Privacy Policy

This policy applies to visitors to our Platform when accessed from within the United States of America. [If you are present in the European Union when you access or use our Platform, please refer to the European Union Privacy Addendum.]  
Introduction 


[PolyOne LLC] (“Company”, “us” or “we”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. 
This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit or use our Platform (including when you create an account on it), when you purchase our NFTs, or when you engage in any other activities online to which this Privacy Policy is posted, and our practices for collecting, using, maintaining, protecting, and disclosing that information. 
With respect to our Platform, please review this Privacy Policy together with the Terms of Service  [and our Cookie Policy]  to understand all of your rights and obligations, and how we operate our Platform.  
Any defined terms used in this policy which are not defined herein shall have the meanings given to them in the Terms of Service.  


This Privacy Policy applies to information we collect: 
·    On the Platform; 
·    In email, text, and other electronic messages between you and the Platform; 
·    Through mobile and desktop applications, if any, that you download from the Platform; 
·    When you interact with our advertising and applications on third-party websites and services, if such advertising or applications include links to this Privacy Policy; and 
·    Through any other means associated with or relating to the Platform. 

This Privacy Policy does not apply to information collected by: 
·    Us offline or through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries); or 
·    Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Platform.   
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Platform. By accessing or using the Platform, you agree to the terms of this Privacy Policy. 
This Privacy Policy may change from time to time. Your continued use of the Platform after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates. 


Information About Children
Our Platform is not intended for children under eighteen (18) years of age. No one under age eighteen (18) may provide any personal information to us or on or through the Platform. 
We do not knowingly collect personal information from children under the age of sixteen (16). If you are under sixteen (16), do not use or provide any information on the Platform or on or through any of its features or register on the Platform (if such feature is available), make any purchases through the Platform (if such feature is available), use any of the interactive or public comment features of the Platform (if such feature is available) or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. 
If we learn we have collected or received personal information from a child under sixteen (16) years of age without verification of parental consent, we will delete that information. 
If you believe we might have any information from or about a child under the age of sixteen (16), please contact us at [Shawn@polyone.io]. 
Information We Collect About You and How We Collect It 


We may collect several types of information from and about users of our Platform (some of which is considered “personal information” pursuant to applicable law), including: 
·    Information by which you may be personally identified, such as name, mailing address, e-mail address, telephone number, or any other information that the Platform collects, which applicable law may consider personally identifiable, personal information, personal data, and other such designations; 
·    Any information on the Platform blockchain, including your digital wallet ID, what NFTs you own or have purchased, minted, created or sold, and other relevant information relating to your account and transactions;
·    Information about the devices you use to access the Platform;
·    Information about the Producers you engage with and that they may input into our smart contracts;
·    Your IP address, Identifier for Advertisers (“IDFA”), Android/Google Advertising ID, International Mobile Equipment Identity (“IMEI”), or another unique identifier; 
·    Your device characteristics and functionality (including information about your operating system, hardware, mobile network, browser, browser language, etc.);
·    Referring and exit web pages and URLs; 
·    Your browsing history, including the areas within our Platform that you visit and your activities there, including remembering you and your preferences;
·    Your device location or other geolocation information, including the zip code, state or country from which you accessed the Platform;
·    Certain other device data, including the time of day you visit our Platform; and
·    Information about your internet connection and internet provider. 


We may collect this information: 
·    Directly from you when you provide it to us, such as when filling in forms on the Platform (including when you register for an account; mint, offer for sale, sell, or purchase NFTs; subscribe to a service; request something from us; or when you fill out surveys);
·    Directly from you when you request or seek from us support, collaboration, consultation, promotion, or information relating to the minting, offering for sale, sale, or purchase of NFTs; 
·    Automatically as you navigate through the Platform, including through the use of cookies, web beacons, and other tracking technologies (including information about your network or computing device); 
·    From third parties, for example, our business partners or Producers;
·    Records and copies of your correspondence (including email addresses), if you contact us through the Platform;
·    When you engage in transactions on our Platform;
·    When you run searches on our Platform; and
·    When you contact our customer service agents, if available.

