Welcome to dReader! This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the relevant Data Protection regulation.
In this Privacy Policy, references to āweā, āusā or āourā āplatformā means dReader. On the other hand, references to āyouā and āyourā are to customers, clients, creators or any other user of our Website and app.
In this Privacy Policy āPersonal Dataā refers to all information relating to an individual whose identity is determined or can be determined (either directly or indirectly).
For the purpose of this Privacy Policy, websites at dReader are dReaders landing page (https://dreader.io/), dReader appplication (https://dreader.app) and dReader mobile application (hereinafter: āMobile Appā) (hereinafter collectively: āWebsitesā). Websites are owned and operated by Decentralized Reader d.o.o., Split (Grad Split), Put RadoÅ”evca 24, Croatia, OIB: 41502333533. If you have any questions or concerns regarding your data or this Privacy Policy, please contact us at [email protected].
This Privacy Policy:
describes how we collect, use and otherwise handle Personal Data that you provide or make available to us, or that we collect from you, when you use our Websites,
explains the circumstances in which we may transfer this to others; and
explains about the rights that you have in relation to this Personal Data.
Our Privacy Policy must be read together with any other legal notices or Terms & Conditions provided or made available to you on other pages of our Websites or when you download our Mobile App. We are committed to compliance with relevant data protection regulation and adhere to data protection principles to ensure transparency and accountability in our data practices.
We may collect various types of information:
Email address: to communicate with you and send updates.
Username: to identify you within our platform.
Wallet address: a unique address for sending or receiving NFTs or other transactions through blockchain infrastructure.
Confirmation for being older than 16 years old.
NFT purchase records: to track your purchases and preferences.
User reviews (star ratings) and avatars: to evaluate our performance and to help improve our future services and/or experience on our platform.
Comments and feedback if and when we add this feature in the future.
At times, from the devices you use to access our platform information to us, including your device model, operating system and version, the name of the domain from which you access the Internet, your Internet Protocol ("IP") address, and other unique device identifiers. At times we could also collect device information like the date and time you access Websites, the search terms you use, the links you click on, the browser you use, and your language preference in the future.
You have the option to refuse or revoke your consent for the Personal Data we request.
However, keep in mind when withdrawing consent, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have acquired said Personal Data. Aside from this, your visit to our Websites will remain unaffected.
Your Personal Data is collected:
When you voluntarily provide it through online forms during registration or creation of an account or through profile updates.
From third parties & service providers for which you may also give us permission to access, such as social media networks like Googleās Gmail (to register on the platform) or Discord (to link your user account with your Discord account) or Twitter, as well as, in the future, for the integration of analytics services such as Google Analytics (which is not integrated yet). These service providers provide us with authorization tokens you granted us connecting via this way. The information we obtain from third parties depends on your relationship with those third parties, the third parties' privacy policies, and choices you have expressed to them regarding sharing your information.
At times, from the devices you use to access our platform information to us, including your device model, operating system and version, the name of the domain from which you access the Internet, your Internet Protocol ("IP") address, and other unique device identifiers. Wish also collects device information like the date and time you access platform online or via the Mobile App, the search terms you use, the links you click on, the browser you use, and your language preference.
From publicly available resources like Solana Blockchain (ex. wallet balance).
The collection of Personal Data is limited to what is necessary in relation to the purposes for which they are processed, as outlined in this Privacy policy. We take every reasonable step to ensure that Personal Data is accurate and stored safely.
We may use your Personal Data for our business purposes as follows:
to manage our business;
to communicate with you;
to offer support;
to manage customer relationships;
for record keeping, statistical analysis, internal reporting and research purposes;
to ensure network and information security;
to notify you about changes to our services;
to investigate any complaint you make;
to provide evidence in any dispute or anticipated dispute between you and us;
to analyse how our Websites are being used;
to customise various aspects of our Websites to improve your experience;
to host, maintain and otherwise support the operation of our Websites;
for the detection and prevention of fraud and other criminal offences;
for risk management purposes;
to send you newsletters;
to target advertisements, if any (in the future we intend to add this feature, so for ex. if there is a new comic book out, you will receive an email, or if you have interest in action genres you will get to see relevant comics and comic sales through targeted in-app features);
to send you push notifications through our Mobile App (to which you can always opt-out via your mobile service provider);
to track Websites statistics (such as the number of installs, new verified users, and monthly active users);
for database management purposes;
to ensure the quality of the services we provide to our users.
