Privacy Policy
THIRD ACT DIGITAL LLC PRIVACY POLICY
Last Updated: November 30, 2021
Thank you for visiting us at Third Act.Digital!
This service (including our websites and other Sites as defined below in The Scope of this Policy and collectively, our “Services”) is operated by Third Act Digital LLC (“Third Act” or “us”, “our,” “we” and related terms), a New York limited liability company with its principal office New York, NY.
We are committed to respecting the privacy rights of all individuals, wherever located and have adopted this privacy policy (“Privacy Policy”) to explain how we collect and process your personal data through your use of and interaction with our Sites and Services, how we share (or do not share) any of your personal information, how we store and keep secure any of your personal information, how you can update and control any of your personal information, the rights you may have with regard to personal data, and other information relevant to your privacy.
Please review this Privacy Policy carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us. By accessing any of our Services , and/or by registering for any of our Services, you are agreeing to all of the terms set forth in this Privacy Policy.
IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE ANY OF THE SITES OR SERVICES OR GIVE US ANY OF YOUR INFORMATION. YOUR CONTINUED USE OF ANY OF THE SITES AND/OR SERVICES MEANS THAT YOU AGREE TO THIS PRIVACY POLICY.
1. The Scope of this Policy
2. Third Party Features, Links and Privacy Policies
The Sites may include service features and augmentations operated by other companies that are not our service partners, but which provide features that we believe Users may appreciate, such as social media widgets, links to third-party websites, advertisements and other third-party content (“Third-Party Features”). Users who choose to access any Third Party Features, must understand the following: (1) we do not operate, control or monitor Third-Party Features, and these features are subject exclusively to the privacy policies of the companies that operate them; (2) this Privacy Policy does not apply to information collected by any third party, including through any Third Party Features; and (3) we are not responsible for the privacy practices, the placement of cookies on your computer by any third party, or any content you may encounter via Third Party Features. Users who decide to access any Third Party Features, should read the privacy policy of each linked website to understand the privacy practices that apply to those features. In addition to creating an account on our Site through Google or Facebook, Customers will also need to create a digital wallet account from our third-party service provider venly to purchase some of the Products offered though the Sites.
3. The Types of Information That We Collect, and How We Collect It
To provide our Services, we collect data which are not personally identifiable (“Anonymous Data”) and also data that, either alone or in conjunction with other data, could be used to identify an individual or household (referred to as “Personal Data”). Collectively, Anonymous Data and Personal Data are referred to herein as “Data”. Data may be collected in the following ways:
If we combine Personal Data with Anonymous Data, the combined information will be treated by us as Personal Data for as long as it remains combined.
If you are from the EU/EEA our legal basis for collecting and using the personal information described in this Privacy Policy is based on Art. 6(1)(B) of the General Data Privacy Regulation (“GDPR”) (performance of a contract); Art. 6 (1)(f) GDPR (balancing of interests, based on our legitimate interest in constantly and profitably improving the content, functionality and attractiveness of our Sites by analyzing your usage); Art. 6 (1)(c) (necessary for compliance with a legal obligation to which we are subject); and/or Art. 6(1)(a) of the GDPR (consent), depending on the Personal Data we collect and the specific context in which we collect it.
4. Cookies and Other Automated Tracking Technologies
We may use cookies (small text files placed on your web browser or device) in connection with our Sites; and we may analyze the information derived from these cookies for the same purposes as set forth elsewhere in this Privacy Policy. You may be able to limit the use or function of some cookies on your computer or mobile device in the manner described below.
We may use the following types of cookies on the Sites:
- You may have the option to opt out of convenience cookies (if applicable) when you visit our Sites.
- If you do not opt out, and you would like to delete any account information we may store via convenience cookies, you can take the following actions: (1) you can delete your cookies (via your browser); and/or (2) you can reach out to us as specified in this Privacy Policy.
[More specifically, we use a tool called Google Analytics for aggregated and anonymized website traffic analysis. In order to track your session usage, Google places a cookie with a randomly generated Client ID number in your browser. This ID number is anonymized and contains no identifiable information like email, phone number, name, etc. Google also has access to your IP address. In addition, Google may install additional cookies (e.g. Google fonts, Google tag manager). We use Google Analytics to track aggregated website behavior, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness.
