Monolith

Privacy Policy

Table of Contents

1. OUR APPROACH TO PRIVACY

1.1 Token App Limited, Monolith App (Portugal) Sociedade Unipessoal Lda, Tokencard Limited, and Monolith Card (Portugal) Sociedade Unipessoal Lda ("Monolith", "we", "our" or "us") are committed to protecting and respecting your privacy. This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information").

1.2 Monolith may collect personal information about you when:

  • you use our platform, which is accessible through the Monolith Wallet, that allows users to carry out and manage cryptoasset transactions and transactions they make with a pre-paid debit Monolith TokenCard provided by us (the "Monolith TokenCard"); and
  • when you apply for a pre-paid debit card which you can manage through the Monolith Wallet the ("Monolith TokenCard");
  • when you make payments through the Monolith Wallet, such as when you buy cryptoassets or, if you have applied for and received a Monolith TokenCard, when you top up the balance of the account linked to your Monolith TokenCard (your "Monolith Account"), or if you use the Monolith Wallet to view the balance of your Monolith Account (together, the "Monolith Services").

1.3 Before accessing or using the Monolith Wallet or the Monolith Services, or applying for a Monolith TokenCard, please ensure that you have read and understood how we collect, store, use and disclose your personal information as described in this privacy policy.

1.4 If you apply for and receive a Monolith TokenCard, our relavent card issuer, Contis Financial Services Limited or UAB “Finansinės paslaugos „Contis“ (known as "Contis"), will also collect your personal information. We might pass certain information to Contis to allow you to apply for a Monolith TokenCard, and Contis might also collect certain personal information directly from you. Please read Contis's privacy policy to understand how Contis collects, uses and shares your personal information.

2. IMPORTANT WARNING ABOUT USING THE ETHEREUM NETWORK

2.1 Please note that setting up a contract wallet, adding whitelisted addresses and making cryptoasset transactions through the Monolith Wallet will all involve the submission of your personal information (such as your whitelisted addresses, your public key and the transactions you make) to the Ethereum Network. It is an inherent part of blockchain technology that information uploaded to the Ethereum Network cannot be erased. You may be able to disassociate yourself from this information by deleting your private key. However, this will not prevent people who know your public key from recognising you and the transactions you have made.

3. WHO IS RESPONSIBLE FOR THE USE OF YOUR PERSONAL INFORMATION

3.1 Monolith and Contis are each separate data controllers of the personal information we or Contis hold about you in connection with your use of the Monolith Wallet, Monolith Services and Monolith TokenCard respectively.

3.2 This means that each of Monolith and Contis will determine and be responsible for how your personal information is used.

4. PERSONAL INFORMATION WE COLLECT FROM YOU WHEN YOU USE THE MONOLITH TOKENCARD OR MONOLITH SERVICES, AND HOW WE USE IT

4.1 We collect personal information that you voluntarily submit directly to us when you use the Monolith TokenCard or Monolith Services. This can include information you provide to us when you set up an account on the Monolith Wallet, set up a contract wallet using the Monolith Wallet in order to execute your cryptoasset transactions, make a payment using the Monolith Services, correspond with us by phone, e-mail or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, or use some other feature of the Monolith Wallet or Monolith Services.

4.2 We will indicate to you where the provision of certain personal information is required in order for us to provide you certain features of the Monolith Wallet or Monolith Services. If you choose not to provide such personal information, we may not be able to provide those parts of the Monolith TokenCard or Monolith Services to you or respond to your other requests.

4.3 When you use the Monolith Wallet, the categories of information we collect may include:

  • the public key required to access your contract wallet which, in combination with the private key, form your unique identifier on the Ethereum network (your "Public and Private Key Pair");
  • your email address, if you contact us about your use of the Monolith Wallet, and any comments or queries that you submit to us;
  • how you interact with the Monolith Wallet, for example when you buy or manage cryptoassets through the Monolith Wallet; and
  • your "whitelisted" addresses, which you trust to receive high volume cryptoasset transactions from you, and the labels that you give to them in the Monolith Wallet to help you identify them.