6. Purpose limitation:
Our legal bases for processing your data include:
Consent: When you voluntarily provide your information while creating your account;
Performance of a Contract: When processing is necessary to fulfil our contractual obligations if such as Terms & Conditions;
Compliance with Legal Obligations: When processing is required to comply with applicable laws and regulations. This includes compliance with regulatory requirements, tax laws and other legal regulations, if any;
Legitimate interest: When processing is necessary for a legitimate interest such as fraud prevention, direct marketing o internal administrative purposes, if any.
Each purpose for which we collect and process your data is based on one or more of these legal bases. These bases ensure transparent and accountable handling of personal data, safeguarding data subjects' rights and interests in compliance with relevant data protection laws.
We take meticulous care in maintaining records of consent provided by our users when they agree to our Terms of Use (linked), this Privacy Policy, and other related agreements. These records are kept to ensure compliance with our legal obligations which requires that we must be able to demonstrate that consent was given.
Each consent record includes the userās ID, username, the date and time when the consent was given, the userās IP address at the time of consent, the specific version of Terms & Conditions or Privacy Policy (including the version of any documents) to which the user consented, and the method of consent (e.g., checkbox, digital signature).
Consent records are stored securely and can be accessed only by authorized personnel within our organization. This access is strictly limited to purposes of demonstrating compliance with legal obligations, handling user inquiries, or facilitating audits and investigations.
We retain records of consent for as long as a userās account remains active and for a reasonable period thereafter to handle any residual issues or inquiries, or as otherwise required by law. If a user withdraws consent, their respective consent record will be archived and retained according to legal requirements, typically for up to five years to comply with data protection regulations.
You have the right to withdraw your consent at any time. Upon withdrawal, we will cease processing the data for which consent was provided, unless another legal basis for processing legally applies. Users can withdraw their consent by accessing the settings in their user account or by contacting us directly through the contact methods provided in this Privacy Policy. In your user account you shall be able to see in real time, not past consents, and review all given and withdrawn consents.
The fastest way to edit or delete Personal Data you've provided to us (such as name, password, user ID, email address, and other account information), is to go to your account and modify or delete the information directly. For assistance with this or to further exercise your rights, please send an email to [email protected] with the details of your request.
Our compliance team conducts regular audits to ensure that consent records are complete, accurate, and up to date. These audits also serve to verify that our processes for recording consent meet all regulatory requirements and that we are prepared to show these records promptly if requested by a user or a regulatory authority.
Any changes to our practices or policies regarding consent records will be communicated to users through updates to this Privacy Policy. We encourage users to review this policy periodically to stay informed about how we protect and use the information we collect.
It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Data for a longer period ofĀ time, taking into account factors including:
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law(s);
(potential) disputes and;
guidelines issued by relevant data protection authorities.
Whilst we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. Otherwise, we securely erase your information once this is no longer needed. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. After the purposes are fulfilled, we will delete or anonymize your data, unless we have a legal obligation to retain it for a longer period.
The data retention period is based on several key factors:
Duration of the contractual relationship or performance of the service: we retain personal data for the duration of the contractual relationship with users or as long as it is necessary to provide services. This means that the data will be kept as long as the contract is active or until the services are fully performed.
Legal obligations: After the expiration of the contractual relationship or the performance of the service, the data is stored until the expiration of all legal storage obligations. This ensures that we comply with relevant regulatory requirements.
Consent: When data is collected based on the consent of the user, we will act in accordance with the current status of that consent. If the user withdraws his consent, we will stop processing and storing the related data.