Automatic Data Collection Technologies
As you navigate through and interact with our Platform and mobile applications (if available), we may use automatic data collection technologies to collect certain information about you, your equipment, your technology providers, and your activities, including: 
·    Details of your visits to our Platform, including traffic data, browsing patterns, location data, logs, and other communication data and the resources that you access and use on the Platform; and
·    Information about your device and about your internet connection and service provider, including:
▪    Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier; 
▪    Your device functionality (including information about your operating system, hardware, mobile network, browser, browser language, etc.);
▪    Referring and exit web pages and URLs; 
▪    Your browsing history, including the areas within our Platform that you visit and your activities there, including remembering you and your preferences;
▪    Your device location or other geolocation information, including the zip code, state or country from which you accessed the Platform;
▪    Your device characteristics;
▪    Certain other device data, including the time of day you visit our Platform; and
▪    Information about your internet connection and internet provider. 


We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). 
The information we collect automatically may be statistical data and may also include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties.

This information enables us to: 
·    Allow you to use and access the Platform, including preventing fraudulent activity and improving security functionality;
·    Assess the performance of the Platform, including as part of our analytic practices or otherwise to improve the content, products or services offered through the Platform;
·    Offer you enhanced functionality when accessing the Platform, including identifying you when you sign into our Platform, and keeping track of your specified preferences; 
·    Deliver content relevant to your interests on our Platform and third-party sites based on how you interact with our advertisements and/or content;
·    Estimate our audience size and usage patterns;
·    Speed up your searches; and
·    Analyze our services and products and perform market research.

When you visit or leave our Platform by clicking a hyperlink or when you view a third-party site that includes our plugins or cookies (or similar technology), we may automatically receive the URL of the site from which you came or the one to which you are directed. 


We may also receive location data passed to us from third-party services or GPS-enabled devices that you have set up, which we may use to show you local information on our mobile applications (if any) and for fraud prevention and security purposes. For location information, we may use this information to provide customized services, content, and other information that may be of interest to you. If you no longer wish for us, our affiliates, or our service providers to collect and use location information, you may disable the location features on your device. Consult your device manufacturer settings for instructions on how to do this. Please note that if you disable such features, your ability to access certain features, services, content, or products may be limited or disabled. 


The technologies we use for this automatic data collection may include: 
·    Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Note that while you can set your browser to not allow cookies, we may not be able to honor that request, and may track your activity and collect information about you and your online activities even when the browser is set to “do not track”;
·    Flash Cookies. Certain features of our Platform may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platform. Flash cookies are not managed by the same browser settings as are used for browser cookies and you may not be able to shut down our collection of and use of information through this technology;
·    Web Beacons, Pixels and Tags. Pages of our Platform and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity);
·    Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Platform, such as information about the links you click on;
·    ETag, or entity tag. An ETag, or entity tag, is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. It is one of several mechanisms that HTTP provides for web cache validation. These allow websites to be more efficient and not serve content again, when data is already cached and ready to view;
·    Fingerprinting. Fingerprinting refers to the collection and analysis of information from your device, such as your operating system, plug-ins, system fonts and other data, for purposes of identification;
·    Recognition Technologies. Recognition technologies refers to various technology features used by websites, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user); and
·    Log Files. These track actions occurring on our Platform, and help us collect your IP address, browser type, Internet service provider, the webpages from which you came or to which you go before and after visiting our Platform, and the date and time of your visits.
[Google Analytics; Firebase; Segment.io; Flurry Analytics; Pinterest; Facebook Connect; Bing Ads; Hotjar; Lucky Orange; etc.] 
Behavioral Advertising
We may use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. [You can opt out of certain targeted advertising, and learn more about your options related to such advertising, by using the links below.] 


Do Not Track 
Do Not Track (“DNT”) is a concept promoted by certain regulatory authorities and industry groups for development and implementation of a mechanism that would allow internet users to control the tracking of their online activities across websites. Currently, various browsers (including Internet Explorer, Firefox, and Safari) offer a DNT option that allows a user to set a preference in the browser to not have his/her activities on the internet tracked. You can usually access your browser's DNT option in your browser's preferences. When a user’s browser is set to DNT, some cookies and other tracking technologies may become inactive, depending on how the website visited responds to DNT browser settings. If that occurs, the website visited will not recognize you upon return to that website, save your passwords or user names, and some other features of a website may become unavailable or not function properly. [Given the lack of a standard in the industry or any clear regulatory guidance on this issue, we may not comply with DNT signals from your browser at this time.]


Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications, including advertisements, on the Platform may be served by third-parties, including advertisers, ad networks and servers, content providers, cookies and analytics providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Platform. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. 
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. 


How We Use Your Information
We may use information that we collect about you or that you provide to us, including any personal information: 
·    To present our Platform and its contents to you and to maintain the Platform;
·    To provide you with information, products, or services that you request from us (including those relating to the minting, offering for sale, sale, or purchase of NFTs);
·    To fulfill any other purpose for which you provide it;
·    To provide you with notices about your account and/or the Platform;
·    To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection, if needed;
·    To provide customer support;
·    To notify you about changes to our Platform or any products or services we offer or provide though it;
·    To allow you to participate in Interactive Services on our Platform, if any; 
·    To develop and create our products and services;
·    For behavioral tracking, profiling and advertising; 
·    For any other purpose as needed for our business;
·    For any other purpose with your consent;
·    To contact you about our own and third-parties' goods and services that we think may be of interest to you; 
·    To monitor usage of our Platform; 
·    In any other way we may describe when you provide the information; and
·    To enable us to display advertisements to our advertisers' target audiences.

Updating Personal Information 
In order to maintain the functionality of our services and offerings, we must keep your personal information accurate and up to date. If you have undergone changes to your contact information, preferences, or other information contained in your profile (if any), you are required to promptly update your profile with any necessary changes.  This is particularly important for Artist Subscribers, to permit us to exercise the options you grant us under the Artist Subscriber Terms.  We are not responsible for any changes to your profile, and will deliver information requested solely using the information in your profile. If your contact information, preferences, or other information change, and you do not update your profile, the information we deliver to you may be incorrect, undeliverable, or inapplicable.  It is your responsibility to keep your profile (if any) up to date at all times. If you need to change your contact information and have any questions or need assistance in doing so, please contact us at Shawn@polyone.io. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).

Disclosure of Your Information 
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. 
We may disclose personal information that we collect or you provide as described in this Privacy Policy, including: 
·    To our subsidiaries and affiliates;
·    To contractors, service providers, and other third parties we use to support our business and assist us in providing services and offering our products, including relating to your minting, offering for sale, sale, purchase, or collaborations with respect to NFTs;
·    To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company's assets or stock, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our Platform users is among the assets transferred;
·    To third parties to market their products or services to you;
·    To fulfill the purpose for which you provide it;
·    For any other purpose disclosed by us when you provide the information; and
·    With your consent. 


We may also disclose your personal information: 
·    To comply with any court order, law, or legal process, including responding to any government or regulatory request;
·    To enforce or apply the Terms of Service, including this Privacy Policy, and any other agreements between us, including for billing and collection purposes; and
·    If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. 
Keep in mind that some of your information (e.g., your digital wallet ID, and other identifiers) may be available to other members of the Platform, and that some of that information will be stored in a blockchain, visible to all other NFT buyers or Platform users.  You specifically consent to the use of that information and disclosure in such a manner.


Data Security 
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. 
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to change your password from time to time. We also highly recommend that you use a password that is dissimilar to and cannot be easily found by unauthorized third parties who may have obtained your login credentials to other sites. Keep in mind that if you use the same password for all websites, if someone obtains your credentials for one site, they may be able to then use those credentials to log into any other site you use. 
Unfortunately, the transmission of information via the internet is not completely secure. Although we try to protect your personal information, we cannot guarantee the security of your personal information transmitted through or collected through the use of our Platform. Any transmission of personal information is at your own risk. 
We are not responsible for circumvention of any privacy settings or security measures contained on the Platform. 


California Residents
California Civil Code Section § 1798.83, known as the “Shine The Light” law, permits users of our Platform who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding year, and the names and addresses of those third parties.  You may request this information from us no more than once a year, but such request will be handled by us free of charge to you.  To make such a request, please send an email to [Shawn@polyone.io].


