Privacy policy

Sentrylabs Limited, (Company Registration No. 76133417), a company incorporated under the laws of Hong Kong SAR with its registered address at 50 Stanley Street, Central Hong Kong, World Trust Tower, Level, Suite C, its affiliates and subsidiaries (hereinafter referred to as the “Company”, “we”, “us” or “our”) has the highest regard for the privacy and personal data of each user (hereinafter referred to as “user”, “you” or “your”) of the Ordify Applications (defined below) and/or visitors to the Ordify Site (defined below) (the Ordify Applications and the Ordify Site are collectively, the “Ordify Platform”).

We are aware that the success of our services depends on the trust that you have in the way we handle your personal data. By entrusting us with your information, we would like to assure you of our commitment to keep such information private.

We have taken considerable steps to protect the confidentiality, security and integrity of the information shared with us. We encourage you to review the following information carefully before using the Ordify Platform. By using the Ordify Platform, you are deemed to have read, understood and accepted our practices governing the collection, use and disclosure of your personal data in this Privacy Policy.

We are not responsible for the privacy practices of any third-party websites that may be linked to the Ordify Platform. It is your responsibility to check this webpage periodically to see if any terms have been changed or modified. Your continued use of the Ordify Platform constitutes your acceptance of any updates to this Privacy Policy.

This Privacy Policy is drafted in accordance with the Personal Data Protection Act 2012 (“PDPA”) under Singapore law and is intended for use in Singapore and, where applicable, other countries or regions which provide the same level of protection for personal data that is comparable to the standards of the PDPA.

The PDPA recognizes the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. Accordingly, this Privacy Policy outlines the personal data that we collect, how it may be used, how it is stored and retained, whom it may be transmitted to as well as our and your responsibilities in relation to such uses and disclosures. We recommend that you read this Privacy Policy and our Terms and Conditions carefully before disclosing any personal data to us or using the Ordify Platform.

Please refer to the Terms and Conditions accessible at www.ordify.world/terms ("Terms”) when reading this Privacy Policy.

Where further details are required on the Ordify Platform, you are advised to peruse the whitepaper of the Ordify Platform available at https://ordify.gitbook.io/ordifyworld/ to familiarize yourself with the Ordify Platform and the services.

1. INTERPRETATION

1.1. “Ordify Application” means any of the product below, and “Ordify Applications” mean all of the products collectively delivered by us below:

(a) ORFY Bridge, a gateway allowing for the transfer of BRC-20 tokens between the BTC native chain and the Ethereum chain. The ORFY Bridge allows users to transfer assets between the BTC chain and Ethereum chain;
(b) ORFY Wallet, a multiwallet on the Ordify Platform that is required to access and use the Ordify Platform and/or the Services. ORFY Wallet refers to the wallet on all platforms, including both the browser extension and mobile application versions of the wallet;
(c) The Launchpad, a fundraising platform that allows users to discover and invest in early-stage crypto projects before they are publicly listed. The Launchpad is a Decetralised Exchange (DEX), where users can purchase an early-stage crypto project's tokens at the project's Initial DEX Offering (IDO). Users are allocated a pool of the early-stage project's tokens which they are entitled to purchase based on the quantity of ORFY tokens they stake on the project prior to the IDO;

1.2. “Ordify Platform” shall mean the collective reference to the entire solution provided by the Ordify Applications and the Ordify Site;

1.3. “Ordify Site” means the website at https://ordify.world, associated systems and subdomains thereof, including the mobile-optimised versions of such website;

1.4. “$ORFY token” is a virtual token that governs Ordify's protocols on the Ordify blockchain;

1.5. “Service” or “Services” shall have the meaning ascribed to it under the Terms and Conditions specific to each Ordify Application. For the avoidance of doubt, non capitalized reference to “service” or “services” shall have the ordinary meaning of service in this Privacy Policy;

1.6. “Terms” refers to the terms and conditions of use of the Ordify Applications.

1.7. Where you are an EU Data Subject, as defined under the General Data Protection Regulation (“GDPR”), Section 17 shall also apply to you.

1.8. The headings used in this Privacy Policy are for convenience only and shall not affect the interpretation of these provisions.

2. APPLICATION

2.1. This Privacy Policy applies to users when browsing, visiting, accessing and/or using any part of the Ordify Platform, including sale and purchase of the $ORFY token.

2.2. This Privacy Policy sets out our commitments and explains the rights that you have with respect to your personal data. If you do not agree to the terms of this Privacy Policy, please do not use the Services or any part thereof.

