Skip to main content
Privacy Policy

KnownOrigin's Privacy Policy

Updated over a week ago

In our Privacy Policy we have compiled all essential information about our handling of your personal data and your corresponding rights.

This Privacy Policy is effective from 3 January, 2024

1. Scope and updates of this Privacy Policy

This Privacy Policy applies to your use of this website and all services, products, and tools (collectively the "Services") provided by KnownOrigin Labs Limited (“KnownOrigin”). This Privacy Policy applies regardless of how you access or use these Services, including access via mobile devices.

Learn more about section 1

This Privacy Policy also applies if reference is made to it via a link or in a similar manner, for example on websites of partners on which Services from KnownOrigin are offered.

We may change this Privacy Policy at any time by posting the revised Privacy Policy on this website and indicating the effective date of the revised Privacy Policy. You will be notified of any material changes to this Privacy Policy via email.

2. Controllership and blockchain

KnownOrigin is the controller and responsible for its collection and processing of your personal data in connection with the provision of the Services. Our registered address is KnownOrigin Labs Limited, 1 More London Place, London, SE1 2AF, United Kingdom.

KnownOrigin has appointed Data Protection Representative Limited (trading as “DataRep”) as its Data Protection Representative for the purposes of The General Data Protection Regulation (“GDPR”) in the European Union (“EU”) / European Economic Area (“EEA”) and Federal Act on Data Protection (“FADP”) in Switzerland.

The KnownOrigin platform, including smart contracts deployed to the public blockchain Ethereum, enables artists and collectors to create, buy, transfer, and trade unique digital art, which can also be visualised on our website (https://knownorigin.io/). Please note that notwithstanding other provisions in this Privacy Policy addressing KnownOrigin and data controllership, the blockchain is an inherently public and decentralised infrastructure that cannot be controlled by any one person or group and is therefore outside of KnownOrigin’s ability to control. For example, details of blockchain-based transactions are immutable and cannot be deleted by any one person or group.

To the extent that the Services involve personal data processed on the KnownOrigin website, such as through KnownOrigin account registration, customer services interactions, or KnownOrigin marketing activities, KnownOrigin is the controller of your personal data. KnownOrigin is also the controller for KnownOrigin’s independent activities involving your personal data on the blockchain to verify and manage risk involving digital wallets or to enable features for artists or KnownOrigin for buyer/audience engagement or marketing purposes. By contract, KnownOrigin is not the controller for activities you choose to conduct via the blockchain, the InterPlanetary File System (IPFS), publicly visible digital wallets, or other decentralised networks (e.g., NFT minting, transactions between third-party wallets which allow you to engage in transactions on public blockchains, and personal data placed on the public blockchain ledger). In addition, KnownOrigin may engage third-party partners who may act as independent data controllers to assist to facilitate transactions you request, and your interactions with that third party partner as an independent data controller are governed by the applicable terms of service and privacy policy of that third party.

3.  Data protection officer and contact

We have appointed a data protection officer. If you have any questions or complaints regarding this Privacy Policy or our handling of personal data, you can contact KnownOrigin’s data protection officer and privacy team at [email protected] at any time.

EU/EEA and Swiss citizens/residents should contact DataRep by either of the following methods if you wish to exercise your rights, or have any queries:

4.  What personal data we collect and process

We collect your personal data when you use our Services, create a new KnownOrigin account, provide us with information via our website, email, webchat, or social media direct messages, add or update information in your KnownOrigin account, participate in online community discussions, or otherwise interact with us. We also collect personal data from other sources such as from publicly available information on the blockchain or IPFS, trade restriction and other risk or compliance screening providers, and third-party partners with whom you may engage through our Services.

Learn more about section 4

In total, we collect the following personal data:

4.1 Personal data you provide when using our Services, creating a KnownOrigin account, or otherwise via our website or other channels

  • Data that identifies you, such as your name, email addresses, wallet address, and username that you provide when setting up your KnownOrigin account or at a later date (e.g., when submitting a query or report)

  • If you use our Services as an artist, additional identification data, such as your social media identifiers, country of residence and address, government-issued ID (e.g., passport) and other information contained on IDs, date of birth, profile image, additional website addresses, and any other information.

