SuperRare Privacy Notice
Notice Version 4.0
This policy is effective as of 06 March 2023
This Privacy Notice (“Notice”) describes how we at SuperRare Labs collect, use, share, and secure your Personal Information when you visit the SuperRare Platform (https://superrare.co, https://superrare.com) (the “Platform”) or create, buy, transfer, or trade unique SuperRare Items in our Marketplace (the “Marketplace”). This Privacy Notice is incorporated into our Terms of Service and constitutes part of the Terms of Service. By consenting to our Terms of Service, you consent to our usage of your Data as outlined in this Notice.
This policy applies to
The purpose of this Privacy Notice is to let you know how we collect, use, store, share, retain, transfer and process your Personal Information. This policy also describes your choices and rights with respect to your Personal Information and how to exercise those rights. “Personal Information” is any information relating to an identified or identifiable individual.
We may amend this policy from time to time. We encourage you to review this policy periodically, as changes will be posted on this page. If we make any material changes to this policy we will provide a prominent notice. If you do not agree with this policy, you should not use our website, products or services.
2. What Personal Information We Collect
2.1. Creating a User Account:
If you sign up to use our Platform, we collect your
- Ethereum wallet address through a supported wallet provider
- Username, and
- Email address.
The User may elect to provide their:
- Full name,
- Biographical information,
- Social media handles
- Other websites
- User profile picture or avatar, which may contain your likeness
We collect various types of information depending on how you interact with us and what products or services you use. If you elect to provide this information, you consent to allowing us to process this information. By voluntarily putting this or similar information in your profile you intend to manifestly make public that information.
2.2. Personal Information you provide to us
If you fill out a form on our website that requires contact information such as signing up for a newsletter, submitting a request for information or products and services we will collect and process that information to provide you with the communication, products or services. These types of Personal Information may include your name, email address, company name, job title, your physical address, payment and billing information.
2.3. Personal Information collected when you visit our website
2.4. Personal Information collected when you visit our website
When you use our products and services, we collect other types of Personal Information. These types of Personal Information include:
- IP Address
- Name or Pseudonym
- Email address
- Social Media Handles
- Ethereum Wallet Address
We may also collect usage data regarding your use of our products and services and this data may contain Personal Information.
We also collect payment and billing information when you register for the use of our products and services. For example, we may ask you to provide a billing address for your account and payment information. We use this information solely to process payments and deliver our products and services.
2.5. Information may be irrevocably stored on the blockchain
A Transaction is any sale, purchase, bid, transfer of an NFT or $RARE. Any transaction on the Site will be stored irrevocably on the Ethereum blockchain. All information stored on the blockchain is then also stored by the Company in separate servers in order to reproduce that information in a manner that is user friendly. SuperRare Labs has no ability to modify or destroy any information on the blockchain. Some information may be superficially concealed from the Site in order to comply with lawful requests, but the data itself is irrevocably and permanently on chain. To see what information is stored on the blockchain, go to https://etherscan.io input your or another person’s public Ethereum address into the search. See Section 3 for more information.
2.6. On the SwagStore
On our subdomain shop.superrare.com, SuperRare® Labs sells uniquely branded merchandise. This store functionality is powered by Shopify.
In order to process orders, we collect:
- Mailing address
- Billing address
- Email address
- Order details (such as type of merchandise and quantity)
- Phone number (optional)
All payments are processed using third-party integrations namely, ShopPay, GooglePay, and MetaPay. Please visit their respective sites for more information about how your payment data is used. Without further consent, we do not use the information collected for orders for any other purpose than to fulfill orders and communicate with you about those orders. However, if you choose to sign up for our newsletter, we may use your order information in conjunction with your email address, mailing address, or other contact information in order to supply you with information about future promotions, goods, or services.
3. On-Chain Data and Metadata
By using SuperRare you acknowledge that your PII, including your Ethereum wallet address, is stored on the publicly searchable Ethereum blockchain and that neither SuperRare Labs, nor any third party, has any power to delete such data published by its User’s on the Ethereum blockchain. You hereby release and indemnify SuperRare Labs Inc. of any data privacy liability associated with data that you published to the Ethereum blockchain by using SuperRare. If you perform any transaction on our site involving the blockchain you expressly, explicitly, publicly publish that information, and manifestly make it public data.
3.1. Your Ethereum Wallet and Transaction History
No entity, including SuperRare Labs, is capable of modifying or deleting data that is stored on the Ethereum blockchain. The details of your NFT-related transactions are public information and stored on the Ethereum blockchain in association with your Ethereum wallet addresses. Your username is publicly identified with your Ethereum wallet address on the Marketplace. If your account is ever deleted, then any transaction history on the Marketplace will display “anonymous” instead of your username.
