Effective Date: August 23, 2023
LEGAL NOTICE
Anima.io is an internet-based service offered by Synaps Smart System, a simplified joint-stock company duly registered in the Paris Trade and Companies Register under the registration number 898 694 575. Our principal offices are situated at 9 Rue des Colonnes, 75002 Paris, France, and we are hereinafter referred to as "the Company". The purpose of this legal notice is to furnish comprehensive information about the handling of personal data by the Company, with specific reference to the Anima.io product. Within the Anima.io platform, there is the potential for utilisation of the Proof of Personhood (PoP) feature, a solution developed and managed by Anima for the purpose of validating the true uniqueness of our users.
Introduction:
The Proof of Personhood (The “Service”) prioritises your privacy and the secure use of our services. This Privacy Policy outlines how we collect, use, and protect your data, demonstrating our unwavering commitment to safeguarding your personal information. Please read this Privacy Policy carefully to understand your rights and our operational procedures.
We reserve the right to update or modify this privacy notice in response to legal changes, updates in our data collection and usage practices, evolving service features, or technological developments.
1. Definitions:
Where drafted in upper case, the following definitions are applicable to the entire Privacy Policy.
Personal Data, Data: refers to any information relating to an identified or identifiable natural person, as defined in Article 4 of the GDPR.
Anima, We, Us, Our: refers to the Company, as identified in the first page.
Users, You, Your: refers to any data subject to the collection and processing of Personal Data by the Company.
PoP, POP : Proof of Personhood
Unless stated otherwise, definitions stated in the singular shall have the same meaning in the plural form.
Any term defined in Article 4 of the GDPR and mentioned in this Privacy Policy shall have the same meaning.
2. Data collection:
To the maximum extent allowable under relevant Data Protection Laws, when you provide consent for Anima to collect Biometric Data, Anima gathers face geometry data points through a 3D face scan, which are used for Uniqueness Checks, as well as liveness data (referred to as "Biometric Data").
In order to collect the Biometric Data, we may seek your permission to access your device's camera. Should you need to adjust these permissions, you can do so within your device's settings.
The process of a Uniqueness Check involves the User participating in a FaceScan procedure where they submit a live facial image. This image is processed through the Service, resulting in the generation of a Face Graph.
The Face Graph is a privacy-preserving encrypted vector graph containing no biometric data. Your Face Graph is extracted from your face scan and is therefore unique from one user to another. It cannot be used to recreate your face.
It's important to note that Anima does not collect any personally identifiable information that could be used to connect the Biometric Data with the identity of a specific User. Anima exclusively compiles face geometry data points that cannot be linked to the personally identifiable information of any User.
The POP is off-limits to individuals under the age of eighteen (18), commonly referred to as "Minors." Anima is firmly dedicated to avoiding any purposeful or informed collection of Biometric Data from Minors. If you are a parent or legal responsible of a Minor and suspect or have information about a Minor furnishing us with Biometric Data, we urge you to reach out to us without delay at [email protected]
In situations where we come to the knowledge of Biometric Data being acquired from Minors, regardless of the presence or absence of parental consent verification, we will promptly notify parents or legal responsible of various ways to erase such data to the best of our abilities, following the guidelines outlined in this Privacy Notice.
By using the Service and submitting your Biometric Data, you are granting us your consent to process and collect such Biometric Data without storing it, in accordance with the storage and retention guidelines detailed below for the duration of your engagement with us or as otherwise permitted by law.
To the fullest extent permitted under applicable Data Protection Laws, we may also collect the following data and information, referred to as "Personal Data," including :
* Information about how you access and use our Service (Ip address, wallet address)
To clarify, it's important to note that none of the information we may collect, as mentioned above, can be linked to any Biometric Data.
3. Purpose of Data collection:
Our primary objective in collecting Personal Data is to confirm the authenticity of your personhood and ensure that you are indeed a real human user.
To achieve this, we use the biometric data, specifically facial features, to create an unique and abstract encrypted vector graph known as a "Face Graph".
The collection of Personal Data is carried out with the aim of improving the User experience by gaining insights into your interactions with the Service, ultimately facilitating the resolution of bugs and issues.
4. Data Usage:
The collected data serves the exclusive purpose of confirming your Proof Of Personhood.