  • Data regarding bids, purchases, or sales that you provide in a transaction

  • Financial information (e.g., wallet address/ID, credit card transaction or bank details)

  • In some cases: age, gender, country of birth, nationality, country of residence, address, interests, and preferences

  • You may provide us with additional information through a web form or by updating or adding information to your KnownOrigin account, by participating in community discussions (e.g. 'X' (formerly Twitter), chats, surveys, inquiries, dispute resolution, customer service interactions, or if you contact us for any other reason regarding our Services.

  • Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect

4.2 Personal data we collect automatically when you use our Services or create a KnownOrigin Account

  • Data that is generated as part of one of your transactions (e.g., as relating to bids, purchases, sales, fees) or that is linked to your KnownOrigin account as a result of a transaction in which you are involved, such as transaction history, amounts, date and time, location of transactions through IP address, and smart contract details if any of these are capable of identifying you (e.g., NFT ID, public key of wallet, price of NFT)

  • Data that is generated through your other actions when you use our Services and which is linked to your KnownOrigin account (e.g., when you connect your wallet, save artists, searches or interests, or seek to use the services of third-party partners for payments or otherwise)

  • Your advertising and marketing preferences, and your communications with us

  • Location data, including your general location data (e.g., IP address)

  • Certain metadata (e.g., NFT image metadata)

  • Computer and connection information, such as statistics regarding your use of our Services, information on data traffic to and from websites, referral URL, information on advertisements, your IP address, your access times including accessed pages within our Services, your language settings, and your web log information

4.3 Personal data we collect in connection with the use of cookies and similar technologies

We use cookies and similar technologies to collect data in connection with our Services. We collect this data from the devices (including mobile devices) that you use our Services with. The data collected includes the following usage- and device-related information:

  • Data about the pages you visit, the access time, frequency and duration of visits, the links on which you click and other actions you take as part of your use of our Services and in advertising and email content

  • Data about your activities and interactions with our advertising partners including data about the advertisements you were shown, how often they were shown, when and where they were shown, and whether you took any action, such as clicking on an advertisement or making a purchase

  • The user segment or category into which you as a user fall, for example: an artist that has not yet minted an NFT

  • Model or device type, operating system and version, browser type and settings, device ID or individual device identifier, advertisement ID, individual device token, and cookie-related data (e.g., cookie ID)

For more information about our use of these technologies and your choices, see section 9 below, Cookies & Similar technologies.

4.4 Personal data from other sources

We also collect personal data about you from other sources and from third parties to the extent permitted by applicable law. In particular, this includes the following data:

  • Data from public sources (e.g., public sanctions lists and data publicly available on blockchain, for example, blockchain wallet addresses and information regarding your blockchain activity such as purchases, sales, or transfers of NFTs on the blockchain, which may then be associated with other data you have provided to us)

  • Data from third parties for trade restriction screening, risk checks, modeling, and identity confirmation

  • Data from social media companies when you add those to your KnownOrigin account

  • Data from eBay Affiliates if you are also an eBay user (eBay Inc. and the companies it directly or indirectly controls are referred to as "eBay Affiliates”. KnownOrigin is an eBay Affiliate).

We combine or connect the personal data we collect from you with data from these other sources.

4.5 Social network data you share with us

  • We allow you to use single sign-on services via 'X' (formerly Twitter) to link your KnownOrigin account to such single sign-on services. You can determine the personal data that we can access when authorizing the connection with the single sign-on service.

  • We allow you to share personal data with social networks (such as Meta Instagram, and 'X' (formerly Twitter) or to link your KnownOrigin account to a social network. When you apply to be an artist on KnownOrigin through the artist application process (detailed on the KnownOrigin site, stored here; https://knownorigin.io/apply), we also require artists to link to certain social networks (e.g 'X', formerly Twitter) in order to register and obtain an artist account. These social networks may automatically provide us with access to certain personal data they have stored about you (e.g., content you have viewed or enjoyed, information about the advertisements you have been shown or clicked on, etc.). You can determine the personal data that we can access through the privacy settings of each social network.

  • We may also use plug-ins or other technologies from various social networks. 

