1. Scope and Audience

1.1 General Scope
This Notice governs personal data we collect or receive from individuals (each, a “User” or “you”) who access or use PumpZilla’s Services, whether as a registered user or a visitor. It outlines how we handle such data throughout its lifecycle, from initial collection to eventual deletion or anonymization.

1.2 Age Restrictions
Our Services are not intended for individuals under the age of 18, nor do we knowingly solicit or collect information from anyone under 18. If you believe a minor has provided personal data to us, please contact our Support Team promptly so that we may take steps to delete such information.

1.3 Contractual Relationship
Your use of the Services is subject to this Notice and any other contractual documents governing your relationship with PumpZilla (e.g., our Terms of Service). To the extent there is a conflict between the terms of this Notice and other agreements, the agreement most directly addressing the specific issue will control, unless otherwise stipulated.

2. Role as Data Controller

2.1 Definition and Responsibilities
PumpZilla typically operates as a “data controller,” meaning we determine why and how personal data is processed. In situations where we act as a joint controller or data processor on behalf of a third party, we will inform you of our role and responsibilities in that context. Our status as a data controller obliges us to ensure compliance with applicable data protection laws and to implement safeguards that uphold your privacy rights.

2.2 Regulatory Requirements
Depending on your jurisdiction, local or regional regulations (for example, the UK General Data Protection Regulation (UK GDPR), the EU GDPR, the Data Protection Act 2018, or equivalent legislation) may also apply. In such instances, PumpZilla takes reasonable measures to meet the obligations set forth in these regulations, including respecting your legal rights to access, correct, or erase data, as applicable.

3. Categories of Personal Data Collected

3.1 Financial and Blockchain-Related Data
• Wallet Addresses: If you engage in digital asset transactions on the Ethereum network, we may collect your wallet addresses to facilitate transfers, verify transactions, and provide relevant notifications.
• Blockchain Records: Certain transaction details (e.g., sending and receiving addresses, timestamps, amounts) are inherently public on the Ethereum blockchain. We do not control third-party blockchain networks and cannot modify or erase data stored on them.

3.2 Account and Transaction Data
• Transaction Details: This includes the date, time, amount, and nature of transactions executed through our platform.
• User Preferences and Settings: Information about your language preferences, notification settings, and other customization data that you choose to share within your account profile.

3.3 Technical and Usage Information
• Device Identifiers: Such as your IP address, domain name, mobile device ID, browser type and version, operating system, and similar technical details that help us diagnose issues and optimize performance.
• Log and Analytics Data: This includes the timing, duration, frequency, and patterns of your interactions with our platform, as well as web pages, features, or sections visited. It may also capture your approximate geographic location and referring URLs.

3.4 Compliance and Verification Data
• Government or Regulatory Requirements: On occasion, we may be compelled to verify user identities to comply with anti-money laundering (AML) laws.
• Sanctions and Watch Lists: We may cross-check your data against relevant sanctions or watch lists to fulfill regulatory obligations and mitigate any potential illicit activity.

3.5 Data from Third Parties
We might acquire personal data from publicly accessible databases, marketing partners, analytics providers, or other reputable entities. For example, we may cross-reference your wallet address with publicly available blockchain explorers to enhance fraud detection or fulfill statutory obligations.

4. Legal Bases for Processing

4.1 Consent
If you provide clear, unambiguous consent for specific processing activities (e.g., receiving marketing communications).

4.2 Contractual Necessity
Data processing is essential to perform a contract with you or fulfill obligations at your request prior to entering into a contract.

4.3 Legal Obligations
We process data where necessary to comply with a statutory or regulatory requirement.

4.4 Legitimate Interests
We may process information for our legitimate commercial or security interests, provided these do not override your fundamental rights and freedoms.

5. How We Use Your Personal Data

5.1 Providing and Improving Services
• Platform Functionality: To offer core features of our Services, such as facilitating Ethereum-based transactions and managing user accounts.
• User Experience: To tailor your interactions on the platform, suggest relevant content, or recommend new functionality to enhance your overall experience.

5.2 Transactions and Communications
• Transaction Execution: To carry out digital asset exchanges and confirm that transactions are properly settled on the Ethereum blockchain.
• Notifications and Alerts: To send updates, confirmations, and important notices, including security alerts or changes to this Notice.