We use this information to operate, maintain and provide to you the features and functionality of the Monolith Wallet, to address your questions and concerns, to contact you and to help us develop new products and services.

Please note that, although you will use your private key to access certain functionalities of the Monolith Wallet we will never collect or store your private key in any form.

When you use the Monolith Services, the categories of information we additionally collect may include:

  • your name and contact details (including your address, email address and phone number);
  • your date of birth and sex;
  • the payments you make through the Monolith Services;
  • how you use the Monolith Services, including the transactions you initiate through the Monolith Services; and
  • any suspicious activity related to your use of the Monolith Services.

We use this information to verify your identity, provide you with Monolith Services, monitor for fraud or suspicious activity and to comply with our legal obligations. The table at (Annex 1) sets out further detail about the categories of personal information we collect about you and how we use that information when you use the Monolith Wallet, as well as the legal basis which we rely on to process the personal information. The table at (Annex 2) sets out further detail about the categories of personal information we collect about you and how we use that information when you use the Monolith Services, as well as the legal basis which we rely on to process the personal information.

5. PERSONAL INFORMATION WE COLLECT FROM YOU WHEN YOU APPLY FOR A CARD AND HOW WE USE IT

5.2 We collect personal information that you voluntarily submit directly to us when you apply for a Monolith TokenCard.

5.3 We will indicate to you where the provision of certain personal information is required in order for us to process your application. If you choose not to provide such personal information, we may not be able to proceed with your Monolith TokenCard application.

5.4 When you apply for a Monolith TokenCard, the categories of information we collect may include:

  • your name and contact details (including your address, email address and phone number);
  • your date of birth and sex;
  • photographs of you and your identification documents and whether or not we were able to verify your identity;
  • the results of any identity checks, references and reports;
  • your country of origin; and
  • how many times you have tried to apply for a Monolith TokenCard.

We use this information to process your application for a Monolith TokenCard, and to monitor and detect fraud or suspicious activity.

5.4 The table at (Annex 3) sets out further detail about the categories of personal information we collect about you and how we use that information when you apply for a Monolith TokenCard, as well as the legal basis which we rely on to process the personal information.

INFORMATION WE COLLECT ABOUT YOU AUTOMATICALLY

5.5 We also automatically collect personal information about how you access and use the Monolith Wallet, and information about the device you use to access the Monolith Wallet or our website. For example, we may collect:

  • information about the features you use and the pages you view on the Monolith Wallet or our website;
  • information about your device (such as your IP address, device identifier, device type, model and manufacturer); and
  • information about your usage patterns (such as how often you use the Monolith Wallet and your language settings).

We use this information to provide you the features and functionality of the Monolith Wallet or website, monitor and improve the Monolith Wallet or website and develop new products and services.

5.6 The table at (Annex 4) sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information.

5.7 We generally collect personal information automatically through SDKs, software provided to us by third-party analytics platforms that has been integrated into the Monolith Wallet. If you would like to opt-out of us collecting information in this way, please contact us using the details at the end of this Privacy Policy.

5.8 We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.

5.9 We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our platform, research and development, data analysis, improving the Monolith Wallet and developing new products and features. We may also share such anonymised and aggregated insights about our platform usage with others.

HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION

5.10 We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1, Annex 2 and Annex 3, and in any event for no longer than 6 years after you stop using the Monolith TokenCard or Monolith Services, in accordance with our legal obligations and legitimate business interests.

