my.locker Privacy Policy
Last Updated: October 15th, 2024
my.locker, operated by Orange Domains LLC, (referred to herein as “.locker” or “Orange Domains”,) respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy (“Policy”) informs you of our policies regarding the collection, use and disclosure of Personal Information (defined below) when you use our website(s), browser extensions, mobile applications, desktop applications, web applications, social media sites and handles, emails we send, and any other related and connected platforms and other online and offline interactions (collectively our “Services”). Additional information on our Personal Information practices may be provided at the time of data collection.
By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use the Services or provide us with any Personal Information.
Our services are designed, in part, to facilitate cryptographic blockchain activities. While we are excited about the future of web3 services and the blockchain technology, the nature of our Services does not always comport with certain privacy laws that were not designed with today’s technology in mind. We make every effort to comply with the laws and to protect your privacy. However, due to the distributed public ledger nature of the Services, some information will always be publicly accessible on the public ledger. We also offer you certain rights to access and control the data we have collected about you, but please note that we are not able to control the information that is on a decentralized public ledger.
Personal Information
For the purposes of this Policy, unless otherwise required by applicable law, “Personal Information” means any information that (directly or indirectly) identifies, relates to, describes, or is reasonably capable of being associated with, linked or linkable with a particular individual consumer or household, including any information that is subject to applicable data protection laws.
Scope
This Policy applies to our collection, use and disclosure of Personal Information related to the users of our Services, and applies to all users of our Services. However, this Policy does not apply to our employees or job applicants.
Collection of Personal Information
Types of Personal Information Collected
Depending on the nature of the Services provided or how you use or interact with the Services, we may collect the following information about or from you:
- Contact information and other identifiers: Personal Information and contact information, such as your username, account name, blockchain wallet address, and any other online identifier.
- Device information: Internet protocol (IP) address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
- Communications: Communications between you and us. When you communicate with us, such as through e-mail, text message, web forms, online polls, or interactions with our blogs and posts, we may collect and save a record of your communication and any Personal Information provided during the communication.
- Referral data: Referral data including Personal Information of a person that can be used to identify you and the person you are referring.
- Usage data: Usage data and automatically collected technical information such as traffic data, logs, and other internet activity, such as information regarding your interaction with the Services.
- Computer and internet connection information: Information about your computer and internet connection, including, but not limited to, the type of device you use, the IP address of your device (which may indicate your more general geographic region), your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.
- Crash report information. If the Services malfunction, crash, or otherwise experience errors, a third-party provider that we use to track errors and monitor performance of the Services will generate and send us crash reports to help us fix the issue. These crash reports contain information about the device and software you use to access the Services, including device manufacturer and brand, screen orientation and resolution, web browser type and operating system version, as well as usage information about page views, clicks, and the dates and times that the errors, malfunctions, or crashes occurred.
Sources of Personal Information
We collect Personal Information from various sources including data directly from you, from third parties, from public sources, and from automated systems.
Directly from you. You may give us your Personal Information by filling in forms or by corresponding with us by post, email or otherwise. This includes data you provide when you:
- sign up for our Services;
- subscribe to our Services;
- use our Services;
- participate in ways to improve customer satisfaction and customer experience;
- participate in a transaction;
- communicate on our Services;
- engage customer support;
- request marketing and other communications from us;
- enter a competition, promotion, or survey; or
- give us feedback or contact us.
From Third Parties. We may collect Personal Information about you from third-party sources (which may be combined with other Personal Information we have collected about you), such as:
- Domain Registrars: when you register a .locker domain with a Domain Registrar partner, they will share information about your registration and contact information with us so that we may provide you with the Services.
- Blockchain: we collect certain Personal Information about you that is publicly available on a decentralized public ledger.
From automated systems or interactions. As you interact with our Services, we may automatically collect technical data about your equipment, browsing actions and patterns, and frequency of use. We collect this personal data by using cookies and other similar technologies. Please see below for further details.
Retention of Personal Information
Except to the extent prohibited by law or as otherwise stated in this Policy or at the time of collection, and subject to this Policy, we will retain and use your Personal Information for as long as it is needed for the relevant purpose, including to provide you with any of our Services, communications, information you have requested, or access to the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. As soon as it is reasonable to assume your Personal Information is no longer needed or required, we will cease to retain your Personal Information, or remove the means by which the data can be associated with you. Please note that the nature of blockchain services is that certain data cannot be deleted or erased.
You should inform us of any changes to your Personal Information so that we can keep it up to date. If you wish to find out further information on how long we retain your Personal Information for you can contact us using the details below.
