Listen to the SSI Orbit Podcast

Data Protection Information of Northern Block Inc.

for the

“Orbit Edge Wallet” Mobile Application

(As of January 10, 2022)


1.
Entity responsible for data processing

Responsible Entity’s name and contact information

Northern Block Inc.

333 Bay Street, #2400

Toronto, Ontario M5H 2R2

Canada

E-Mail: [email protected]

Note: A data control officer has not been ordered by the Responsible Entity. Please contact the Responsible Entity directly with any questions and to assert data protection rights to which you are entitled.


2.
Information regarding the processing of personal data

As a basic principle, no data is processed by the Responsible Entity when the app is used. All data is stored only on your end device and the Responsible Entity has no access to this data.

However, the app is associated with a digital mailbox service (“Mediator Agent”), which is operated by the Responsible Entity. The installation ID of the User is saved and processed for the User of this mailbox. This is the only way that incoming messages can be assigned to the appropriate User.

Incoming messages of participants to the User are then encrypted and sent to the mailbox service and forwarded by the mailbox service to the User’s app. The Recipient of the message transmits a dedicated code to the Sender which they had previously received from the mailbox service. The code is linked to the installation ID with the mailbox service. Assignment to an individual person by Northern Block Inc. is not possible. Once the messages are successfully delivered to the app, the messages are deleted from the mailbox service. If the app of the user cannot be reached, the messages are stored on the mailbox service until they can be delivered to the app. Because the messages are encrypted and are decrypted only on the User’s end device, the Responsible Entity has no access to the content of the messages.

To enhance the user experience, in the event of errors or application crashes, the app generates automated crash reports which contain the cause of the crash in addition to an error report and additional data such as the date and time of the crash, the model number of the used device, the installed operating system version, the set language and User’s country. The app uses Microsoft’s App Center services to process this data. The Responsible Entity and the Microsoft App Center are not able to identify the User from this data.

The app uses Microsoft App Center Analytics, which collects anonymized data that is based on the app usage, which make possible a statistical analysis of the following features: The number of users in certain periods of time, distribution of the models on which the app was installed, daily use of the application per user, country of installation, the User’s preselected language and the version of the app that was used. This data is also not associated with the individual users.


3.
Legal basis of the processing

The installation ID is processed for contractual purposes. This is automatically made available by the Responsible Entity through the end device. The Responsible Entity cannot assign or deliver incoming messages to the individual users without processing the installation ID. The purpose of the contract (exchange of identity information) could not be achieved.

Error analysis and other analyses are carried out in the legitimate interests of the Responsible Entity. These analyses serve to ensure the functionality and/or improvement of the app.

There is no automated decision making.


4.
Recipients and recipient categories

With regard to the transfer of data to third parties (recipients apart from the Responsible Entity), it should be stated at the outset that fundamentally the transfer of data does not take place and is not planned. However, transfer of data may take place in individual cases where we are legally obligated to do so or the User has provided consent. This may be the case in the following cases:

  • Public entities and institutions (e.g. financial authorities, law enforcement agencies, family courts, land registry offices) when legally or officially obligated,
  • auditors,
  • service providers who we engage within the scope of order processing relationships.


5.
Transfer to third countries

Transfers are not made to third countries.


6.
Storage duration

We process and store your personal data as long as it is required for the fulfilment of our contractual obligations and protection of our rights.

The Installation ID is deleted when the app is uninstalled from the User’s device.


7.
Information regarding the rights of the affected persons

As an affected person, the User retains the following rights related to the processing of their personal data:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, the User may contact us via the contact information provided under No. 1.

7.1. Right to information

The Right to Information means, in particular, that the User retains the right to request confirmation from the Responsible Entity as to whether the User’s personal data is being processed. If this is the case, the User also retains the Right to Information about such personal data.

7.2. Right to rectification

The Right to Rectification means, in particular, that the User retains the right to request from the Responsible Entity without undue delay the rectification of inaccurate personal data related to the User and the right to have incomplete data completed.

7.3. Right to erasure (“right to be forgotten”)

The Right to Erasure means, in particular, that the User fundamentally retains the right to request from the Responsible Entity that personal data related to the User be deleted without undue delay, and we are obligated to delete personal data without undue delay. This can be the case if, for example, the personal data is no longer needed for the purposes for which it was collected or for which it was processed.

In the event that we have made personal data public and we are obligated to delete it, we are additionally obligated to take appropriate measures, taking into account available technology and the cost of implementation, including the technical nature, to inform other data processing responsible entities which process the personal data that an affected party has requested that they delete all links to this personal data or copies or replications of said personal data.

As an exception, the Right to Erasure (“right to be forgotten”) shall not apply provided that said processing is necessary. This may be the case, for example, when the data processing is required to satisfy a legal obligation or to assert, exercise or defend legal claims.

7.4. Right to restriction of processing

The Right to Restriction of Processing means that the User retains the right to request from the Responsible Entity that processing of data be restricted. This can be the case if, for example, the User has disputed the accuracy of the personal data. In this case, processing is restricted for the amount of the time that the Responsible Entity requires in order to check the accuracy of the personal data.

7.5. Right to data portability

Right to Data Portability means that the User retains the fundamental right to obtain their personal data, which he has provided the Responsible Entity, in a structured, commonly used and machine-readable format, and the User retains the right to transmit this data to a different responsible entity without restriction, provided that processing is based on consent or a contract, and that the processing is carried out in an automated manner.

In addition, when exercising the right to data portability, the User retains the fundamental right to obtain personal data so that it is transferred directly from us to a different responsible entity, provided that this is technically feasible.

7.6. Right to object

We expressly advise the User of their Right to Object no later than at the time of the first communication. The Right to Object applies in the following cases:

7.6.1. Right to object on grounds relating to their particular situation

The User retains the right to object at any time to the processing of their data that is carried out in their public interest on grounds relating to their particular situation; this also applies to profiling that is based on these provisions.

In the event of an objection on grounds relating to an exceptional situation, we will no longer process the affected personal data unless we are able to demonstrate compelling legitimate grounds for said processing that override the interests, rights and freedoms of the User, or the processing serves to assert, exercise or defend legal claims.

7.6.2. Right to object to direct marketing

If the personal data is processed for direct marketing purposes, you retain the right to file an objection to the processing of your personal data for the purposes of such marketing; this applies as well to profiling, to the extent that it is connected to such direct marketing.

In the event of an objection to processing for direct marketing purposes, we will no longer process the affected personal data for these purposes.

7.7. Right to withdraw consent

Where processing is based on consent, the User retains the right to withdraw such consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on the consent that was provided prior to the withdrawal. The User shall be informed of the right to withdraw consent prior to giving consent.


8.
Version and changes to this data protection information

This data protection information was updated in January 2022.

Due to technical advancements, changes to the app functionality and/or due to changing legal and/or official requirements, it may become necessary to update this data protection information. The current data protection information is available at any time in the app.