Privacy Policy - Acre

Privacy Policy

Last modified: November 25, 2024

Hectare Tech Ltd. (BVI) ("Hectare," "we," "us"), a subsidiary of Acre Foundation, provides this Privacy Policy to explain our practices regarding the collection, use, and disclosure of your personal information both online and offline. This Privacy Policy applies to the acre.fi website ("Website") and any websites, apps, or services that link to this Privacy Policy ("Services"), unless otherwise indicated. Your use of the Services is subject to this Privacy Policy, as well as the Terms of Use.

Hectare takes privacy very seriously and makes limited use of personal information in connection with the operation of the Services. Hectare limits the personal information that we collect to your email address, username, password, wallet address, referral codes, IP address, and other personal information that you choose to provide to us. Hectare only uses that personal information for the limited purposes described in this Privacy Policy. Hectare does not sell or otherwise monetize your personal information.

The purpose of this Privacy Policy is to help you understand Hectare's data privacy practices. It is important that you understand how your personal information is used, so that you can make an informed decision on whether you would like to access or use the Services and participate in the Acre network.

This Privacy Policy covers the following topics, which you can learn more about by clicking the links below:

Unless you are based in the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or the British Virgin Islands (BVI), by accessing or using the Services or participating in the Acre network, you agree to accept this Privacy Policy (including the ways we collect, use, and disclose your personal information). If you are based in the EEA, UK or Switzerland please see below for our policies and procedures regarding how we process your personal information here.

You can withdraw your consent to our collection, use, or disclosure of your personal information by contacting us using the contact information that is included in this Privacy Policy (see below). Please note that if you choose to withdraw your consent, we may not be able to provide you with certain services, products, communications, and opportunities, including access to and use of the Services and/or participation in the Acre network.

2. What Is Personal Information?

Personal information is any information relating to an identified or identifiable individual. Under certain laws that may apply to you, personal information may also include information that identifies a specific household or device.

3. Information We Collect

We may collect personal information from you based on the Services that you choose to access and use. The personal information that we may collect from you in connection with your use of the Services is as follows:

  • Publicly available blockchain data. When you connect your non-custodial blockchain wallet to the Services, we collect and log your publicly available blockchain address to learn more about your use for the Services and to screen your wallet for any prior illicit activity. We screen your wallet using intelligence provided by leading blockchain analytics providers. Note that blockchain addresses are publicly available data that are not created or assigned by us or any central party, and by themselves are not personally identifying.

  • Information from tracking technologies. We and our third-party service providers may access and collect information from cookies, web beacons, and other similar technologies to provide and personalize the Services and features of the Services for you across sessions. For example, we may use this information to remember tokens you import, star, or add to your shopping bag. We may also use this information to learn about your preferences, your use of the Services, and our interactions with you. Information we collect from these technologies may include things such as browser type, referring/exit pages, operating system, device or browser language, and other device information. We group and analyze these user journeys collectively, in the aggregate, to improve our product user experience.

  • Information from other sources. We may receive information about your wallet address or transactions made through the Services from our service providers in order to comply with our legal obligations and prevent the use of our Services in connection with fraudulent or other illicit activities.

  • Survey or usability information. If you participate in a survey or usability study with us, we will record any biographical information you directly provide to us, the responses you provide to us, and your interactions with the Services. For example, this may include your name, email, and job title. We will also record information about how you use our website and our products and services, including any referral codes that you have been provided by us in connection with your use of the Services.

  • Correspondence. We will receive any communications and information you provide directly to us via email, customer support, social media, or another support channel (such as Twitter, Telegram, or Discord), or when you participate in any surveys or questionnaires. This will include information you provide to us for technical support and feedback information, as well as your preferences in receiving marketing from us and our third parties.

  • Biographical information. If you apply for a job with us, we collect all information provided through our jobs forum, including name, email, phone, work and immigration status, and any other resume, cover letter, or free form text you include.

  • Information you provide to us. If you specifically provide us with information, including but not limited to your name, email address, Internet Protocol (IP) address, or similar identifiers (username, alias, or Discord ID), we may use that information for the purposes described when you provided it to us. You do not need to provide us with any personal data to use the Services.

  • Device information includes the device's hardware information, operating system, platform information, browser type, language information, and browser plug-in types.

The types of personal information that we collect will depend on what personal information you choose to provide to us based on your interactions with us, the Services, and the Acre network.