2.3. You shall not be permitted to use the Services where you do not confirm your acceptance of this Privacy Policy.

3. GROUNDS FOR DATA COLLECTION

3.1. By browsing, visiting, accessing and/or using the Ordify Platform (including sale and purchase of the $ORFY token) and/or when you provide personal data to us, you consent to the collection, storage, use, disclosure and other uses and processing of your personal data by us in accordance with this Privacy Policy, and such consent shall remain effective unless you otherwise notify us in writing of the withdrawal of your consent and the reason thereto. You shall not use our Services if you do not consent to this Privacy Policy, and you shall immediately cease using our Services if you withdraw your consent for us to process your personal data.

3.2. “Personal data” and other terms defined under the PDPA where used in this Privacy Policy shall have the same meaning defined under the PDPA.

3.3. Processing of your personal data is necessary for the performance of our contractual obligations towards you under the Terms, permitting access to the Ordify Platform, and providing you with the Services, to protect our legitimate interests, and to ensure compliance with legal and financial regulatory obligations. Failure to provide the relevant data to us or the limitation placed on us in the processing of your personal data may affect our ability to allow your access to the Ordify Platform, provide the Services and/or your ability to enjoy the full benefits of the Ordify Applications.

4. HOW DO WE RECEIVE INFORMATION ABOUT YOU?

4.1. The Ordify Platform and/or the Services require registration and provision of your information, including personal data.

4.2. Upon creating a profile or registering with us - where you create an account with us, register a profile, or are issued an ORFY Wallet for use on the Ordify Platform, you will be asked to provide personal data which will form part of your unique digital identity on the Ordify Platform (your “DataID”).

4.3. For compliance with our Anti-Money Laundering / Counter Financing of Terrorism (“AML/CFT”) measures - the Company complies with its AML/CFT Policy released and updated by the Company on the Ordify Platform from time to time ("AML/CFT”). In accordance with our AML/CFT policy, we may request for your personal data, including information such as identification documents and pictures.

4.4. Whenever you submit information via the Ordify Platform and/or the Services - You may, in the course of interactions with other users on the Ordify Platform and/or the Services (including Third Party Services) accessible via the Ordify Platform, disclose your personal data.

4.5. If you choose to sign up via your social media accounts or other authentication providers - when you sign-up to the Ordify Platform and/or the Services via your social media accounts or other authentication providers (such as Google account or Facebook account), we will have access to basic information made publicly from such account, such as your full name, home address, email address, birthdate, profile picture, friends list, personal description, as well as any other information you made publicly available on such account, or agreed to share with us.

4.6. It is your voluntary decision whether to provide us with any personal data, however if you do not provide the information we require or requested, you may not be able to create a profile or register a digital identity on the Ordify Platform or use the Services. Your use of the Ordify Platform and/or the Services may be severely limited.

4.7. To enable us to provide the Ordify Platform and/or the Services to you effectively, the information you provide to us shall be accurate, complete, not misleading and without material omission, and that such information is kept up to date. If you discover that the information is inaccurate, incomplete, misleading, contains material omission or is outdated, please update us with the true, accurate, complete and updated information.

4.8. If you provide us personal data about another person, you confirm that such other person has appointed you to act for him/her, to consent to the processing of his/her personal data by us in accordance with this Privacy Policy and to receive on his/her behalf any data protection notices.

5. WHAT TYPES OF INFORMATION WE COLLECT?

5.1. We collect the following personal data about you:

Profile and Registration information - you will be required to provide your name, email address, gender, birth date, zip code, country of residency, home address, and phone number;
Third-Party Account Information - we may collect and analyze information from third-party websites and accounts that you link to your Ordify profile, including social media account information such as from Telegram or X. For the avoidance of doubt, the company has access to the account information but has no control over the account;
Blockchain Data - we may collect and analyze public blockchain data such as transaction ID, transaction amounts, wallet address for the transfer or storage of tokens, timestamps, events or data transactions between parties, smart contracts, social graph services, and data storage, as well as user interactions between users and the Ordify Platform. For the avoidance of doubt, the blockchain is a decentralized ledger and where your data is stored on the blockchain, the data is accessible by the Company, but not controlled by the Company;
Wallet Information - you will have the option to link your ERC20, BRC-20, and Stacks Wallet and Solana Wallet address to your account. We may access your BRC-20 and Stacks Wallet account information in order to integrate the wallet with Ordify Applications. For the avoidance of doubt, the wallet is accessible by the Company, but not controlled by the Company;
Payment information - certain features of the Platform may require payments and/or subscriptions before you are able to utilize these functions. Where payments are required you may be required to provide details of your debit or credit cards, or details associated with payment services that are accepted on the Ordify Platform and/or the Third Party Services;
Voluntary information - when you communicate with us (for example when you send us an email or use a “contact us” form) we collect the personal data you provided us with;
Technical information - we collect certain technical information that is automatically recorded when you use our Services, such as your IP address, device approximate location;
Other Personal Data - you may, in the course of using the Ordify Platform and/or the Services, disclose through videos, posts, or other information posted or uploaded on the Ordify Platform, personal data about yourself or third parties. Such information may be stored on our servers.

