Privacy Policy of Pocket Forest


1. Preliminary remarks

1.1. The Privacy Policy must be read in conjunction with the Terms and Conditions and the Cookie Policy of Pocket Forest. The Privacy Policy document constitute the entirety of the relationship between the User and Pocket Forest, an organization duly incorporated and validly existing under the laws of British Virgin Islands. (hereinafter referred to as the “Company”).

1.2. The mere reading of the Privacy Policy does not provide a complete understanding to the User of the legal relationship between the parties.

1.3. The Company takes data protection very seriously and maintains the Privacy Policy to define how the Company will use the information pertaining to the Users.

1.4. The Privacy Policy covers data collected through the website located at https://www.pocketforest.io/ or any other websites, pages, features, or content the Company owns or operates (hereinafter collectively referred to as the “Websites”). The Privacy Policy does not cover any other data collection or processing, including, without limitation, data collection practices of other web pages to which we link, as they may be subject to their own privacy policies.

1.5. The Company is not liable for any possible misinterpretation of the Privacy Policy.


2. Privacy Statement

2.1. The Privacy Policy is intended to inform the Users about how the Company collects, uses, shares and protects or otherwise processes Personal Data (as defined below). Other policies may be notified separately.

2.2. All Personal Data processed by the Company is necessary to fulfil the purposes for which they were collected. When using the Websites for mere information purposes, the Company may also collect the Personal Data that the User’s web browser transmits to the Company’s server, including their IP address, the date and time of their visit, and data relating to their operating system and web browser. The Company uses this data to ensure the security and successful navigation of the Websites and to compile statistical data on the use of the Websites.

2.3. The Company is not in the business of selling or renting the User’s information to third parties and does not share their personally identifiable information with others, except as follows:

2.3.1. for the purpose of delivering the Services to the User;

2.3.2. for sharing the User’s information as required by law or in the interest of protecting or exercising the Company’s or others’ legal rights, for example, in connection with court proceedings or requests from law enforcement officials. Also, the Company reserves the right to use and disclose any information collected via the Websites that is not in personally identifiable form;

2.3.3. to conduct pre-engagement assessments and formalities such as anti-money laundering checks, conflict checks, etc.;

2.3.4. for client relationship management purposes;

2.3.5. for internal administrative or operational processes;

2.3.6. to analyse the services the User may be interested in;

2.3.7. to send invitations and information from the Company about events, publications, and services provided; and

2.3.8. to satisfy any legal, regulatory, accounting or reporting requirements.


3. Acceptance

3.1. By browsing the Websites, the User acknowledges that the Company may collect and process a certain number of Personal Data (as defined below) that relate to them and that they have read and understood the Privacy Policy and agree to be bound by it and to comply with all applicable laws and regulations.

3.2. In particular, the consent for the processing of Personal Data is given once the User and/or the Users ticks the box in the pop-up window which says “I have read the Privacy Privacy Policy and the Cookie Privacy Policy agree to be bound by it” (hereinafter referred to as the “Consent”).

3.3. The Consent is also given when the Users freely submit to the Company the Personal Data required to become a User. This latter understands and agrees that the Company is free to use these Personal Data within the limit provided by law and the Privacy Policy.

3.4. If the User does not agree with the terms of the Privacy Policy, please refrain from using the Websites.​


4. Principle for processing Personal Data

4.1. While Processing Personal data, the Company will respect the following general principle:

4.1.1. Fairness and lawfulness

4.1.1.1. When processing Personal Data, the individual rights of the Personal Data subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith, and must be proportionate to the objective.

4.1.2. Restriction to a specific purpose

4.1.2.1. Personal Data handled by the Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

4.1.3. Transparency

4.1.3.1. The User must be informed of how their Personal Data is being handled. When the Personal Data is collected, the User must be informed of the following:

4.1.3.1.1. the identity of the Data Protection Officer (as defined below);

4.1.3.1.2. the purpose of Personal Data processing;

4.1.3.1.3. third parties to whom the data might be transmitted.


