PRIVACY POLICY

Last revised: 01/09/2022

Your privacy is important to us and we pay special attention to it. This privacy policy (hereinafter the “Privacy Policy”) describes the information that we collect about you by means of or through the intermediary, in whole or in part, of our website or one of our pages on social networks, but also more generally in the context of your relations with us, and how we treat them (see information relating to the methods of collection, processing and use of your personal data staff).

This Privacy Policy also specifies the rights you have over your personal data in application of the applicable legal and regulatory provisions.

If you have any questions, comments or concerns regarding this Privacy Policy, you can of course send them to us at the following contact details: hello@yellow-teapot.com 

YELLOW TEAPOT, a French société par actions simplifiée, registered under number 900 962 770 with the Trade and Companies Register of Lyon, whose registered office is located at 52 quai Joseph Gillet 69004 Lyon (hereinafter “Company” or “CRAFT”). 

The Company operates the website accessible to the public at the following url address: https://www.carft.game/ (hereinafter the “Site”). 

This Site aims to:

• provide users with information enabling them to discover the activity and services offered by the Company, as well as its news (events, publications, etc.);

• offer functionalities and / or information allowing users to contact the Company and present the services offered by the Company, the projects carried out by the latter and to come, or the team working on these projects;

• provide users access to the Platform and various associated services (hereinafter the “Services”) as detailed in our general conditions: www.carft.game/terms-conditions

During your navigation and your interactions on the Site, on the pages administered by the Company on social networks or, in general during your interactions or exchanges with the Company, the latter may be required to collect and process date (hereinafter “Data”) of a personal nature concerning you, for the management of the activities it carries out and for its own account, as data controller (hereinafter “Data Controller”), whether you are a customer, prospect, users, Internet user, candidate, supplier, service provider or partner, potential or current (hereinafter "you", the “User" or “Data Subject”). 

In this context, the Company applies the principles defined by the legal and regulatory provisions on the protection of personal data, in particular in Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons at with regard to the Processing of Personal Data (hereinafter "RGPD") or even Law 78-17 of 6 January 1978 relating to computers, files and freedoms (hereinafter "Data Protection Act") and its decrees.

1. Purpose

The purpose of this Privacy Policy is to inform about the way the Company, in its capacity as Data Controller, collects and processes personal data (hereinafter “Personal Data”) of the Users and the means available for these Users to control this use and to exercise their rights relating to it.

By browsing the Site, the Users certify that he/she has read and understood this Privacy Policy and accepts its terms.

This Privacy Policy applies not only to the Site, but also to the Company’s activity in relation to its Users. The Privacy Policy may be subject to updates. In the event of significant changes to this Privacy Policy, the Users will be required to express its clear consent to such changes, failing which they will be required to cease using the Services.

2. Processed Personal Data

The Personal Data processed in the context of the Services offered by the Company are:

• For participants in purchases on the Site: 

  • last name, 

  • first name, 

  • email address, 

  • address of the place of residence, 

  • telephone number, 

  • crypto wallet (public key),

Service providers such as Stripe (https://stripe.com/fr/privacy) or Moon pay (https://www.moonpay.com/legal/privacy_policy) may process further information for the completion of a transaction on the Site and for Know Your Customer" (KYC-AML) purposes. 

• For Users in general:

  • last name, 

  • first name, 

  • email address. 

The collection of Personal Data is limited to the strict minimum. Consequently, only relevant, adequate, and limited information is collected in relation to the purposes for which it is processed (hereinafter “Processing”). 

3. Purposes of the Processing

The purposes of this Processing of Personal Data is to allow the Users to benefit from the Services offered by the Company and for which the Processing of Personal Data is essential. Thus, the collection and Processing of Personal Data by the Company responds to specified, explicit and legitimate purposes, namely:

• For participants in the NFTs sale and Users:  

  • account management, 

  • relationship follow-up, 

  • information and invitations to events, 

  • prospecting and animation.

4. Legal basis of the Processing

The collection and Processing of Personal Data is based on the consent of the Users for all cases where he/she transmits his/her Personal Data in order to benefit from the Services offered by the Company. This consent can be withdrawn at any time. 

The collection and the Processing are also based on the legitimate interest of the Company, the execution of pre-contractual measures or of a contract with the Users, the respect of legal and regulatory obligations.

5. Recipients of Personal Data

With the exception of service providers that the Company uses to provide the Services, the Company is the sole recipient of the Personal Data collected and will not sell this Personal Data. 

The Personal Data will be processed exclusively on the territory of (i) France, (ii) and/or any other member state of the European Union, (iii) and/or any other signatory state of the agreement on the European Economic Area or Switzerland (iv) and/or any other state ensuring an adequate level of protection (hereinafter “Territory”.) 

Apart from the cases mentioned above, any transfer of Personal Data to a third country requires the prior agreement of the Users and is subject to the respect of the laws on the protection of personal data in force.

The Company may also share the Personal Data collected:

• with the companies it controls or those controlling it in the sense of articles L233-1 and following of the French Commercial Code,

• in the event of a sale, demerger, partial contribution of assets, or any other form of restructuring that it may undergo,

• in order to meet its legal and regulatory obligations.

6. Data security

The Company protects and secures the Personal Data in order to ensure its security and prevent it from being distorted, damaged, destroyed or disclosed to unauthorized third parties. All persons having access to the Personal Data are bound by an obligation of confidentiality.

7. Cookies

The Site uses technical cookies only (hereinafter “Cookies”). 

A cookie is a small file for storing and retrieving information, generally made up of alphanumeric characters (cf. letters and numbers), deposited by a web server on the computer or electronic terminal of the user of the site to send state information to said browser and likewise obtain such information back from the browser. The status information can be for example a session identifier, a language, an expiration date, a response domain, etc.