5.  Purposes and legal basis for data processing and categories of recipients

We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide you with a personalized user experience on this website, contact you about your KnownOrigin account and our Services, provide customer service, provide and improve our Services, provide you with personalized advertising and marketing communications, and detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties, including service providers acting on our behalf, for these purposes.

Learn more about section 5

Below you will find a summary of the purposes for which we process your personal data, including the categories of recipients to whom we transmit personal data for the purposes stated, sorted by our legal basis for this processing or sharing:

5.1 We process your personal data in order to fulfil our contract with you and to provide you with our Services. This includes the following purposes:

  • Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it

  • Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction and enabling KnownOrigin collaborations), displaying your transaction history to you and facilitating our Dashboard features, providing and enhancing features such as payment processing (including relating to digital wallet providers you select and/or connect to your KnownOrigin account), ratings, authentication services and KnownOrigin account management, providing other services you may use (as described in connection with such services), and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services.

  • For artists, using links to social network profiles e.g. 'X', formerly Twitter, that you share with us to verify the authenticity of your account, identity, and artwork, as well as to display the social media links you provide to potential purchasers of your art or otherwise as associated with your KnownOrigin account

  • Providing general customer support including the solution of problems with your KnownOrigin account, resolution of disputes, and providing other services within the scope of customer service. For these purposes, we may contact you via email.

  • Enforcement of our User Agreement, this Privacy Policy and other rules and policies

  • Publication and promotion of your NFT listings and related content on the website or in the applications, services, and tools of KnownOrigin or KnownOrigin aeBay Affiliate companies, or cooperating with third party operators of websites, applications, services and tools. When we share the content of your NFT listings and any related personal data with third parties, we do so only on the basis of an agreement that limits the use of such personal data by the third party to the purposes necessary to fulfil its contractual obligations to us. Third party providers are contractually obliged to take appropriate security measures with regard to this data.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Other KnownOrigin users

  • eBay Affiliate companies

  • External service providers

  • Government agencies or public authorities

  • Payment service providers and third-party payments partners

  • External operators of websites, applications, services and tools

5.2 We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes:

  • Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts

  • Prevention, detection and mitigation (including compliance with reporting requirements) of illegal activities (e.g., fraud, money laundering, terrorist financing, child abuse, intellectual property infringement, and violations of sanctions legislation)

  • Complying with information requests from third parties based on any statutory information rights they have against us (e.g., in the event of an intellectual property infringement, piracy, or other unlawful activity)

  • Complying with information collection, verification, disclosure and reporting requirements under consumer protection, anti-fraud, online platform and tax legislation

  • Ensuring the security of our Services

  • Retention and storage of your personal data to comply with specific legal retention requirements.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Law enforcement agencies, courts, government agencies or public authorities (including tax and financial authorities), intergovernmental or supranational bodies

  • Third parties based on statutory information claims against us

  • Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us

  • Trade restrictions/sanctions screening services providers or partners, if required by applicable law

  • eBay Affiliates

  • Other third-party service providers as necessary to comply with legal requirements to which we are subject

5.3 We process your personal data in order to protect your vital interests or the vital interests of another natural person. This includes the following purposes:

  • Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies

  • Third parties who are involved in judicial proceedings

  • eBay Affiliates

  • External service providers

5.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms. On this basis, we process your data for the following purposes:

  • Participation in investigations and proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation to this effect, and we may legitimately assume that the disclosure of the data is necessary to avert imminent disadvantages or to report a suspicion of an illegal act. In such cases, we will only disclose what we believe is necessary, and to the extent permitted by applicable laws, such as your name, address, city, post code, email address, (previous) usernames, IP address, fraud complaints, listing, sale and purchase history.

  • Protection of the legitimate interests of third parties (including intellectual property rights) in connection with civil law disputes, including the investigation of such disputes, unless there is a statutory obligation to this effect, if we may legitimately assume that it is necessary to disclose the data to such third parties in order to avert imminent disadvantages. In such cases, we will only disclose what we believe is necessary, and to the extent permitted by applicable laws, such as the your name, address, city, post code, country, email address and company name to the third party and bind the third party by a worldwide non-disclosure agreement to treat the data as confidential.

