Effective Date: November 23, 2023

Preamble

At Web3 Digital Wallet, we are unwavering in our commitment to safeguarding personal data, and we operate in strict compliance with the General Data Protection Regulation (GDPR) to protect the privacy of our users. This Privacy Policy serves as a testament to our dedication to secure the Personal Data of users of the altme.io website and the ALTME mobile application. It provides a comprehensive understanding of how data is collected, processed, and protected.

Definitions

To ensure clarity, here are some definitions of key terms used throughout this Privacy Policy:

• Service/s: Refers to the website altme.io (the “Website”), a backend platform and client applications (collectively, “Altme Platform”), a mobile application called ALTME Wallet (the “Wallet”), and any other online products and services provided by ALTME.
• Cookie: A small file associated with a web domain that is stored on your device for subsequent interactions with the same domain.
• Personal Data: Information, whether on its own or combined with other data, that identifies or is identifiable to an individual.
• Retention Period: The duration for which data is held, either mandated by law or determined by the data controller, after which it may be securely disposed of.
• Purpose: The specific objective behind the processing of Personal Data.
• Verifiable Credential: Standardized digital certificates issued to verify specific properties about an individual. In the context of Altme, these credentials encompass age, identity, name, nationality, gender, humanity, email, and phone number.
• DIDs (Decentralized IDentifiers): New types of identifiers that enable verifiable, decentralized digital identity. The Wallet and the ALTME Platform create DIDs on your behalf.
• Cryptographic Keys: Key pairs created by the ALTME Wallet, consisting of one public key and one private key. Public keys are linked to your DIDs and published on a designated blockchain network.
• Secrets: Any private key or security code chosen by you or automatically generated by the Service.
• Data Subject (or User): An individual whose Personal Data is being processed. Altme users are considered Data Subjects in this policy.
• Data Controller: The entity responsible for determining the why and how of data processing.
• Data Processor (or Service Provider): A party that processes data on behalf of the Data Controller.
• Processing of Personal Data: Encompasses all operations, automated or not, related to Personal Data.
• Transfer of Personal Data: Any action involving the transmission, communication, copying, transmission, broadcasting, or provision of remote access to Personal Data, regardless of the medium or method of communication.
• Personal Data Breach: Any unauthorized or accidental incident leading to the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to Personal Data.

Categories of Data Subjects Affected by the Processing

The individuals affected by the processing of Personal Data are the users of the Altme wallet mobile app edited by Web3 Digital Wallet.

Data Controller

1. Altme Mobile Application:

Web3 Digital Wallet is the provider of the Altme mobile application, which empowers users to create and manage digital credentials for identity verification, age verification, email validation, phone number verification, and humanity verification.

2. Altme Service:

When using Altme, the entity employing the service acts as the Data Controller, as they define the purpose and methods of data processing, in line with Article 4(7) of the GDPR.

Any inquiries or requests related to data collected via the Altme service should be directed to the respective website using the Altme wallet to verify users. It is the Data Controller's responsibility to inform its users about the regulatory requirements outlined in Articles 13 and 14 of the GDPR, including the authorized Purposes of Processing under the Altme service. Furthermore, the Data Controller must ensure the legality of their data collection methods in relation to their operations and the information provided by Web3 Digital Wallet.

Data Processor (or Service Providers)

Web3 Digital Wallet, a company headquartered in France (SIREN 910 399 435, RCS Chartres) at 112 RUE DES TUILERIES 28260 SAINT-OUEN-MARCHEFROY, France, is responsible for processing your data.

Consent

Altme is a decentralized crypto identity wallet designed to empower users to manage verifiable credentials and digital assets securely. By providing your personal information to Altme or its agents, you acknowledge and agree to the collection, usage, and disclosure of your personal data as outlined in this Privacy Policy and in accordance with your confidentiality preferences, as permitted or required by law. You retain the right to refuse or withdraw your consent for specific purposes, subject to legal and contractual obligations. Refusing or withdrawing consent may impact our ability to provide certain services or information.

Information Collection and Use

By reading and accepting this Policy, you are informed of the circumstances in which your Personal Data will be processed in relation to the Service. Your free, informed, specific, and unambiguous consent will be requested for the processing of Personal Data provided through the Service. The data requested through the Service are generally mandatory (unless otherwise specified) to fulfill the purposes for which they are collected.

What Personal Data Does ALTME Access About You?