We may also collect certain non-personal information in connection with your use of the Services, including information about your use of the Services and participation in the Acre network, the operating system of your device, application IDs, the type and version of your browser, crash data and analytics, other device identifiers, and other information relating to the manner in which you access or use the Services or participate in the Acre network.

4. Use of Your Personal Information

We use the personal information that we collect to provide you with the functionality, features, and communications that are available through the Services and to enable us to manage, maintain, and develop our operations. Specifically, we may use your personal information for the following purposes:

  • managing our relationship with you, including by assisting you to create an account, communicate with us, and provide you with the Services that you request;

  • allowing you to participate in, subscribe to, and receive information, news, updates, and promotional materials from us and third parties;

  • complying with your requests and preferences regarding your use of the Services and the manner in which we communicate with you;

  • understanding your preferences and values so that we can tailor the Services and communications to you;

  • protecting us against error, fraud, theft, and damage to our Services, business, and property;

  • conducting research, analysis, evaluation, and development activities to understand the way the Services are used and to improve the Services, Acre network, and our general operations, including with respect to the development of new products, services, and opportunities; or

  • allowing us to comply with applicable laws and regulatory purposes.

For more information about how we use your personal information if you are based in the EEA, UK, or Switzerland (including the legal bases we may rely on to process it), please see additional information for users in the EEA, UK, or Switzerland.

5. Promotional and Transactional Communications

We will collect your consent prior to sending you promotional emails and other electronic messages (e.g. texts, direct messages), except where we are permitted under applicable laws to send you such messages without doing so. You can opt-out or unsubscribe from receiving promotional messages from us at any time. Promotional messages may include our newsletter and updates about our and our partners' businesses, products, and services.

As part of the Services, you will receive service-related transactional communications about your account and activities. For example, when you create an account or reset your password you may receive an email confirming the details of such activity. You may not opt-out of receiving these transactional communications.

6. Disclosure and Transfers of Personal Information

We may disclose your personal information in the manner and for the purposes that are described in the sections below.

  • Working with third parties. We work with third parties that provide services to us that help us facilitate one or more aspects of the products, services, communications, or features we offer to you through the Services. We may provide these third parties with your personal information directly, or they may collect your personal information from you on our behalf. These include providers of the following types of services:

    • Communication service providers. These service providers assist us in sending marketing and transactional communications to you. We share your email address with them to enable them to provide these services to us.

    • Information technology service providers. These service providers enable us to operate our services in a reliable manner by providing us with services such as data hosting and cloud computing resources.

    • Professional advisors. In limited cases, we may need to share personal information with our professional advisors, including external lawyers or financial advisors who help us ensure we are compliant with legal and financial obligations. Depending on the circumstances, we may share any of the personal information described in this Privacy Policy with them.

  • Business transactions. Your personal information described in this Privacy Policy may, depending on the circumstances, be disclosed to a third party in connection with a business transaction, including a change of ownership of Hectare or its affiliates, the sale of all or certain of our assets, or the grant of a security interest. We will take reasonable steps to ensure the third party that receives your personal information is bound by appropriate agreements requiring that your personal information is handled in a manner consistent with this Privacy Policy.

  • Legal requests or protecting rights and interests. We disclose your personal information if we determine such disclosure is necessary to comply with the law; protect our or others' rights, property, or interests (such as enforcing our Terms of Use); or prevent fraud or abuse of our network or service. Depending on the circumstances, we may share any of the information described in this Privacy Policy with such third parties.

Please note that, because we may disclose your personal information to third parties (including our service providers) as described in this Privacy Policy, your personal information may be collected, used, disclosed, and otherwise processed outside of your jurisdiction of residence. As such, your personal information may potentially be accessible to law enforcement and national security authorities of another jurisdiction where local laws provide for a different level of protection for personal information. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security agencies in those other countries may be entitled to access your personal information.

If you would like further information about our policies and practices regarding the transfer and storage of your personal information, including disclosures to third parties such as our service providers, please contact us using the details below. If you are in the EEA, UK, or Switzerland, you can find out more about these transfers and the legal frameworks we rely upon for transfers outside of the EEA, UK, and Switzerland.

Unless you are based in the EEA, UK, or Switzerland, by providing your personal information to us, you consent to disclosure of this information to our service providers (and other third parties) as described in this Privacy Policy, including those located outside of your jurisdiction of residence.

7. Aggregated Data

We may disclose aggregated non-personal information and related usage information, which does not contain personal information that directly identifies you, to third parties, including our customers, clients, partners, advertisers, service providers, vendors, suppliers, and content providers.