If you would like to understand or limit what Google Analytics-derived browsing information we may have and/or want to delete any Google Analytics data, you can take the following actions: (1) you can delete your cookies (via your browser); (2) you can reach out to us as specified in this Privacy Policy, and/or (3) you can install the Google Analytics Opt-Out Browser Add-On (https://tools.google.com/dlpage/gaoptout). Although Google Analytics plants a permanent cookie on your web browser which can identify you as a unique user the next time you visit the Site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.
5. How We Use the Data that We Collect
We use Data in the manner described in this Privacy Policy. We use such Data to:
- To identify your preferences
- To provide you information about our other Services that might be of interest to you
- To comply with our internal record-keeping needs to legal compliance needs
- To notify you about changes to our Services
- To allow you the option to participate in interactive features of our Services
- To detect, prevent, and address technical issues
- To protect or otherwise investigate our Services regarding misuse, security breaches, prevention, detection, mitigation, or investigation of fraud, or other potentially prohibited or illegal activities and/or attempts to interfere with the Website or Services or to harm others
- With respect to a transfer or sale, including a potential transfer or sale, of any of our assets and/or operations to another party or in the due diligence process in line with a potential transfer or sale
- To determine your level of engagement
- Monitor and improve the information security of our Sites and/or our Services
- Comply with governmental regulations or to respond to a subpoena or other governmental, court, administrative, Member State, Supervisory Authority or other legal requirement (as those terms are defined by applicable law)
- Hire, train and/or manage our staff/employees
- To enforce our Terms and Conditions, this Privacy Policy or other policies, and to monitor for violations of our policies or applicable laws
- Combined with information we receive from other sources for the purposes set out in this Privacy Policy
- Any other purpose communicated to you at the time of collecting the Personal Information and if required by law for which consent has been obtained
- We may use non-personally identifiable information such as demographic data to analyze and develop our marketing strategy and maintain and further improve the Sites and our Services
- We may use Product/NFT metadata in any way we deem appropriate for the provision of the Services, including without limitation to take inventory of the Products on Google Sheets
6. How We Use the Data that We Collect
Your information is not sold, rented or leased to other organizations for commercial/business purposes and has not been in the last 12 months immediately preceding the effective date of this Privacy Policy. We may send out email blasts to you on behalf of partners of Third Act who may want to offer their products and services to you and we may advise you of new Products Third Act will offer.
We work with third-party service providers that supply website and application development, hosting, maintenance, storage, virtual infrastructure, payment processing, research, advertising, marketing, analysis, and other services for us, which may require them to access or use of your Personal Data. However, in the event one of our third-party service providers needs to access your Personal Data to perform services on our behalf, they must also agree to comply with all portions of this Privacy Policy. We engage and share certain Data with third party service providers / partners as follows:
- Wallet service partner: venly: digital wallet services. venly’s privacy policy can be found here: https://www.venly.io/terms-conditions
- AWS: Application hosting and data storage services and NFT metadata. AWS’s privacy policy can be found here: https://aws.amazon.com/privacy/
- IPFS Database services and Photo partner. IPFS does not have a privacy policy
- Google Analytics: See previous section.
- Partners for e-blasts about NFTs: Mailchimp, whose privacy policy can be found here mailchimp.com/legal/privacy/ and Constant Contact, whose privacy policy can be found here constantcontact.com/legal/privacy-notice
- Login partners: Google and Facebook, whose privacy policies can be found here and here facebook.com/about/privacy. Purchases cannot be made without logging in through Google or Facebook
- Hedera: cryptocurrency transaction processor and Hedera Mainnet blockchain processor, whose privacy policy can be found here: hedera.com/privacy
- New Relic: server monitoring, whose privacy policy can be found here docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/
- Stripe credit card payment processor: whose privacy policy can be found here stripe.com/privacy
- Third parties who provide products and services that may be of interest to you, including third parties that provide us with products and services that enhance our products and services for you and that provide us with marketing, research and advertising services, including to: serve advertisements across the Internet; track and categorize your activity and interests over time on our Website and mobile application, and on third-party websites and mobile applications; and to identify the different device(s) you use to access websites and mobile applications.
