November 16, 2022
We will handle your Personal Data in accordance with Data Protection Legislation. “Data Protection Legislation” means the Data Protection Acts 1988 and 2003 and Directive 95/46/EC, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive), as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR).
Information we gather from you
You must provide your full name, email address, zip code, and PayPal or cryptocurrency account to make a purchase with hodlmoon. When browsing hodlmoon, we log additional information like IP address, device and browser used, time spent on site, mouse and swipe tracking, pages visited, and other related metrics via Google Analytics. We also collect your name and e-mail address for marketing campaigns via MailChimp. We process the other information for UX research, sales reporting, accounting, and shipping. Hodlmoon is a Data Controller in respect to Your Data. The legal basis which we process Your Data is our legitimate interest to provice the Service to you.
You have the right to access all of Your Data relating to you from hodlmoon. The right to ask us to unsubscribe from direct marketing and the right to erase your personal data from our database. We strive to keep Your Data accurate and you must tell us about any changes to your information. If you are aged under 18, pleas get your parent or guardian's permission before providing Your Data to us.
Why we collect your information
Hodlmoon processes Your Data to ensure delivery of the products you order from our eCommerce website. We use your name and e-mail to keep you updated on any updates and new product offerings from our business. We use the information from Google Analytics to optimize the user experience.
A cookie is a small text file that is placed on your device by a web server to recognize repeat users. The help us improve our Service and deliver better browser functions to give a better experience with our website.
Are there cases where we may use your information to contact you?
Yes, we may contact you for reasons related to your order (error in your shipping address, billing issue, etc.). We may also contact you in response to a question that you ask us. We will provide you with information about hodlmoon, including e-mail newsletters or responsonding to any contact received via our contact form on our Contact page.
What rights do you have?
You have the right to access any personal data relating to you from hodlmoon. The right to ask us to unsubscribe from direct marketing and the right to erase your personal data from our database. You can contact us with the email you used for your account with any data requests.
Who we share your information with
As hodlmoon is a Data Processor, we will only process such Data in accordance with our instructions from the relevant Data Controller in accordance with the Terms of Service in place between hodlmoon and such Data Controller.
We may share with third parties certain pieces of aggregated, non-personal information such as the number of sites, devices accessed while using hodlmoon, for example. Such information does not identify you individually. We restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our Service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination civil litigation and/or criminal prosecution, if they fail to meet these obligations.
All information you provide to us is stored on our (or contracted third party) secure servers.
How do we protect your personal information?
We protect user privacy through the appropriate use of security technology. We restrict access to Your Data to employees who need to know such Your Data in order to operate and update your Data and ship your merchandise. We ensure that we have appropriate physical and technological security measures to protect your information. We do not accept any responsibility or liability for the privacy practices of any third party websites and your use of such websites is at your own risk.
We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of Your Data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Your Data transmitted, stored or otherwise processed.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect Your Data, we cannot guarantee the security of any data transmitted us and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that the Service may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of Your Data arising from such risks.
We will notify serious data breaches in respect of Your Data not later than 72 hours after having become aware. If notification is not made after 72 hours, we will record a reasoned justification for the delay. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your Personal Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where we have implemented appropriate technical and organisational measures that render the Personal Data unintelligible to anyone not authorised to access it, such as encryption; or
we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or it would involve disproportionate effort, in which case we may make a public communication instead.
In the event of a serious data breach in respect of User Data, we will notify the relevant Data Controller of such breach as soon as reasonably practicable.
Retention of Personal Data
In general, User Data that you provide to us, and any logs created by us relating to User Data, will be kept forever in our system.
Your Data will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance. This may include retaining Your Data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to support business operations.
How to contact us
If you need to contact us with regard to any of your rights as set out in this Policy, all such requests should be made via the Contact page.