5. Information we may collect about the User

5.1. The information that the Company may collect from the User (hereinafter collectively referred to as the “Personal Data”) is as follows:

5.1.1. Full name and contact details (e.g. email address, telephone number, shipping address, etc.);

5.1.2. IP address and location;

5.1.3. wallet address, balance;

5.1.4. Every User’s transaction details are performed on the Websites; and

5.1.5. Other Personal Information or commercial and/or identification information – Whatever information the Company, in its sole discretion, deem necessary to comply with the legal obligations under various anti-money laundering (AML) obligations, such as under the European Union’s 4th AML Directive and the U.S. Bank Secrecy Act (BSA).

5.2. Personal Data are also the information the Company collects about the User automatically, as:

5.2.1. Browser Information

5.2.1.1. Information that is automatically collected via analytics systems providers from the user’s browser, including their IP address and/or domain name and any external page that referred the user to the Company, their login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;

5.2.2. Log Information

5.2.2.1. Information that is generated by the User’s use of the Services is automatically collected and stored in the Company server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to pages that the User visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Websites, including:

5.2.2.1.1. date and time;

5.2.2.1.2. page response times, download errors, and length of visits to certain pages;

5.2.2.1.3. page interaction information (such as scrolling, clicks, and mouse-overs); and

5.2.2.1.4. methods used to browse away from the page;

5.3. Personal Data is also the information the Company receives about the user from other sources.

5.4. The Company obtain information about the User in a number of ways through their use of the Services, the account opening process, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of ongoing support service communications. The Company also receives information about the User from third parties, such as their payment providers and through publicly available sources.​


6. Disclosure of the User’s Personal Data

6.1. The Company will not disclose any of the User’s Personal Data to a third party, except:

6.1.1. to the extent that it is required to do so pursuant to any applicable laws, rules or regulations;

6.1.2. if there is a duty to disclose;

6.1.3. if our legitimate business interests require disclosure;

6.1.4. in line with what it’s stated in the Terms and Conditions and Cookie Privacy Policy;

6.1.5. at the User’s request or with their consent or to those described in the Privacy Policy. The Company will endeavour to make such disclosures on a “need-to-know” basis unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such Personal Data.

6.2. As part of using the user’s Personal Data for the purposes set out above, the Company may disclose the User’s Personal Data to the following:

6.2.1. Any members of the Company, which means that any of the Company’s affiliates and subsidiaries may receive such information;

6.2.2. Any of the Company’s service providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide the Company with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services;

6.3. If the Company discloses the User’s Personal Data to service providers and business partners in order to perform the services requested by clients, such providers and partners may store those Personal Data within their own systems in order to comply with their legal and other obligations.

6.4. The Company requires that service providers and business partners who process personal information acknowledge the confidentiality of the Personal Data, undertake to respect any User’s right to privacy and comply with all relevant privacy and data protection laws and the Privacy Policy.


7. Retention of the User’s Personal Data

7.1. In accordance with applicable laws, the Company will use the User’s Personal Data for as long as necessary to satisfy the purposes for which their Personal Data was collected or to comply with applicable legal requirements.


8. Lawful basis for processing Personal Data

8.1. The Company shall process the User’s Personal Data on the following bases and for the following purposes:

8.1.1. Performance of a contract

8.1.1.1. The Company processes Personal Data in order to provide its services and products.

8.1.1.2. The Company must verify the User’s identity in order to accept them as its User, and it will use their Personal Data in order to effectively manage their account. This may include third parties carrying out credit or identity checks on the Company’s behalf. The use of the User’s Personal Data is necessary for the Company to know who they are, as it has a legal obligation to comply with “Know Your Customer” and customer due regulatory diligence obligations.

8.1.2. Compliance with a legal obligation

8.1.2.1. There are a number of legal obligations imposed by relevant laws to which the Company is subject, as well as specific statutory requirements, e.g. anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws. There are also various supervisory authorities whose laws and regulations apply to the Company. Such obligations and requirements imposed on the Company are necessary for Personal Data processing activities for identity verification, payment processing, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls.

8.1.2.2. These obligations apply at various times, including client onboarding, payments and systemic checks for risk management.

8.1.3. For the purpose of safeguarding legitimate interests

8.1.3.1. The Company may process Personal Data so as to safeguard the legitimate interests pursued by the Company or by a third party. A legitimate interest is when the Company has a business or commercial reason to use the User’s Personal Data. Examples of such processing activities include the following:

8.1.3.1.1. Initiating legal claims and preparing the Company’s defence in litigation procedures;

8.1.3.1.2. Measures for managing the business and for further developing products and services;

8.1.3.1.3. Risk management.

8.1.4. To investigate or settle enquiries or disputes.

8.1.4.1. The Company may need to use Personal Data collected from the User to investigate issues or to settle disputes with the User because it is the Company’s legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.

