PRIVACY POLICY
OF TIPNANO MOBILE APPLICATION

Last updated August 12, 2021

§ 1. GENERAL PROVISIONS AND DEFINITIONS

1. Blue Dragonflies Sp. z o.o. with its seat in Gogolin (47-320), ul. Malińska 1, for which the District Court in Opole, VIII Commercial Division of the National Court Register maintains registration files under the following number: 0000896949, NIP (tax identification number): 1990126320, REGON (statistical identification number): 388744895, with the share capital of 5,000.00 PLN, is the controller of the personal data collected via TipNano mobile application.
2. The Controller may be contacted via e-mail at: support@tipnano.org.
3. Definitions:
   1. Cookies – refer to IT data, particularly small text files that are saved and stored on the devices through which the User uses the mobile application;
   2. Personal data – information about an identified or identifiable natural person. An identifiable natural person is a person that may be directly or indirectly identified, and in particular on the basis of an identifier such as their name and surname, identification number, location data, Internet identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
   3. Profiling – means any form of automated processing of personal data that consists in using personal data to assess certain personal factors of a natural person, in particular to analyse or forecast aspects relating to the work effects of that natural person, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement;
   4. Processing – means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organising,arranging, storage, adaptation or modification, downloading, viewing, use, disclosure by transmission, distribution or any other means of making available, matching or merging, limiting, deleting or destroying;
   5. Application – refers to TipNano mobile application
   6. Device – an electronic device that allows data to be processed, received and sent such as a smartphone, tablet, and mobile phone used by the User to access the Application;
   7. User – means an entity to the benefit of whom services may be provided by electronic means in accordance with the law or with whom acontract on the provision of services by electronic means may be concluded.
   8. Terms and Conditions – refer to the document that sets out the terms and conditions of use of the Application, available at tipnano.org/privacypolicy.html
   9. Faucet – a default feature of the Application specifically governed by §4 of the Terms and Conditions;
   10. Rewarding faucet – afeature of the Applicationspecifically governed by §5 of the Terms and Conditions;
   11. Providers – third parties that provide content available as part of the Rewarding faucet feature, consisting particularly of offers, games, surveys and advertisements;

§ 2. LEGAL BASIS AND PURPOSES OF THE PROCESSING OF USER DATA

1. Personal data collected by the Controller shall be processed in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), the Act of 10 May 2018 on the protection of personal data (Journal of laws from 2019, item 1781) and the Act of 18 July 2002 on the provision of services by electronic means (OJ L 2020, item 344).
2. The Controller processes personal data provided or made available by the User in connection with the use of the Application, for the purposes of:
   1. the conclusion and execution of a contract on the provision of services by electronic means and the Application functionalities (scope of data: IP addresses, Nano wallet address, e-mail address, telephone number and other necessary details of the Device used by the User - pursuant to Article 6(1)(b) of the GDPR, i.e. due to the fact that the processing is necessary for the performance of a contract, to which the data subject is a party,
   2. informing the Users of the matters related to the functioning of the Application (scope of data: e-mail address, details of the Device used by the User) - pursuant to Article 6(1)(b) and (f) of theGDPR, i.e. due to the fact that the processing is necessary for the performance of a contract, to which the data subject is a party, and due to the fact that it facilitates the pursuit of objectives arising from legitimate interests pursued by the Controller or by a third party,
   3. asserting claims and defending rights (scope of data: any and all data obtained from the User necessary to prove the existence of a claim or to defend a right - pursuant to Article 6(1)(f) of the GDPR, i.e. due to the fact that the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party,
   4. the fulfilment of the legal obligations incumbent on the Controller in connection with running a business (scope of data: any and all data received from the User) - pursuant to Article 6(1)(c) of the GDPR, i.e. due to the fact that the processing is necessary to fulfil the legal obligation incumbent on the Controller,
   5. conducting own marketing and promotional activities (scope of data: any and all data received from the User), pursuant to Article 6(1)(f) of the GDPR,
   6. marketing and promotional activities on the basis of separate consent (Article 6(1)(a) of the GDPR),
   7. electronic transmission of commercial information in accordance with article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means (OJ 2017, item 1219, as amended), including sending notifications (scope of data: any and all data received from the User), on the basis of separate consent (Article 6(1)(a) of theGDPR).