Cookies usually make it possible to obtain certain information on the browsing habits of the user, his computer or his terminal, in particular in order to improve the content and the service offered by the site in question, to know the traffic of said site and to provide Internet users with personalized services.

The notion of Cookies as used in this cookie management policy covers all types of tracers or other similar technologies, for example:

• HTTP Cookies;

• but also the use of other techniques:

  • “local shared objects” sometimes called “Flash Cookies”;

  • “local storage” implemented within HTML 5;

  • identifications by calculating the fingerprint of the terminal (“device fingerprinting”);

  • identifiers generated by operating systems (whether advertising or not: IDFA, IDFV, Android ID, etc.);

  • hardware identifiers (MAC address, serial number or any other identifier of a device), etc.

In any case, Cookies can also be:

• session Cookies, which disappear as soon as the user leaves the browser or the Site; 

• where permanent Cookies that remain until the expiration of their lifespan or validity, or until the user deletes them by means of the functionalities of his browser for example or through the cookie management module set available on our Site.

These files are used to process statistics and information on traffic, to facilitate navigation and to improve the Site for the convenience of the Users.

For the use of Cookies files involving the storage and analysis of personal data, the consent of the Users is necessarily requested.

The Site uses no session or permanent Cookies, but only technical Cookies.

8. Data retention

The Company keeps the Personal Data for the time necessary to achieve the purposes pursued, subject to the legal possibilities of archiving, obligations to keep certain Personal Data, and/or anonymization.

Considering the Blockchain technology used, the Users are aware that this technology does not allow the deletion of information anchored on it. However, the Company takes appropriate technical measures to pseudonymise and/or make inaccessible Personal Data that must survive their deletion.

Concerning the Personal Data processed outside the Blockchain, the retention periods are as follows:

• For accounting purposes: 10 years from the end of the accounting period;

• For the purposes of preventing money laundering and the financing of terrorism, and the fight against corruption: 5 years after the end of the relationship with the Company;

• For the needs of recruitment within the Company: for the duration necessary to process the application and 3 years after the last Users.

9. Rights 

You benefit, under the terms and conditions and within the limits defined by the legal and regulatory provisions on the protection of Personal Data, the following rights with regard to your Data:

• Right of access: you can obtain confirmation whether or not Personal Data concerning you is processed by the Company and, when they are, access to said Personal Data, as well as certain information relating to the Processing of your Personal Data and the characteristics of such Processing;

• Right of rectification: you can request the correction of your Personal Data that you consider incomplete or inaccurate;

• Right to erasure: you can, in certain cases, request the erasure of your Personal Data (except for example if they are necessary for the execution of your contractual relations with the Company where applicable, or if they are necessary for the Company to comply with its legal or regulatory obligations or to ascertain or exercise its rights);

• Right to limitation of Processing: you can request limitation of Processing of your Personal Data, allowing you to request in certain cases the marking of your Personal Data in order to limit future Processing;

• Right to the portability of your Personal Data: you have the right in certain cases and under certain conditions to request to receive the Personal Data concerning you that you have provided to us or, when technically possible, to they are transferred to a third party, in a machine-readable form (it being specified that this right to data portability only applies to Processing based on the consent of the Persons concerned or on the execution of contractual relations, and this provided that the Data Processing is carried out using automated processes);

• Right to withdraw your consent: you can withdraw your consent if the Processing is carried out on the basis of your consent, without the withdrawal of such consent prejudicing the lawfulness of the Processing based on the consent made before the withdrawal of it;

• Right to define guidelines for the retention, erasure or communication of your Personal Data after your death: in this regard, in the event of death which would be brought to our attention, please be aware that your Personal Data will in principle be deleted (unless it is necessary to keep it for a specified period for reasons relating to our legal and regulatory obligations), after having been communicated to a third party possibly designated by you.

Regarding the Processing of your Personal Data implemented by the Company, these rights are exercised: 

1. by email to the following email address: hello@yellow-teapot.com or,

2. by post to the address next: 52 quai Joseph Gillet 69004 Lyon. 

In any event, in the event of reasonable doubt as to the identity of the person submitting such a request to exercise their rights, the Company may always request that it be provided with additional information necessary to confirm the identity of the Person concerned and request for this purpose, when the situation so requires, a photocopy of an identity document bearing the signature of the holder. In such a case, the aforementioned response times will be suspended pending receipt of the additional information necessary to identify the Data Subject.

If such a request is received, it will be answered as soon as possible and in any event within a maximum period of one month from receipt of the request. If necessary, this period may be extended by two months, taking into account the complexity and the number of requests received, in which case the applicant will be informed.

The request may be presented by the Data Subject or by a person specially authorized for this purpose by the Data Subject, provided that this authorized person can prove his identity and the identity of the principal, his mandate as well as the duration and of the precise object thereof. The mandate must also specify whether the representative can be made the recipient of the response.

You also have in any event the right to lodge a complaint with the competent supervisory authority (in France, this is the National Commission for Computing and Liberties known as "CNIL": 3 place de Fontenoy, TSA 80715 - 75334 Paris Cedex 07; tel.: 01 53 73 22 22) if you believe that the Processing of your Personal Data is not carried out in accordance with the legal and regulatory provisions on Data Protection of a personal nature.

To understand your rights, you can also refer to the explanations provided by the Cnil here: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles.

We point out that in application of articles L.223-1 et seq. Of the Consumer Code, you can, if you are a consumer, object at any time to being canvassed by telephone, by registering for free on the site "www.bloctel.gouv.fr".