5.11 We may, however, need to retain your personal information for longer if we are required to do so by law.

RECIPIENTS OF PERSONAL INFORMATION

5.12 In addition to the recipients listed in Annexes 1, 2, 3 and 4, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1, 2, 3 and 4):

  • Service providers and advisors: we may share your personal information with third-party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
  • Affiliates: Other companies owned by or under common ownership as Token, including our subsidiaries (i.e., any organisation we own or control) and our ultimate holding company (i.e., any organisation that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this Privacy Policy.
  • Purchasers and third-parties in connection with a business transaction: your personal information may be disclosed to third-parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
  • Law enforcement: regulators and other parties for legal reasons:** we may share your personal information with third-parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms of Use; and/or (iii) exercise or protect the rights, property, or personal safety of Token, its users or others.

MARKETING AND ADVERTISING

5.13 From time to time we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services.

5.14 Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.

5.15 We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences through the Monolith Wallet.

STORING AND TRANSFERRING YOUR PERSONAL INFORMATION

5.16 Security: We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting your public and private key pair, your recovery code, your credit or debit card information or national identification numbers.

5.17 International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the European Economic Area ("EEA"), your personal information may be processed outside of the EEA including in the United States.

5.18 In the instance of such a transfer, we ensure that, either:

  • the personal information is transferred to countries recognised as offering an equivalent level of protection;
  • the personal information is transferred to certified entities under the EU-U.S. Privacy Shield; or
  • the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission or UK Information Commissioner.

If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this privacy policy.

6. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

6.1 In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • Right of access. You have the right to obtain:
    • confirmation of whether, and where, we are processing your personal information;
    • information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
    • information about the categories of recipients with whom we may share your personal information; and
    • copy of the personal information we hold about you.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

6.2 You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

6.3 If you are resident in France, you also have the right to set guidelines for the retention and communication of your personal information after your death.

6.4 Please note that setting up a contract wallet, adding whitelisted addresses and making cryptoasset transactions through the Monolith Wallet will all involve the submission of your personal information (such as your whitelisted addresses, your public key and the transactions you make) to the Ethereum Network. It is an inherent part of blockchain technology that information uploaded to the Ethereum Network cannot be erased. You may be able to disassociate yourself from this information by deleting your private key. However, this will not prevent people who know your public key from recognising you and the transactions you have made.

6.5 If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.

6.6 You may also review and edit some of the personal information you have submitted to us either through the Monolith Wallet or by contacting customer support at [email protected]

6.7 Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

6.8 We will seek to respond to any request relating to your rights within one month of receipt of such request.

6.9 Where, given the complexity of the claim or the number of requests received, the above deadline cannot be met, we will inform you of the extended deadline in which we will respond to your request. Such extension may not be more than two months from the date on which we notify you that an extension is required.

6.10 Where we do not follow up on your request, we will inform you within the one month deadline of the grounds on which we have based our decision and of your right to refer a complaint to your national data protection authority.

7.1 The Monolith Wallet and Monolith Services may, from time to time, contain links to and from third-party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

8. OUR POLICY TOWARDS CHILDREN

8.1 The Monolith Wallet and Monolith Services are not directed at persons under 18 and we do not knowingly collect personal information from any persons under 18. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below (in paragraph 14) so that we can take steps to remove such information and terminate any account your child has created with us.

9. CHANGES TO THIS POLICY

9.1 We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.

10. NOTICE TO YOU

10.1 If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Monolith Wallet. The fact that we may send notices to you will not stop you from being able to opt-out of certain types of contact as described in this privacy policy.

11. CONTACTING US

11.1 Please contact [email protected] if you have any questions, comments and requests regarding this Privacy Policy.

11.2 If we are unable to deal with any issues you raise with us, you also have the right to lodge a complaint with your national data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

11.3 This privacy policy was last modified on Mar, 2020.

ANNEX 1 – PERSONAL INFORMATION WE COLLECT WHEN YOU USE THE Monolith Wallet

Category of personal information

Your public key.

The contract wallet that executes your cryptoasset transactions is only accessible through a combination of a particular private key and public key. Together, the private key and public key form your unique identifier on the Ethereum network (your "Public and Private Key Pair").