- Social media platforms and networks that offer Third-Party Features and login credentials for our Website, including logins for purchases, bidding and redemption of Products and Services on our Website. For more information about what information is shared or collected, and how it is used and how to adjust your privacy settings on those platforms and networks, see above.
- Our Website, if you provide comments or reviews on our services or products.
Please see Section 6, “Your Choices” for information about the choices you have about the sharing of your information.
7. Your Choices
8. The Scope of this Policy
Please understand, however, that no security system is impenetrable or perfectly secure. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to or from us over the Internet. As a result, you use the Sites at your own risk. When registering with us on the Sites, we encourage you to choose passwords of sufficient length and complexity, install the latest security updates and anti-virus software on your computer to help prevent malware and viruses, not share your password with others, and review your account information periodically. If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, please contact us using the contact information provided above.
9. Users in the United States
Shine the Light Law
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal Information that we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to privacy@thirdact.digital or via mail at 12 E 49TH, Floor 11, NYC, NY, 10017. We will respond to one request per California customer each year, and we do not respond to requests made by means other than as set forth above.
The California Consumer Protection Act and the California Privacy Rights Act
If you are a California resident, you have the following rights under applicable California law in relation to your personal information, subject to certain exceptions:
- Right to Know. You have the right to, up to twice in a 12-month period, request what Personal Information we collect, use, disclose, and/or sell, as applicable.
- Right to Delete. You have the right to request the deletion of your Personal Information that is collected by us.
- Right to Opt-Out of Sale. You have the right to opt-out of the sale of your Personal Data by a business. However, as noted above, we do not currently sell any Personal Data.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
- Right to Data Portability. You have the right to request a copy of your Personal Data we have collected and maintained about you in the past 12 months.
- Complete the transaction for which the Personal Data was collected, provide goods or Services requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
- To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
- Comply with a legal obligation.
- Otherwise use the personal data, internally, in a lawful manner that is compatible with the context in which you provided the information.
You may also designate an authorized agent, in writing or through a power of attorney, to request to exercise the above rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing privacy@thirdact.digital.
We currently do not collect household data. If we receive a Right to Know or Right to Delete request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 13 as we do not collect Personal Data from any person under the age of 13.
We will respond to your request within 45 days after receipt of a Verifiable Consumer Request for a period covering 12 months and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days.
You may exercise any of the rights described in this section by sending an email to: thirdact.digital with “California Privacy Rights” as the subject line or mail us a letter to: 12 E 49TH, Floor 11, NYC, NY, 10017
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We may now or in the future elect to share information about you with third parties for those third parties’ direct marketing purposes. California Civil Code § 1798.83 permits California residents who have supplied personal information (as defined in the law) to us to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of Personal Data to third parties for their direct marketing purposes. If this law applies to you, you may obtain the categories of Personal Data shared by us and the names and addresses of all third parties that received Personal Data for their direct marketing purposes from us during the immediately prior calendar year (e.g., requests made in 2021 will receive information about 2020 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please send an email to privacy@thirdact.digital, with “California Privacy Rights” as the subject line or mail us a letter to our attention at 12 E 49TH, Floor 11, NYC, NY, 10017. You must include your full name, email address with which you registered on our Website or to use our Services, and postal address in your request.
10. Users in the EU/EEA and UK
If you are a resident of the EEA/EU or UK, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.
If you wish to be informed about what Personal Information we hold about you, have a copy of it, correct or otherwise rectify it, and/or if you want it to be removed from our systems, please contact us using the contact information set out below.
In certain circumstances, you have the following data protection rights:
- Request access to your Personal Information (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Information we hold about you where we are the data controller and to check that we are lawfully processing it.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons, which will be explained to you, if applicable, at the time of your request.
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request that we restrict the processing of your Personal Information. This enables you to ask us to temporarily stop the processing of your Personal Information in the following scenarios: (a) if you have concerns about the accuracy of your information and want to have it rectified; (b) where you believe our use of your information may be unlawful but you do not want us to erase it; (c) where you need us to hold the information for the purposes of defending or exercising your rights with respect to a legal claim even though we may no longer need it; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to keep it.
- Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us using the contact details below.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure designed to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
11. Users in Canada
This Section provides additional information regarding the use of Personal Information about Canadian residents and the process to be followed in order to send unsolicited electronic communications to them, and our responsibilities under Canada’s Anti-Spam Legislation (CASL).
For the purposes of this section:
- Commercial activity: Any transaction of commercial character, regardless of whether there is an expectation of profit or not.
- Commercial electronic message (“CEM”): CEMs are commercial electronic messages that encourage participation in commercial activity. Even if a commercial message is not sent with an expectation of garnering profit, it still qualifies as a CEM.
- Electronic address: An address used in connection with the transmission of an electronic message to an electronic mail account, and instant messaging account, a telephone account or similar account.
- Electronic message: A message sent by any means of telecommunication, including text, sound, voice or image.
- Express consent: Permission obtained when a recipient “opts in” to receive CEMs. Consent can be oral or written and could be an unedited audio recording, paper or electronic checkbox on a website. Express consent never expires unless the recipient chooses to unsubscribe. We will maintain records of all contacts for whom express consent exists.
- Unsubscribe: A withdrawal of consent to receive CEMs
All partners, employees, contractors, vendors and any other person sending CEMs on behalf of us will ensure that all such CEMs contain:
- Full contact information. This includes the sender’s first name, last name, title, company name, company mailing address, direct telephone number, electronic address and company web address.
- Information enabling you to contact us and, if the CEM is sent on behalf of another party, the name of this party and the sender, in addition to the information listed above.
- An unsubscribe link that is clearly visible and that is valid for at least 60 days. The unsubscribe mechanism that will be provided to users via this link will be simple, quick and easy for the user to perform.
Unsubscribe Requests: All unsubscribe requests will be managed within 10 days of receipt. Partners, employees, contractors, vendors and any other person sending CEMs on behalf of us will not send an unsubscribed party any further communications by electronic means.
- When we plan to introduce significant changes to its privacy practices, it will notify Canadian-resident users and obtain their consent prior to the changes coming into effect. Significant changes include using Personal Information for a new purpose not anticipated originally or a new disclosure of personal information to a third party for a purpose other than processing that is integral to the delivery of a service. This Section provides additional information regarding the use of Personal Information about Canadian residents and the process to be followed in order to send unsolicited electronic communications to them, and our responsibilities under CASL.
- Commercial activity: Any transaction of commercial character, regardless of whether there is an expectation of profit or not.
- Commercial electronic message (“CEM”): CEMs are commercial electronic messages that encourage participation in commercial activity. Even if a commercial message is not sent with an expectation of garnering profit, it still qualifies as a CEM.
- Electronic address: An address used in connection with the transmission of an electronic message to an electronic mail account, and instant messaging account, a telephone account or similar account.
- Electronic message: A message sent by any means of telecommunication, including text, sound, voice or image.
- Express consent: Permission obtained when a recipient “opts in” to receive CEMs. Consent can be oral or written and could be an unedited audio recording, paper or electronic checkbox on a website. Express consent never expires unless the recipient chooses to unsubscribe. We will maintain records of all contacts for whom express consent exists.
- Unsubscribe: A withdrawal of consent to receive CEMs
All partners, employees, contractors, vendors and any other person sending CEMs on behalf of us will ensure that all such CEMs contain:
- Full contact information. This includes the sender’s first name, last name, title, company name, company mailing address, direct telephone number, electronic address and company web address.
- Information enabling you to contact us and, if the CEM is sent on behalf of another party, the name of this party and the sender, in addition to the information listed above.
- An unsubscribe link that is clearly visible and that is valid for at least 60 days. The unsubscribe mechanism that will be provided to users via this link will be simple, quick and easy for the user to perform.
When we plan to introduce significant changes to its privacy practices, it will notify Canadian-resident users and obtain their consent prior to the changes coming into effect. Significant changes include using Personal Information for a new purpose not anticipated originally or a new disclosure of personal information to a third party for a purpose other than processing that is integral to the delivery of a service.
11. Other Terms
12. Contact Us
If you have any questions about this Privacy Policy, our Sites and/or Services, you can contact us at:
Third Act Digital LLC
privacy@thirdact.digital
12 E 49TH ST, 11th Floor, New York, NY, 10017
347-429-4999