5.2. We also collect the following information:

Ordify Platform usage data - we collect information about your use of the Ordify Platform. This includes but is not limited to the type of computing or mobile device you use, the language of your operating system, the Internet browser you are using, geo-location, and use of the Ordify Platform;
Technical information - Ordify Platform might also access a list of installed apps on your device. This is done only to ensure proper quality of service, as some apps might interfere with the Ordify Platform's functionality, such as blocking notifications, and in such cases, we will notify you.

6. TRACKING TECHNOLOGIES - COOKIES

6.1. A cookie is a small piece of text that is sent to the Ordify Platform or your browser when you access the Ordify Platform. We use cookies to help personalize your experience with the Ordify Platform.

6.2. A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the Ordify Platform, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the Ordify Platform.

6.3. The Ordify Platform automatically accepts cookies; however, you may choose to modify security settings so you can approve or reject cookies on a case-by-case basis or reject all cookies.

6.4. Also, you are free to delete any existing cookies at any time. If you delete or disable cookies from the Ordify Platform, some parts or functions of the Ordify Platform may not work properly for you.

6.5. We also use “Google Analytics” to collect information about the use of the Services. Google Analytics collects information such as how often users visit the Services, what pages they visit, when they do so, and what other sites they used prior to coming to the Services. Google Analytics collects only the IP address assigned to you on the date you use the Services, as well as information regarding your operating system, language, and information regarding your use of the Services, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personal data. We use the information we get from Google Analytics only to improve the Services. Google's ability to use and share information collected by Google Analytics about your use of the Services is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

7. HOW DO WE USE THE INFORMATION WE COLLECT?

7.1. We use your information collected for the following purposes:

Provision of Services - we will use your information for the provision and improvement of our Services to you, and for the processing of your requests and queries. For example, data collected automatically on the Services may be used to help diagnose problems with our servers, to make our Services more useful, to customize it and personalize its content for you.
ID-As-A-Service - Integrating data, including personal data, which you provide us to generate a hash function unique to you and to support secure identity and verification services to external parties, provided that a user is on the Ordify Platform. For example, personal data is safeguarded from internal and external unauthorized access yet permit authentication of users of the Ordify Platform when you are using Third Party Services.
Enriched Personal Profile - The Ordify Enriched Personal Profile (the “Enriched Personal Profile”) is assembled from the aggregation of your personal data from different reliable centralized platforms such as Google, LinkedIn, Facebook, Twitter, and other public data repositories, with rudimentary data which you provide to us. Your Enriched Personal Profile amplifies the value of your DataID, paving the way for tailored, data-driven services that fully cater to individual user requirements.
Technological integration - The Ordify Platform offers a unique fusion of identity services, notifications, and private data management that can streamline the digitization of city services and resident communications. Your data, including personal data, may form part of or be utilized to test, roll out, elevate or create digital infrastructure centered around identity services, notifications, and private data management.
Enforcement - we may use your personal data for the purpose of enforcing our rights under the Terms or to defend ourselves, including assessing the personal data posted to determine whether content containing such personal data should be deleted.
General communication - we also use your personal data to send you texts, emails or other communications regarding general adherence information, Services maintenance, updates, or changes to this Privacy Policy or any other relevant agreements.
Marketing purposes - we will use your personal data (such as your email address or phone number) to communicate with you. We may also send you promotional material concerning our Services or Third Party Services (which we believe may interest you), including but not limited to, by building an automated profile based on your personal data, for marketing purposes.
Analytics, surveys and research - we are always trying to improve our services and think of new and exciting features for our users. From time to time, we may conduct surveys or test features, and analyze the information we have to develop, evaluate and improve these features.
Anonymized data - we may analyze and evaluate your personal data in connection with the Services, anonymize and aggregate our analysis and evaluation, and commercialize such anonymized and aggregated analysis and evaluation in any manner as we think fit.
Protecting our interests - we may use your personal data when we believe it is necessary in order to take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of the Ordify Platform and/or the Services and protect the rights and property of the Company, its users and/or partners.
Enforcing of policies - we may use your personal data in order to enforce our policies, including the Terms.
Compliance with legal and regulatory requirements - we may also use your personal data as required by or for the purpose of compliance with law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
Record-keeping - we will collect and retain your personal data in the ordinary course of our business and for so long as necessary for the fulfillment of the purposes set out in this Privacy Policy or as is required by any legal, regulatory and/or accounting requirements.
Ancillary purpose - we may use your personal data for any purposes in connection with, relating or ancillary to any of the above, provided that they are necessary for the delivery of the Services.

