PRIVACY POLICY

1. Introduction

Welcome to Ofero.me (hereinafter referred to as “Ofero,” “we,” “our,” or “us”). Your privacy is of utmost importance to us. This Privacy Policy describes how we collect, use, and share personal information from users (hereinafter referred to as “you” or “your”) of Ofero and its affiliated sites (the “Sites”).

By using any of our Sites, you consent to the collection and use of your personal information as described in this Privacy Policy.

2. Information We Collect and Legal Basis

We collect the following types of information under the specified legal bases:

• Personal Information (Legal basis: Contract performance, Consent): Your name, email address, postal address, phone number, and other personally identifiable information you provide us during registration and use of our services.
• Transaction Information (Legal basis: Contract performance, Legitimate interests): Details related to your financial transactions, such as purchases, wallet addresses, and blockchain transactions necessary for service provision.
• Payment Information (Legal basis: Contract performance): When using card payment services, we collect payment information necessary to process your transaction through our secure payment partners, including card details and billing information.
• Technical Information (Legal basis: Legitimate interests, Consent for cookies): IP addresses, device information, browser type, operating system, and other technical details about your use of the Sites for security and functionality purposes.
• Usage Information (Legal basis: Consent for analytics cookies): Information about your interactions with our Sites, including pages visited, links clicked, and time spent, collected only with your explicit consent through our cookie banner.
• Communication Data (Legal basis: Contract performance, Consent): Records of your communications with us, including support tickets and feedback.

Data Retention Periods

• Account Data: Retained for the duration of your account plus 2 years after deletion for legal compliance and fraud prevention
• Transaction Records: Retained for 7 years as required by financial regulations and tax compliance (cannot be deleted upon request during this period)
• Marketing Communications: Until you unsubscribe or withdraw consent
• Analytics Data: Anonymized after 26 months
• Technical Logs: Automatically deleted after 12 months
• Blockchain Data: Immutable and permanent on public blockchain networks (cannot be deleted)
• Backup Systems: Data may persist in encrypted backups for up to 90 days after deletion request

Important Retention Limitations

Please Note: Due to legal obligations and the nature of blockchain technology, not all data can be immediately or completely deleted upon request. See Section 8 (Right to Erasure) for detailed information about deletion limitations.

3. How We Use Your Information

We may use your information for the following purposes:

• To provide and improve our services.
• To process transactions and send related information.
• To respond to your comments, questions, and support requests.
• To send promotional communications, offers, and updates.
• To comply with legal obligations and protect our rights and interests.

4. Sharing Your Information

We do not sell or share your personal information with third parties without your consent, except:

To comply with legal obligations or respond to legal proceedings.

With service providers who perform services on our behalf.

Payment Processing: When you make card payments, we use Viva Wallet (Viva.com) as our secure payment processor. Your payment information is processed directly by Viva Wallet according to their privacy policy and security standards. We do not store your complete card details on our servers. Viva Wallet is PCI DSS compliant and employs industry-standard security measures to protect your financial information.

When you register on ofero.me, your information becomes publicly accessible through your online business card at ofero.me/u/<username>. This includes, but is not limited to, public pictures, wallet addresses, transactions, full names, and social media addresses. While we do not allow web crawling on our site, using a complex username can help maintain your privacy.

Additionally, we may share anonymized or aggregated data with partners for analytics, advertising, or blockchain interoperability purposes. This data does not personally identify you.

5. Security

We take appropriate measures to protect your personal information from unauthorized access, alteration, or destruction. However, no online service can guarantee complete security, and we encourage you to take precautions to protect your personal information.

6. Children’s Privacy

Users under the age of 18 must obtain parental or guardian consent before using our Sites. We encourage guardians to supervise children's internet usage and to instruct them in safe online practices.

If we learn that we have collected personal information from a child under the age of 18 without parental consent, we will take steps to remove that information from our systems. If you believe that we may have collected personal information from a child under the age of 18, please contact us immediately at contact[at]ofero.network.

7. Third-Party Links

Our Sites may contain links to third-party websites. We are not responsible for the content or privacy practices of third-party sites.

8. Data Deletion Requests

How to Request Data Deletion

You can request deletion of your data through any of the following methods:

• In-App Deletion Request: Visit /account/close to submit a deletion request directly from your account
• Email Request: Send an email to contact@ofero.network with the subject line "Data Deletion Request" and include your registered email address or username
• Contact Form: Use our contact form at /contact and select "Privacy/Data Deletion Request"
• Telegram Support: Contact us via Telegram at @oferonetwork with your deletion request

What Data Will Be Deleted

When you submit a deletion request, we will permanently remove the following information from our systems:

