Privacy Policy

Effective date: 27th of August 2024

This document presents the Privacy Policy where you will find all the information regarding the processing of personal data carried out in regards to Lilypad.

Lilypad is a crowdfunding crypto platform, created with a purpose to provide a risk-mitigated way of crowdfunding projects in the crypto space. The resources of Lilypad are:

a landing page website that can be found on https://www.lilypad.cc/,
a web application that can be found on https://app.lilypad.cc/, and
social media sites of Lilypad, found on Discord, Telegram and X.

(all together “Lilypad”)

WHO PROCESSES YOUR PERSONAL DATA?

The processing of personal data is carried out by the data controller, Phase Labs LLC-FZ.
Details of the data controller:
Phase Labs L.L.C.-FZ
The Meydan Hotel, Grandstand, 6th Floor, Meydan Road,
Nad Al Sheba, Dubai, U.A.E.
(“Phase Labs”)

You can contact the data controller for questions related to this policy at any time via email.

WHY DO WE USE YOUR PERSONAL DATA?

We process all data collected by the controller only when there is an appropriate legal basis and for a specific purpose, as defined below. If we process data for a purpose not specified in this policy, we will notify you in advance.

This Privacy Policy applies to:

Users of Lilypad;
Visitors of Lilypad’s website and app;
Individuals who contact us or our partners regarding Lilypad.

Purpose

Types of Data

Legal Basis

Retention Period

Provision of our services

Discord username and crypto wallet address

Contractual relationship

For the duration of account existence

Project submission

Discord username, crypto wallet address, X social media handle, any other personal data that the submitters willingly share with through the submission form

Pre-contractual relationship

During the submission process

Featured Projects

Discord username, crypto wallet address, X social media handle

Contractual relationship

For the duration of featuring the Project

Resolving complaints

Discord username, crypto wallet address, name, email, other data necessary for handling the complaint

Contractual relationship

5 years from the conclusion of the complaint procedure

Exercising our rights and defending against claims

Data set depends on the individual procedure

Legal obligation

In accordance with the law

Whether you decide to provide your personal data to us is entirely voluntary unless required by law. We note that in cases where you do not provide personal data, we may not be able to provide certain services or the quality of services may be lower due to technical reliance on your data.

Personal data is processed only as long as necessary to fulfill the purpose for which it was collected. After the retention period expires, the data is deleted or anonymized so that data reconstruction is no longer possible.

DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?

We share your personal data with contractual processors, such as our business development partners, licensees, developer contractors, mass email senders, accounting services, legal consultants and similar.

Personal data is disclosed to third parties only when necessary to fulfill the purpose of personal data processing. Third parties may access and process your personal data only to the extent and in the manner specified in the contract we have concluded with them and in accordance with purposes stated in this privacy policy.

Government Data Sharing

In some circumstances we are legally obliged to share information with public authorities or law enforcement. For example, we may be required to provide information related to a court order or where we must cooperate with supervisory authorities in handling complaints or investigations. In any scenario, we’ll attempt to satisfy ourselves that we have a lawful basis on which to share the information, document our decision making, and satisfy ourselves we have a legal basis on which to share the information.

We may also share information in the event of the non-payment including a monetary penalty or court ordered costs. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty.

As a result, Phase Labs will share Personal Data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.

All sharing of Personal Data aligns to the extent possible with Phase Labs’s Government Data Sharing Policy, which is an internal Phase Labs policy that governs fair and lawful sharing of Personal Data requested by government entities within the UAE and elsewhere.

DO WE TRANSFER YOUR PERSONAL DATA TO COUNTRIES OUTSIDE OF EU, UK AND UAE?

We do not transfer your personal data to third countries.

HOW DO WE PROTECT YOUR PERSONAL DATA?

Our company ensures the highest level of personal data protection. To achieve this, we have adopted various technical and organizational measures, including:

regularly updating of our hardware and software,
securing hardware and software with protective software,
practicing and implementing privacy by design coding and development,
protecting our business premises,
restricting unauthorized access to personal data with passwords and clear competence division,
monitoring employees, and
having appropriate contractual arrangements in place with all individuals who have access to your personal data.

Despite our security mechanisms, we acknowledge that a security incident may occur. For this purpose, we have developed a specific protocol to address such incidents quickly, effectively, and in compliance with the law.