  • Prevention, detection, mitigation and investigation of fraud, financial crimes and harms, violation of international sanctions legislation, security incidents and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of third-party service providers, captchas (a port enumeration technology to identify user sessions using remote desktop tools), metadata or other information stored in your KnownOrigin account for risk assessments) and the implementation of corresponding measures (e.g. disabling certain forms of payment based upon the risk associated with the underlying transaction), unless there is a statutory obligation to this effect

  • Verifying that reports submitted to KnownOrigin (including unnamed reports) are not fraudulent or malicious

  • Monitoring and improvement of the security of our Services, unless there is a statutory obligation to this effect

  • Performance of identity checks, evaluation of applications, and comparison of information for accuracy and verification purposes

  • Automatic filtering and, where necessary, manual review of messages sent through our messaging tools to prevent fraudulent or suspicious activity or violations of our User Agreement or other rules and policies

  • Provision of functions for users that make the processing of transactions easier or more convenient

  • Analysis and improvement of the Services, e.g., by reviewing site usage data or information from users about blocked or crashed pages in order to identify and solve problems and to provide you with an improved user experience, including as part of product development

  • To the extent permitted by applicable law without your consent, communications with you via email or other digital communications to offer send you special offers, to conduct opinion polls and surveys, and to inform you about our Services (according to your communication preferences in your KnownOrigin account). If you no longer wish to receive marketing emails from us, you can also unsubscribe by clicking on the link in the footer of the email you received. For technical reasons, the implementation may take a few days.

  • Evaluation of the quality and success of our email marketing campaigns (e.g., through analysis of opening and click rates)

  • Offering or facilitating the offering of partner and bonus, token, or other rewards programs and other co-branded marketing efforts to the extent permitted by applicable law

  • Provision of shared content and services (such as registration for services, transaction processing, and customer service) with eBay Affiliates or KnownOrigin third-party partners or service providers

  • Initiation, preparation and execution of a company acquisition, e.g., in the event of a merger with another company or takeover by another company. If such an event occurs, we will require the merged entity to comply with this Privacy Policy with respect to your personal data. Should your personal data be processed for any purpose not specified in this Privacy Policy, you will be informed in advance of the processing of your data for this new purpose.

  • Assertion of or defence against legal claims, including those asserted by one KnownOrigin user against another KnownOrigin user

  • Enabling eBay Affiliates to comply with legal obligations they are subject to, including information collection, verification, disclosure and reporting requirements under consumer protection, anti-fraud, online platform and tax legislation

  • To comply with an impending legal obligation

  • For users in the United States: investigating and communicating the outcome of disputes with the affected users (e.g., sharing information about KnownOrigin’s investigation of a complaint of a user’s violation of a policy with the reporting user)

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • eBay Affiliates

  • External service providers

  • Other KnownOrigin users

  • Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies

  • Third parties who are involved in judicial proceedings

  • Third parties in the event of an investigation for fraud, intellectual property infringement, piracy or other unlawful activity

  • Payment service providers.

  • Blockchain analytics service providers or partners who assist us to comply with our legal requirements or otherwise to prevent illicit activities (e.g., prevention of money laundering, fraud, or terrorist financing)

  • Other companies in the context of a company acquisition

Information about your right to object to processing based on our legitimate interests can be found below under  Section 8 Rights as a data subject and, with regard to the use of cookies and similar technologies, below under Section 9 Cookies & similar technologies.

5.5 With your consent, we process your personal data for the following purposes:

  • For users within the UK, EEA and Switzerland: Advertising and content personalization, measurement and analytics, on and off our sites, as explained below in Section 9 Cookies & Similar Technologies, or accessible in the cookie management tool here.

  • Communications with you via email or other digital communications including communications by eBay Affiliates or by third parties, to offer you special offers, unless these communications are permitted without your consent under applicable law. We may engage third parties to send marketing communications on our behalf.