8. WITH WHOM YOUR PERSONAL DATA MAY BE SHARED?

8.1. We may share your personal data with the following persons:

Providers of Third-Party Services - your personal data may be shared via the Ordify Platform and/or through the Third Party Services. If you consent to such transfer by us of your personal data to another organization, please note that the information provided will be subject to such organization's privacy practices and shall not be within our control.
Content providers - we may also use your personal data in order to provide you with personalized third-party content or links to third party sites that might interest you. We provide this third-party content and/or links to third party sites for information purposes only and are not liable for such content or sites. For more information see the “Links to other Websites or Apps” section below.
Service providers - we might share your personal data, as is reasonably necessary, with our contractors or consultants, including vendors and suppliers that provide us with development services, technology, services, or content for the operation, development and maintenance of the Ordify Platform and/or our Services or data and analysis on the use of the Ordify Platform and/or our Services. The Company shall impose on such service providers obligations of confidentiality and only share personal data to the extent necessary with such contractors or consultants.
Law authorities - we may share your personal data with law enforcement authorities, courts and tribunals, including with legal advisors and consultants, in case we need to respond to law enforcement requests or other legal requests or pursuant to a requirement imposed by law, order, judgment or decree, or courts in order to protect and defend our rights and property or those of Services users.
Merger, acquisition or sale - we may transfer your personal data to another organization in the event of a merger, acquisition or sale of all or a portion of our assets.
Auditor, legal and professional advisor - we may share your personal data with our auditor if requested for the purpose of audit on our business. We may also share your personal data with our legal and other professional advisors for the purpose of enforcing our rights or defending any claims against us, or for any other purpose in connection with the Services.
Data intermediary - we may appoint an organization to process and/or store personal data on our behalf in connection with the Ordify Platform and/or the Services. In this respect, we will share your personal data to the appointed organization, who will be required to process your personal data in accordance with this Privacy Policy.
Group companies - we may share your personal data with our group of companies for internal reporting purposes.

8.2. While we take great care to keep your personal data confidential and secure, when you share your personal information with others, including by means of social media sites, or when you participate in a forum on the Services, any information disclosed by you in such way is solely your responsibility. You should exercise caution when disclosing any information in such ways, as you do not know who will access or use such information and for what purposes.

9. USE OF AGGREGATED DATA

9.1. We make every effort to ensure that aggregated data does not include any personally identifiable information. The blockchain technologies powering the Platform and/or enabling the delivery of the Services may analyze and/or combine all information we receive (as set out under this Privacy Policy), with information from other users to create aggregated data that may be disclosed to and utilized by us, our affiliates and by third parties without restriction, on commercial terms that we can determine in our sole discretion, for purposes such as: content marketing, research purposes, in order to understand behavior patterns, marketing strategies and for entering into commercial contracts in order to provide our users with the Services (including the Third Party Services) as well as to periodically enhance the Platform and/or the Services.

10. ACCESS AND CORRECTION

10.1. You may request access to and correction of, your personal data and limit the processing of your personal data or make any enquiries or complaints in respect of the processing of your personal data, by contacting us at the contact details set out in “How to Contact Us” section below. You are responsible for informing us when your personal data or preferences have changed and require updating. We shall, within a reasonable time frame, attend to your request for access to and correction of your personal data or updating of your preferences.

10.2. You may at any time, in your sole discretion or at the direction of our data protection team, delete content containing personal data which you have posted on the Ordify Platform.

10.3. Where you have burned any DataNFTs in your possession, you acknowledge that the data embodied in the DataNFT may not be retrieved and the Company has no ability to access (or correct) such data.