If a security incident occurs that may threaten the rights and freedoms of individuals, we will immediately notify the competent supervisory authority, but in no case later than 72 hours after becoming aware of the incident. If a major security incident occurs that could negatively impact a customer's personal data and privacy, the affected customer or individual will also be notified.

WHAT RIGHTS DO YOU HAVE?

Regarding the processing of your personal data, you have the following rights:

Right of Access: You have the right to information about whether we process your personal data, what data we process, how we obtained it, the purpose of processing, retention time, whether automated decision-making or profiling is performed, to whom the data is transferred, and whether it is transferred outside the EU/EEA area, as well as what security measures have been implemented.
Right to Rectification: You have the right to request the correction or completion of inaccurate, incomplete, or outdated personal data we process about you.
Right to Portability: You can request that we provide your personal data in a structured and machine-readable format, if technically feasible.
Right to Erasure: You have the right to request the deletion of your personal data without undue delay, especially if you withdraw your consent. However, there are situations where we cannot comply with your request, for example, if the processing is based on a valid contractual relationship or legal obligations.
Right to Restrict Processing: You have the right to request a temporary restriction on the processing of your personal data, e.g., for the duration of the correction of personal data we process about you.
Right to Withdraw Consent: Whenever our processing of your data is based on your consent, you can withdraw such consent without any negative consequences for you. After withdrawing your consent, we will no longer process your personal data for the purpose for which you provided consent.
Right to Object: You have the right to object to the processing of personal data when it comes to processing for direct marketing purposes, including profiling.
Right to Data Portability: In technically feasible cases, you can request that your personal data be transferred to another controller.
Right to not be discriminated against: We cannot deny you services or have different terms of services towards you merely on the grounds that you either denied consent or exercised your rights in accordance with applicable data protection law. However, by not consenting or exercising your rights (such as deletion of your personal data, restriction of processing, etc.), we may not be able to provide you with certain services or the quality of provided services may vary due to technical restrictions brought upon by your choices.
Right to Lodge a Complaint with the Information Commissioner: This right is exercised if you believe there has been a violation of data protection by the controller. You can submit a complaint to the Information Commissioner. Here are the contact information of the DIFC Commissioner of Data Protection’s Office:

Dubai International Financial Centre Authority
Level 14, The Gate Building
Phone: +971 4 362 2222
Mail: commissioner@dp.difc.ae

You can exercise your rights by writing to us via email at: devour@phaselabs.io with the subject "data protection" or by sending your request by post to:

Phase Labs L.L.C.-FZ
The Meydan Hotel, Grandstand, 6th Floor, Meydan Road,
Nad Al Sheba, Dubai, U.A.E.

marked "data protection".

We will process your request as soon as possible and no later than 30 days from receipt. If a particular request is so extensive that it requires a longer resolution time, we will inform you in advance and provide you with an estimated response time.

We reserve the right to reliably identify you when submitting a request to exercise any of your rights. If you do not send us personal data with your request that would allow us to reliably identify you, we will ask you for additional personal data. If you do not provide us with additional personal data within the specified period, we will dismiss your request.

ONLINE PLUG-INS AND HYPERLINKS:

Our website provides the option to use online plug-ins and hyperlinks. Please note that these plug-ins and the content on the hyperlinks are operated by third parties and Phase Labs has no control over their content, privacy and/or security.

The use of online plug-ins and hyperlinks is at the user's own risk. Each plug-in and/or hyperlink controller operates based on its own privacy rules, which are not associated with the controller's rules.

Responsibility for interacting with the plug-ins and hyperlinks and any consequences arising from such interaction lies solely with the individual.

FURTHER PROCESSING OF PERSONAL DATA IN AUTOMATED FORM:

The controller does not perform automated decision-making in personal data processing.

CHANGES:

Any changes to our Privacy Policy shall be published on this website.

It is assumed that you agree to the new version of the Policy if you continue to use Lilypad or other services subject to this Policy after the Policy has been changed.

CONTACT:

You can contact us at any time with additional questions regarding personal data protection by writing to us via an email at devour@phaselabs.io.

You may also contact the DIFC Commissioner of Data Protection’s Office at:

Dubai International Financial Centre Authority Level 14, The Gate Building

Phone number: +971 4 362 2222

Email: commissioner@dp.difc.ae