It's important to emphasise that the facial scan is solely employed in the generation of your Face Graph, with no retention of your actual facial image during this procedure. Subsequently, the Face Graph is encrypted, and securely stored to ensure the utmost level of protection.
5. Retention and Storage of Data:
The Biometric data is completely erased right after concluding the Liveness Detection process and the creation of your Face Graph. Biometric data are never stored during and after the process.
We will store your Face Graph as long as You use the Service.
Your Face Graph is stored on the decentralised cloud storage Storj.
The Face Graph is encrypted by design. . The face Graphs are stored on confidential computing technology-enabled services provided by Storj decentralised Cloud Storage Providers (the “Servers”), making it inaccessible to Storj, Anima and third parties.
Personal Data is stored on cloud storage as long as You use the Service.
6. Data Security:
We take all reasonable precautions and follow industry best practices to protect your Personal Data from loss, misuse, unauthorised access, disclosure, alteration, or destruction.
Concerning security measures across all operating systems, our practices encompass the following:
• Vigilant monitoring of all operational machines;
• Conducting daily vulnerability assessments;
7. Data deletion:
Should you decide to delete your PoP or terminate our relationship in any way, please note that we will ensure the complete removal of your Data and Personal Data, with no retention whatsoever.
8. Data transfera:
The Company acts as a data controller regarding Your Personal Data. We may share Your Personal Data with:
The services providers involved in the provision of the Service. As Our subcontractors, such service providers may have access to Your Personal Data for the sole purpose of carrying out the specific tasks assigned to them. We will ensure that contractors provide adequate safeguards for the performance of the assignment and comply with applicable laws and regulations. Administrative or judicial authorities, to verify the proper use of the Data by the Company or for the purposes of an investigation, in compliance with applicable law. We always verify the legitimacy of the request.
In any event, We will only disclose Your Personal Data to the above-mentioned recipients on a strict need-to-know basis and only to the extent necessary to achieve the identified processing purposes.
When possible, the Data We collect from You is stored and processed at data centers in the European Union. However, in the cases set forth above, your Data may be transferred to countries located outside of the European Union who provide an equivalent level of protection. In the event of transfer to other countries, the protection of your Data will be ensured by adequate safeguards such as the signature of standard contractual clauses approved by the European Commission.
9. Your rights:
You are informed that You have the following rights regarding the processing of Your Personal Data, under the conditions provided for in Articles 15 to 22 of the GDPR:
A right of access to the Personal Data that We collect;
A right to the rectification and/or erasure of the Personal Data We collect;
A right to the restriction of the processing that We make;
A right to Personal Data portability.
According to French privacy laws (Articles 84 to 86 of Act n°78-17 of 6 January 1978), You also have the right to specify instructions defining how We shall manage Your Personal Data after Your death under the conditions of such law.
Although You have rights, the exercise of such rights is not unlimited; each of the rights offered by the GDPR may be subject to specific conditions. This being said, in order to exercise their rights or for any question on privacy, Users shall make a request accompanied by a proof of their identity by email at [email protected] or by post at 9 Rue des Colonnes, 75002 Paris, France.
We will process the requests within a reasonable timeframe taking into account the complexity and the number of requests. We shall strive to reply without undue delay and at the latest within one month of receipt of the request. We may extend this period if Your request is particularly complex or if You have made several requests. In this case, We will notify You and keep You updated.
The exercise of the rights offered by the GDPR are in practice free. However, where Your requests may involve important costs, You may have to bear some of them.
Finally, Users have the option to refer to the competent supervisory authority, the French Commission Nationale Informatique et Libertés (“CNIL”), in order to submit a claim. Contact information of the CNIL can be found on its website
10. Cookies policy:
A cookie is a small computer file playing the same role as a tracker, stored and read for instance at the moment where a website is visited, an email is read or a mobile app is used, whatever the device used.
In compliance with EU privacy regulations, Users are informed that “non-essential” cookies may be deposited on their device without their consent. Non-essential cookies include (i) cookies having as their essential purpose to allow or enable electronic communications and (ii) are strictly necessary for the provision of online communication service.
The cookies that We use have defined expiration times; unless You visit Our website within that time, the cookies are automatically disabled and retained Data is deleted.
11. Changes to privacy Notice:
We reserve the right to modify this Privacy Notice, and any changes will be publicly posted on our platform.
For any questions or concerns regarding your privacy or this Privacy Policy, please contact our data protection officer at [email protected]