Privacy Policy

Last updated: 11/10/2024

1. Introduction

We at Highroad Media Limited (trading as Cool Rivers), a UK based Limited company ("we," "us," "our") are dedicated to protecting your privacy rights and handling your personal data responsibly. This Privacy Policy explains how we collect, store, process and use your personal information when you use our platform.

2. Information We Collect

When you use our services, we may collect information such as your name, email, country of origin, username (for your Drift URL) and display name, contact details (such as address and phone number), profile information (including biographical information), profile image, banner image, social networking accounts, and transaction details (such as your transaction history (including purchased NFTs) and payment information). In some circumstances, we may require additional information such as a video selfie, and a government-issued ID. We may also collect and process personal data relating to your comments on posts, likes on posts and votes on polls.

We will also collect information via third party providers that we use on the site to process your transactions and account. These include payment providers (Stripe), Crypto wallet provider (MetaMask) and crypto currency exchange (Coin Base).

3. How your personal information is collected and where it is held

We collect most of this personal information directly from you, via our platform. However, we may also collect information:

  • directly from a third party, eg:

    • Our payment provider (Stripe);

    • Crypto wallet provider (MetaMask);

    • Crypto currency exchange (Coin Base);

  • from cookies on our website---for more information on our use of cookies, please see our cookies policy

Information may be held at our offices, third party agencies, service providers, representatives and agents used to provide you services. Information will also be held in the cloud.

4. How and why we use your Personal Information

Under data protection law, we can only use your personal information if we have a proper reason for doing so. We rely on the following legal bases for processing your information eg:

  • to comply with our legal and regulatory obligations;

  • for the performance of our contract with you or to take steps at your request before entering into a contract;

  • for our legitimate interests or those of a third party; or

  • where you have given consent (which you are able to remove at any time).

  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The bullet points below explain what we use (process) your personal information for and our reasons for doing so:

  • Process your transactions

  • Verify your identity as part of our security measures

  • Detect and prevent fraud

  • Provide user support

  • Improve our services

  • Comply with legal requirements

  • Other business purposes that we will disclose to you

5. Data Storage and Security

We employ appropriate technical and organisational measures to ensure data security including but not limited to:

  • Backing up data at least once a week and storing data in an offsite location

  • Having antivirus and firewalls in place which are regularly updated

  • Securing critical data through the encryption of mobile devices

  • Using multi-factor authentication

6. Disclosure to Third Parties

We do not sell or share your personal information with third parties for their marketing purposes except with your explicit consent. However, we may disclose information to third-party service providers required to effectively provide our services, including Stripe, MetaMask and Coin Base.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

7.How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;

  • to show that we treated you fairly;

  • to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy.

When it is no longer necessary to retain your personal information, we will delete or anonymise it.

8. Transferring your personal information out of the EEA

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), eg:

  • with your and our service providers located outside the EEA;

  • if you are based outside the EEA;

These transfers are subject to special rules under European and UK data protection law.

We will, however, ensure the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use an International Data Transfer Agreement.

If you would like further information please contact us or our Data Protection Officer (see 'How to contact us' below).

9. Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 certified, which means we follow top industry standards for information security.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

10. Cookies and Other Tracking Technologies

We use cookies and similar technologies to help personalise your online experience. You have the option to accept or decline cookies as per your preference. Please see our Cookies Policy for further information.

11. User Rights

You have the right to access, correct or delete your personal information, object to our processing of your personal data and in certain circumstances the right to require us to restrict processing of your personal information. You also have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You have the right to lodge a complaint with your local data protection authority and in certain circumstances have the right to request that we delete your personal information.

You also have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • see below: 'How to contact us'; and

  • let us have enough information to identify you (eg your full name, address and customer or matter reference number);

  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

  • let us know what right you want to exercise and the information to which your request relates. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please use our contact details below to get in contact with us.

12. Changes to Privacy Policy

This privacy notice was published and last updated on [11/10/2024]

We reserve the right to alter this Privacy Policy at any time. The updated policy will have an updated "Last Updated" date and will take effect immediately after it is published on the platform.

13. How to complain

We hope that we or our Data Protection Officer can resolve any query or concern you may raise about our use of your information.

The data protection legislation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113. You may also write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

14. Contact Us

If you have any queries or concerns about this Privacy Policy, please contact us at info@coolrivers.co

If you would like this information in another format, please let us know at info@coolrivers.co You can also write to us at Wellesley House, 204 London Road, Waterlooville, Hampshire, England, PO7 7AN. Our Data Protection Officer is Jude Vidal.