11. INTERNATIONAL TRANSFERS

11.1. Off Chain Storage: We store information and data on public and/or private cloud, where your data can be stored and/or backed up in any of the jurisdictions where the cloud service providers provide their cloud service. You hereby consent that we may store your personal data on our cloud server, which may be located outside Singapore or the jurisdiction in which the Services was obtained or is used.

11.2. The Company utilizes a network of storage and server resources that is designed to provide the required security and accessibility for the Ordify Platform. The Company shall, in all engagements with data storage solution providers, use service providers who have evidenced the capability to manage the volumes, nature and technology necessary to store the data provided by users of the Ordify Platform and/or the Services.

class="mb-4"> 11.3. The Company will not transfer your personal data to a country or territory outside Singapore that does not provide protection of personal data that is comparable to the protection under the PDPA.

12. RETENTION

12.1. We will retain your personal data for as long as necessary to provide our services or as required by any legal, regulatory and/or accounting requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Without prejudice to the foregoing, where you do not use our Services for 1 consecutive year, we will delete all your Wellness Information from our records.

12.2. You are informed that where your data is stored on the relevant blockchain used to support the Ordify Platform (“On-Chain Storage”), such data may be accessed, but is not controlled by or held in the possession of the Company. The Company has no ability, nor obligation to, retain or delete data in On-Chain Storage. Blockchain technologies utilize distributed ledger technologies and you, as the owner of Tokens and the Data Wallet is the only party able to control your activity on the blockchain.

13. LINKS TO OTHER WEBSITES OR APPS

13.1. Our Services may link to or refer to websites or mobile device services that we do not control. Any personal data you provide on the linked pages is provided directly to this third party and is subject to this third party's provider's privacy policy. This Privacy Policy does not apply to such other websites or mobile device services, and we are not responsible for the privacy practices or content of any website or mobile device service not controlled by us. If you have any concerns, we urge you to review the terms of those other websites or mobile device services for more information about their applicable policies.

14. HOW WE PROTECT YOUR INFORMATION

14.1. We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your personal data. Your information is stored on secure servers and isn't publicly available. We limit access of your information only to those employees or partners that need to know the information in order to enable the carrying out of the agreement between us.

14.2. You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.

14.3. While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your personal data, we cannot ensure or warrant the security and privacy of your personal data or other content you transmit using the Services, and you do so at your own risk.

14.4. You are further informed that On Chain Storage is utilized by the Company. Data stored on the relevant blockchain supporting the Platform and/or the Services does not belong to the Company and is situated on a decentralized ledger. On Chain Storage is used to store data that can be used to verify users' identities and ensure data integrity.

14.5. Off Chain Storage is also utilized by the Company to store data you disclose to us. All the data stored in Off Chain Storage is encrypted at rest and in transit. The off-chain data will be stored in secure, scalable, and highly available cloud services.

14.6. We shall, in the event of a compromise of personal data:

Assess the extent to which personal data collected by us has been compromised and put in place appropriate measures to contain the breach of personal data and minimize any harm to you arising from the breach of personal data;
Analyze and determine the cause of the data breach;
Ascertain if the data breach are notifiable data breaches under any data protection and privacy laws applicable to the Company;
Report the data breach to any relevant governmental data protection body or agency, including the Singapore Personal Data Protection Commission if the data breach is a notifiable data breach;
Ascertain if you are required to be informed of the data breach having regard to relevant rules, regulations, advisories, orders wheresover applicable, including but not limited to the Personal Data Protection (Notification of Data Breaches) Regulations 2021 and the Advisory Guidelines on Key Concepts in the PDPA;
Inform you if you are required to be notified of the data breach; and
Take continuing action to prevent further harm to you arising from the breach of personal data, including but not limited to reviewing measures taken to contain breaches of personal data and protect personal data.

14.7. We shall, in managing data breaches, have regard to the Guide on Managing and Notifying Data Breaches under the PDPA (“Guide”). Subject to our compliance with the Guide in the event of a breach of personal data, by continuing to use the Platform following such an event of breach, you confirm that you accept the adequacy of measures taken by us following an event of breach of personal data.

14.8. We shall be entitled to all rights of indemnity against you as a user of the Ordify Platform in the case where you posted content containing personal data and acted in breach of the Terms of the Ordify Platform.

14.9. You acknowledge that notwithstanding the Company's security measures, malicious actors, scripts, viruses, codes, software and other damaging factors including the evolution of hacking technologies, may result in the compromise of the personal data which you have provided to the Company.