3.2. Artist Works Minted on SuperRare
By using the SuperRare Platform as an Artist, you may voluntarily embed PII in the Metadata of any minted NFT(s) or in the media content referenced by the NFT. All information embedded in the Metadata will not be available for deletion and there is no reasonable expectation of privacy for any PII put in the Metadata or the media content referenced by the NFT. The Users and Parties associated with the minting, sale, transfer, and use of NFT(s) are solely responsible for ensuring their PII or other sensitive data are properly protected.
4. How We Collect Information
By using SuperRare you acknowledge that your PII, including your Ethereum wallet address, is stored on the publicly searchable Ethereum blockchain and that neither SuperRare Labs, nor any third party, has any power to delete such data published by its User’s on the Ethereum blockchain. You hereby release and indemnify SuperRare Labs Inc. of any data privacy liability associated with data that you published to the Ethereum blockchain by using SuperRare. If you perform any transaction on our site involving the blockchain you expressly, explicitly, and publicly publish that information.
We collect Personal Information from you when you visit our website or use our products and services. Some of this information is provided by you and some is collected automatically. We collect Personal Information in the following ways:
- When you sign up or create an account
- Through automated collection from browsing the site
4. From other sources including external social media accounts, articles, websites, and public databases.
5. Conversations with our personnel including support and curation staff.
We may collect personal information from other sources, such as:
- Third-party Wallets
- Ethereum blockchain
- Third-party partners
5. How We Use Your Information
We process your personal information for the following purposes:
- Maintain Platform functionality;
- Enable you to list, buy, transfer, or trade unique digital art;
- Provide you with critical updates, confirmations, or security alerts;
- Provide support or respond to your comments or questions;
- Personalize and improve your experience and art activity feed;
- Inform you about products, services, news, surveys, or promotional opportunities we think might interest you;
- Provide editorial and newsletter content;
- Analyze and improve our Platform.
- Create profiles of user behavior to improve the platform, enhance our services, assist select users, and market more effectively.
- To contact you with updates about our services.
- Manage IP disputes.
- Alert users to hacks and scams.
6. The Legal Basis For Collecting and Processing Information
We use the following legal bases for collecting Personal Information:
- We may collect or process information with your consent, such as when you subscribe to our newsletter, ask for information, or sign up for services.
- We may collect or process information we need to provide our services or fulfill a contractual obligation.
- We may collect or process information to fulfill a legal obligation.
- We may collect information when we have a legitimate interest to do so, such as for marketing, as long as our legitimate interests are not outweighed by your rights.
- We may collect or process information if necessary to protect the vital interests of the user or another individual.
7. How We Share Information
We do not sell or disclose your personal information for monetary or other valuable consideration.
The common-law definition of to sell is when “cash is exchanged in return for a product or service.”
We share Personal Information with our affiliates and partners, as needed to provide our services. We share Personal Information with service providers such as accountants, payment processing companies, and other vendors we use to operate our website and provide our products and services.
Our vendors and service providers are not permitted to use your personal information for any other purpose than to provide contracted services. Vendors are not permitted to use your personal information for their own marketing, and are not allowed to share your information for marketing purposes.
We may share personal information in response to a legal summons or subpoena, or if required by law enforcement agencies. If there is a credible allegation against you involving the violation of our Terms of Service, you have no reasonable expectation of privacy and all information obtained may be shared with any parties that have been harmed by the alleged violation.
We may share your profile and some publicly available information with select collectors and users for the purposes of encouraging sales.
7.1. Digital Millennium Copyright Act
The Digital Millennium Copyright Act (DMCA) sets forth a Notification and Counter-Notification process initiated by a party complaining of alleged copyright infringement on the SuperRare Platform. We may share information of the notifying, counter-notifying party, and any involved third parties, such as a Collector, of an allegedly infringing artwork to facilitate communication between the relevant parties for the purposes of complying with or resolving a DMCA dispute or allegation of copyright infringement.
8. How Long We Retain Your Information
How long we keep Personal Information that we have collected depends on the type of information and the purpose for which it was collected. After a reasonable period of time or the completion of the purpose for which it was collected, we will either delete or anonymize personal information.
- We retain Personal Information where we have an ongoing legitimate business purpose to do so, for example to resolve disputes or to comply with ongoing legal obligations.
- We retain your personal information for as long as it is needed to provide our services to you and to fulfill our legal obligations and for a reasonable period of time after such services are completed.
- We retain some information in order to stay compliant with financial regulators and law enforcement.
9. Cookies and Other Tracking Technologies
Please see our Cookie Notice for details on what cookies we use and how we use them.
Cookies are small files stored on your web browser when you visit our website. Some cookies last only as long as you remain on the website; others, called “persistent cookies” may be stored for longer periods of time. These cookies can make browsing easier by storing your password or your preferences regarding how you use the website. Cookies collect information such as the IP address of your computer, your browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track users’ activity on our website, apps, and services in order to deliver personalized advertising to you on this and other websites.
If you would like to opt out of cookies, you may change the settings on your web browser to reject or delete cookies. You may also find more information about cookies, including how to opt out of interest-based advertising, at www.cookiesandyou.com.