  • Processing of your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you

You can find information about your right to withdraw your consent below under section 8 Rights as a data subject and information with regard to the use of cookies and similar technologies below under section 9 Cookies & similar technologies.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • eBay Affiliates

  • External service providers

  • Third parties using our single sign-on service (as authorized by you in each single case)

  • Other third parties with whom we partner to offer you specific services (as described at the collection of the respective user consent)

  • Third party advertising partners such as Google, Meta, Microsoft, and TikTok

5.6 Data Sharing between KnownOrigin and Other eBay Affiliates

KnownOrigin is an affiliate company of eBay Inc. As set out above under "Personal data from other sources", we may also receive access to personal data about you from eBay Affiliates. Likewise, we may share personal data about you with other eBay Affiliates. This enables us, in particular, to provide you, with your consent as legally required, with information about products and services, which we believe might interest you, and improve our products, services, content, and advertising by analyzing your use of the services of eBay Affiliates, in particular through the matching of certain data (e.g. cookie IDs). Furthermore, this allows us to better prevent, detect, mitigate and investigate fraud, security incidents and other prohibited or unlawful activities, including the assessment of corresponding risks. We will also grant access to personal data about you to eBay Affiliates for the aforementioned purposes. To the extent that eBay Affiliates have access to your personal data, they will follow practices that are at least as restrictive as the practices described in this Privacy Policy.

5.7 Automated decision-making

We use technologies that are considered automated decision making or profiling. We will not make any automated decisions about you that would significantly affect you unless such a decision is necessary for entering into, or the performance of, a contract with you, we have obtained your consent, or we are required by applicable law to use such technology. You will find information on your right to object to this processing of your data below under section 8 Rights as a data subject.

6.  International data transfers

Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards.

Learn more about section 6

6.1 Data transfers to Affiliates

The transmission of personal data between eBay Affiliates (e.g. to enable cross border transactions and for other legally permitted purposes) is based on our worldwide data protection principles, which are binding internal data protection regulations (Binding Corporate Rules, BCRs), or on the basis of other appropriate safeguards (e.g. standard data protection clauses issued or approved by the European Commission (2021/914/EU,). Through our Binding Corporate Rules, eBay Affiliates undertake to protect your personal data and to comply with data protection obligations. Further information on our binding company-wide guidelines and our worldwide data protection principles can be found in the eBay Privacy Center.

6.2 Other international data transfers

We may transfer your personal data to recipients (see section 5. Purposes and legal basis for data processing and categories of recipients) who may be located anywhere in the world. We will only transfer your personal data from the United Kingdom to third countries (i.e., countries outside the UK), on the basis of appropriate safeguards or if otherwise authorized by applicable law. Third countries providing an adequate level of data protection according to the UK Government currently include the EU member states (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden) Iceland, Norway, Liechtenstein, Gibraltar, The Republic of Korea, Andorra, Argentina, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, Japan (private sector organisations only), USA (for companies with Data Privacy Framework certification) and Canada (for data that is subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). In other cases, KnownOrigin provides the necessary safeguards (e.g., through the conclusion of data protection contracts adopted by the UK Government International Data Transfer Agreement with the recipients, or through other measures provided for by law. Additional information regarding the measures taken by us is available on request  We regularly re-evaluate the measures taken to assess requirements deriving from new regulatory guidance and case law.

7.  Storage duration and erasure

Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this Privacy Policy (see section 5. Purposes and legal basis for data processing and categories of recipients  for more information on the processing purposes). Please note that data added to or otherwise contained on the blockchain is immutable and cannot be deleted. However, with respect to all other data which is not stored on the public and immutable blockchain, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged or permitted to keep your personal data longer (e.g., for legal compliance, tax, accounting or auditing purposes, or to detect and prevent fraudulent or illegal activity on KnownOrigin).The retention periods are generally between 6 and 10 years. As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g., by restricting access to it). This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defence against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.

Learn more about section 7

How long we retain personal data may vary depending on the Services we provide and our legal obligations under applicable national law. The following factors typically affect the retention period:

  • Necessity for the provision of our Services
    This includes such things as executing the User Agreement with you, maintaining and improving the performance of our Services, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.

  • Consent-based processing of personal data
    If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent.

  • Statutory, contractual or other similar obligations
    Corresponding storage obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data with regard to pending or future legal disputes. Certain personal data may be subject to statutory storage obligations depending on national law.