We strictly follow these data storage guidelines, ensuring that users' personal data is retained only as necessary and in accordance with legal requirements and privacy best practices.
There are multiple jurisdictions that regulate data protection, including the EU General Data Protection Regulation ("GDPR") and California Consumer Privacy Act ("CCPA. Depending on the location of your residence, these rights may include the following legal implications:
| You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and your rights. This is why we are providing you with the information in this Privacy Policy. |
| 2. The right of access | You have the right to obtain a copy of your Personal Data (if we are processing it), andĀ certain other information (similar to that provided in this Privacy Policy) about how it is used, categories of sources of such information, our business or purpose for collecting or disclosing your information, and categories of third parties with which we shared your personal data, as well as request a list of third parties that have received your information for direct marketing purposes during the previous calendar year, if any marketing purposes are in place. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal Personal Data about another person or would otherwise negatively impact another person's rights. |
| 3. The right to rectification | You can ask us to take reasonable measures to correct your Personal Data if it is inaccurate or incomplete. E.g. if we have aĀ wrong name or address ofĀ you. |
| 4. The right to erasure | This is also known as āthe right to be forgottenā and, in simple terms, enables you to request the deletion, removal or restriction of your Personal Data where thereās no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where we need to use your Personal Data in defence of a legal claim. |
| 5. The right to restrict processing | You have rights to āblockā or suppress further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Data, but may not use it further. We keep lists of people who have asked for further use of their Personal Data to be āblockedā to make sure the restriction is respected in future. |
| 6. The right to data portability | You have rights to obtain and reuse certain Personal Data for your own purposes across different organisations. |
| 7. The right to object | You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process your Personal Data if we can demonstrate ācompelling legitimate grounds for the processing which override your interests, rights and freedomsā or we need this for the establishment, exercise or defence of legal claims. |
| 8. Rights Related to Automated Decision Making and Profiling | You have the right to be informed when this is used, the right to obtain meaningful information about the logic involved, the right to human intervention, the right to challenge decisions, and the right to object to profiling. |
| 9. Right to Non-Discrimination | Consumers protected under CCPA regulation have the right not to be discriminated for exercising their CCPA rights. |
We recognize and respect the above-mentioned rights of data subjects. You can exercise these rights by contacting us at [email protected]. For the handling procedure, please refer to [https://dreader.app/privacy-policy#how-to-contact\].
10. Third-Party Sharing and international data transfer
Some of the functionality on our Websites and online servicesĀ involves us cooperating, and sharing your Personal Data with third parties. We have carefully selected these third parties and taken steps to ensure that when we share your Personal Data with them, it is adequately protected. Details about how we process Personal Data on our Websites in conjunction with third parties are as follows.
We share your Personal Data with our third-party service providers based in and outside of the European Economic Area (āEEAā), who act on our behalf to provide support services in relation to our Website for the purposes of: hosting and maintaining our Website; providing data storage; assisting us with database management, and in order to assist us with related tasks or processes.
These service providers have Standard Contractual Clauses (SCCs) in their service terms to help customers comply with European Union data protection laws, including the General Data Protection Regulation (GDPR). The SCCs are legal tools approved by the European Commission that provide adequate safeguards for personal data transferred outside of the EU/EEA to countries not deemed to provide an adequate level of data protection.