• Account Information: Username, email address, phone number, and authentication credentials
• Profile Data: Profile pictures, biography, display name, and personal preferences
• Social Data: Posts, comments, likes, follows, and community interactions
• Settings and Preferences: Theme choices, notification settings, and privacy preferences
• Public Business Card: Your public profile at ofero.me/u/<username> will be permanently removed
• Media Uploads: Photos, videos, and other media files you've uploaded
• Communication History: Support tickets, feedback, and direct messages (unless required for legal compliance)
• Marketing Data: Email subscription preferences and marketing communication history
• Analytics Data: Your usage patterns will be anonymized and no longer linked to your identity
• Session Data: Active login sessions, cookies, and cached information (deleted immediately)

Data Deletion Timeline

Your data deletion request will be processed according to the following timeline:

1. Request Receipt (Day 0): We acknowledge your deletion request via email
2. Identity Verification (Days 1-3): We verify your identity to prevent unauthorized deletion requests
3. Grace Period (Days 4-10): A 7-day grace period allows you to cancel the request if submitted accidentally
4. Active System Deletion (Day 11): Your account and personal data are permanently deleted from all active systems
5. Third-Party Notification (Days 11-25): We notify our data processors and partners of your deletion request
6. Backup Purge (Within 90 days): Data is automatically purged from encrypted backup systems
7. Deletion Confirmation (Day 30): You receive final confirmation that your data deletion is complete

Important Limitations on Data Deletion

Please Note: Due to legal obligations and technical limitations, some data cannot be immediately or completely deleted:

• Financial Records (Retained 7 Years): Transaction history, invoices, and payment records must be retained for tax compliance, anti-money laundering (AML) regulations, and financial auditing. These records will be anonymized where possible but cannot be completely deleted during the mandatory retention period.
• Blockchain Data (Permanent and Immutable): Any data recorded on public blockchains (wallet addresses, transactions, smart contract interactions, voting records) is permanently stored on decentralized networks. We have no technical ability to delete blockchain data. See Section 9 for detailed blockchain privacy information.
• Legal Hold Data: Information subject to legal proceedings, regulatory investigations, or fraud prevention cannot be deleted until resolved.
• Backup Systems (Up to 90 Days): Encrypted backups are maintained for disaster recovery and will automatically purge your data within 90 days.
• Third-Party Services: Data processed by our payment partners (Viva Wallet), affiliate networks, and social login providers (Facebook, Google) is subject to their retention policies. We will notify them of your request but cannot guarantee immediate deletion from their systems.

Facebook Data Deletion

If you registered or logged in using Facebook, your deletion request will also remove data we received from Facebook, including:

• Facebook user ID and authentication tokens
• Profile information obtained through Facebook Login (name, email, profile picture)
• Facebook friends list connections (if accessed with your permission)
• Any other data shared by Facebook through their API

Note: Deleting your Ofero account does not delete your Facebook account. To manage your Facebook data, please visit your Facebook account settings. We will sever the connection between your Facebook account and Ofero account, and will not retain any Facebook-provided data beyond the deletion timeline described above.

Before You Request Deletion

Please consider the following before submitting a deletion request:

• Account deletion is permanent and irreversible after the 7-day grace period
• You will lose access to all cashback rewards, referral bonuses, loyalty points, and community benefits
• Outstanding transactions, pending payments, or active disputes must be resolved before deletion
• Active memberships, subscriptions, or recurring payments should be cancelled separately
• Consider using our Data Export feature to download a copy of your information before deletion
• If you're concerned about privacy, you may want to update your profile privacy settings instead of full deletion

Alternative to Full Deletion: Account Deactivation

If you're not ready for permanent deletion, you can temporarily deactivate your account. Deactivation hides your profile and pauses your account while retaining your data for future reactivation. Visit /account to manage your account status.

9. Blockchain Data and Immutability

What is Blockchain and Why Can't Data Be Deleted?

Blockchain is a distributed ledger technology where transactions are recorded across thousands of computers worldwide. Once data is written to a blockchain, it becomes immutable (permanent and unchangeable) and publicly visible through blockchain explorers. This is a fundamental feature of blockchain technology, not a limitation of our service.

Blockchain Data That Cannot Be Deleted or Modified:

• Wallet Addresses: Any wallet address you connect to our platform or share publicly becomes permanently visible on the blockchain
• Transaction History: All cryptocurrency transactions, including amounts, timestamps, sender, and recipient addresses
• Smart Contract Interactions: Interactions with NFT contracts, DeFi protocols, membership contracts, or voting systems
• On-Chain Governance: Votes cast in community proposals, treasury decisions, or blockchain governance
• Token Holdings: Historical and current token balances associated with your wallet addresses
• Public Profile Data: Any information you choose to store on-chain (usernames, profile metadata, etc.)

What We Can and Cannot Control:

• We CAN delete: Your account information stored on our servers, the link between your email and wallet address in our database, your public business card at ofero.me/u/<username>, and your personal preferences.
• We CANNOT delete: Anything recorded on the MultiversX blockchain, Ethereum blockchain, or any other public blockchain network. This data exists independently of our platform and will remain visible forever through public block explorers.
• Third-Party Block Explorers: Services like explorer.multiversx.com, etherscan.io, and other blockchain explorers will continue to display your transaction history. We have no control over these independent services.

