Welcome to the Rialto NFT Marketplace, owned and operated by Zilliqa Research Pte. Ltd. (“Zilliqa”, “we” “us” or “our”). We recognise the importance of protecting the privacy and the rights of individuals in relation to their personal data and this privacy policy ("Policy") tells you how we will collect, use or disclose your personal data. Our contact details are set out at the end of this Policy. We are the controller in relation to the personal data processed in accordance with this Policy (except where this Policy explains otherwise). Any reference to “you” or “your” refers to anyone whose personal data we process.

As part of our commitment to protect your personal data, we want to inform you:

• When we collect your personal data
• What personal data we collect about you
• How we use the personal data we collect
• Who we share your personal data with
• Where we store your personal data
• How we protect your personal data
• How we use cookies and other similar technology on our websites
• How long we keep your personal data
• Your rights and how you can exercise them
• Updates we may make to this Policy
• How to contact us

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1. When do we collect personal data?

We will collect personal data from you whenever you engage with us, which includes but is not limited to:

• whenever you use the Rialto NFT Marketplace and related services (collectively, the “Services”); and
• whenever you get in touch with us (including through e-mail, our website, social media, through our customer service telephone number or otherwise).

2. What personal data do we collect?

The types of personal data we collect depend on how you use our Services. We require certain of your account information to deliver our Services and without this we will not be able to provide our Services to you.

To establish an account and access the Services, you may be required to provide us with the following information about yourself, in order to allow us to verify your identity:

• account username and password, full name, date of birth, nationality, gender, utility bills, phone number, home address, shipping address (if different) and/or email address;
• government issued identity document information such as a passport, driver’s license, national identity card, state card and/or any other information necessary to comply with our legal obligations under financial or anti-money laundering laws; and
• cryptocurrency wallet address.

When you use the Services, we may also collect (to the extent not already collected when establishing an account to access the Services) and use the above personal data and collect and use additional personal data as detailed below:

• information about you that you give us by communicating with us by phone, by e-mail, via our website, via social media or otherwise. This may include information you give us or that we obtain when you use the Services or contact us to report a problem;
• technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

We may also collect personal data at other points in our Service that state that personal data is being collected.

3. On which legal basis and for which purposes do we process personal data?

1. Legal basis for the processing

We are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process personal data if:

• we have obtained prior consent (for example, if you have given your consent to receiving marketing material from us at the point we collected your information);
• the processing is necessary to comply with our legal or regulatory obligations; or
• the processing is necessary for the legitimate interests of Zilliqa and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy. Our legitimate interests include:

• ensuring that content from our website is presented in the most effective manner for you and your computer;
• that we provide you with the information and Services that you request from us;
• to benefit from cost-effective Services (e.g., we may opt to use certain IT platforms offered by service providers);
• to prevent fraud or criminal activity, misuses of our website as well as the security of our IT systems, architecture and networks and security of our Services; and
• to meet our corporate and social responsibility objectives.

2. Purposes of the processing

We process your personal data for one of the following purposes:

• provide the Services, including facilitating transactions through ZilPay (https://zilpay.io/) or other wallets and other related interactions, such as managing and creating your account to use the Services;
• send you e-mail notifications related to actions on the website and your use of the Services, including notifications of offers on your digital assets, transactions on your account or other related interactions;
• provide customer support and respond to your requests and enquiries;
• manage and improve our website and the Services and measure the usage of our website and the Services (including drawing up statistics);
• prevent, detect, and respond to illegal or unauthorised activities;
• protect you and other users from any conduct that violates the Terms and Condition https://www.rialto.studio/terms or to prevent abuse or harassment of any user; and
• communicate with any third party suppliers we use to perform any of the above.

1. Marketing communication

Where permitted in our legitimate interest or with your prior consent (i.e., where you have provided us with your contact details and consented to receive marketing communication), we will use your personal data for marketing analysis and to provide you with promotional update communications by email about the Services and other promotional materials related to the Services including offers, promotions and newsletters.

You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by sending us an email to rialto@zilliqa.com.

4. Who we give your information to

We may share your personal data with:

• Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this Policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
• Appropriate third parties including:

• third party service providers who help us to deliver the Services, such as cloud storage providers;
• other users of the Services, such as merchants and customers, to facilitate transactions you enter into through the Services;
• our auditors, legal advisors and other professional advisors or service providers; and
• know-your-customer service providers (in particular, Sumsub https://sumsub.com/) for the purposes of verifying your identity, conducting KYC/AML checks and setting up an account to use the Services.
• In relation to information obtained via our website, analytics and search engine providers that assist us in the improvement and optimisation of our website and subject to the cookie section of this Policy.