How we may use it

We may use this information to authenticate transactions you execute through the Monolith Wallet. We use this information to help identify you if when you contact us.

Legal basis for the processing

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract. The processing is necessary for our legitimate interests, namely communicating with users and providing customer service.

Recipients of personal information

We may share this information with: Google Ireland Limited, which provides our cloud hosting platform; the Ethereum network, on which your contract wallet is deployed; salesforce.com, inc, the provider of our client relationship management platform.

Category of personal information

Email address.

We may collect your email address when you contact us through the Monolith Wallet.

How we may use it

We may use this information to communicate with you.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely communicating with users and providing customer service.

Category of personal information

Chat, comments and opinions.

When you contact us directly, e.g. by email, phone, or when you participate in a chat on the Monolith Wallet, we will record your comments and opinions.

How we may use it

We may use this information to operate, maintain and provide to you the features and functionality of the Monolith Wallet.

We may use this information to address your questions, issues and concerns.

We may use this information to develop new products and features available through the Monolith Wallet or otherwise improve the Monolith Wallet.

Legal basis for the processing

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract. The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints and concerns.

The processing is necessary for our legitimate interests, namely developing and improving the Monolith Wallet.

Recipients of personal information

We may share this information with salesforce.com, inc and with Zendesk Inc.

Category of personal information

Information about the cryptoasset transactions you execute through the Monolith Wallet.

How we may use it

We may use this information to operate, maintain and provide to you the features and functionality of the Monolith Wallet.

We may use this information to monitor and detect fraud or suspicious activity.

Legal basis for the processing

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract.

The processing is necessary for our legitimate interests, namely the prevention and detection of fraud.

Recipients of personal information

We will share this information with the Ethereum network, on which your contract wallet is deployed.

We may also share this information with salesforce.com, inc and with Zendesk Inc.

Category of personal information

Information about your use of Monolith Wallet

Such as the format and functionalities of the Monolith Wallet when you set up your account, and the date you accepted the Monolith Wallet Terms of Service (and the applicable version). How we may use it

We may use this information to manage our relationship with you, including suspending or blocking your access to the Monolith Wallet if you have breached the Monolith Wallet Terms of Use.

Legal basis for the processing

The processing is necessary for the performance of a contract.

Recipients of personal information

We may share this information with: Google Ireland Limited, which provides our cloud hosting platform; and salesforce.com, inc, the provider of our client relationship management platform.

Category of personal information

Your "whitelisted" addresses.

We will ask you to nominate specific public keys which you trust and authorise to receive high volumes of cryptoassets from you. We will also ask you to label these whitelisted addresses to help you and us identify them, and we will store this label as part of the features and functionalities of the Monolith Wallet.

How we may use it

We may use this information to help you safely execute high volume cryptoasset transactions through the Monolith Wallet. We may use this information to help us identify you.

Legal basis for the processing

The processing is necessary for the performance of a contract. The processing is necessary for our legitimate interests, namely identifying users.

Recipients of personal information

We may share your "whitelisted" Addresses with the Ethereum network, on which your contract wallet is deployed.

We may share the labels you assign to your "whitelisted" Addresses with: Google Ireland Limited, which provides our cloud hosting platform; salesforce.com, inc, the provider of our client relationship management platform.

Category of personal information

Internal ID. When you set up an account on the Monolith Wallet, we will create an internal unique identifier associated with your account.

How we may use it

We may use this information to identify you in order to provide you with the features and functionalities of the Monolith Wallet.

Legal basis for the processing

The processing is necessary for the performance of a contract.

Recipients of personal information

We may share this information with: Google Ireland Limited, which provides our cloud hosting platform; and salesforce.com, inc, the provider of our client relationship management platform.

Category of personal information

Tracking ID and Notification ID.

When you set up an account on the Monolith Wallet, we will assign you a randomly generated unique tracking number and notification number. We may also generate a new tracking number when you recover your Address.