5.3 Analytics and Performance Monitoring
• Performance Metrics: To measure usage trends, assess the effectiveness of new or existing features, and detect technical issues.
• Testing and Development: To conduct beta trials of new functionalities, ensuring the final product meets user expectations and security standards.

5.4 Security and Fraud Prevention
• Risk Assessment: To detect, investigate, and deter fraudulent activities, unauthorized access, or other misconduct that could jeopardize user data or the Services.
• Legal and Regulatory Compliance: To uphold regulations related to anti-money laundering, sanctions, or other binding obligations.

5.5 Marketing and Communication (Where Permitted)
• Direct Marketing: To distribute newsletters, promotional content, or event invitations, subject to your consent or as otherwise permitted by law.
• Opt-Out: We provide clear methods for you to withdraw consent or unsubscribe from marketing at any time.

6. Cookies and Similar Technologies

6.2 Cookie Management
You can manage Cookies via your browser preferences, including blocking or deleting them. However, doing so may restrict certain functionalities on our platform. For additional guidance, consult your browser’s “Help” feature or visit https://www.allaboutcookies.org.

6.3 Do Not Track Signals
Our platform does not universally respond to “Do Not Track” (DNT) signals due to the lack of a standardized industry approach. If you wish to limit tracking, we advise adjusting your browser settings or installing privacy-focused browser extensions.

6.4 Google Analytics
We may use Google Analytics or similar services for deeper insights into user behaviors. You can opt out by installing the respective browser add-on (e.g., the Google Analytics Opt-out Add-on) or adjusting your browser settings accordingly.

7. Sharing and Disclosure of Personal Data

7.1 Within PumpZilla and Affiliates
We may share personal data with our subsidiaries, holding company, and affiliates for legitimate business operations consistent with the purposes described in this Notice. All parties are required to adhere to equivalent privacy obligations and security measures.

7.2 Third-Party Service Providers
We engage reputable third parties to offer services on our behalf (e.g., payment processors, web hosting providers, analytics vendors). These partners have access to personal data solely to the extent necessary to perform their assigned tasks and are contractually obligated to maintain confidentiality.

7.3 Business Transactions
In the event of a merger, acquisition, corporate reorganization, or similar transaction, personal data may be transferred to the successor entity. We will strive to ensure continuity of privacy obligations through contractual safeguards or, where necessary, seek your consent.

7.4 Legal and Regulatory Compliance
We may disclose personal data when compelled by law or where such disclosure is essential to protect our rights, investigate fraud, or respond to a legal request from governmental or regulatory authorities. We may also share data to safeguard our interests in litigation or other disputes.

8. Data Retention and Deletion

8.2 Deletion and Anonymization
Once personal data is no longer necessary for any lawful purpose, we either securely delete it or anonymize it in a manner that prevents the possibility of re-identification. This ensures that residual data can no longer be associated with a particular individual. However, as noted, certain blockchain records cannot be modified or erased.

8.3 Blockchain Considerations
Data recorded on the Ethereum blockchain is, by design, immutable. We do not manage or control the Ethereum network, and thus cannot guarantee the removal or alteration of any on-chain records. Although we do our utmost to minimize personal data placed on-chain, certain metadata or transaction hashes may still lead to re-identification if combined with external information.

9. Data Security Measures

9.1 Security Protocols
We employ a range of technical, administrative, and physical safeguards intended to protect personal data from unauthorized access, loss, misuse, or alteration. These measures may include data encryption, secure server environments, firewalls, and periodic security assessments.

9.2 User Responsibilities
You also play a critical role in protecting your information. We urge you to utilize secure passwords, avoid reusing credentials, and enable any available multi-factor authentication. Inform us promptly if you suspect any unauthorized activity or if you detect any unusual transactions on the platform.

9.3 No Absolute Guarantee
Despite our commitment to strict security protocols, no data transmission or storage system is entirely foolproof. Any transmission of personal data is undertaken at your own risk. We disclaim liability for breaches that result from factors beyond our reasonable control (e.g., force majeure events, malicious third-party attacks).

10. International Data Transfers

10.1 Global Operations
PumpZilla’s operations and infrastructure may span multiple jurisdictions, potentially involving cross-border transfers of personal data. This could mean your data is processed outside your country of residence.