We may collect your Personal Data from different sources:

Data That You Provide to Us:

• Identity Data: Your first name, last name, date of birth, nationality, and postal address.
• Face Data: Selfie, video selfie, and 3D liveliness data used for identity verification.
• Identity Verification Collaboration: Web3 Digital Wallet collaborates with DOCAPOSTE (https://www.docaposte.com/en/solutions/id360), a third-party company, to authenticate identity documents. This process involves facial recognition using face data and the issuance of verifiable credentials such as Firstname, Lastname, Age, Gender, Nationality, and Humanity (Proof of personhood). Additionally, Talao uses artificial intelligence (AI)-powered age estimation credentials through YOTI (https://yoti.com).
• Contact Data: Telephone number and email address.
• Correspondence Data: Feedback, problems with the Service, received customer support, or otherwise corresponded with us.
• Payment Data: Your credit card number, bank account number, and any other payment-related information, blockchain crypto addresses. 

Data That We May Collect Automatically:

• Technical Data: Depending on the services your Decentralized Identifiers (DIDs), public keys, and your unique device identifier.
• Browsing Data: The Service may automatically detect your IP address, domain name, unique device identifier, device and browser type, operating system, demographic information, the pages of our Sites you browsed, the time spent on those pages or features, the frequency with which the Sites are used by you, search terms, the links on our Sites that you clicked on, and other statistics. We use this information to administer the Service and analyze it with the purpose of improving the Service.

Information We Will Never Collect

We will never ask you to share your Secrets as private keys, PIN code or other code. 

Scope of Privacy Policy

This Privacy Policy governs the collection, usage, and disclosure of personal information for users of the altme website and mobile application.

Purpose of Data Processing

The altme.io website and Altme mobile application enable visitors and users to perform various types of verifications, including:

• Identity Verification: Web3 Digital Wallet collaborates with DOCAPOSTE (https://www.docaposte.com/en/solutions/id360), a third-party company, to authenticate identity documents. This process involves facial recognition (3D liveliness) and the issuance of credentials for Firstname, Lastname, Age, Gender, Nationality, and Humanity (Proof of personhood) verifications. 
• Identity Verification Using Face Data: Web3 Digital Wallet ensures secure identity verification through collaborations with trusted providers: DOCAPOSTE: Processes facial recognition data for the issuance of identity-related credentials. YOTI: Uses face data to provide age estimation using artificial intelligence.
• Email Validation: Altme validates users' email addresses by sending secret codes via email.
• Phone Number Verification: Altme confirms the validity of users' phone numbers by sending secret codes via SMS.

All face data collected during these verifications is handled securely and deleted according to the providers' policies to ensure compliance with GDPR and protect your privacy.

Purposes of Collecting Personal Information

We collect your personal information with the primary objective of providing the product, service, or information you have requested. 

For example:

• We collect email addresses to issue certificates verifying the validity of users' email addresses.
• Identity data is collected to issue certificates that provide verification of identity, age, and other relevant information.

Please note that the information collected for certificate issuance is not retained; it is only kept during the process of verifiable credential issuance.

Storage of Personal Information

Your personal information is securely stored on your smartphone in the form of signed files. Altme does not retain personal data used to issue identity credentials. For credentials produced with the assistance of third-party companies like Docaposte or Yoti, please refer to their respective terms and conditions regarding data retention.

Storage of Face Data by Third-Party Providers

Your personal information is securely stored on your smartphone as signed files. Talao does not retain personal data used for issuing credentials. For specific verifications, face data is temporarily collected and stored by:

- YOTI: Face data provided for AI-based age estimation is destroyed within a few seconds.

- ID360 (by Docaposte): Face data used for identity verification is stored for a maximum of 48 hours and then deleted.

Data Retention

At Altme, data protection is paramount, and our collection practices are minimal. Essential user information, such as email addresses and phone numbers, is retained to maintain contact and improve service quality. We do not store personal information beyond the purposes for which it is provided, particularly for identity verification.

Our data retention policy is designed with your privacy in mind:

• Face Data Retention: YOTI: AI-based age detection face data is destroyed immediately after the estimation process. ID360: Face data for identity verification is retained for 48 hours before deletion.
• Email Addresses: We retain email addresses for communication purposes and to provide updates about our services. You have the right to request the removal of your email address from our records at any time.
• Phone Numbers: We keep phone numbers to facilitate communication and offer user support. Like email addresses, you can request the removal of your phone number from our records if desired.