10. Your Rights Regarding Access to and Control over Personal Information
If you reside in the EU/EEA, you may have the following rights with regard to your personal information:
- Right of information and access - You have the right to access your Personal Information we have about you and to be provided with a copy of your Personal Information.
- Right to rectification - You have the right to correct or update your inaccurate or out of date Personal Information.
- Right of erasure - You have the right to request that your Personal Information be permanently erased/deleted.
- Right to restrict processing - You have the right to restrict the processing of your Personal Information.
- Right to object to processing - You have the right to object to specific types of processing of your Personal Information.
- Right to portability - You may ask to receive a portable copy of your personal information in a format that may be transferred to another organization.
- Right not to be subject to decisions based solely on Automated Decision Making - You have the right not to be subject to decisions based solely on automated processing.
- Right to complain to a data protection authority - You have the right to complain to a supervisory authority in the country in which you reside, details of which can be provided upon request or to the lead supervisory authority for SuperRare Labs, which as a non-EU entity is the California Data Protection Agency.
- Right to withdraw consent - If you have given us consent to collect or process your Personal Information, you may withdraw that consent at any time.
- The Right to Non-Discrimination - We may not discriminate against you if you exercise your privacy rights.
If you are a member of the EEA and wish to exercise any of these rights please submit a request through our Data Deletion Form.We may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive. We may also request additional information from you in order to verify your identity before processing your request.
11. Information for California Residents
The California Consumer Privacy Act (CCPA) applies to information collected from California residents. Residents of California have the following rights with regard to their personal information.1. The Right to Know and Access Information - The categories of personal information we collect is described above in the section entitled “The Information We Collect”. California residents may submit a verifiable request regarding the information collected, the types of sources from which personal Information is collected, the purposes for which information is collected, and the specific personal information collected about them.
2. The Right to Have Personal Information Deleted
3. The Right To Portability - California residents may request a copy of their personal information in a format that can be transferred to another person or entity.
4. The Right to Non-Discrimination - We may not discriminate against you if you exercise your privacy rights.
11.1. We do not sell your data
We do not sell any data for monetary or other valuable consideration.
11.2. We may require verification of your identity
You may be asked for more information in order for us to verify your identity when you make a request. You may exercise your rights by emailing us at Privacy@SuperRare.com or Legal@SuperRare.com.
12. International Data Transfers
Personal Information may be transferred from users residing in the European Union to our servers, partners, or vendors located in the United States and other non-EU countries where there may not be an adequate opinion issued with respect to that country. We have taken appropriate safeguards to ensure that Personal Information remains protected wherever it is transferred. When we transfer Personal Information of individuals in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) to the US, we make use of the Standard Contractual Clauses and the UK Addendum as well as additional safeguards where appropriate.
We take all reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, but no security measures are perfect; the risk of a data breach is possible.
- Personal data is encrypted for access or transmission.
- Personal information is encrypted at rest at our data centers.
- Employees are given access to users’ personal information only on a “need to know” basis.
- All employees with access to personal information are subject to background checks.
- All employees with access to personal information are required to sign a binding confidentiality agreement.
- Our vendors are required to implement security procedures to protect your data.
- Our vendors and partners are not permitted to use or share your information for any purpose other than to provide the services for which they have been contracted.
14. Breach Protocols
In the unlikely event of a security breach we may delay reporting of the breach in so far as is legally permissible. We will only delay as long as is necessary to ascertain the scope of the breach, the cause, and to cooperate with law enforcement and our partners to prevent further damage.
15. Automated Decision Making and Profiling
Data collected from Users may be put through algorithms to make decisions about User experiences, create and assign User profiles, and provide other services. No algorithms shall be used to make adverse decisions about Users unless it is to fulfill an affirmative duty to prevent criminal activity.
16. Children’s Privacy
We do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from children under the age of 13 without parental consent (or as permitted by law), we will delete it. If you believe that a child may have provided us with personal information without such parental consent, please contact us and we will immediately take action.16.1 California consumers
We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization. If a California consumer is under the age of 13, a parent or guardian must consent to the sale of such minor’s personal information. If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their personal information. Our site is not directed toward children and if we suspect someone is a child we will ask for age verification and will require appropriate consent.16.2. EU residents
We do not collect or process personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian. Our sites directed toward children will ask for age verification and will require appropriate consent. If we discover a minor person on our platform we will immediately delete all user data related to that person.
17. Sensitive Information
Unless specifically requested, we ask that you not send us, and you not disclose on or through our websites or otherwise to us sensitive personal Information unless specifically requested by us or required by law.
18. Contact Us
18.1 EU Representative
Osano International Compliance Services Limited
3 Dublin Landings
North Wall Quay
18.2. UK Representative
Osano UK Compliance LTD
42-46 Fountain Street
BT1 - 5EF