How we may use it

We may use this information to associate your activity on the Monolith Wallet with your device. We may use this information to contact you through push notifications. We may use this information to help identify you if you contact us.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely identifying users, monitoring users' use of the Monolith Wallet, and administering and improving the Monolith Wallet.

The processing is necessary for our legitimate interests, namely communicating with users and promoting additional services.

The processing is necessary for our legitimate interests, namely identifying users for the purpose of communicating with them and providing customer support.

Recipients of personal information

We may share this information with: Google Ireland Limited, which provides our cloud hosting and analytics platforms; Segment.io, Inc, our data aggregation and management platform; salesforce.com, inc, the provider of our client relationship management platform; Sentry, the provider of app crash/error reporting

Category of personal information

All personal information set out above.

How we may use it

We may use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Monolith Wallet, to communicate with you, to monitor and improve the Monolith Wallet and business, and to help us develop new products and services.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely to administer and improve the Monolith Wallet.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform;
  • Segment.io, Inc, our data aggregation and management platform; and
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Zendesk Inc, our ticketing and help centre system;
  • Branch Metrics, Inc, the provider of our download link tracking platform;
  • Sentry, the provider of app crash/error reporting;
  • HackerOne, Inc, the host of our bug bounty program that links to our core systems;
  • AppsFlyer, the provider of our download link tracking platform.

ANNEX 2 – PERSONAL INFORMATION WE COLLECT WHEN YOU USE THE Monolith Services

Category of personal information

Identity, contact and other card application information

Such as your title, name, date of birth, sex, phone number, e-mail address, postal address and desired card currency.

How we may use it

We may use this information to communicate with you and to deal with enquiries and complaints made by you relating to the Monolith Services.

We may use this information to send you news, alerts and marketing communications in accordance with your preferences.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely administering the Monolith Services, and for communicating with you effectively to respond to your queries or complaints.

We will only process your personal data in this way to the extent that you have given us your consent.

Recipients of personal information

We may share this information with:

  • PassFort Limited, Onfido Ltd, Experian, GBGroup plc, Global Data Consortium, Inc and IVXS UK Limited (t/as ComplyAdvantage), which provide us with identity and compliance checks;
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Zendesk Inc, our ticketing and help centre system;
  • Contis, our card issuer that processes your application and issues your Monolith TokenCard and Monolith Account;

Category of personal information

Cryptoassets owned by you and transactions you initiate through the Monolith Services

Such as payments you make to buy cryptoassets or when you convert cryptoassets into fiat.

We may also ask third parties to investigate and produce a report of your activity for us.

How we may use it

We may use this information to provide you the Monolith Services. We may use this information to detect and prevent fraud or suspicious or illegal activity.

Legal basis for the processing

The processing is necessary for the performance of a contract. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and illegal activity.

Recipients of personal information

  • We may share this information with:
  • Google Ireland Limited, which provides our cloud hosting platform;
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Contis, our card issuer that processes your application and issues your Monolith TokenCard and Monolith Account;
  • the Ethereum network, where transactions relate to cryptoassets;
  • Coinfirm Ltd, a regulatory compliance provider that we use to check suspicious activity relating to cryptoassets.
  • Chainalysis Inc, a regulatory compliance provider that we use to check suspicious activity relating to cryptoassets.

Category of personal information

Chat, comments and opinions.

When you contact us directly, e.g. by email, phone, we will record your comments and opinions.

How we may use it

We may use this information to address your questions, issues and concerns.

We may use this information to develop new elements of the Monolith Services or otherwise improve the Monolith Services.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints and concerns.

The processing is necessary for our legitimate interests, namely developing and improving the Monolith Services.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform; and
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Zendesk Inc, our ticketing and help centre system.

Category of personal information

Crypto purchase information

Your name and card details, IP address, and transaction information (amount being purchased).

