Your cart is currently empty!
Data Protection and Privacy Policy
Effective Date: May 24, 2025
Flame OF Floki (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and relevant US laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
1. Scope of This Policy
This policy applies to all personal data we process about individuals, including customers, website visitors, and other users of our services, regardless of where they are located, in accordance with the UK GDPR, EU GDPR, and US state privacy laws.
2. Data Controller
Flame OF Floki, located within the United Kingdom, is the data controller responsible for your personal data. For inquiries, contact our Data Protection Officer at dpo@fof.money.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
- We may collect and process the following categories of personal data:
- Identity Data: Name, username, or similar identifiers.
- Contact Data: Email address, phone number, billing/shipping address.
- Technical Data: IP address, browser type, device information, and usage data (e.g., pages visited, time spent).
- Transaction Data: Details about payments, purchases, or services you have engaged with. But we do not store full credit and debt card details, this is stored by our payment providers. We also collect and store ourselves blockchain payment data, wallet addresses and transaction hashes.
- Profile Data: Preferences, feedback, and survey responses.
- Sensitive Data: Where applicable and with your explicit consent Sensitive private information also includes driver’s license numbers, and dates of birth. Other information, such as race, ethnic origin and sexual orientation, is considered sensitive personal information.
We collect this data through:
- Direct interactions (e.g., forms you fill out, accounts you create).
- Automated technologies (e.g., cookies, analytics tools).
- Third parties (e.g., payment processors, analytics providers), where permitted.
4. Legal Basis for Processing
We process personal data under the following legal bases, as required by UK GDPR and EU GDPR:
- Consent: Where you have given explicit consent (e.g., for marketing emails).
- Contract: To fulfill a contract with you (e.g., delivering purchased services).
- Legal Obligation: To comply with legal requirements (e.g., tax reporting).
- Legitimate Interests: For our legitimate business interests (e.g., improving services, fraud prevention), provided your rights are not overridden.
- Vital Interests: To protect someone’s life (e.g., emergency situations).
For US residents, we process data in accordance with applicable state laws, such as the CCPA/CPRA, ensuring transparency and your rights to opt-out of certain uses.
5. How We Use Your Personal Data
We use your personal data to:
- Provide and improve our services or products.
- Process transactions and fulfill orders.
- Communicate with you (e.g., customer support, updates).
- Personalize your experience (e.g., tailored recommendations).
- Conduct analytics to improve our website and services.
- Comply with legal obligations.
- Send marketing communications (with your consent, where required).
6. Sharing Your Personal Data
We may share your personal data with:
- Service Providers: Third parties who assist us (e.g., payment processors, hosting providers, product suppliers), bound by data protection agreements.
- Legal Authorities: When required by law or to protect our rights.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
We do not sell your personal data (as defined under CCPA/CPRA) unless explicitly disclosed and with your consent or opt-out rights, as applicable.
7. International Data Transfers
If you are in the UK or EU, your data may be transferred to countries outside the UK/EEA (e.g., the US) for processing. We ensure appropriate safeguards, such as:
- Adequacy Decisions: Transfers to countries deemed to have adequate data protection by the UK or EU.
- Standard Contractual Clauses: Agreements ensuring equivalent data protection.
- Binding Corporate Rules: For intra-group transfers, where applicable.
For US residents, we comply with applicable state laws regarding cross-border data transfers.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, or resolve disputes. For example:
- Transaction data may be retained for 6 years to comply with tax laws.
- Marketing data is retained until you withdraw consent.
- Technical data may be anonymized for analytics purposes.
10. Your Rights
Depending on your location, you may have the following rights under UK GDPR, EU GDPR, or US laws (e.g., CCPA/CPRA):
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data (subject to legal exceptions).
- Restriction: Limit how we process your data.
- Portability: Receive your data in a structured, portable format.
- Objection: Object to processing based on legitimate interests (e.g., marketing).
- Opt-Out of Sale/Sharing: For US residents, opt-out of the sale or sharing of personal data (as defined by CCPA/CPRA).
- Non-Discrimination: We will not discriminate against you for exercising your rights.
To exercise your rights, contact us at dpo@fof.money. We will respond within one month (UK/EU) or 45 days (US, extendable under CCPA), as required by law.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. You can manage your cookie preferences through our website’s cookie settings or your browser. For details, see our [Cookie Policy link, if applicable].
12. Third-Party Links
Our website or services may include links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal data.
13. Children’s Privacy
Our services are not directed to individuals under 16 (or 13 in the US, per COPPA). We do not knowingly collect personal data from children. If we become aware of such data, we will delete it.
14. Complaints
If you have concerns about our data practices, please contact us at dpo@fof.money. You may also lodge a complaint with a supervisory authority:
- UK: Information Commissioner’s Office (ICO) at www.ico.org.uk.
- EU: Your local data protection authority (list available at https://edpb.europa.eu/about-edpb/board/members_en).
- US: Contact your state’s attorney general or relevant authority (e.g., California Attorney General for CCPA issues).
15. Changes to This Policy
We may update this policy to reflect changes in law or our practices. We will notify you of significant changes via email or a prominent notice on our website.
16. Contact Us
For questions or to exercise your rights, contact our Data Protection Officer at:
dpo@fof.money
DPO, Flame OF Floki
United Kingdom