register an Account. We will ask you for your email address, gender, country, date of birth, and you will have to create an Account password. To purchase Grand Tokens, you will also have to provide us with an Ethereum wallet address.

Your date of birth is necessary to verify that you are of acceptable age. We do not intend to collect nor process the children’s (under 18 years old) personal data. Only individuals, who are already 18 years old, may use our Website and provide information to us.

We use/store your email address in order:

(a) to verify your identity every time you log in to your account;
(b) to reset your password if you forgot it;
(c) to contact you regarding your account and our updates (support emails); and
(d) to comply with our legal obligations. For more info, please refer to our AML Policy.

KYC/AML/CFT

To comply with the laws on the prevention of money laundering and terrorist financing, we are required to collect, keep, and analyze the documents that identify you, contact details, history of transactions, verification data, including from third-party sources (e.g., consumer reporting agencies, public databases, commercial registries, and sanction lists), and other types of information prescribed by law. We will ensure the confidentiality of collected information and will not use the data from your KYC/AML profile for any other purposes.

For more information on the KYC/AML procedure and types of information collected for this purpose, please refer to our AML Policy.

Grand Time Ambassador Programme

If you want to become a Grand Time Ambassador you can participate in our referral programme and share a unique affiliate link with your friends, which we will process to give you a reward for references.

The referral link is configured like this: it will track all visitors that click the link by placing a cookie and record the browser fingerprint. 20% of all ETH purchases from that specific visitor within 30 days will be accredited to your affiliate account.

We can collect data about what actions the User performs on the Website. Such data includes:

● the Internet Protocol address of the User’s computer (“IP”),
● the type and version of the browser,
● our website pages visited by the User,
● the time and date of the visit,
● the time spent on these pages and other statistics.

Cookies

In order to provide you with a personalized experience and improve the functionality and efficiency of our Website, we may use cookies, web beacons and other similar technologies to collect, store and use information about your interaction on the Website. For more information on our use of cookies, please refer to our Cookie Notice.

Legal Basis for Processing

We use your Account & Ethereum information:

● to create and maintain your User Account. The applied legal basis for this is the performance of the contract (Terms and Conditions) between you and us (GDPR Art. 6.1.b);
● to contact you regarding the work of the platform or your Account, including by email and sending you web notifications (GDPR Art. 6.1.b);
● upon receiving the consent from you, to send you marketing or promotional materials (GDPR Art. 6.1.a);
● to analyze the efficiency of our Website in our legitimate interests (GDPR Art. 6.1.f);
● to store certain types of information for compliance with law, e.g. KYC/AML obligations (GDPR Art. 6.1.c);
● to issue Grand Token to you. The applied legal basis for this is the performance of the contract (Terms and Conditions) between you and us (GDPR Art. 6.1.b).

Technical support

You may leave a request for support via the support form on the Website or by email. We use this information to provide you with the help you might need, fix and improve the platform, and analyse our efficiency in marketing and product efforts, including by creating statistics of inquiries.

The applied legal basis for this is the performance of the contract (Terms and Conditions) between you and us (GDPR Art. 6.1.b) and our legitimate interest to improve the Website (GDPR Art. 6.1.f).

Website, sales, and marketing activities

The following data collection activities are present on our Website:

● Collection of visitor logs (device, browser information, IP address) to ensure fraud prevention and manage user sessions, stored for 6 months of your last visit. The applied legal basis is our legitimate interests (GDPR Art. 6.1.f);
● Cookies – for more information please visit our Cookie Notice;
● Visitor traffic analysis done using third-party analytics providers. This activity, depending on the method used, is performed based either on your consent (cookie tracking) or our legitimate interests (GDPR Art. 6.1.f).

Data retention and withdrawal

We will store your personal data in a safe and confidential mode for no longer than it is necessary to process it and is used strictly for the purposes specified in this Privacy Policy.

We store marketing data for 12 months of the last communication with you. For the activities that are based on consent, you can withdraw your consent at any time by contacting us directly. The withdrawal will not affect the lawfulness of processing based on consent before. You can also opt-out of the email subscription by clicking the appropriate button in our emails to you.

Third-party access to information

Such third parties may only use information about you to perform services on our behalf. They are not allowed to use it for their own purposes, and we take all reasonable and required measures to ensure their compliance with data protection requirements.

KYC and Email Notifications

We are using third-party services to:
(а) conduct KYC procedure (Sumsub);
(b) send our notifications by email.

Analytics

When using the analytics services, we collect details of the use of the Website, including, but not limited to traffic data, location data, length visit, and other communication data.

Non-personally identifiable information is collected and processed, among other services, by Google Analytics in an anonymized and aggregated way to improve our app’s usability and for marketing purposes. Google Analytics is a web analytics service that tracks and reports user traffic on apps and websites. Google Analytics uses the data collected to track and monitor the use of the platform. This data may also be
shared with other Google services. For more information on the privacy practices of Google, you can check its Policies at www.google.com/analytics/policies/.

Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you:

● if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights; and
● in case we sell, license or otherwise assign our company, corporate rights, the platform or its separate parts or features to third parties.

Your rights

You have a right to access your personal data, withdraw your consent for data processing, obtain the information whether or not your personal data is being processed and to require the correction, updating or deletion of incorrect or/and inaccurate data by contacting us at [email protected].

If you are a resident of the European Union (EU) and European Economic Area (EEA), you may exercise GDPR rights regarding your personal data. In particular, you have the following rights:

The right to object against the processing of your information.
If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object against it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you.
The right to access your information.
You have the right to know what personal data we process. As such you can obtain the disclosure of the data involved in the processing and you can obtain a copy of the information undergoing processing.
The right to verify your information and seek its rectification.
If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;
Restrict the processing of your information.
When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we are able to provide you with evidence of its lawful processing;
The right to have your personal data deleted.
If we are not under the obligation to keep the data for legal compliance and your data is not needed in the scope of an active contract or claim, we will remove your information upon your request.
The right to have your personal data transferred to another organization.
Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your data available to you or to an organization of your choosing.

You can formulate such requests or channel further questions on data protection by contacting us at [email protected].

If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.

Security of information

We will take all necessary measures to protect your information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties. As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected data to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on international safeguards can be provided upon request.

Immediate access to the data is only allowed to our authorized employees involved in maintaining the application. Such employees keep strict confidentiality and prevent unauthorized third-party access to personal information.

Third-party sites

This Website may contain links to other websites operated by sellers, social media websites and other third parties. Please note that this privacy policy applies only to the personal information that we collect through this Website.

We cannot be responsible for personal information that third parties may collect, store and use through their websites, including, but not limited to, by means of their own
cookies. For this reason, we encourage you to be aware when you leave our Website and to read the privacy statements of other services that collect personal information.

Changes to this Notice

We may update, edit and change this Privacy Notice from time-to-time by posting a new version on our website. The Privacy Notice changes come into effect immediately after their publication.

We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavor to provide you with an announcement about any significant changes.

If you continue to use the Website after the changes take place, this means that you accept the revised Privacy Notice.