How we may use it

We may use this information to address your questions, issues and concerns.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints and concerns.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform; and

  • salesforce.com, inc, the provider of our client relationship management platform;

  • Zendesk Inc, our ticketing and help centre system.

  • EveryPay, the provider of transactions;

    Category of personal information

All personal information set out above.

How we may use it

We may use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Monolith Services, to communicate with you, to monitor and improve the Monolith Services and business, and to help us develop new products and services.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely to administer and improve the Monolith Services.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform; and
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Zendesk Inc, our ticketing and help centre system;
  • HackerOne, Inc, the host of our bug bounty program that links to our core systems.

ANNEX 3 – PERSONAL INFORMATION WE COLLECT WHEN YOU APPLY FOR A MONOLITH TOKENCARD

Category of personal information

Identity, contact and other card application information

Such as your title, name, date of birth, sex, phone number, e-mail address, postal address and desired card currency.

How we may use it

We may use this information to verify your identity in order to process your application for a Monolith TokenCard.

We may share this information with Contis in order to process your application for, and issue you with a Monolith TokenCard.

We may use this information to communicate with you and to deal with enquiries and complaints made by you relating to the Monolith TokenCard.

We may use this information to send you news, alerts and marketing communications in accordance with your preferences.

Legal basis for the processing

The processing is necessary for compliance with a legal obligation to which we are subject.

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract.

The processing is necessary for our legitimate interests, namely administering the Monolith TokenCard, and for communicating with you effectively to respond to your queries or complaints.

We will only process your personal data in this way to the extent that you have given us your consent.

Recipients of personal information

We may share this information with:

  • PassFort Limited, Onfido Ltd and IVXS UK Limited (t/as ComplyAdvantage), which provide us with identity and compliance checks;
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Contis, our card issuer that processes your application and issues your Monolith TokenCard and Monolith Account;
  • SendGrid, Inc, our email sending platform;
  • Twilio Inc, our SMS sending platform.

Category of personal information

Identity documents and photograph

Such as pictures of your passport, driving licence, or other identity card, and pictures of you.

How we may use it

We may use this information to verify your identity in order to process your application for a Monolith TokenCard

Legal basis for the processing

The processing is necessary for compliance with a legal obligation to which we are subject.

Recipients of personal information

We may share this information with PassFort Limited and Onfido Ltd, which provide us with identity and compliance checks.

Category of personal information

Identity check references and reports (such as unique identifiers and scores assigned to you by our identity and compliance check providers) and results of identity and other compliance checks.

How we may use it

We may keep a record of this information to associate you with a compliance check record and to show that we have complied with our legal obligations.

Legal basis for the processing

The processing is necessary for compliance with a legal obligation to which we are subject.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform;
  • PassFort Limited, Onfido Ltd, Experian, GBGroup plc, Global Data Consortium, Inc and IVXS UK Limited (t/as ComplyAdvantage), which provide us with identity and compliance checks;
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Contis, our card issuer that processes your application and issues your Monolith TokenCard and Monolith Account.

Category of personal information

Number of attempts to apply for a Monolith TokenCard.

How we may use it

We may use this information to detect fraud or suspicious or illegal activity.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and illegal activity.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform;
  • PassFort Limited, which provides us with identity and compliance checks;
  • salesforce.com, inc, the provider of our client relationship management platform.

Category of personal information

Transactions you initiate through the Monolith TokenCard

Such as payments you make to your Monolith Account.

We may also ask third parties to investigate and produce a report of your activity for us.

How we may use it

We may use this information to provide you the Monolith Services related to your Monolith TokenCard. We may use this information to detect and prevent fraud or suspicious or illegal activity.