8.  Rights as a data subject

Subject to possible restrictions under national law, as a data subject, you have the right to access, rectification, erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.

Learn more about section 8

Your rights in detail:

  • Where we rely on consent you can withdraw your consent to the processing of your personal data by us at any time. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.

  • You have the right to obtain access to your personal data that is being processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, where possible the envisaged period for which the personal data will be stored or the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the personal data’s source (where they are not collected from you), the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details. Your right to access shall not adversely affect the rights and freedoms of others. Your right to access may be limited by national law.

  • You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • You have the right to obtain from us the erasure of personal data concerning you under certain conditions (e.g., when the personal data are no longer necessary in relation to the purposes for which they were processed or when they are no longer required for overriding legitimate grounds, such as the detection/prevention of fraud), unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law. Please note that it is not possible to erase data from the blockchain. Please see section 2 for further information.

  • You have the right to demand that we restrict the processing of your personal data to the extent that

    • the accuracy of the data is disputed by you,

    • the processing is unlawful, but you oppose the erasure of the personal data,

    • we no longer need the data, but you need it to assert, exercise, or defend legal claims or

    • you have objected to the processing.

  • You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller ("right to data portability").

  • You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the registered office of KnownOrigin.

If your personal data is processed on the basis of our legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Exercising your rights and managing your settings

UK and all other non-EEAU & Swiss citizens/residents can exercise your rights as a data subject via email to [email protected].

EU/EEA & Swiss citizens/residents can exercise your rights by either

The exercise of the above data subjects' rights (e.g., right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs), in accordance with the applicable statutory regulations, or refuse to process the application.

Managing your communication preferences

If you would like to change your preferences regarding KnownOrigin communications (including marketing communications), you can do so at any time. If you no longer wish to receive email marketing communications from us, you can also unsubscribe by clicking on the link in the footer of the email you received. For technical reasons, the implementation may take a few days. For information on how to manage your cookies and similar technologies preferences, see section 9.

9.  Cookies & similar technologies

When you use our Services, we and authorized third parties make use of cookies and similar technologies (which we will refer to collectively as “cookies”) to provide you with a better, faster and safer user experience or to show you personalized advertising.

Your options at a glance:

Users in Europe: Users in the UK, EEA and Switzerland can access and otherwise manage their Cookie Settings in the Help section at the bottom of the KnownOrigin.io homepage.

Learn more about section 9

9.1 Information regarding the technologies we use.

9.1.1 Cookies

Cookies are small text files which are placed in the memory of your browser or device when you make use of our Services. Cookies allow for recognition of a specific device or browser.

There are different types of cookies:

  • Session cookies expire at the end of your session (e.g., when closing your browser window) and only allow tracking your activities during this session

  • Persistent cookies remain stored on your device between sessions and allow, for example, to track your settings or activities on several websites

  • First-party cookies are set by the provider whose online service you are using

  • Third-party cookies are set by a provider other than the provider whose online service you are using

We make use of all the above-mentioned cookies. We take appropriate security measures to prevent unauthorised access to our cookies.

The cookies and similar technologies used in connection with the Services have different functions: (see section 9.2 for further details)

9.1.2 Web beacons

Web beacons (also known as pixel tags or clear GIFs) are small graphic images that are used in connection with the provision of our Services and which typically work in conjunction with cookies to track the use of an online service by its users. For example, when we send you emails, web beacons allow us to track if you opened the emails and clicked links to measure campaign performance and improve features.

9.1.3 Software Developer Kits

Software Developer Kits ("SDKs") are a collection of software development tools in one installable package, which allow third party developers to integrate with our Services for specific purposes (e.g., authentication). Some of the SDKs that KnownOrigin uses involve transferring data to your device.

9.1.4 Similar technologies

Similar technologies include local shared objects or local storage, such as flash cookies, HTML 5 cookies and other web application software methods, all of which store information in your browser or device to track your activity. Additionally, there are other technologies that function without local storage in your end device and instead make, for example, use of browser functions. In this context, a "fingerprint" of your system is created that serves as a unique identifier.

These technologies may function across all your browsers and in some cases are not fully managed by your browser but may need to be managed directly from your installed applications or your device.