Contact Information 
To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:
E-mail: [Shawn@polyone.io]


YOUR CALIFORNIA PRIVACY RIGHTS [Shawn: this section of the policy is needed only if you need to comply with the CCPA (if your revenues are $25MM or higher, or if you collect/process information of 50,000 California consumers, households or devices.  Please advise if you think you will meet these thresholds in 2021]

This section of the Privacy Policy applies solely to California residents. 
We adopt this Section of the Privacy Policy in order to comply with the California Consumer Privacy Act of 2018, as amended (“CCPA”).  Certain terms used in this Section of the Privacy Policy are defined in, and shall have the meanings ascribed to them in the CCPA.  
Note that the term “Personal Information”, as used in this California Specific Section of the Privacy Policy uses the term as it is defined in the CCPA, and not as defined in the main body of this Privacy Policy.  

Do Not Track
Please see DNT disclosure set forth in main body of this Privacy Policy.

Data Collection
[We have collected the following categories of Personal Information within the last twelve (12) months:] 
Category of Personal Information    Categories of Sources of Collection [NOTE: these are solely examples, and need to be modified for your specific data collection processes]    Business or Commercial Purpose for Collection
[NOTE: these are solely examples, and need to be modified for your specific data collection processes]
A. Identifiers.    Publicly available information
Provided by clients
From Platform activity
Provided by business partners
Provided by employees
Provided by website users    To provide our products and services
To improve our products and services
To identify potential clients
To market our products and services
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).    Publicly available information
Provided by clients
Collected from Platform activity
Provided by business partners
Provided by employees
Provided by website users    To provide our products and services to clients
To improve our products and services
To identify potential clients
To market our products and services
C. Protected classification characteristics under California or federal law.    Publicly available information
Provided by employees    To provide our products and services to clients
To improve our products and services
D. Commercial information.    Provided by clients
Internal Records    To provide our products and services 
To maintain business relationship with partners
E. Biometric information.    None    None
F. Internet or other similar network activity.    Activity on Platform by clients, site users and employees    To provide our products and services 
To market our products and services
To improve our products and services (e.g., usage pattern data)
G. Geolocation data.    Publicly available on the blockchain    To white / blacklist certain countries for offerings
H. Sensory data.    None    None
I. Professional or employment-related information.    Provided by clients
Publicly available information
Job applicants
Employees    To provide our products and services 
To improve our products and services
To provide employment opportunities and employee benefits
J. Inferences drawn from other Personal Information.    Provided by website users    To provide our products and services 
To market our products and services
To improve our products and services


California Consumer Rights Pursuant to the CCPA
California consumers have specific rights regarding how your Personal Information is collected and used. 
·    You have the right to request that we disclose to you or your authorized agent acting on your behalf the following information covering the past twelve (12) months: 
o    Specific pieces of Personal Information that we have collected;
o    Categories of Personal Information collected;
o    Categories of sources from which Personal Information is collected;
o    Categories of Personal Information sold or disclosed for a business purpose.
o    Categories of third parties to whom we sold or disclosed the Personal Information for a business purpose;
o    Our business purpose for collecting (or selling) Personal Information;
·    You have the right to request deletion of your Personal Information (with exceptions noted by law – more on this below);
·    You have the right to request that your Personal Information not be sold to third parties; and
·    You have the right not to be discriminated against because you exercised these rights.

 

Data Deletion
As permitted by the CCPA, in the event you request deletion of Personal Information that we have collected about you, we may be unable to comply with such a request if your Personal Information is necessary to:
·    Complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you;
·    Detect security incidents, protect against malicious deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
·    Debug to identify and repair errors that impair existing intended functionality;
·    Exercise free speech, ensure the right of another Consumer to exercise his or her right of free speech, or exercise another right provided for by law;
·    Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with section 1546) of Title 12 of Part 2 of the Penal Code;
·    Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of that information is likely to render impossible or seriously impair the achievement to such research, if you have provided informed consent;
·    Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
·    Comply with a legal obligation; or
·    Otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.
You also acknowledge and agree that we cannot remove any information on the Platform blockchain (this may include your digital wallet ID, what NFT you own, and other relevant information relating to your account and purchases).  


Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Specifically, we will not do any of the following unless permitted by the CCPA:
·    Deny you goods or services;
·    Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
·    Provide you a different level or quality of goods or services; or
·    Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Do Not Sell My Personal Information

We sell Personal Information, as the term “sale” is defined pursuant to the CCPA[, but not in exchange for monetary compensation]. 
As a California consumer, you have the right to opt out  of the sale of your Personal Information to third parties. 
In the twelve (12) months prior to the posting of this Policy, we have sold to third parties the categories of Personal Information about California residents set forth below:

Categories of Personal Information Sold [Include below only the ones that apply]    Categories of Third Party to Which Personal Information Was Sold
[To whom was information “sold”? State below]
A.    Identifiers.
B.    Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
C.    Protected classification characteristics under California or federal law.
D.    Commercial information.
E.    Biometric information.
F.    Internet or other similar network activity.
G.    Geolocation data.
H.    Audio, electronic, visual, thermal, olfactory or similar information.
I.    Professional or employment-related information.
J.    Educational information.
K.    Inferences drawn from other Personal Information.    A.    Our business partners
B.    Online service providers (e.g., analytics, cookies) used on our Platform


Data Sharing

In the twelve (12) months prior to the posting of this Policy, we have disclosed for a business purpose the categories of Personal Information about California residents set forth below:

Category of Personal Information Disclosed for a Business Purpose
[Specify which ones below]    Category of Persons to Whom Personal Information Was Disclosed
[To whom was information disclosed? State below]
A.    Identifiers.
B.    Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
C.    Protected classification characteristics under California or federal law.
D.    Commercial information.
E.    Biometric information.
F.    Internet or other similar network activity.
G.    Geolocation data.
H.    Audio, electronic, visual, thermal, olfactory or similar information.
I.    Professional or employment-related information.
J.    Educational information.
K.    Inferences drawn from other Personal Information.    A.    Our wholly-owned data processing subsidiary
B.    Our clients
C.    The general public, via our free public website
D.    Our client relationship  management software provider
E.    Our marketing service providers
F.    Our hosting provider
G.    Online service providers (e.g., analytics, cookies) used on our Platform 


How to Exercise Your CCPA Rights
You can exercise all of your rights granted to you pursuant to the CCPA by clicking HERE or contacting us at 1-800-XXX-XXXX or [EMAIL].  
California law requires us to verify your identity before processing your request. In order to make a request pursuant to the CCPA, you must provide us with your wallet ID or your e-mail address. If you are requesting specific pieces of Personal Information that we have collected about you, you will also be required to email us at [EMAIL] a signed declaration under penalty of perjury that you are a California resident and that you are the consumer whose Personal Information is the subject of the request.  Note that we will not process your request to disclose specific pieces of information we have about you until we receive this signed declaration, and your request will not be considered timely submitted until we have this document in our possession.  
We will review the information you have provided against the information in our databases, and attempt to verify your identity.  However, please note that under certain circumstances, we may require you to provide additional information in order to allow us to confirm your identity and your residency before we can process your requests.  Also note that you are only entitled to make a Personal Information request up to twice in a 12-month period.


If (or when) you submit your CCPA request by email, please include “California Privacy Rights” as the subject line. If you make a request to exercise your rights under the CCPA by telephone, we may ask you to provide the request in writing so that we may verify your identity.
We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time or information to verify your identity (and if so, why). 

Using an Authorized Agent
A California resident may use an authorized agent to submit a right to know request, a request to delete, or a request to opt-out of the sale of Personal Information here.  To use an authorized agent for these purposes, both the resident and the agent will be required to verify their identities with us. For this purpose, the agent will be required to submit a request with the wallet ID or e-mail address of the customer. In addition, the agent will be required to provide via email written authorization from the consumer to act on their behalf in making these requests. If we cannot authenticate the identity of the agent making the request, we may also require that the consumer confirm directly with us that they have in fact authorized their agent to act on their behalf. We may deny a request from an agent who cannot meet these requirements.  If the agent has provided a power of attorney pursuant to Cal. Prob. Code Sections 4121 to 4130, then the verification that the consumer has authorized the agent to act on their behalf will not be necessary.