International Transfer of Data

Personal Data that ALTME processes may be transferred to third parties based in countries outside the European Economic Area (EEA). These transfers will be performed according to the appropriate safeguards to ensure an equivalent degree of protection as set out in the GDPR, which may include the relevant Standard Contractual Clauses. In this regard, Web3 Digital Wallet undertakes to take all necessary measures to ensure the compliance of the Transfer of Personal Data, including conducting an impact assessment of the Transfer, signing the European Commission's Standard Contractual Clauses as of June 4, 2021 (Implementing Decision 2021/914), and implementing all additional safeguards necessary for this purpose. Web3 Digital Wallet undertakes to ensure compliance with these obligations by its Processors with respect to their own Sub-Processors.

Security of Personal Data

Your Personal Data is stored under appropriate security and confidentiality conditions, with Web3 Digital Wallet having implemented a security policy providing for organizational and technical measures in line with the state of the art and applicable references. We employ reasonable measures to protect personal information from loss, misuse, and alteration. Our security policies are regularly reviewed and enhanced. Only authorized employees and suppliers have access to your personal information.

Disclosure of Personal Data

ALTME may disclose personal data to government agencies when required by law or when we have reasonable grounds to believe that such information could aid in the investigation of illegal activities. We may also disclose personal information to comply with subpoenas, warrants, court orders, or legal counsel.

Your Data Protection Rights with ALTME

At ALTME, we are committed to ensuring your data protection rights are upheld in accordance with the General Data Protection Regulation (GDPR). You have several important rights under the GDPR, and we are here to assist you in exercising them:

• The Right to Access, Update, or Delete: You can access, update, or request the deletion of your Personal Data directly within your account settings on our platform. If you need assistance with these actions, please don't hesitate to contact us for support.
• The Right of Rectification: If you believe your Personal Data is inaccurate or incomplete, you have the right to request corrections.
• The Right to Object: You can object to the processing of your Personal Data.
• The Right of Restriction: Request the restriction of the processing of your Personal Data when necessary.
• The Right to Data Portability: Obtain a copy of your Personal Data in a structured, machine-readable format.
• The Right to Withdraw Consent: If we rely on your consent to process your Personal Data, you have the right to withdraw it at any time.

Underpinning these rights is the legal basis of ALTME's data processing – our legitimate interest in providing you with our service. We want you to be aware of your rights, and if you wish to exercise any of them or have questions related to your data, you can contact the Data Controller or reach out to us directly at [email protected].

We take your data privacy seriously and strive to ensure that your data is handled with the utmost care and protection.

Right to Lodge a Complaint with the CNIL

We remind you that you have the right to lodge a complaint with the supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL).

What Third Party Services do we use to collect and process your Data?

We use cookies to collect Usage Data through the Website. You can control the use of cookies in your browser. 

• Website’s recipient: Unicorn Platform;
• Type of Processing: Hosting of the altme.io website;

Please refer to unicorn’s platform privacy policy to know more : https://unicornplatform.com/privacy-policy 

Cookies

A cookie is present to ensure the operation of the altme.io website. This cookie is of a functional nature and is essential for the use of the altme.io website, not requiring prior consent from the user in accordance with the CNIL recommendation of October 1, 2021, regarding Cookies and other trackers. It is notably used in network communications to identify a session to allow users to be recognized on the altme.io service. This "session" cookie is required for the basic functionality of the website and is therefore always active. The data generated by the activation of this cookie is retained only for the duration of the user's session. If you are required to block this type of cookie in your browser, the altme.io website may not function correctly, and you may not be able to use all the features of the service.

Duration of Retention: For the session.

Changes to this Privacy Policy

ALTME reserves the right to modify or supplement this Privacy Policy at any time. Changes will be posted on our websites and made available upon request. If we seek to collect, use, or disclose personal information for purposes other than those consented to, we will obtain the necessary consents as required by applicable law.

How to Contact Us

ALTME has designated a Privacy Officer responsible for ensuring compliance with this Privacy Policy and relevant data protection laws.

Contact Information for ALTME's Privacy Officer: [email protected] 

Thank you for entrusting Altme with your data. We are committed to safeguarding your privacy and ensuring the security of your information.

Altme - Your Decentralized Crypto Identity Wallet by Web3 Digital Wallet