9.2 Why do we use these technologies?

Some of our Services can only be offered using cookies. In general, these technologies enable us to track your user behaviour and identify you – even across devices.

The cookies used in connection with our Services serve the following functions:

9.2.1 First-party cookies

  • Strictly necessary cookies
    We use cookies that are necessary for the operation of our Services. This includes technologies that allow you access to our Services, which are required to monitor the functioning of the site, prevent fraudulent activity, and improve security.
    Because these cookies are technically necessary to deliver our Services to you, you cannot deny the use of them.

  • Personalisation cookies

    We use cookies to personalise our Services for you only with your consent.

  • Analytics cookies
    We use cookies to assess the performance of our Services only with your consent.

9.2.2 Third-party cookies

  • Advertising cookies
    Third party advertising providers use cookies to deliver ads tailored to your interests only with your consent. This includes using technologies to determine how relevant the advertisements are for you, which ads have already been shown to you, how often they have been shown, when and where they have been shown and if you have reacted by carrying out an activity – such as clicking on an ad.

9.3. Service providers we cooperate with

Some of our partners use cookies, web beacons or other similar technologies to deliver content tailored to your interests, including ads, on and off our properties. This includes using technologies to determine how relevant the ads are for you, which ads have already been shown to you, how often they have been shown, when and where they have been shown and if you have reacted by carrying out an activity – such as clicking on an ad or purchasing an item. For this purpose, data may be combined with data already collected regarding your interests.

9.3.1 Meta

We transmit information about your usage of our Services, including additional personal data about you, through Meta Pixel and by sending data directly to Meta via our servers. "Meta" designates Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for users in the EEA, Switzerland and the UK, and Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, for all other users.

These data transmissions enable us to display personalised advertisements for you on Meta's platforms, to measure their effectiveness and to report on them. The specific processing purposes and an explanation of the related data privacy responsibilities are described in the Meta Business Tools Terms ("Meta Terms").

The following applies only to users in the EEA, Switzerland and the UK: To the extent that we are solely responsible for the processing of your personal data in accordance with the Meta Terms (i.e., when Meta provides comparison, measurement and analysis services to us), Meta exclusively acts on our behalf on the basis of an applicable processing agreement (so called Data Processing Terms in addition to the Meta EU Data Transfer Addendum). However, if we and Meta assume joint control for the collection and transmission of your personal data to Meta (i.e., specifically for the processing of data about your usage of our services for the purpose of targeting our advertisements, the improvement and the measurement of the effectiveness of our advertisements), Meta will subsequently process the data as an independent controller and assumes exclusive responsibility.

We have entered into a Joint Control agreement with Meta in order to determine the mutual responsibilities for the fulfilment of data privacy obligations with regards to the joint processing. Pursuant to this agreement, it is Meta's responsibility to safeguard the rights of the data subjects with regards to the personal data stored by Meta under the mutual agreement. It is our obligation to provide the above information to the data subjects. The Data Policy of Meta contains additional information about Meta's processing of personal data, including the legal basis on which Meta operates and the options for data subjects to exercise their rights against Meta. For example, you may opt out of use of the Meta pixel by logging into your Meta account and changing your privacy or advertising as per Meta's opt-out instructions.

9.3.2 Google

We transmit information about your usage of our Services, including additional personal data about you, to Google. "Google" designates Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, for users in the EEA, Switzerland and UK, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for all other users.

These data transmissions enable us to display personalised advertisements for you on and off our properties via the advertising products and the marketing platforms of Google (Google advertising products, such as Google Ad Manager, Google Ads), and to measure their effectiveness, to select and provide content, to provide reports about such content and to gain insights into target groups and product developments. You can find additional information in the Google Privacy Policy and an explanation of the data privacy obligations in the Google Ads Data Protection Terms: Service Information.

Google Analytics
We use Google Analytics, an analysis tool of Google to continuously improve our Services. The use includes the GA4 operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user's activities across multiple devices. Google Analytics uses cookies that are stored on your device and that enable us to analyse your use of our Services. The data collected by the cookies regarding the use of our Services (including your IP address) are usually transferred to a Google server in the USA and stored there (see additional information on masked IP addresses below in this section).

