ATB Financial, the owner and operator of the Oliu Platform recognizes the importance of privacy. The purpose of this privacy statement (“Privacy Statement”) is to inform you about our privacy practices, including how we collect, use and disclose your Personal Information. ATB Financial collectively may be referred to as “we”, “our” or “us”.
This Privacy Statement applies to the collection, use and disclosure of personal information through the Oliu Platform through our website located at https://oliu.id or any of our related websites, platform, mobile application, including the Oliu Platform, and any of the related services we provide and through our interactions with customers and potential customers (collectively, the “Services”)
This Privacy Statement is current as of the “updated” date which appears at the top of this page. We may make changes to this Privacy Statement from time to time, which will become immediately effective when published in a revised Privacy Statement posted on our website unless otherwise noted. We may also communicate the changes through our services or by other means.
Please review this Privacy Statement carefully. By submitting your Personal Information to us, by registering for or using any of the services we offer, by using the Services, or by voluntarily interacting with us, you consent to our collecting, using and disclosing your Personal Information as set out in this Privacy Statement, as revised from time to time.
This Privacy Statement covers the following topics:
"Personal Information" means information about an identifiable individual as described under Canadian privacy laws, including the Personal Information Protection Act of Alberta and the Personal Information Protection and Electronic Documents Act of Canada. This information may include, but is not limited to:
Personal Information does not include any business contact information that is solely used to communicate with you in relation to your employment, business or profession, such as your name, position name or title, work address, work telephone number, work fax number or work electronic address.
Personal Information also does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.
We collect, use and disclose your Personal Information with your consent or as permitted or required by applicable privacy laws. How we obtain your consent (i.e. the form we use) will depend on the circumstances, as well as the sensitivity of the information collected. Subject to applicable laws, your consent may be express or implied, depending on the circumstances and the sensitivity of the Personal Information in question.
If you choose to provide Personal Information to us, you consent to the collection, use and disclosure of that Personal Information as outlined in this Privacy Statement.
If you wish to withdraw your consent to our collection, use or disclosure of your Personal Information, please contact us using the contact information in the “How to Contact Us” section below. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.
If you provide Personal Information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Privacy Statement.
Decentralized network technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Decentralized networks are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.
Our Services are designed to provide a secure method for consumers to add, access and exchange identity-related information (“Digital Credentials”) when dealing with various organisations, including when they use financial and other services and when purchasing goods and services. Digital Credentials can potentially include any Personal Information that you (or your end users) choose to upload onto our applications, such as, for example, your birth certificate, passport, or other identity-related information. These Digital Credentials are stored on the user or individual’s device. As the user of our Services, you (or your end user) choose the purposes for which your Digital Credentials are used and who you (or your end user) want to share your Digital Credentials with. Should you (or your end user, as the case may be) choose to upload your data to the cloud (for example for back-up purposes), the user will be required to enter into a separate arrangement with a third party cloud service provider, or with us, to obtain these services. If these cloud services are provided by us, we will hold encryption keys relating to your encrypted data. However, we will not have access to the Digital Credentials that are stored on these keys. Should these cloud services be provided by ATB, you will be asked to agree to the terms of a separate contract with ATB.
The Personal Information we collect is generally in one or more of the following categories.
Digital Credentials. As set out in the “How Our Services Work” section of this Privacy Statement, we collect Digital Credentials, but do not have access to this information as this information is uploaded onto a user or individual’s device and no Personal Information is stored directly on the decentralized networks.
Registration. When you register to use the Services by signing up for an account, we may collect information from you or from your use of the Services, including your decentralized identifier, your name, email address and other information you choose to provide to us. We may also automatically collect usage data that is identifiable with you when you use our products and services.
Photos You Upload during the Identification Verification Process. As part of our identification verification services, we collect (but do not store or use) any photos you upload of the identification card you wish to have verified, and any photos of your face that are required in order to verify your identity. We do not store these photos and they are only used by ATB to verify your identity.
Website. For individuals located in Canada who visit our website, we may collect information from you or from your activities on the site.
Log Data. We may keep logs of activities performed on our website or through the use of the Services, where we may collect information about your browser, referring/exit pages, how you interact on the website and through the Services, landing pages and pages viewed.
Device Identifiers. When you access or use our Services using a mobile device, we may access, collect, monitor and/or remotely store one or more “device identifiers,” such as a universally unique identifier. Device identifiers are small data files or similar data structures stored on or associated with your device that uniquely identify your device. A device identifier may consist of data stored in connection with the device hardware, operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Services. A device identifier may remain persistently on your device to enhance your navigation on the Services. Some features of our Services may not function properly if use or availability of device identifiers is impaired or disabled.