8.1.5. To comply with applicable laws, subpoenas, court orders, other judicial processes, or the requirements of any applicable regulatory authorities.

8.1.5.1. The Company may need to use the User’s Personal Data to comply with any applicable laws and regulations, subpoenas, court orders or other judicial processes, or requirements of any applicable regulatory authority. The Company does this not only to comply with its legal obligations but because it may also be in its legitimate interest to do so.

8.1.6. To send surveys

8.1.6.1. From time to time, the Company may send User surveys as part of its User feedback process. It is in the Company’s legitimate interest to ask for such feedback to try to ensure that it provides its products and services at the highest standard. However, the Company may, from time to time, also ask the User to participate in other surveys, and if they agree to participate in such surveys, the Company relies on their consent to use the Personal Data collected as part of such surveys.

8.1.6.2. All responses to any survey the Company sends out, whether for User feedback or otherwise, will be aggregated and depersonalised before the results are published and shared.

8.1.7. Data analysis

8.1.7.1. The Websites may contain web beacons or pixel tags or any other similar types of data analysis tools that allow the Company to track the receipt of correspondence and count the number of Users that have visited the Websites or opened the Company’s correspondence.

8.1.7.2. The Company may aggregate the User’s Personal Data with the personal information of other Users on an anonymous basis (that is, with their personal identifiers removed) so that more rigorous statistical analysis of general patterns may lead the Company to provide better products and services.

8.1.7.3. If the User’s Personal Data is completely anonymised, the Company do not require a legal basis as the information will no longer constitute personal information.

8.1.7.4. If the user’s Personal Data is not in an anonymised form, it is in the Company’s legitimate interest to continually evaluate that personal information to ensure that the products and services it provides are relevant to the market.

8.1.8. Marketing purposes

8.1.8.1. The Company may use the User’s Personal Data to send them marketing communications by email or other agreed forms (including social media campaigns) to ensure they are always kept up-to-date with the Company’s latest products and services.

8.1.8.2. If the Company sends the User marketing communications, it will do so based on their consent and registered marketing preferences.

8.1.9. Internal business purposes and record keeping

8.1.9.1. The Company may need to process the User’s Personal Data for internal business and research purposes as well as for record-keeping purposes. Such processing is in the Company’s own legitimate interests and is required in order to comply with its legal obligations. This may include any communications that the Company has with the User in relation to the products and services it provides to the User and its relationship with them.

8.1.10. Legal Notifications

8.1.10.1. Often the law requires the Company to advise the User of certain changes to products or services or laws. The Company may need to inform the User of changes to the terms of the features of the Privacy Policy.

8.1.10.2. The Company needs to process the User’s Personal Data to send them these legal notifications. The User will continue to receive this information from the Company even if they choose not to receive direct marketing information from the Company.​


9. Transfers of Personal Data outside of the User’s country

9.1. By using the Services, the User consents to their Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than their country.

9.2. The Company transfers the User’s Personal Data to partners located in the following countries:

9.2.1. British Virgin Islands;

9.2.2. The European Union; and

9.2.3. The USA.

9.3. In all such transfers, the Company will protect the User’s Personal Data as described in the Privacy Policy and ensure that appropriate information-sharing contractual agreements are in place.​


10. Privacy when using digital assets and blockchains

10.1. Public blockchains are distributed ledgers intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis, which can lead to deanonymisation and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.

10.2. Because blockchains are decentralised or third-party networks which are not controlled or operated by the Company or its affiliates, the Company is not able to erase, modify, or alter Personal Data from such networks.​


11. Protection of Personal Data

11.1. The Company respects the Personal Data of any Users who access the Websites, and it is therefore committed to taking all reasonable steps to safeguard any existing or prospective clients, applicants and website visitors.

11.2. The Company keeps any Personal Data of its Users in accordance with the applicable privacy and data protection laws and regulations.

11.3. The Company has the necessary and appropriate technical and organisational measures and procedures in place to ensure that the User’s Personal Data remains secure at all times.