All of our service providers are bound by written contract to process Personal Data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your Personal Data. These services act as data processors under GDPR, processing data on our behalf according to stringent data protection standards. You can click here to check which of these service providers we use // or // refer to the list below:
Amazon Web Services (AWS) Role: Data Processor Service: Storage of images and database services. Data Processing: AWS processes and stores data in the selected AWS Region, adhering to GDPR through Standard Contractual Clauses (SCCs) for data transfers outside the EEA. Address: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA | Helius Role: Data Processor Service: Reading public blockchain data. Data Processing: No personal data is shared; only publicly available blockchain data is accessed. Address: 2093 Philadelphia Pike PMB 7808 Claymont, de 19703 |
|---|---|
Circle Role: Data Processor Service: Wallet generator. Data Processing: Processes transactional data, user and wallet data, smart contract data, blockchain network data and security and compliance data. Address: Circle Technology Services, LLC, 285 Fulton St, New York, NY 10007, USA | Vercel Role: Data Processor Service: Hosting of web pages. Data Processing: Processes web page requests and associated metadata. Address: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA |
Cloudflare Role: Data Processor Service: DDoS protection, caching, and proxy services. Data Processing: Processes IP addresses and log data. Address: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA | Amazon CloudFront Role: Data Processor Service: Content Delivery Network (CDN) for images. Data Processing: Delivers and caches content globally. Address: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA |
Intercom Role: Data Processor Service: AI customer service provider. Data Processing: Processes registration, contact and company data, payment information, device data, service data, third party source data and visitation data Address: Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA |
Our Websites provide sharing buttons that you can click on in order to share content from our Websites on social media channels. We do not use these buttons to share your Personal Data with social media providers. When you click on a sharing button the relevant social media provider will gather Personal Data directly from you. Please read the privacy policies of any social media provider with which you intend to share content before clicking on the corresponding sharing button.
Our website may contain links to external websites, including our social media accounts and links shared by comic creators on our platform. We are not responsible for the privacy practices or content of external websites, nor the links provided by creators. Please refer to their privacy policies for more information.
Your security is important to us. We encrypt passwords and restrict access to personal data with role-based access control (RBAC) and multifactor authentication (MFA). We conduct internal security assessments and audits to ensure compliance with data protection requirements and we have regular data backups. However, as the transmission of information via the Internet is not completely secure, we cannot guarantee the security of your information transmitted to our Websites. Our practices include:
Data Protection Policies: Clear policies govern data collection, processing, and storage, such as this Policy.
User Consent: Transparent consent mechanisms are in place, explained in accessible privacy notices, and this Privacy Policy.
Secure Storage: Passwords are encrypted, data is access-controlled, and physical access to facilities housing personal data is restricted. Only necessary personnel has access to minimal personal data.
Updates and Patches: We stay current with security updates and patches regarding all our services.
Employee Training: Staff undergo training on data protection, security and awareness.
Documentation: Records are kept for compliance and audit purposes.
Our third-party vendors undergo due diligence assessment for compliance.
Data breach: incident response procedures are established.
In the event of a data breach affecting your personal data, we shall determine the types of data compromised and assess potential harm to usersā rights and freedoms and immediately after the identification of breach take all measures for securing compromised systems, changing passwords, and isolating the affected data segment to prevent further unauthorized access. If the data breach results in high risk to your rights and freedoms, we will notify you via email. We shall inform the relevant supervisory authority, the latter upon 72 hours of us becoming aware of the said breach, or later with provided reasons for the delay, in line with relevant regulation procedures.
We do not currently use cookies or tracking technologies but may implement them in the future. If implemented, we will provide you with clear information and options regarding their use.
Registration and use of our platform is restricted to individuals who are legally recognized as adults in their respective jurisdictions. By creating an account, you confirm that you are at least 16 years of age. If we discover that an individual under the age of 16 has provided us with personal data, we will take steps to deactivate the individualās account and delete their personal data from our databases in accordance with applicable laws and regulations.
Verification and Consent: By agreeing to this Privacy Policy and by creating an account, you represent and warrant that you meet the age requirement stipulated above and that you have provided accurate information to us. You acknowledge that we may use your information provided at registration to verify your age and may refuse service, close accounts, or remove or edit content if we find that you do not comply with these requirements.
We may use biometric data for fingerprint authentication and authorization in the future. Any processing of sensitive data will be based on your explicit consent or other lawful bases under the relevant regulations. In case this feature is added, we will notify you via updating this Privacy Policy accordingly and take additional steps in order to obtain your explicit consent.