On our behalf, Google processes this data to evaluate the use of our Services, to compile reports on usage activities and to provide us with further services associated with the use of our Services. Your IP address transmitted in the context of Google Analytics will not be combined with other data from Google.

The data collected via Google Analytics is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

You can prevent the collection of data through the Google Analytics cookie by adjusting your browser settings accordingly. If you deactivate cookies, you may not be able to use all functions of our Services to their full extent, however. In addition, you can prevent the collection of data related to your use of the Services (including your IP address) via the Google Analytics cookie and the processing of this data by Google by installing the following browser plugin.

Further information about Google Analytics can be found in the terms of use and in the privacy policy of Google.

We would like to point out that on our website, your IP address has been masked before sharing with Google Analytics. This means that, before your IP address is transmitted to Google's servers in the USA, it is sent to a Google server in the EEA, where it is shortened so that it cannot be traced to a specific person. Only after the IP address has been made anonymous is the shortened IP address sent to a Google server in the USA and stored there.

9.4 Your choices

Your choice options for the use of cookies relating to our Services will depend on the purposes for which we use these technologies.

With regard to the use of advertising-related or personalization-related technologies, you have in particular the following options:

Users in Europe: Users in the UK, EEA and, Switzerland can manage their Cookie Settings in the Help section at the bottom of the KnownOrigin.io homepage to determine whether they consent to the use of cookies and similar technologies by our third-party partners for advertising and content personalization, measurement and analytics purposes.

Learn more

9.4.1 Technologies which are necessary for the provision of our Services or performance-related

If you wish to deactivate the use of any cookies – including cookies that are necessary for the provision of our Services or performance-related, you may do so by using the settings in your browser or device, if this is supported by your browser or device. The settings must be made separately for each browser you use. You can manage your browser-based cookies by adjusting your device browser settings (e.g., Chrome, Edge, Firefox, Internet Explorer, or Safari).

Please note that you may not be able to use certain KnownOrigin Services when you deactivate cookies (e.g., the "Buy with ETH" function).

9.4.2 Technologies which are used for advertising and content personalisation, measurement and analytics purposes

  • Users in the UK, EEA and Switzerland
    You can specifically control whether our third-party partners may use cookies to show you personalised ads by managing your Cookie Settings in the Help section at the bottom of the KnownOrigin.io homepage. Personalised ads from third party partners will only be served with your consent, which you can withdraw at any time.

  • You can also deactivate the use of any third-party cookies – e.g., by online ad networks – within our Services by using the settings in your browser or the settings in your device, if this is supported by your browser or device.

You can find information about third party cookies (and similar technologies) related to advertising and how to prevent their use on the following websites:

If you decide not to allow third parties to process your personal data for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means that these advertisements will not be personalized for you using cookies or similar technologies.

10.  Data security

We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration. To this end we use network security services and data encryption, for example, as well as physical access restrictions for our data centers and logical access controls for data and systems access.

11.  Other important information regarding data protection

This section contains important additional information about the protection of personal data in connection with the use of our Services, including whether you are required to provide personal data.

Learn more about section 11

What happens when you share your personal data on our sites or applications?

Other users have access to the information you share on KnownOrigin's platform or disclose to other users. For example, anyone can see your NFT sale and purchase history on the blockchain as this information is publicly and permanently stored on the blockchain, which is outside of KnownOrigin's ability to control (please see section 2). Certain information contained in your KnownOrigin account, including username/wallet address, profile pictures, purchases, and items for sale, are visible to any user of the KnownOrigin website.

Personal data relating to third parties

If you provide us with personal data relating to another person, you must obtain the consent of this person or the disclosure of the data to us must be otherwise legally permissible. You must inform the other person of how we process personal data in accordance with our Privacy Policy.

Children's Privacy

Our services are not intended for use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. Under our User Agreement, persons under the age of 18 are not permitted to use our Services.

Staying Signed in

When you sign into your account on our Services, we give you the option to stay signed into your account for a certain amount of time. If you are using a public or shared computer, we encourage you to decline. You or any other user of the computer/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorization.

Did this answer your question?