Privacy Policy

Web3 Digital Wallet - Talao

Effective Date: November 23, 2023

Preamble

At Web3 Digital Wallet, we are unwavering in our commitment to safeguarding personal data, and we operate in strict compliance with the General Data Protection Regulation (GDPR) to protect the privacy of our users. This Privacy Policy serves as a testament to our dedication to secure the Personal Data of users of the Talao.io website and the Talao mobile application. It provides a comprehensive understanding of how data is collected, processed, and protected.

Definitions

To ensure clarity, here are some definitions of key terms used throughout this Privacy Policy:

  • Service/s: Refers to the website Talao.io (the “Website”), a backend platform and client applications (collectively, “Talao Platform”), a mobile application called Talao Wallet (the “Wallet”), and any other online products and services provided by Talao.
  • Cookie: A small file associated with a web domain that is stored on your device for subsequent interactions with the same domain.
  • Personal Data: Information, whether on its own or combined with other data, that identifies or is identifiable to an individual.
  • Retention Period: The duration for which data is held, either mandated by law or determined by the data controller, after which it may be securely disposed of.
  • Purpose: The specific objective behind the processing of Personal Data.
  • Verifiable Credential: Standardized digital certificates issued to verify specific properties about an individual. In the context of Talao, these credentials encompass age, identity, name, nationality, gender, humanity, email, and phone number.
  • DIDs (Decentralized IDentifiers): New types of identifiers that enable verifiable, decentralized digital identity. The Wallet and the Talao Platform create DIDs on your behalf.
  • Cryptographic Keys: Key pairs created by the Talao Wallet, consisting of one public key and one private key. Public keys are linked to your DIDs and published on a designated blockchain network.
  • Secrets: Any private key or security code chosen by you or automatically generated by the Service.
  • Data Subject (or User): An individual whose Personal Data is being processed. Talao users are considered Data Subjects in this policy.
  • Data Controller: The entity responsible for determining the why and how of data processing.
  • Data Processor (or Service Provider): A party that processes data on behalf of the Data Controller.
  • Processing of Personal Data: Encompasses all operations, automated or not, related to Personal Data.
  • Transfer of Personal Data: Any action involving the transmission, communication, copying, transmission, broadcasting, or provision of remote access to Personal Data, regardless of the medium or method of communication.
  • Personal Data Breach: Any unauthorized or accidental incident leading to the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to Personal Data.

Categories of Data Subjects Affected by the Processing

The individuals affected by the processing of Personal Data are the users of the Talao wallet mobile app edited by Web3 Digital Wallet.

Data Controller

1. Talao Mobile Application:

Web3 Digital Wallet is the provider of the Talao mobile application, which empowers users to create and manage digital credentials for identity verification, age verification, email validation, phone number verification, and humanity verification.

2. Talao Service:

When using Talao, the entity employing the service acts as the Data Controller, as they define the purpose and methods of data processing, in line with Article 4(7) of the GDPR.

Any inquiries or requests related to data collected via the Talao service should be directed to the respective website using the Talao wallet to verify users. It is the Data Controller's responsibility to inform its users about the regulatory requirements outlined in Articles 13 and 14 of the GDPR, including the authorized Purposes of Processing under the Talao service. Furthermore, the Data Controller must ensure the legality of their data collection methods in relation to their operations and the information provided by Web3 Digital Wallet.

Data Processor (or Service Providers)

Web3 Digital Wallet, a company headquartered in France (SIREN 910 399 435, RCS Chartres) at 112 RUE DES TUILERIES 28260 SAINT-OUEN-MARCHEFROY, France, is responsible for processing your data.

Consent

Talao is a decentralized identity wallet designed to empower users to manage verifiable credentials securely. By providing your personal information to Talao or its agents, you acknowledge and agree to the collection, usage, and disclosure of your personal data as outlined in this Privacy Policy and in accordance with your confidentiality preferences, as permitted or required by law. You retain the right to refuse or withdraw your consent for specific purposes, subject to legal and contractual obligations. Refusing or withdrawing consent may impact our ability to provide certain services or information.

