Greencart Privacy Policy

Last Updated: October 31st, 2024

This Greencart (“dApp”) Privacy Policy (“Privacy Policy”) is effective from and after the date shown above, and describes how VeChain Foundation San Marino S.r.l. (“VeChain,” “we,” “our,” or “us,”) collects, uses, shares, and otherwise processes information collected about you when you use our dApp and access services made available from such platform, as provided at the various locations offered by us that directly links to this Privacy Policy (herein referred to as the “Service(s)”). If you are a data subject in the United Kingdom (“UK”) or any part of the European Economic Area (“EEA”) and/or in any case Regulation (EU) 2016/679 applies (“GDPR”), please also see the paragraph entitled “Additional Disclosures for People in Europe”.

Data Controller

The Data Controller is VeChain Foundation San Marino with its registered office in Strada di Paderna, 2 -47895, Domagnano – Repubblica di San Marino, COE SM29314.

The information we collect about you

We limit what personal data is required to use the Services. While you may voluntarily provide to us certain information that includes personal data like contact information and communications as described below, such personal data is not required to use the Services. However, in order to provide the Services, there is limited information, which may include personal data that must be collected automatically. Please read the below carefully to understand what may be collected and how it is used:

  1. When you reach out to VeChain in connection with the Services, we may collect certain information from you that you are voluntarily providing including:
    • Contact information, including name or email address when you reach out to us for support or other communications;
    • Digital wallet information, including your public wallet address;
    • Transaction data, including information related to transactions you make through a webpage, including time of the transaction, digital wallet information, items associated with the transaction;
    • Content, including any content in communications with us that you provide;
    • Information We Collect Automatically.
  2. When you use the Services, we will process limited information automatically including:
    • Use Data, including data about analytic data use, browser type, operating system, time stamps, and your referring and exiting pages;
    • Log Files, which are files that record events that occur in connection with your use of the Services; and
    • Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. For further details please refer to ourCookie Policy.
  3. Use Data and Log Files, and to the extent you share them with us, Contact Information and Content are used to maintain, improve and enhance our Service and develop new products, prevent fraud, and to generally comply with applicable laws.
  4. We also collect non-identifying aggregate information (such as the information flows related to transactions – public wallet addresses) which we may us for the exclusive purpose of improving the security, compatibility or interoperability of the Service.

How we use the information we collect about you

We use the information we collect from and about you for the following purposes:

  1. to provide, maintain, improve, and enhance our Services;
  2. to understand and analyze how our Service is used and develop new products, services, features, and functionality;
  3. as necessary to allow for transactions related to Customer Content and interact with the VeChainThor Blockchain in connection therewith;
  4. to communicate with you, provide you with updates and other information relating to our Service, provide information that you request, respond to comments and questions, and otherwise provide customer support;
  5. to find and prevent fraud, and respond to trust and safety issues that may arise; and
  6. for compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

Additionally, Google Workspace APIs are not utilized for the development, enhancement, or training of generalized or non-personalized AI and ML models.

For information on your rights and choices regarding how we use personal data about you, please see paragraph below entitled “Your Rights and Choices”.

Sharing of personal and non-personal data

We share information we collect in accordance with the practices described in this Privacy Policy. The types of entities we may have shared information with or may share information with in the future include the following:

a.Third Parties Providing Services On Our Behalf. In order to make various features, services and materials available to you through the Services, host the Service, and respond to your requests and inquiries, we may share your information you provide with third parties that perform functions on our behalf;

b.Blockchain Platform. When you engage in a transaction that is recorded on the Blockchain, certain information that may be considered personal data related to that transaction will be published on the blockchain and may be accessible to third parties not controlled by VeChain, and will be recorded on the Blockchain permanently across a wide network of computer systems and be incapable of deletion. Many blockchains are open to forensic analysis which can lead to de-anonymization and the unintentional revelation of personal data, especially when blockchain data is combined with other data;

c.Legal Disclosure. Under certain circumstances, we may be required to cooperate with legal investigations and/or we may be subject to legal requirements to disclose information collected through the Service, such as a by court or a governmental agency. We may also disclose personal data to investigate any violation or potential violation of the law, this Privacy Policy, or applicable Terms or to protect or defend the rights and property of VeChain.