Use of Personal Information
We, and our authorized third parties, will only process your Personal Information where we have the legal grounds to do so. We may use the Personal Information that we collect for various purposes, including, without limitation:
- To provide and maintain our Service. Our lawful basis is to fulfill any contractual terms with you.
- To notify you about changes to our Service. Our lawful basis is to fulfill any contractual terms with you.
- To allow you to participate in interactive features of our Service when you choose to do so. Our lawful basis is our legitimate interests and contract of providing the Services to you.
- To provide customer support. Our lawful basis is our legitimate interests as a business in responding to and keeping a record of correspondence.
- To gather analysis or valuable information so that we can improve our Service. Our lawful basis is our legitimate business interests in understanding and improving our services.
- To monitor the usage of our Service. Our lawful basis is our legitimate business interests in understanding and improving our services.
- To monitor the frequency with which you use our Service. Our lawful basis is our legitimate business interests in providing and incentivizing use of our Service.
- To detect, prevent and address technical issues. Our lawful basis is to fulfil any contractual terms with you by providing technical support and our legitimate business interests in protecting our Services.
- To manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests. Our lawful basis is our legitimate business interests in protecting our business or our need to defend ourselves legally.
- To conduct audits, reports, corporate governance and other internal operations. Our lawful basis is our legal obligations under relevant legislation such as tax reporting and our legitimate interests in running our governance programs.
- To comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. Our lawful basis is compliance with applicable law.
- If non-essential cookies or similar technologies are used for the above, then our lawful basis is your consent.
Under European Union and/or United Kingdom regulations, where we have indicated above that we rely on legitimate interests for processing of personal information, we carry out a ‘balancing’ test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us below.
Transfer of Personal Information Overseas
We are a global company and will collect and process your Personal Information around the globe. Your information, including Personal Information, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction from where it was collected and the applicable data protection laws may differ from those of your jurisdiction.
Disclosure of Personal Information
Personal Information may be shared in the following circumstances:
Service Providers or Processors
We may disclose Personal Information to third-party service providers or contractors (processors) who use this information to perform services for us, such as hosting providers, auditors, advisors, consultants, customer service and/or support providers and other similar service providers. Here is a list of some of the services we use:
- Escrow4All
- Google Analytics
- Google Workspace
- ICANN
- Hubspot
- Slack
- Stripe
- Tucows Registry Services
- Zendesk
We only share personal information when necessary to provide a service and we make sure that the third parties we work with are responsible stewards of that information.
Analytics Tools
We may share Personal Information with third parties that provide campaign measurement, online and/or mobile analytics, and related services. These third parties may receive or access browsing and/or other data about your use of the Services, in order to measure our campaigns, and/or to better understand how individuals interact with our Services.
Legal Requirements
We may disclose your Personal Information to law enforcement, government officials, or other third parties when we have a good faith belief that such action is necessary to comply with a legal obligation, such as a valid court order or subpoena, prevent or investigate possible wrongdoing in connection the Service, prevent physical or financial loss, or to protect against legal liability.
Business Transfers
We may share Personal Information with companies or other entities that we plan to merge with or be acquired by.
Protect our Rights
We may disclose Personal Information where we believe it necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and/or to protect our rights, property, or safety and that of our affiliates, partners, clients, customers and/or others.
Transfers Outside the UK/Europe
For users in the UK and European Economic Area (“EEA”)
We may sometimes transfer your Personal Information to countries outside the UK and EEA, for example if we are using a supplier based elsewhere or you want to transfer your data a third-party based in another country. The privacy laws in countries outside the UK and EEA may be different from those in your home country.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we will always have security measures and approved European or UK model clauses (available on the European Union’s legal website at eur-lex.europa.eu and the UK ones at the ICO website www.ico.gov.uk) or other adequate safeguards in place to protect your Personal Information. Please contact us if you would like more details about our safeguards for data transfers outside of the UK/EEA.
For other users
If we transfer your Personal Information to countries outside of your home country, we will take steps to comply with the requirements for such transfer in your home country as required by relevant law.
Cookies and Analytics
We use cookies, pixels, tags, and other technologies, which may be provided by third parties, on our Services to enable certain functionality and for security and fraud detection and prevention, as well as to collect usage information about our Website and the emails that we send and to personalize content and provide more relevant ads and information. We may combine the information we collect via these technologies with other information, including Personal Information.