Information Collection and Use

By reading and accepting this Policy, you are informed of the circumstances in which your Personal Data will be processed in relation to the Service. Your free, informed, specific, and unambiguous consent will be requested for the processing of Personal Data provided through the Service. The data requested through the Service are generally mandatory (unless otherwise specified) to fulfill the purposes for which they are collected.

What Personal Data Does Talao Access About You?

We may collect your Personal Data from different sources:

Data That You Provide to Us:

  • Identity Data: Your first name, last name, date of birth, role, employer, nationality, and postal address.
  • Contact Data: Telephone number and email address.
  • Correspondence Data: Feedback, problems with the Service, received customer support, or otherwise corresponded with us.
  • Payment Data: Your credit card number, bank account number, and any other payment-related information.

Data That We Collect Automatically:

  • Technical Data: Your Decentralized Identifiers (DIDs), public keys, and your unique device identifier.
  • Browsing Data: The Service may automatically detect your IP address, domain name, unique device identifier, device and browser type, operating system, demographic information, the pages of our Sites you browsed, the time spent on those pages or features, the frequency with which the Sites are used by you, search terms, the links on our Sites that you clicked on, and other statistics. We use this information to administer the Service and analyze it with the purpose of improving the Service.

Information We Will Never Collect

We will never ask you to share your secrets, private keys, PIN code or other code. 

Scope of Privacy Policy

This Privacy Policy governs the collection, usage, and disclosure of personal information for users of the Talao website and mobile application.

Purpose of Data Processing

The Talao.io website and Talao mobile application enable visitors and users to perform various types of verifications, including:

  • Identity Verification: Web3 Digital Wallet collaborates with DOCAPOSTE (https://www.docaposte.com/en/solutions/id360), a third-party company, to authenticate identity documents. This process involves facial recognition (3D liveliness) and the issuance of credentials for Firstname, Lastname, Age, Gender, Nationality, and Humanity (Proof of personhood) verifications. Additionally, Talao utilizes age estimation credentials through Artificial Intelligence verifications, using user photos via the YOTI company (https://yoti.com).
  • Email Validation: Talao validates users' email addresses by sending secret codes via email.
  • Phone Number Verification: Talao confirms the validity of users' phone numbers by sending secret codes via SMS.

Purposes of Collecting Personal Information

We collect your personal information with the primary objective of providing the product, service, or information you have requested. 

For example:

  • We collect email addresses to issue certificates verifying the validity of users' email addresses.
  • Identity data is collected to issue certificates that provide verification of identity, age, and other relevant information.

Please note that the information collected for certificate issuance is not retained; it is only kept during the process of verifiable credential issuance.

Storage of Personal Information

Your personal information is securely stored on your smartphone in the form of signed files. Talao does not retain personal data used to issue identity credentials. For credentials produced with the assistance of third-party companies like Docaposte or Yoti, please refer to their respective terms and conditions regarding data retention.

Data Retention

At Talao, we prioritize the protection of your data and practice minimal data collection. We only retain essential user information, specifically email addresses and phone numbers, which allow us to maintain contact with our users for the purpose of enhancing the quality of our services. We do not store any other personal information unless explicitly provided by the user for identity verification purposes.

Our data retention policy is designed with your privacy in mind:

  • Email Addresses: We retain email addresses for communication purposes and to provide updates about our services. You have the right to request the removal of your email address from our records at any time.
  • Phone Numbers: We keep phone numbers to facilitate communication and offer user support. Like email addresses, you can request the removal of your phone number from our records if desired.

We do not retain personal data used for identity verification, and there is no data retention associated with the identity verification process. Your privacy and data security are of utmost importance to us, and we adhere to strict policies to ensure your information is protected.