If you are a data subject in the UK or any part of the EEA, please also see paragraph 10 below entitled “Additional Disclosures for People in Europe” for additional rights information related to the above.

Your rights and choices

a. Discontinuing Use of the Service.
At any time you can request the deletion of your account from the Service and/or respective webpages, and unlinking any Digital Wallet linked to the Service and/or respective webpages. Please keep in mind that transactions recorded on an applicable blockchain is immutable, meaning that such information may not be deleted, regardless of your deletion of any account information from the Service and/or a respective Customer Webpage;

b. Communications.
For any type of communication please email us at the email address provided in paragraph entitled “Contact Us”; and

c. Cookies and other Tracking Technologies.

  1. Cookies and Pixels. Please refer to the Cookie Policy; and
  2. Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit https://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies some parts of the Service may not function correctly.

Data security

VeChain uses reasonable security measures designed to prevent unauthorized intrusion to the Service and the alteration, acquisition or misuse of personal data. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you, collected from you, or submitted by you. We will not be responsible for loss, corruption or unauthorized acquisition or misuse of information that you provide or that we collect through the Services that is stored by us or our service providers, or for any damages resulting from such loss, corruption or unauthorized acquisition or misuse.

Children’s privacy

The Service is not directed towards, nor was it designed to attract the attention of any children, and we do not knowingly collect or maintain personal data from any person under the age of fourteen.

Changes to this privacy policy

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address, by informing you about such changes through our website and/or via other channels we may use to communicate with you.

Contact us

Please contact us at info@greencart.ai if you have any questions or concerns about this Privacy Policy.

Additional disclosures for data subjects in Europe

a. Roles.
GDPR and data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). VeChain acts as a data controller controller with respect to personal data collected as you our Services, and acts as Data Processor with respect any respect any personal data on behalf of Business Customers when you interact with a Customer Webpage. Where we act as a processor the respective Business Customer that controls the Customer Webpage is the controller, and we enter into a Data Processing Agreement with the Business Customer as required under the GDPR;

b. Lawful Basis for Processing.
GDPR and data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include the following: (i) To fulfill obligation in the contract between you and VeChain. When you agree to the Terms, you and VeChain entered into an agreement and in order for VeChain to fulfill its obligations with respect to respect to providing the Service under such agreement, we have to collect your Digital Wallet Data, Log Data and other aggregated and encrypted data to provide the necessary functionality as further described in subparagraph above entitled “Information Collected Automatically”. (ii) To comply with law. In limited circumstances, we may process information in order to comply with legal obligations. To the extent we have received such information from third parties where we have agreed to contractual requirements such as standard contractual clauses, we will use our reasonable efforts to dispute making such disclosures unless legally required to do so;

c. Retention of Information.
Once the purpose of processing is fulfilled, we retain personal data for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or anonymize personal data once the applicable retention period has expired.
Note that blockchains (including our Blockchain) are designed by default to permanently record information across a wide network of computer systems; therefore, while we commit not to store immediately identifiable personal data, some pseudonymized information will be stored across the Blockchain and therefore it will not be possible to delete such information;

d. Data Transfer.
If GDPR applies and your data is transferred outside UK or the EEA to the United States or any other country, we will transfer your personal data subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of article 45 the GDPR, or “Standard Contractual Clauses” as provided from time to time by the European Commission. You can receive additional information on where your data is transferred, and which are the appropriate safeguards by contacting us;

e. Your Data Subject Rights.

  1. Your Rights to Your Information. If you are a data subject according to the GDPR, subject to certain conditions you have the right to: (A) access, rectify, or erase any personal data we process about you; (B) data portability, asking us to transfer to any third party at your choice (C) restrict or object to our processing of personal data we process about you and (D) where applicable, withdraw your consent at any time for any data;
  2. How to Exercise Your Rights. You may exercise your rights by submitting a written request to us at the email address set out in paragraph entitled “Contact Us”. We will respond to your request within thirty (30) days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions; and
  3. When Information May Be Retained. Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes including to perform under the contract, as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements; and

f. Complaints.
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the “Data Protection Supervisory Authority” in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.