8. Retention of Personal Information

We do not keep your personal information forever. We retain your personal information for as long as reasonably necessary to complete our business with you, or as may be required by law, whichever is longer. We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, protect us in the event of disputes, enforce our agreements, and protect our and others' interests.

The precise periods for which we retain your personal information vary depending on the nature of the information and the purposes for which we use it. Factors we consider include any minimum retention period required by applicable or recommended best practices and the period during which a claim can be made with respect to an agreement or other matter.

9. Security and Protection of Personal Information

We maintain commercially reasonable physical, technological, and procedural safeguards that are appropriate based on the sensitivity of the personal information in question. These safeguards are designed to prevent your personal information from loss and unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction.

Please advise us immediately of any incident involving the loss of, unauthorized access to, or disclosure of your personal information that is relevant to your use of the Services.

Under applicable data protection laws such as the General Data Protection Regulation ("GDPR"), you may have certain rights in relation to our processing of your personal information. Please note that these rights are not absolute, and we may be entitled or obliged to refuse requests where exceptions or exemptions apply under applicable law.

Some of these rights, which may apply (depending on your jurisdiction) include the right:

  • to obtain access to, and copies of, the personal information we hold about you;

  • to require us to correct the personal information we hold about you if it is incorrect;

  • to require us to erase your personal information in certain circumstances;

  • to require us to restrict the scenarios in which we process your personal information in certain circumstances;

  • to withdraw your consent (where we relied upon it) to processing of your personal information, although the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal;

  • to require that the processing of personal information for the purposes of direct marketing cease or not begin;

  • to object, on grounds relating to your particular situation, to any of our particular personal information processing activities where you believe this has a disproportionate impact on you;

  • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting such personal information to another data controller; and

  • to lodge a complaint with a supervisory authority (such as your local supervisory authority where you reside).

If you want to exercise your rights, please contact us to do so. We may request specific information from you to enable us to confirm your identity, if necessary, as well as to search for and provide you with the personal information that we hold about you. If you require assistance in preparing your request, please contact us.

Unless you are based in the EEA, UK, or Switzerland or you advise us otherwise, through the access and use of the Services, you have consented to the collection, use, and disclosure of your personal information as explained in this Privacy Policy.

The Services may contain links to other websites with less stringent privacy standards. These links are provided for your convenience only, and you assume all risk in clicking links to other websites. We do not assume any responsibility for the privacy practices, policies, or actions of the third parties operating such websites. We are not responsible for how third parties collect, use, or disclose your personal information. You should review the privacy policies of third party websites before providing them with personal information.

13. Cookies and Automatic Data Collection

Our website may use automatic data collection technologies to distinguish you from other website users. This helps us deliver a better and more personalized service when you browse our website. It also allows us to improve our website by enabling us to:

  • Estimate our audience size and usage patterns,

  • Store your preferences to customize our website according to your individual interests, and

  • Recognize you when you return to our website.

The technologies we use for automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer.

  • Web beacons, pixel tags, clear gifs. Our website pages and emails may contain small transparent embedded images or objects known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors or email readers, or to compile other similar statistics such as recording website content popularity or verifying system and server integrity.

Opt-out preference signals or Global Privacy Controls (GPC) provide consumers with a simple and easy-to-use method by which consumers interacting with us online can automatically exercise their opt-out of sale/sharing rights. We will process any opt-out preference signals that meet the following requirements:

  • A signal that is in a format commonly used and recognized by businesses; and

  • The technology or mechanism sending the opt-out preference signal makes clear to the consumer that the use of the signal is meant to have the effect of opting the consumer out of sale and sharing of their personal information. For example, such technology or mechanism may be an HTTP header field, JavaScript Object, or most commonly, a browser tool or extension that allows users to send the opt-out signal.

14. Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time. These changes may be made as a result of changes to our legal obligations or the ways in which we collect, use, disclose, or otherwise process your personal information.

We will post an updated version of our Privacy Policy on our website when we make changes and may also notify you of any changes made in other ways if we are required to do so by applicable law. We encourage you to check this Privacy Policy for updates on a regular basis.

15. Contact Information

If you have any questions or concerns regarding this Privacy Policy, you should contact us at [email protected].

If you choose to communicate with us via email, please be aware that email is not a 100% secure medium for sending any personal or confidential information to us.

