Privacy Policy

Updated December 7, 2022

This Privacy Policy, among others, seeks to notify and inform you as a user (“you”, “your”, or “user”) of how Composable Finance Ltd. (“Composable”, “we”, “our”, “us” or the “Company”) collects, uses, manages and shares Personal Data (as hereinafter defined) in our website https://tools.xcvm.dev and such other websites, web apps, or online location that links to this Privacy Policy (collectively, the “Site”) and in connection with the services provided by the Company or through a related affiliate in the Site (collectively, the “Services”), as well as your rights and choices regarding such Personal Data, in compliance with Saint Lucia’s Data Protection Act (“DPA”), the United Kingdom’s (“UK”) Data Protection Act, the European Union’s General Data Privacy Regulation (“GDPR”) and other privacy laws, rules, and regulations as they may become applicable. This Privacy Policy applies to Personal Data as defined under Section 2 of the DPA and other privacy laws, rules, and regulations as they may become relevant,, particularly with respect to its collection, use, storage, disclosure and/or processing by the Company, as applicable.

By submitting information to us, or signing for the Services offered by us, you agree and consent to the collection, use, retention and disclosure by the Company and any of its affiliates, representatives, agents, advisors and/or service providers, as well as any other activities described in this Privacy Policy, of your Personal Data and other information. If you do not agree with the terms of this Privacy Policy, you should immediately discontinue the use of the Services and refrain from accessing the Site.

We reserve the right to revise and update this Privacy Policy at any time. Any changes will be effective immediately upon our posting of the latest version of the Privacy Policy in the Site. Your continued use of the Services indicates your consent to the latest version of the Privacy Policy then published or posted.

1. Collected Information

We use tracking technologies to automatically collect information including, but not limited to, the following:

  1. Log Files: Files that record events that occur in connection with your use of the Site. Log files are created when you view content or otherwise interact with the Services.
  2. Cookies: Small data files stored in your device or computer that act as a unique tag to identify your browser. We will only strictly use necessary cookies in connection with the Site and Services. For the avoidance of doubt, the cookies that we include are essential for you to browse the Site and use its features, including accessing secure areas of the Site. You can choose to deactivate cookies, however, in such circumstances you will not be able to use parts of the Services which require cookies to be active.

In order to improve user experience and for website optimization, and to facilitate our internal analysis, we may likewise: (1) store your cookie consent state for the current domain; (2) register data or information regarding any on-site behavior or actions taken; and (3) collect data or information from your navigation and/or interaction in the Site.

We currently do not collect Personal Data relating to you in this Site. Any references to Personal Data in the subsequent sections or paragraphs below reflects the Company’s present policy on the matter in the event that the Company will start collecting, using, storing, disclosing or processing the same; however, it should not be taken as an affirmation or confirmation that Composable is currently engaged in such activities in relation to your Personal Data. If ever we will engage in such activities in the future, we will update this Privacy Policy accordingly and notify you of such changes for your acceptance as you continue to use this Site.

2. Sharing and Disclosure of Information

As a matter of principle, we do not sell, rent, exchange, share or otherwise disclose your Personal Data to third parties for marketing purposes. If we share or disclose information that we collect, we do so in accordance with the practices described in this Privacy Policy. The categories of parties with whom and instances where we may share your information include, but shall not be limited to:

  1. Affiliates. We share information with our affiliates and related entities, including where they act as our service providers.
  2. Service Providers. We share information with third-party service providers for business purposes, including fraud detection and prevention, security threat detection, payment processing, customer support, data analytics, information technology, storage, and transaction monitoring. The Company shall require its service providers to abide by this Privacy Policy. All service providers that we engage with are restricted to only utilizing the information on our behalf and in accordance with our instructions.
  3. Professional Advisors. We share information with our professional advisors for purposes of audits and compliance with our legal and regulatory obligations.
  4. Merger or Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  5. Security and Compelled Disclosure. We share information to comply with the law or other legal process, and where required, in response to lawful requests including to meet national security or law enforcement requirements by public authorities, law enforcement agencies, data protection authorities or regulatory agencies, or government officials.
  6. Facilitating Requests. We may share information about you at your request or instruction.
  7. Consent. We may share information about you with your consent.
  8. Other Legitimate Purpose. We may share your information to pursue the Company’s legitimate purposes and for the conclusion or the performance of a contract or for the provision of the Services.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified), except as otherwise prohibited by applicable law.

3. Other Parties

We may integrate technologies operated or controlled by other parties into parts of the Services. For example, the Services may include links that hyperlink to websites, platforms, and other services not operated or controlled by us.

When you interact with other parties, including when you leave the Site, the other parties may independently collect information about you and solicit information from you. The information collected and stored by other parties remains subject to their own policies and practices, including the information they share with us, your rights and choices on their services and devices, and whether they store information anywhere in the world. We do not control such other parties or any of their content. We shall not be held liable or be responsible for the contents and privacy policies of or services provided by the other parties. We encourage you to read and familiarize yourself with their privacy policies and terms of use.

4. Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect your Personal Data from outside attacks or threats, loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, we do not provide any guarantee regarding the effectiveness of these protective measures or our ability to prevent other parties, acting unlawfully, from gaining access to your Personal Data.

5. International Transfer

Information collected through the Services may be transferred to, processed, stored, and used in the European Economic Area (“EEA”), the UK, and other jurisdictions. Data protection laws in the EEA, the UK and other jurisdictions may be different from the laws of your country of residence. Your use of the Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your Personal Data in the EEA, the UK and other jurisdictions as set out in this Privacy Policy.