17. Principles regarding Personal Data We follow under GDPR/CCPA or other:
Lawfulness, Fairness, and Transparency: We process personal data only when it is legally justified, clear, and necessary for legitimate purposes, ensuring fairness and transparency to all data subjects.
Purpose Limitation: Our data collection is specific and limited strictly to relevant purposes. Once these purposes are fulfilled, the data is not used in a manner inconsistent with the initial goals.
Data Minimization: We collect only the data that is necessary for the intended purposes, ensuring it is not excessive.
Accuracy: We maintain the accuracy of personal data and promptly correct or delete inaccuracies.
Storage Limitation: Personal data is retained only for as long as necessary to fulfill its intended purpose.
Integrity and Confidentiality: We protect data against unauthorized access, loss, or damage using appropriate security measures. We acknowledge that the information you provide may be confidential. We do not sell, rent, distribute or otherwise make your Personal Data commercially available to any third party, except that we may share information with our service providers for the purposes set out in this Privacy Policy. We will maintain the confidentiality of and protect your information in accordance with our Privacy Policy and all applicable laws.
Accountability: Our company is committed to compliance with these principles, demonstrating responsibility and adherence at all levels.
18. Arbitration clause
In the event of any disputes arising under this Privacy Policy, we will seek to resolve such disputes through negotiation. If a dispute cannot be resolved by negotiation you agree that it may be resolved through binding arbitration, subject to the following conditions:
Applicable Law: The laws of Croatia shall govern the interpretation, validity, and performance of this Privacy Policy and any related disputes, without regard to its conflict of law principles.
Place of Arbitration: Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, or the breach, termination, or invalidity thereof, shall be settled by arbitration administered by UBIKourt, located in Croatia.
Arbitration Procedure: The arbitration shall be conducted in accordance with the rules of UBIKourt. The language of the arbitration shall be English. The arbitral tribunal shall consist of one arbitrator appointed in accordance with the said rules.
Binding Decision: The decision of the arbitrator shall be final and binding on both parties, and judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.
The arbitration process shall be fair, impartial, and accessible, ensuring that both parties can present their case effectively. The arbitration shall be conducted by an independent and competent arbitrator agreed upon by both parties or, if agreement cannot be reached, appointed in accordance with the rules of UBIKourt. The arbitration process shall comply with the fundamental rights enshrined in EU law, including the right to an effective remedy and a fair trial. The arbitration agreement is voluntary, and you have been informed of your right to seek redress through other means, including lodging a complaint with a supervisory authority or pursuing judicial remedies. This clause does not affect your statutory rights, including your right to lodge a complaint with a supervisory authority under Article 77 of the GDPR or to seek a judicial remedy under Articles 78 and 79 of the GDPR.
19. Right to lodge a complaint
In any case, if you believe that the processing of your personal data is in violation of the applicable data protection laws, you have the right to lodge a complaint with the supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP). You can contact AZOP at:
Croatian Personal Data Protection Agency (AZOP)
MartiÄeva ulica 14,
HR - 10000 Zagreb,
Croatia
Phone: +385 1 4609 000
Email: [email protected]
Website: www.azop.hr
The contact details for other EU data protection authorities can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
We may make minor changes to our Privacy Policy. When we make these changes, we will publish the updated privacy policy on our Websites. If we make any significant changes, we will take additional steps to inform you of these. This Privacy Policy is available only in English language and is interpreted as such.
If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, contact us here:Ā [email protected]. Please provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken.
Before assessing your request, we may request additional information in order to identify you.Ā If you do not provide the requested information and, as a result we are not in a position to identify you, we may refuse to action your request.
We will generally respond to your request within one month of receipt of your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.
We will not charge you for such communications or actions we take, unless:
you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or
you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either: (a) charge for our reasonable administrative costs; or (b) refuse to act on the request.
If you are not satisfied with our response to your complaint or believe our processing of your Personal Data does not comply with data protection law, you can make a complaint to the relevant EU data protection authority, as per title 19 of this Privacy Policy.
Last updated: 30.10.2024