International Transfer of Data

Personal Data that Talao processes may be transferred to third parties based in countries outside the European Economic Area (EEA). These transfers will be performed according to the appropriate safeguards to ensure an equivalent degree of protection as set out in the GDPR, which may include the relevant Standard Contractual Clauses. In this regard, Web3 Digital Wallet undertakes to take all necessary measures to ensure the compliance of the Transfer of Personal Data, including conducting an impact assessment of the Transfer, signing the European Commission's Standard Contractual Clauses as of June 4, 2021 (Implementing Decision 2021/914), and implementing all additional safeguards necessary for this purpose. Web3 Digital Wallet undertakes to ensure compliance with these obligations by its Processors with respect to their own Sub-Processors.

Security of Personal Data

Your Personal Data is stored under appropriate security and confidentiality conditions, with Web3 Digital Wallet having implemented a security policy providing for organizational and technical measures in line with the state of the art and applicable references. We employ reasonable measures to protect personal information from loss, misuse, and alteration. Our security policies are regularly reviewed and enhanced. Only authorized employees and suppliers have access to your personal information.

Disclosure of Personal Data

Talao may disclose personal data to government agencies when required by law or when we have reasonable grounds to believe that such information could aid in the investigation of illegal activities. We may also disclose personal information to comply with subpoenas, warrants, court orders, or legal counsel.

Your Data Protection Rights with Talao

At Talao, we are committed to ensuring your data protection rights are upheld in accordance with the General Data Protection Regulation (GDPR). You have several important rights under the GDPR, and we are here to assist you in exercising them:

  • The Right to Access, Update, or Delete: You can access, update, or request the deletion of your Personal Data directly within your account settings on our platform. If you need assistance with these actions, please don't hesitate to contact us for support.
  • The Right of Rectification: If you believe your Personal Data is inaccurate or incomplete, you have the right to request corrections.
  • The Right to Object: You can object to the processing of your Personal Data.
  • The Right of Restriction: Request the restriction of the processing of your Personal Data when necessary.
  • The Right to Data Portability: Obtain a copy of your Personal Data in a structured, machine-readable format.
  • The Right to Withdraw Consent: If we rely on your consent to process your Personal Data, you have the right to withdraw it at any time.

Underpinning these rights is the legal basis of Talao's data processing – our legitimate interest in providing you with our service. We want you to be aware of your rights, and if you wish to exercise any of them or have questions related to your data, you can contact the Data Controller or reach out to us directly at [email protected].

We take your data privacy seriously and strive to ensure that your data is handled with the utmost care and protection.

Right to Lodge a Complaint with the CNIL

We remind you that you have the right to lodge a complaint with the supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL).

What Third Party Services do we use to collect and process your Data?

We use cookies to collect Usage Data through the Website. You can control the use of cookies in your browser. 

  • Website’s recipient: Unicorn Platform;
  • Type of Processing: Hosting of the Talao.io website;

Please refer to unicorn’s platform privacy policy to know more : https://unicornplatform.com/privacy-policy 

Cookies

A cookie is present to ensure the operation of the Talao.io website. This cookie is of a functional nature and is essential for the use of the Talao.io website, not requiring prior consent from the user in accordance with the CNIL recommendation of October 1, 2021, regarding Cookies and other trackers. It is notably used in network communications to identify a session to allow users to be recognized on the Talao.io service. This "session" cookie is required for the basic functionality of the website and is therefore always active. The data generated by the activation of this cookie is retained only for the duration of the user's session. If you are required to block this type of cookie in your browser, the Talao.io website may not function correctly, and you may not be able to use all the features of the service.

Duration of Retention: For the session.

Changes to this Privacy Policy

Talao reserves the right to modify or supplement this Privacy Policy at any time. Changes will be posted on our websites and made available upon request. If we seek to collect, use, or disclose personal information for purposes other than those consented to, we will obtain the necessary consents as required by applicable law.

How to Contact Us

Talao has designated a Privacy Officer responsible for ensuring compliance with this Privacy Policy and relevant data protection laws.

Contact Information for Talao's Privacy Officer: [email protected] 

Thank you for entrusting Talao with your data. We are committed to safeguarding your privacy and ensuring the security of your information.

Talao - Your Decentralized Identity Wallet by Web3 Digital Wallet