Other Interactions. Where permissible under applicable law, for individuals who otherwise interact with us, whether in person, by phone or email, through social media or otherwise, including individuals who might be interested in acquiring our products or services, who sign-up to receive newsletters or other communications, or who respond to surveys and questionnaires, we may collect information that you provide to us during these interactions. This information may include your name, e-mail address and other contact information.
Information Collected from Third-Party Companies. We may receive Personal Information or anonymous data about you from companies that offer their products and/or services for use in conjunction with our products and services or whose products and/or services may be linked with ours.
We may use your Personal Information for purposes such as:
We may use your Personal Information for purposes for which we have obtained your consent, and for such other purposes as may be permitted or required by applicable Canadian privacy laws.
We do not use the information we collect to advertise third party products and services or targeted advertising of Company products and services across third party websites or service offerings.
We rely on third party services providers to perform a variety of services on our behalf, such as electronic wallet providers, identification verification and authentication services, decentralized network services and applications, hosting, data storage and processing service providers, and research and analytics providers.
If we provide your information to service providers, then we require that the service providers keep your Personal Information secure, and only handle it for limited purposes for which it is provided. We do not authorize the service providers to disclose your Personal Information to unauthorized parties or to use your Personal Information for their direct marketing purposes.
If you would like more information about our service providers, please contact us using the contact information in the “How to Contact Us” section below.
Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our rights, operations or property; (f) to allow us to pursue available remedies or limit the damages that we may sustain.
In addition, we may transfer your Personal Information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets. A successor party will only be permitted to use your Personal Information for the purposes for which it was collected, unless your consent is otherwise obtained.
If we otherwise intend to disclose your Personal Information to a third party, we will identify that third party and the purpose for the disclosure, and obtain your consent.
For example, in use cases involving the collection of wireless carrier data of an End User(s), ATB Financial will disclose your Personal Information with Twilio to verify service subscriber records.
Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified by us as set out in this Privacy Statement) with third parties except as prohibited by applicable law.
If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us. You may also opt-out by contacting us directly using the contact information in the “How to Contact Us” section below.
We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.
We will use, disclose or retain your Personal Information only for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by Canadian privacy laws.
We have implemented physical, organizational, contractual and technological security measures with a view to protecting your Personal Information and other information from loss or theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your Personal Information are those with a business ‘need-to-know’ or whose duties reasonably require such information. Additional measures that ATB takes to protect the Personal Information you provide can be found in ATB’s Privacy Code available here.
Despite the measures outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. A breach of security safeguards can result in such risks as phishing and identity theft. In such cases, we act promptly to mitigate the risks and to inform you where there is a real risk of significant harm, or as otherwise required by law.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “How to Contact Us” section below.
We expect you, from time to time, to supply us with updates to your Personal Information you provide us, when required. We will not routinely update your Personal Information, unless such a process is necessary.
You may make a written request to review any Personal Information about you that we have collected, used or disclosed, and we will provide you with any such Personal Information to the extent required by applicable laws. You may also challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required.
We may require that you provide sufficient identification to fulfill your request to access or correct your Personal Information. Any such identifying information will be used only for this purpose.
Your Personal Information may be stored and processed at our offices in the Province of Alberta or at the offices of our third party service providers located in Canada, the United States, Lithuania and Ireland. Other jurisdictions may have different data protection rules than Canada. While your Personal Information is outside of Canada, it is subject to the laws of the country in which it is located. Those laws may require disclosure of your Personal Information to authorities in that country. When we engage in such transfers of personal data across any international border, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.
Details respecting the types of service providers we use, the purposes for which your Personal Information is shared, and the countries outside of Canada to which your Personal Information is transferred can be accessed in our Out of Canada Service Providers Statement. If you have any questions or concerns regarding our collection, use or disclosure of your Personal Information outside of Canada, contact our Privacy Information Officer at the e-mail address below.
This Privacy Statement does not extend to any websites or products or services provided by third parties. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third party privacy policies prior to using third party websites or products or services.
For example, to purchase merchandise, you may use a third-party wallet which allows you to engage in transactions on the decentralized network. Your interactions with any third-party wallet provider are governed by the applicable terms of service and privacy policy of that third party.
Our products and services are not intended for anyone under the age of majority in your corresponding jurisdiction, and at the least no children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16. Children under the age of 16 should not use our products and services and should not provide us with their Personal Information.
All comments, questions, concerns or complaints regarding your Personal Information or our privacy practices should be sent to our Privacy Officer via email at info@oliu.id.