Other disclosures we may make

We will disclose your personal data to third parties:

• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this Policy.
• If Zilliqa or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Zilliqa, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and to prevent cybercrime.

5. Where do we store your information?

The data that we process in relation to you may be transferred to, and stored at, a destination outside the United Kingdom, European Union or Singapore that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the United Kingdom, European Union and Singapore who work for us or for one of our suppliers.

We may transfer your personal data outside the United Kingdom, European Union or Singapore:

• in order to store it;
• in order to enable us to provide the Services;
• to share your personal data with third party service providers;
• where we are legally required to do so; and
• in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Where your information is transferred outside the United Kingdom, European Union or Singapore, to a location which is not regarded as adequate by the United Kingdom, European Union or Singapore (as relevant) data protection regime, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards to ensure such transfer is carried out in compliance with the applicable data protection rules. For personal data transferred outside the United Kingdom or European Union, we will usually do this by putting in place contracts in a form approved by the European Commission and/or United Kingdom known as “standard contractual clauses”. You may request additional information in this respect and obtain a copy of the relevant safeguards by exercising your rights as set out below.

6. How we protect your personal data

All information you provide to us is stored on our secure servers. Information we pass to the third parties referred to in section 4 above will be stored on their secure servers. Where we have given you or where you have chosen a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Third Party Websites

The Service may contain links to third party websites. When you click on a link to any other website or location, you will leave our Service and go to another website, and another entity may collect personal data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content and encourage you to read the privacy policies of every website you visit.

Third-Party Wallet Extensions

All transactions initiated through the Rialto NFT Marketplace are facilitated and run by third-party electronic wallet extensions, which are governed by the terms of service and privacy policy for the applicable extension. In the case of ZilPay, its privacy policy is available at https://zilpay.io/policy and https://zilpay.io/extension-policy.

7. Cookies and other technologies

Our Services use “cookies” and other similar technologies to collect and store certain information. These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Depending on their purpose, the cookies may last only the length of a single browsing session, but in some cases, may last longer to ensure their purpose is fulfilled. Cookies help us recognise you as a unique visitor when you return to the Rialto NFT Marketplace and help us to better understand how visitors use our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website and Services.

Broadly, our Services use cookies and similar technologies for the following purposes:

• Analytics: we use these cookies to recognise, measure and track visitors to our website and compile a record of usage information. This allows us to understand how our website is used to improve the way it works. For example, analytics may allow us to understand the parts of our website of most interest to our users.
• Usage preferences: we use some cookies to remember your preferences regarding our Services. This is designed to improve your user experience by making our Services more tailored to your needs.
• Session management and functional purposes: the software which runs our Rialto NFT Marketplace relies on cookies for the internal workings of our servers. For example, we use cookies to authenticate users, determine the appropriate parts of our website which you can access, keep track of information about your session and determine which options or pages to display.
• Advertising: these cookies allow us (or third-parties) to monitor the behaviour of users of our website. This allows us to ensure that products and services highlighted to those individuals are targeted in a focused and relevant manner (such as through advertisements on our website, or through third-party websites) based on your experience of our website.

When you visit the Rialto NFT Marketplace, you may also receive cookies that are set by third-parties. This may include cookies set by Google, Prismic and Meta. These cookies are used for the purposes described above. We do not control how third-parties use these cookies, and each is individually governed by the privacy notice of each provider.

8. How long we keep your information

We retain personal data for 7 years, in line with applicable data protection law and guidance. However, if you wish to have your personal data removed from our databases, you can make a request as described in section 9 below, which we will review as set out therein.

We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

9. Your rights

You have the right under certain circumstances:

• to be provided with a copy of your personal data held by us;
• to request the rectification or erasure of your personal data held by us;
• to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
• to object to the further processing of your personal data, including the right to object to the processing of your personal data for direct marketing purposes; and
• to request that your provided personal data be moved to a third party.

Your right to withdraw consent

Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at rialto@zilliqa.com. You can also change your marketing preferences at any time.

How to exercise your rights

You can also exercise the rights listed above at any time by contacting us at rialto@zilliqa.com

You also have the right to lodge a complaint with your local data protection authority directly. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Zilliqa’s processing of your personal data.

10. Changes to this policy

Any changes we make to our Policy in future will be posted on our website at https://rialto.studio and any future changes or additions to the processing of personal data as described in this Policy affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

This policy was last updated on 05 September 2022.

11. Contact us

Our full details are:

Zilliqa Research Pte. Ltd.

Marina View

#11-01 Asia Square Tower 2

Singapore 018961

E-mail: rialto@zilliqa.com