10.2 Adequate Safeguards
Where required by applicable law, we rely on lawful mechanisms (such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement, or other compliance frameworks) to ensure that transferred personal data receives an adequate level of protection.

10.3 User Acknowledgment
By using the Services, you acknowledge and consent (where legally permissible) to the transfer and processing of your personal data in jurisdictions that may not have equivalent data protection laws as your country of residence. We will continue to uphold robust security measures and only transfer data where it is lawful to do so.

11. Your Rights and Choices

11.1 Access, Correction, and Erasure
• Right to Access: Subject to legal constraints, you have the right to request information about the personal data we hold about you and to obtain a copy in a structured, commonly used, and machine-readable format.
• Right to Rectification: You may request corrections to inaccurate or incomplete data.
• Right to Erasure: Under certain circumstances, you can ask that we delete your personal data, barring retention obligations (e.g., legal compliance).

11.2 Restriction and Objection
• Restriction: You may request a limitation on how we use your data if, for instance, you dispute its accuracy or object to our processing.
• Objection: You can object to processing conducted on the basis of legitimate interests, including profiling. We will review your request unless there are compelling grounds that override your interests or rights.

11.3 Data Portability
You have the right, in certain circumstances, to obtain your personal data and reuse it for your own purposes across different services, subject to technical feasibility.

11.4 Withdrawal of Consent
Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of the processing carried out prior to withdrawal.

11.5 Exercise of Rights
To exercise your rights, please contact our Support Team with sufficient details to identify you and specify the nature of your request. We reserve the right to request additional information to verify your identity.

12. Additional Notices for Certain Jurisdictions

12.1 California Residents
If you are a California resident, state law may entitle you to specific disclosures regarding data collection and sharing practices. You may also have the right to request access to or deletion of certain personal data, subject to exemptions. We do not sell personal data, including data of individuals under 16 years of age.

12.2 EEA and UK Residents
Residents within the European Economic Area and the United Kingdom have certain rights under the GDPR or the UK GDPR, respectively, as outlined above. You also have the right to lodge a complaint with a supervisory authority if you believe your personal data has been mishandled.

12.3 Other Territories
In jurisdictions offering additional privacy protections (e.g., Canada, Australia, or Japan), we comply with the relevant privacy legislation and provide similar rights to access, correct, or delete personal data, where applicable.

13. Third-Party Websites and Services

13.1 External Links
Our Services may contain links or references to websites, services, or resources operated by third parties. Inclusion of these links does not imply our endorsement of those external platforms. We do not have control over their privacy practices and disclaim responsibility for any use of personal data by such third parties.

13.2 Social Media and External Platforms
Certain features of our Services may allow you to share content on social networks or interact with external platforms. Your interactions and any data transmitted in this context are governed by the privacy policies of those platforms. We recommend reviewing those policies to understand how they handle your personal data.

14. Automated Decision-Making and Profiling

14.1 Overview
We may use automated tools and algorithms to assess or predict user preferences, behaviors, or attributes. These processes help us provide tailored recommendations, detect fraud, and enhance user experiences. However, we do not employ fully automated decision-making that has a significant legal or other similarly substantial effect on you without offering the possibility of human intervention, unless we have your explicit consent or are otherwise permitted by law.

14.2 Your Rights
Depending on applicable law, you may have the right to request human review of an automated decision or to object to such processing. Should you wish to exercise these rights, please contact our Support Team.

15. How to Contact Us

15.1 Primary Contact Method
For inquiries, requests, or concerns about your personal data, please reach out to our Support Team via email or through the designated communication channel listed on our website. Ensure you provide enough information for us to verify your identity (where required) and to understand the scope of your request.

15.2 Data Protection Officer (DPO)
Where mandated by law or deemed advisable, we may appoint a Data Protection Officer. In such cases, the DPO’s contact information will be made available on our website or within your account settings.

16. Changes to This Privacy Notice

We reserve the right to amend this Notice to reflect modifications in our Services, advancements in legal or regulatory requirements, or shifts in industry best practices. When we make substantive updates, we will notify you in a manner commensurate with the magnitude of the changes (e.g., an email communication or a prominent notice on our website). The “Last Updated” date at the top of this Notice indicates the effective date of the most recent revisions. By continuing to use our Services after any changes become effective, you consent to the revised Notice.