Legal basis for the processing

The processing is necessary for the performance of a contract. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and illegal activity.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform;
  • salesforce.com, inc, the provider of our client relationship management platform;
  • Contis, our card issuer that processes your application and issues your Monolith TokenCard and Monolith Account;
  • the Ethereum network, where transactions relate to cryptoassets;
  • Coinfirm Ltd, a regulatory compliance provider that we use to check suspicious activity relating to cryptoassets.
  • Chainalysis Inc, a regulatory compliance provider that we use to check suspicious activity relating to cryptoassets.

Category of personal information

Country of origin.

We may collect this information when you register your interest for a Monolith TokenCard.

How we may use it

We will use this information to process your application for a Monolith TokenCard, in order to ensure that we can legally provide you with a Monolith TokenCard in your country.

We will use this information to inform the development of the Monolith Services, such as identifying other countries where we may wish to provide the Monolith Services or to offer the Monolith TokenCard in future.

Legal basis for the processing

The processing is necessary for the performance of a contract. The processing is necessary for our legitimate interests, namely informing our product development and marketing.

Recipients of personal information

We may share this information with Google Ireland Limited, which provides our cloud hosting platform.

Category of personal information

Chat, comments and opinions.

When you contact us directly, e.g. by email, phone, we will record your comments and opinions.

How we may use it

We may use this information to address your questions, issues and concerns.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints and concerns.

Recipients of personal information

We may share this information with:

  • Google Ireland Limited, which provides our cloud hosting platform; and
  • salesforce.com, inc, the provider of our client relationship management platform.

ANNEX 4 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY

Category of personal information

Approximate location information.

Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.

How we may use it

We may use information you provide to us about your location to inform and plan our marketing strategy and to monitor and detect fraud or suspicious activity in relation to your account.

Legal basis for the processing

The processing is necessary for our legitimate interest, namely informing our direct marketing strategy.

Recipients of personal information

We will share your personal information with the following:

  • Google Ireland Limited, which provides our cloud hosting and analytics platforms;
  • Segment.io, Inc, our data aggregation and management platform;
  • Sentry, the provider of app crash/error reporting

Category of personal information

Information about how you access and use the Monolith Wallet.

For example, how frequently you access the Monolith Wallet, the time you access the Monolith Wallet and how long you use it for, the approximate location that you access the Monolith Wallet from, whether you access the Monolith Wallet from multiple devices, and other actions you take on the Monolith Wallet.

How we may use it

We may use information about how you use and connect to the Monolith Wallet to present the Monolith Wallet to you on your device.

We may use this information to determine products and services that may be of interest to you for marketing purposes. We may use this information to monitor and improve the Monolith Wallet and business, resolve issues and to inform the development of new products and services.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely to tailor the Monolith Wallet to the user. The processing is necessary for our legitimate interests, namely to inform our direct marketing. The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Monolith Wallet and to improve the Monolith Wallet generally.

Recipients of personal information

We will share your personal information with the following:

  • Google Ireland Limited, which provides our cloud hosting and analytics platforms;
  • Segment.io, Inc, our data aggregation and management platform.

Category of personal information

Log files and information about your device.

We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to the Monolith Wallet. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Monolith Wallet through the device, your mobile network, your IP address and your device’s telephone number (if it has one).

How we may use it

We may use information about how you use and connect to the Monolith Wallet to present the Monolith Wallet to you on your device.

We may use this information to determine products and services that may be of interest to you for marketing purposes.

We may use this information to monitor and improve the Monolith Wallet and business, resolve issues and to inform the development of new products and services.

Legal basis for the processing

The processing is necessary for our legitimate interests, namely to tailor the Monolith Wallet to the user.

The processing is necessary for our legitimate interests, namely to inform our direct marketing.

The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Monolith Wallet and to improve the Monolith Wallet generally.

Recipients of personal information

We will share your personal information with the following:

  • Google Ireland Limited, which provides our cloud hosting and analytics platforms;
  • Segment.io, Inc, our data aggregation and management platform;
  • Sentry, the provider of app crash/error reporting;
  • AppsFlyer, the provider of our download link tracking platform.