Privacy Best Practices for Blockchain Use:

• Use separate wallet addresses for different purposes to maintain privacy
• Never share wallet addresses you want to keep private
• Be aware that all blockchain transactions are permanently public
• Consider the long-term privacy implications before making on-chain transactions
• Use privacy-focused wallets and tools when anonymity is important
• Remember that blockchain data can be analyzed and linked to your identity

Our Responsibility: While we cannot delete blockchain data, we are committed to:

• Removing the association between your email/identity and wallet addresses in our systems
• Deleting your account information and personal data we control
• Not sharing or disclosing the connection between your identity and blockchain addresses
• Being transparent about blockchain limitations before you use these features

10. Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request information about the personal data we process about you and receive a copy of such data.
• Right to Rectification (Article 16): You can request correction of inaccurate personal data.
• Right to Erasure/Right to be Forgotten (Article 17): You can request deletion of your personal data. See detailed information below about what will be deleted, what cannot be deleted, and the deletion process timeline.
• Right to Restrict Processing (Article 18): You can request limitation of processing of your personal data.
• Right to Data Portability (Article 20): You can request to receive your personal data in a machine-readable format or have it transferred to another service provider.
• Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making (Article 22): You have rights regarding automated decision-making and profiling.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

Detailed Information: Right to Erasure (Right to be Forgotten)

What Will Be Deleted:

• Profile Information: Your name, email address, phone number, bio, and profile pictures
• Account Settings: Preferences, theme choices, notification settings, and privacy preferences
• Public Profile: Your public business card at ofero.me/u/<username> will be permanently removed
• Social Connections: Your community memberships, follows, and social interactions
• Marketing Data: Email subscription lists, marketing preferences, and communication history
• Session Data: Active login sessions, cookies, and cached information (immediate deletion)
• Analytics Data: Your personal analytics will be anonymized (no longer linked to you)
• Support Tickets: Communication history with support (unless required for ongoing legal matters)

What Cannot Be Deleted (Legal and Technical Limitations):

• Transaction Records (7 years): Financial transaction history, invoices, and payment records must be retained for tax compliance, anti-money laundering (AML) regulations, and financial auditing requirements. These records will be anonymized where possible but cannot be completely deleted during the retention period.
• Blockchain Transactions (Permanent): Any transactions recorded on the MultiversX blockchain or other public blockchains are immutable and permanently visible. This includes wallet addresses, transaction hashes, smart contract interactions, and on-chain voting records. We have no technical ability to remove blockchain data.
• Legal Hold Data: Information subject to legal proceedings, court orders, regulatory investigations, or fraud prevention measures cannot be deleted until the matter is resolved.
• Aggregated/Anonymous Data: Data that has been fully anonymized and aggregated for statistical purposes (e.g., "Number of users who visited page X") is no longer considered personal data under GDPR and may be retained.
• Backup Systems (Up to 90 days): Encrypted backups are retained for disaster recovery. Your data will be automatically purged from backups within 90 days of your deletion request.
• Third-Party Processors: Data processed by our partners (Viva Wallet for payments, affiliate networks for cashback tracking) is subject to their own retention policies. We will notify them of your deletion request, but cannot guarantee immediate deletion from their systems.

Deletion Process Timeline:

1. Request Submission: Submit your deletion request via /account/close or email contact[at]ofero.network
2. Identity Verification: We will verify your identity within 2-3 business days to prevent unauthorized deletions
3. Grace Period (7 days): A 7-day grace period allows you to cancel the deletion if submitted accidentally
4. Primary Deletion (Immediate after grace period): Your account, profile, and personal data are deleted from active systems
5. Third-Party Notification (7-14 days): We notify payment processors and partners of your deletion request
6. Backup Purge (Within 90 days): Data is automatically removed from encrypted backup systems
7. Confirmation Email: You will receive confirmation once the deletion process is complete

Important Considerations Before Deleting:

• Account deletion is permanent and irreversible after the 7-day grace period
• You will lose access to any cashback rewards, referral bonuses, or community benefits
• Outstanding transactions or pending payments must be resolved before deletion
• If you have active memberships or subscriptions, these should be cancelled first
• Consider using "Data Export" to download your information before deleting your account

How to Exercise Your Rights

To exercise any of these rights:

• Account Deletion: Visit /account/close to request permanent deletion
• Data Export: Visit /account/privacy-data to download your data
• Profile Corrections: Visit /account/edit-profile to update personal information
• Cookie Preferences: Manage your cookie preferences using our cookie banner or in account settings
• Email Requests: Contact us directly at contact[at]ofero.network with any rights request
• Data Protection Officer: For complex privacy matters, contact our DPO via /contact

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months and will inform you of the reason for the delay.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page, and your continued use of our Sites after the changes will constitute acceptance of the updated terms. Material changes affecting your rights will be communicated via email at least 30 days before taking effect.

12. Contact Us

For questions about this Privacy Policy or our privacy practices, please contact us on:

• Telegram: @oferonetwork
• E-mail: contact us