Cookies
Cookies are alphanumeric identifiers that are transferred to your computer through your web browser for record-keeping purposes. Some cookies enable you to log-in to our Services or save certain settings and preferences, while others allow us to track usage and activities on our Services, personalize content, or deliver more relevant ads. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The "Help" tab on the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you block cookies, however, certain features on our Website may not be available or function properly.
Third parties may use cookies and other similar technologies to collect or receive information from our Site and elsewhere on the Internet and use that information to provide you with targeted ads. If you would like to opt-out of such advertising practices on the particular device on which you are accessing this Privacy Policy, please go to http://optout.aboutads.info/. The Network Advertising Initiative also offers a means to opt-out of a number of advertising cookies. Please visit http://www.networkadvertising.org to learn more. Note that opting-out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted-out will no longer deliver ads tailored to your preferences and usage patterns.
Pixel tags and embedded script (aka clear GIFs and web beacons).
Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixel tags are embedded invisibly on web pages. We may use these, in connection with our Website to, among other things, track the activities of the users of our Services, improve ads, personalize and manage content, and gather usage information about our Website. We may also use these in HTML emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third-Party Analytics Tools.
Our Website uses automated devices and applications operated by third parties, such as Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Website and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google's practices by going to www.google.com/policies/privacy/partners/, and you can opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. We also have procedures to deal with any suspected Personal Information breach, and we will notify you and any applicable regulator when we are legally required to do so.
Links to Other Sites and Platforms
Our Service may contain links to other websites, plug-ins and applications that are not operated by us. If you click a third party link, you will be directed to that third party's site, which may allow third parties to collect or share data about you. This Policy does not apply to third-party websites that are accessible through the Services, unless such website directs users or visitors to this Policy. When you click on one of these links, you will be transferred out of the Services and connected to the website of the organization or company that maintains that website.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. We strongly encourage you to review the privacy policy of every site you visit.
Children's Privacy
Our services are not offered to children and we do not knowingly collect or maintain Personal Information from anyone under the age of 18 (or majority in the jurisdiction they are accessing the services from). Should we discover that we have collected Personal Information online from a child who is under the legal age, we will promptly delete that Personal Information. If you have concerns over the collection of children's Personal Information on the Services, please contact us at the information provided in the Contact Us section below. Although our Services are not directed to children, if your child uses our Services and you wish to review or delete your child’s Personal Information, you may so request by contacting us at the location or email address set forth below under ‘Contact Us.’
Do Not Track
We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Third parties may be able to collect information, including Personal Information, about your online activities over time and across different websites or online services when you use the Services. You also may limit certain tracking by disabling cookies in your web browser.
Your Data Access Rights
Depending on where you live, you may have certain rights, such as to request access to or correction of the Personal Information that we hold about you. To make a request, please email: registryservices@orangedomains.com. Further information and advice about your rights can be obtained from the data protection regulator in your country, and many countries provide a right to lodge a complaint with the regulator. The rights that may be available to you include rights such as:
European Union and United Kingdom:
Where EU and UK regulations apply, you have the right to:
Be informed through clear, transparent and easily understandable information about how we use your Personal Information and your rights. This is why we are providing you with the information in this Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, please contact us.
Request access to your Personal Information (commonly known as a "data subject access request") if we are processing it, and certain other information (similar to that provided in this Policy). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it in accordance with data protection law.
Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Information (also known as the “right to be forgotten”). This enables you to ask us to delete or remove Personal Information where there is no compelling reason for us keep using it, when you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons that will be notified to you and because of our use of blockchain technology.
Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it affects your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes or where we are relying on our legitimate interests for processing. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
When processing is restricted, we can still store your Personal Information, but we may not use it further. We keep lists of people who have asked for further use of their information to be restriction to make sure the restriction is respected in future.
Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Lodge a complaint about the way we handle or process your Personal Information with your national data protection regulator. In the UK, this is the Information Commissioner, and details of how to contact the ICO can be found on their website at ico.org.uk.
Withdraw consent at any time where we are relying on consent to process your Personal Information, including using your Personal Information for marketing purposes. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
No fee usually required. You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
United States Residents:
California Shine the Light. Where applicable, California Civil Code Section 1798.83 allows California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request please contact us using the information provided in the Contact Us section below.
Nevada Residents. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at registryservices@orangedomains.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to any significant changes becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contacting us
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us using the details set out below.
Email address: registryservices@orangedomains.com
Postal address:
Orange Domains, LLC
228 Park Avenue South,
#94703
New York, NY 10003
You have the right to make a complaint at any time to your local data protection supervisory authority. We would, however, appreciate the chance to respond to your concerns before you approach them so do contact us in the first instance.