14.10. To the fullest extent permitted, you waive any claim against the Company for any loss, liability, damage and/or cost incurred (“Damage”), howsoever such Damages arise and whether such losses are direct or indirect losses, where such data breaches do not arise out of the negligence, fraud or wilful default of the Company.

15. CHILDREN

15.1. Our Services are intended for use by persons 18 years of age and older or where you are under 18 years of age, you have the consent of your legal guardian. Under no circumstances should the Services be used by children under 18 years of age or without consent, and we will not knowingly collect personal data from any person we know to be under 18 years of age, or who does not have consent. If any person discovers that his/her child has been using the Services without his/her consent, or that someone has been using the Services for or on behalf of his/her child without his/her consent, please contact us using the information below under “How to Contact Us” and we will take reasonable steps to delete the child's information from our active databases. We reserve the right to check our user base from time to time and remove users whom we have grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as we may deem appropriate.

16. COMPANIES OR LEGAL ENTITIES

16.1. Our Services are intended for use by corporations or legal entities duly organised, validly existing and in good standing in the jurisdiction which they are incorporated, or established in. We have no control over the personal data protection policies adopted within these organizations or entities and by agreeing to the Privacy Policy, you accept that the personal data which you, as an individual using the Ordify Platform, provided to such corporations or legal entities at your own risk and that we have no control over, and accept no liability thereto, for the personal data which you provide at your own discretion.

17. SPECIFIC PROVISIONS RELATED TO THE EUROPEAN UNION GENERAL DATA PROTECTION REGULATION

17.1. We acknowledge that the GDPR will apply if we process or hold any personal data of individuals residing in the EU or if we offer goods or services to individuals in the EU (“EU Individuals”).

17.2. We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.

17.3. We understand that personal data must be processed lawfully, fairly, and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.

17.4. Sensitive personal data, or special categories of personal data as defined under the GDPR, which includes data about an individual's race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information as well as genetic and biometric data, are collected by us. The processing of such sensitive personal data is limited to the purposes and uses set out under this Privacy Policy.

17.5. We acknowledge and agree that the GDPR affords EU Individuals with rights such as:

Right to access and obtain a copy of the EU Individuals' personal data, including the purposes of processing and who the personal data has been disclosed to;
Right to rectify inaccurate personal data concerning the EU Individual;
Right to erasure of personal data concerning the EU Individual in certain circumstances;
Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
Right to data portability by receiving personal data concerning the EU Individual or data which has been provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organisation;
Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing;
Right not to be subject to automated decision-making (including profiling) where this has a legal effect on the EU Individual or significantly affects him.

17.6. We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.

17.7. Where you are an EU individual, we are required to:

investigate any reported actual or suspected data security breach;
where applicable, make the required report of a data breach to any relevant supervisory authority without undue delay and, where possible within 72 hours of becoming aware of it, if it is likely to result in a risk to the rights and freedoms of individuals;
notify the affected individuals if a data breach is likely to result in a high risk to their rights and freedoms and notification is required by law.

17.8. By proceeding with or continuing with the use of the Platform, you agree that this Privacy Policy and the Terms and Conditions of the Ordify Platform provide sufficient protection to your personal data rights under the GDPR. You also agree that where the company has acted on your request in accordance with clause 17.5, the action by the company is in all respects, compliant with the GDPR.

18. MODIFICATIONS OF THIS PRIVACY POLICY

18.1. We reserve the right to update or modify this Privacy Policy at any time and from time to time. By continuing to use the Services after any such changes, you agree to follow and be bound by this Privacy Policy as changed. For these reasons, we encourage you to periodically review this Privacy Policy for the latest version.

18.2. We may, from time to time, modify or update this Privacy Policy where required under or by any data protection laws applicable to the Ordify Platform and/or the Services.

19. HOW TO CONTACT US

19.1. If you have any questions, comments, requests, or concerns related to this Privacy Policy or the privacy practices for our service, please contact us at:

SENTRYLABS LIMITED
50 Stanley Street, Central Hong Kong
World Trust Tower, Level, Suite C
Attention: Chief Data Protection Officer
Email: info@ordify.world

You may also contact our Data Protection team: [ ]

20. ENGLISH VERSION AND OTHER LANGUAGES

20.1. If there is a conflict between this English version of the Privacy Policy and the corresponding versions in other languages, the terms in this English version shall prevail.