6. Your Rights

Your rights under this Privacy Policy include the right to: (1) request access and obtain a copy of your Personal Data; (2) rectify, correct, or supplement Personal Data we have collected.; (3) object to or restrict the processing of your Personal Data; (4) request portability of your Personal Data; (5) object to decisions based solely on automated processing, including profiling, unless you have given your consent or the same is necessary for the performance of a contract between you and the Company; (6) request for the removal or deletion of any of your Personal Data. Additionally, if we have collected and processed your Personal Data with your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent shall, however not affect the lawfulness of processing based on your consent before its withdrawal.

Notwithstanding the foregoing, we cannot edit or delete information that is stored on a particular blockchain. This information may include transaction data (i.e., purchases, sales, and transfers) related to your blockchain wallet address and any non-fungible tokens (NFTs) held by your wallet address.

To exercise any of these rights, please contact us via our email or postal address provided in this Privacy Policy and specify the right(s) you are seeking to exercise. We will respond to your request within thirty (30) days. We may require specific information from you to help us confirm your identity and process your request. We may retain information, as necessary, to fulfill the purpose for which it was collected and may continue to retain and use information even after your request in accordance with our legitimate interests, such as when it is necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. Notwithstanding this, you retain your right to lodge a complaint with the data protection regulator in your jurisdiction.

While you can choose freely whether or not you will provide the Company with your Personal Data, you may be unable to use the Services, or a portion thereof, until you have provided the Company with such information or data if it is necessary for your use or continued use of the Services..

Your data protection rights are not absolute and we may deny you your rights in accordance with the applicable data protections laws by providing you with the reason(s) for the denial of your request.

7. Retention Period

We will store and retain any Personal Data that you may have provided for as long as necessary for your continued use of the Services, pursuant to your contract with us, and in compliance with applicable laws and regulations.

8. Withdrawal and Deactivation

If you decide to stop using our Services, or deactivate your account (if applicable), all Personal Data or information collected relating to you shall be handled in accordance with Saint Lucia law, this Privacy Policy, and the Company’s other policies (if applicable). Such deactivation shall not be considered as a withdrawal of consent for the use and disclosure of such Personal Data or information by us, unless otherwise expressly requested or informed by you in writing.

If you decide to withdraw your consent for the Company to use and/or disclose all your Personal Data, we will cease to collect your information unless there is a legal justification for the continued collection of your Personal Data. Further, we may not be able to continue providing our Services to you or continue any contractual relationship that is in place depending on the nature of your request. The withdrawal of your consent may result in the termination of any agreements with us and it may be considered as a breach of your contractual obligations or undertakings. In such instances, we reserve our legal right to pursue any remedies available at law or in equity. The withdrawal of your consent does not in any way affect the lawfulness of the collection of your data based on the consent given prior to the withdrawal.

9. Legal Age

The Services are intended for general audiences and are directed to users who are of legal age. Minors who lack the legal capacity under any applicable laws are generally not permitted to access or use our Services. Any person who becomes aware of or believes that a minor is using our Services should immediately contact us. We shall remove any information collected from the minor who may have used our Services without our knowledge to ensure compliance with applicable laws.

10. Applicable Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of Saint Lucia, without regard to conflict of law principles. Any disputes arising in respect of this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Saint Lucia.

11. Specific Disclosures and Notices

Specific Notice to California Residents (“CCPA Notice”)

The California Consumer Privacy Act of 2018 (“CCPA”) requires certain businesses to provide a CCPA Notice to explain how a company collects, uses, and shares Personal Data of California residents and the rights and choices offered regarding the handling of such data or information.

  • Privacy Practices. We will not sell your Personal Data or “personal information” as defined under the CCPA.
  • Privacy Rights. The CCPA gives individuals the right to request information about how the Company has collected, used, and shared your personal information and gives you the right to request a copy of any information that we may have stored or maintained about you. You may also ask us to delete any personal information that we may have received about you. The CCPA limits these rights, for example, by prohibiting us from providing certain sensitive information in response to access requests and limiting the circumstances under which we must comply with a request for deletion of personal information. We will respond to requests for information, access, and deletion only to the extent that we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny the request, we will communicate this decision to you. You are entitled to exercise the rights described above free from discrimination.
  • Submitting a Request. You can submit a request for information, access, or deletion to legal@composable.finance.
  • Identity Verification. The CCPA requires us to collect and verify the identity of any individual submitting a request to access or delete personal information before providing a substantive response.
  • Authorized Agents. California residents can designate an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming their authority.

Additional Disclosures for European Union Data Subjects or User

We will process your Personal Data for the purposes described above, as applicable. Our justifications and bases for processing your Personal Data include: (1) you have given consent to the process to us or our Service provides for one or more specific purposes; (2) processing is necessary for the performance of a contract with you; (3) processing is necessary for compliance with a legal obligation; and/or (4) processing is necessary for any legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

Your rights under the GDPR include the right to: (1) request access and obtain a copy of your Personal Data; (2) request rectification or deletion of your personal data; (3) object to or restrict the processing of your Personal Data; and (4) request portability of your Personal Data. Additionally, you may withdraw your consent to our collection at any time. Nevertheless, we cannot edit or delete information that is stored on a particular blockchain. Information such as your transaction data, blockchain wallet address, and assets held by your address that may be related to the data we collect is beyond our control.

To exercise any of your rights under the GDPR, please contact us at legal@composable.finance.. We may require additional information from you to process your request. Please note that we may retain information as necessary to fulfill the purpose for which it was collected and may continue to do so even after a data subject request in accordance with our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

12. Contact Us

If you have any requests pursuant to the above provisions, questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us by email at: legal@composable.finance. or by mail at: 1st Floor, The Sotheby Building, Rodney Village, Rodney Bay, LC 04 101, Gros Islet, Saint Lucia.