§ 3. DATA COLLECTED BY THE APPLICATION CONTROLLER

1. The Application Controller collects or may collect the following personal data through the Application or when contacting the User directly:
   1. identification and contact details (e-mail address, telephone number),
   2. Nano wallet details,
   3. details of the device used by the User (for example IP address, type of device, make of device, model of device, name of device, device language),
   4. details on the User’s use of VPN software or a device with a modified operating system (for example Emulator or Root)
   5. other data voluntarily provided by the User when contacting theController, including the details of the User’s device, correspondence data, and other data not listed above.
2. Browsing the content of the Application does not require the User to provide personal data other than theautomatically retrieved connection parameters.
3. As part of the Faucet functionality, the Application Controller collects the following personal data:
   1. e-mail address,
   2. Nano wallet address,
   3. IP addresses
   4. other necessary details of the Device used by the User.
4. As part of the Rewarding Faucet functionality, the Application Controller collects the personal data referred to in § 3(3) and the telephone number of the User.
5. The Controller warns that,in the course of using the Rewarding Faucet functionality and Referral Program, the Providers may also process the User’s personal data based on their own privacy policies.

§ 4. PROFILING OF THE DATA COLLECTED

The Controller represents that it does not use profiling to process personal data. However, the Controller warnsthat the Providers of offers, games, surveys, and advertisements as part of the Rewarding Faucet functionality may process and profile the personal data collected.

§ 5. THE PROCESSING TIME OF PERSONAL DATA

1. Personal data will be processed for the period of time:
   1. necessary for the performance of a contract on the provision of services by electronic means as defined in the Terms and Conditions, concluded through the Application, including after the contract executiondue to the fact the parties may exercise their contractual rights as well as due to possible recovery of receivables - until the expiry of the limitation period for any such claims;
   2. until the revocation of the consent granted or the objection to the processing of data - in cases where the personal data of the User have been processed on the basis of separate consent;
2. The Controller shall also store the personal data of the Users when it is necessary to fulfil the Controller’s legal obligations, resolve disputes, enforce Users’ obligations, maintain security, prevent fraud and abuse.

§ 6. USER RIGHTS

1. The Controller shall ensure that the Users may exercise the rights referred to in item 2 below. In order to exercise the rights, the User shall send an appropriate demand (an appropriate request) via e-mail to: support@tipnano.org or via mail to: ul. Malińska 1, 47-320 Gogolin, Poland.
2. The User shall have the right:
   1. of accessto the data content - pursuant to Article 15 of the GDPR,
   2. to rectify/update the data - pursuant to Article 16 of the GDPR,
   3. to erasure of the data-pursuant to Article 17 of the GDPR,
   4. of restriction of processing of the data - pursuant to Article 18 of the GDPR,
   5. to transfer the data - pursuant to Article 20 of the GDPR,
   6. to object to the data processing - pursuant to Article 21 of the GDPR,
   7. to withdraw the consent granted at any time, provided thatthe withdrawal of consent shall not affect the lawfulness of the processing, which has been done on the basis of theconsent prior to its withdrawal - pursuant to Article 7(3) of the GDPR,
   8. to file a complaint to the supervisory authority, i.e. the President of the Office for the Protection of Personal Data - pursuant to Article 77 of the GDPR.
3. The Controller shall process the requests without undue delay, however not later than within one month from their receipt. If, however - due to the complexity of a request or the number of requests - the Controller is unable to process the User's request within the specified time limit, the Controller shall inform the User of the intended extension of the time limit and shall indicate the time limit for processing the request, however not longer than 2 months.
4. The Controller shall inform each and every recipient, to whom personal data have been disclosed, of the rectification or erasure of personal data or of the restriction of processing, as requested by the User, unless this proves impossible or requires disproportionate efforts.

§ 7. NECESSITY OF DATA PROVISION

1. The provision ofpersonal data through the Application is voluntary, yet necessary if the User wants to benefit from the full functionality of the Application, in particular the Faucet, Rewarding Faucet or Referral Program.
2. Where personal data are provided for the purpose of concluding a contract with the Controller, the data provision constitutes the condition for concluding such a contract. The provision of personal data in this case is voluntary, however failure to provide such data will disable the possibility to conclude acontract with the Controller.