16. Additional Information for Users in the EEA, UK, or Switzerland

This section is applicable to you only if you are in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland. If there is any inconsistency in this Privacy Policy between this section and the rest of the Privacy Policy, this section will govern if you are based in the EEA, UK, or Switzerland.

For the purposes of: (1) the GDPR, as it applies both in the EEA and the UK; and (2) Swiss data protection law, Hectare is a data controller and can be contacted using the details provided in this Privacy Policy.

Hectare is a data controller subject to the GDPR only insofar as we are offering goods or services to individuals in the EEA or the UK or where the Services may be used to monitor individuals' behavior as far as their behavior takes place in the EEA or the UK.

  • Our legal bases for using personal information. Data controllers need a lawful basis to collect and use your personal information.

We describe below the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose). We also list the categories of your information that we process for each purpose and the legal basis we rely upon to do so.

Processing Activity/Purpose Lawful Basis Categories of Data Processed
Manage our relationship with you, including by assisting you to create an account, communicate with us, and provide you with the services that you request Performing our contract with you
  • Account information
  • Information provided when you contact us
Understand your preferences and values so that we can tailor communications to you Legitimate interests (specifically, our legitimate interest in understanding user preferences so we can send marketing communications considered likely to be of interest to them)
  • Account information
  • Information provided when you contact us
Allow you to participate in, subscribe to, and receive information, news, updates, and promotional materials from us and third parties Consent or, where consent is not required under applicable law, legitimate interests (specifically, our legitimate interest in sending you marketing communications (e.g. about news, products, services and us) considered likely to be of interest to you)
  • Account information
  • Information provided when you contact us
Comply with your requests and preferences regarding your use of the Services and the manner in which we communicate with you Performing our contract with you
  • Account information
  • Information provided when you contact us
Understand your preferences and values so that we can tailor the Services to you Legitimate interests (specifically, our legitimate interest in understanding how users use the service to develop and tailor new features)
  • Account information
  • Information provided when you contact us
Protect us against error, fraud, theft, and damage to the Services or our business or property Legitimate interests (specifically, our legitimate interest in preventing error, fraud, theft, and damage to our Services, business, and property)
  • Account information
  • Information provided when you contact us
Conduct research, analysis, evaluation, and development activities to understand the way the Services are used and to improve the Services, Acre network, and our general operations, including with respect to the development of new products, services, and opportunities Legitimate interests (specifically, our and our users’ legitimate interest in evaluating the use of our services to inform the development of future features and improve product direction and development)
  • Information provided when you contact us
  • Technical, device & usage information
Allow us to comply with applicable laws and regulatory purposes Legal compliance or, in respect of laws from outside of the applicable region, our legitimate interest in complying with applicable laws and regulatory purposes
  • Account information
  • Information provided when you contact us
  • Technical, device & usage information
  • Data transfers outside of the EEA, UK, and Switzerland. When providing you with access to and use of the Hectare Services, we may transfer your personal information outside of the EEA, UK, and Switzerland, including to the United States. This means your personal data will not have the automatic protection of data protection laws, including the GDPR, which apply in the EEA, UK, and Switzerland. We rely upon a number of legal frameworks to transfer personal information in such cases. These include:

    • Adequacy decision. We transfer, in accordance with Article 45 GDPR (or equivalent), personal information to recipients in a country that the European Commission, UK, or Swiss data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection for transferred data ("adequacy decision"). We rely on these adequacy decisions to transfer personal information to recipients located in countries such as the United States, UK, EEA, and Canada. The adequacy decisions are available at the following links:

    • Data privacy frameworks. We transfer personal data, in accordance with Article 45 GDPR (or equivalent) from the EEA, Switzerland, and the UK to recipients in the US that have certified to the EU-US and Swiss-US Data Privacy Frameworks and the UK Extension to the EU-US.

    • Standard data protection clauses ("SCCs") and other transfer methods. For countries without an adequacy decision, we transfer, in accordance with Article 46 GDPR (or equivalent), personal information to recipients that have entered into the European Commission, UK, or Swiss approved form of transfer contract (SCCs) for the transfer of personal data. We rely on SCCs to transfer personal information to recipients located in countries such as the British Virgin Islands and the Bahamas. We may, where there is no adequacy decision, alternatively make a transfer based upon Article 46 GDPR (or equivalent) using alternative appropriate safeguards such an approved certification mechanism or code of conduct or binding corporate rules or based upon a derogation provided under law (such as Article 49 GDPR). The European Commission approved SCCs are available here, and you can request a copy of the SCCs we use from us by using the contact details above.