11.4. The Company regularly trains and raises awareness for all its employees about the importance of maintaining, safeguarding and respecting Personal Data and privacy.

11.5. The Company regards breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment.

11.6. It is the User’s responsibility to make sure that their password is only known to the User and not disclosed to anyone else. Personal Data is securely stored in a safe location, and only authorised personnel have access to it via a username and password. All Personal Data is transferred to the Company over a secure connection, and thus all reasonable measures are taken to prevent unauthorised parties from viewing any such information.​


12. Security of the User’s Personal Data

12.1. The Company applies high industry standards and will always apply adequate technical and organisational measures in accordance with applicable laws to ensure that the User’s Personal Data is kept secure.

12.2. In the event of a Personal Data breach, the Company shall, without undue delay, and where feasible, not later than seventy-two (72) hours after having become aware of it, notify the breach competent supervisory authority.


13. Portability of Personal Data

13.1. The User also has the right to receive their Personal Data, which they have provided to the Company, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Company.

13.2. This right can be exercised by contacting the Company through its contact form or by writing an email at contact@pocketforest.io and attaching a copy of the User’s ID.

13.3. If the request is submitted by a person other than the User without providing evidence that the request is legitimately made on their behalf, the request will be rejected.

13.4. The request is free of charge unless the User’s request is unfounded or excessive (e.g. if the User has already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge the User a reasonable request fee according to applicable laws.

13.5. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example, if fulfilling the request will adversely affect the rights and freedoms of others.​


14. Storage of the User’s personal data

14.1. The User agrees that the Company may store their Personal Data in any country of the EEA, including Switzerland and the United States of America.

14.2. The storage, as well as the processing of the Personal Data, may require that the User’s Personal Data are ultimately transferred/transmitted to, and/or stored at a destination outside of their country of residence. Where permitted by law, by accepting the terms of the Privacy Policy, the User agrees to such transferring, transmission, storing and/or processing. The User also agrees that such activities may take place to or in countries offering a lower level of protection than their country of residence.​


15. Contact1

5.1. If the User has any questions about how the Privacy Policy works in its main functions, they can reach the Company through the Company’s Discord channel (hereinafter referred to as the “Help Desk”)

15.2. The Help Desk does not promise in any way to solve every doubt or problem the User may have concerning the use of the Personal Data, nor does it promise to answer accurately every question the User may have.

15.3. When the User contacts the Company, it has to provide the Company with its name, address, and any other information needed to identify the User, its reference, and the issue on which they have feedback, questions, or complaints.

15.4. If the User has any questions concerning the processing of its Personal Data, please address its correspondence to the Company at the Help Desk.

15.5. When the User sends a message to the Company or otherwise sends data via the Websites, the Company can collect and use their name and email address. The User will know what data the Company collects through the Websites because they actively submit it.

15.6. The Company uses the data collected from the Websites for the following general purposes (this list is not exhaustive):

15.6.1. to respond to the request that the Users sent;1

5.6.2. to administer, protect and improve the Websites;

15.6.3. to better understand the preferences of the Users;

15.6.4. to compile aggregated statistics about Websites usage; and

15.6.5. to inform the Users about the services available on the Websites.​


16. Governing Law and Dispute Resolution

16.1. The laws of British Virgin Islands (with the exclusion of any rules that might lead to the use of any other law which is not the law of British Virgin Islands) shall govern the validity and construction of the Privacy Policy and any dispute arising out of or in relation to the Privacy Policy.

16.2. Any dispute, controversy, or claim arising out of, or in relation to, the Privacy Policy, including regarding the validity, invalidity, or breach, shall be resolved by arbitration in accordance with the British Virgin Islands Rules of International Arbitration in force on the date on which the Notice of Arbitration is submitted in accordance with those Rules. The number of arbitrators shall be one. The seat, or legal place, of arbitration shall be Road Town. The language to be used in the arbitral proceedings shall be English.

16.3. The Parties agree that any dispute is personal to the User and the Company and that any dispute shall only be resolved by individual litigation and shall not be brought as a class action or any other representative proceeding. The User agrees that a dispute cannot be brought as a class or representative action or on behalf of any other person or persons.

16.4. In case of dispute, the User shall maintain the confidentiality of any proceedings, including but not limited to any and all information gathered, prepared, and presented for purposes of the litigation or related to the dispute(s) therein.