§ 8. INFORMATION SHARING

1. For the purpose of executing the contract, the Controller may share data collected from the Users with various entities, including employees, co-workers, legal and IT service providers, and the Providers. Furthermore, the Controller shall make the personal data collected available to the entity, with which it has concluded an agreement on the entrustment ofpersonal data processing.
2. In such cases, the amount of the data transmitted shall be limited to the minimum necessary. Additionally, the information provided by the Users may be made available to the relevant public authorities, limited to the situation where it is required by applicable laws.
3. The personal data processed shall not be provided externally to recipients not indicated above in a form that would allow any identification of the Users, unless the User has granted consent to the specific sharing of the data.

§ 9. TECHNICAL MEASURES

1. The Controller shall use its best efforts to secure andprotect the User data from any actions by third parties, and shall supervise the data safety throughout the entire period of owning such data in such a manner as to protect the data against unauthorised access, damage, distortion, destruction or loss.
2. The Controller uses the necessary server, connection, and Website security measures. Nevertheless, the actions taken by the Controller may not be sufficient if the Users do not follow the security rules..

§ 10. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

1. The personal data of the Users shall not be transferred to countries outside the EEA. The Controlleruses servers located in the EEA countries for the purpose of storing such data.
2. The Controllerwarns that the Providers of offers, games, surveys and advertisements as part of the Rewarding faucet feature may process and transfer personal data outside the European Economic Area.

§ 11. DATA PROCESSORS ACTING ON BEHALF OF THE CONTROLLER

The personal data of the Users may be entrusted to portals running the Controller’s marketing campaign for the purpose of being processed on behalf of the Controller. Each processor shall be obliged to ensure the security of data processing and the compliance with the rules for personal data processing to the extent identical to that of the Controller.

§ 12. COOKIES

The Controller does not collect any cookies associated with the User’s Device. However, the Controller warns that the Providers of offers, games, surveys, and advertisements as part of the Rewarding faucet feature may collect cookies based on separate consent granted by the User.

§ 13. CHANGE OF THE PRIVACY AND COOKIE POLICY

1. The Controller has the right to change this document and the Users shall be notified of any such changes in a manner allowing the Users to familiarise themselves with the changes before they enter into force, for example by posting the relevant information in the Application and on the Controller's website, and in the case of substantial changes, by sending a notification to the e-mail address specified by the User.
2. Should the User have any objections to the changes made, the User may request the deletion of their personal data in the Application. The continued use of the Application after the publication or notification of changes to this document shall be considered to be consent to the collection, use and sharing ofthe User personal data according to the updated content of the document.
3. This document shall not restrict any rights granted to the User in accordance with generally applicable laws.

§ 14. ADDITIONAL PROVISIONS

1. In the performance of the obligations of the Providers, The Controller hereby includes the content of the statements related to the processing of personal data by the Providers:
2. Survey Serving Technology: This app uses Pollfish SDK. Pollfish is an on-line survey platform, through which anyone may conduct surveys. Pollfish collaborates with Developers of applications for smartphones in order to have access to users of such applications and address survey questionnaires to them. When a user connects to this app, a specific set of user’s device data (including Advertising ID which will may be processed by Pollfish only in strict compliance with Google play policies- and/or other device data) and response meta-data is automatically sent to Pollfish servers, in order for Pollfish to discern whether the user is eligible for a survey. For a full list of data received by Pollfish through this app, please read carefully Pollfish respondent terms located at https://www.pollfish.com/terms/respondent. These data will be associated with your answers to the questionnaires whenever Pollfish sents such questionnaires to eligible users. By downloading the application you accept this privacy policy document and you hereby give your consent for the processing by Pollfish of the aforementioned data. Furthermore, you are informed that you may disable Pollfish operation at any time by using the Pollfish “opt out section” available on Pollfish website. We once more invite you to check the respondent’s terms of use, if you wish to have more detailed view of the way Pollfish works. APPLE, GOOGLE AND AMAZON ARE NOT A SPONSOR NOR ARE INVOLVED IN ANY WAY IN THIS CONTEST/DRAW. NO APPLE PRODUCTS ARE BEING USED AS PRIZES.