top of page

PRIVACY POLICY

 
contact.png

Effective Date: 3rd February 2025
Last Updated: 17rd March 2025

This Privacy Policy explains how AAV Smart Licensing FlexCo ("Company", "we", "us", "our") processes personal data in connection with the iLicensing.io platform, ensuring compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), Austrian Datenschutzgesetz (DSG), and applicable AML (Anti-Money Laundering) and KYC (Know Your Customer) regulations.

We reserve the right to update this Privacy Policy at our discretion. Any changes will take effect immediately upon publication of the revised Privacy Policy on iLicensing.io, as indicated by the updated "Last Updated" date. We encourage you to review this Privacy Policy periodically.

By accessing or using iLicensing.io, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue the use of iLicensing.io.

 

1. DATA CONTROLLER & CONTACT INFORMATION

The data controller responsible for processing your personal data is:

📍 AAV Smart Licensing FlexCo
Registered Address: 1190, Austria, Wien, Obkirchergasse 21 Tür 34
📧 Email: privacy@ilicensing.io

For inquiries regarding data protection, please contact privacy@ilicensing.io.

2. PERSONAL DATA WE COLLECT

2.1. Data Provided by You

  • Account Information: Full name, email, phone number, wallet address, tax ID, company details.

  • Payment & Financial Data: Bank account details, transaction records.

  • Communication Data: Messages, support requests, uploaded IP-related materials.

  • KYC & AML Data: Passport or national ID, proof of address, tax residence status, source of funds documentation.

2.2. Data Collected in the IP Matrix

The IP Matrix stores licensing and intellectual property information, including:

  • IP Token Details: Token number, blockchain address, associated NFT count, royalty details.

  • IP Object Classification: Type of IP (trademark, illustration, artwork, 3D model, etc.).

  • Licensing & Ownership Data: Product category, usage details, artist details, exclusivity status, and geographic territory.

  • Contractual & Business Information: License Agreements, duration, legal status of IP owner.

  • Business & Financial Data: Tax number, company incorporation details, subscription plan information.

2.3. Data Collected from Blockchain Networks

We collect NFT-related data from public blockchain networks, including:

  • NFT ownership records

  • NFT transfers

  • NFT license certificate ownership changes

2.4. Data Stored Off-Chain

We store NFT off-chain metadata, including License Agreement certificate details. This metadata is used to generate publicly available NFT license certificates.

3. LEGAL BASIS FOR DATA PROCESSING

Purpose

Legal Basis (GDPR Article 6)

Set NFT off-chain metadata based on the NFT license certificate state

Legitimate interest (Art. 6(1)(f))

Notify the administrator of license expiration

Legitimate interest (Art. 6(1)(f))

Notify the administrator of NFT license transfers

Legitimate interest (Art. 6(1)(f))

Notify the License Agreement signer of license expiration

Consent (Art. 6(1)(a))

Validate NFT ownership for License Agreement signing

Legitimate interest (Art. 6(1)(f))

 

4. DATA SHARING & THIRD PARTIES

We do not sell personal data but may share it with:

  • KYC Verification Providers: Sumsub (for identity verification and AML compliance).

  • Email Services: Twilio Sendgrid (for notifications).

  • Blockchain Networks: Public NFT-related data processing via smart contracts.

  • Cloud Hosting: AWS (for secure storage of application databases).

For data transfers outside the EU, we implement Standard Contractual Clauses (SCCs) as required by GDPR (Art. 46).

 

5. DATA SECURITY & STORAGE

We implement industry-standard security measures, including:

  • Encryption: SSL, blockchain-based security for transactions.

  • Access Control: VPN-restricted access to sensitive databases.

  • Data Backups: Daily encrypted backups stored securely on AWS.

  • Secure Storage of Acceptance Data: Party A shall store confirmation of offer acceptance, including IP address, timestamp, and KYC status, in an encrypted format in compliance with Austrian Datenschutzgesetz (DSG).

6. DATA RETENTION POLICY

6.1. Exceptions to the Right to Erasure (Blockchain Data and GDPR Compliance)
6.1.1. Under Article 17 of the General Data Protection Regulation (GDPR), individuals have the right to request the deletion of their personal data. However, due to the immutable nature of blockchain transactions, certain data recorded on the blockchain cannot be erased, altered, or modified.

6.1.2 Blockchain-stored data, including but not limited to NFT licensing records, smart contract interactions, and digital signatures, are permanently recorded on a distributed ledger. These records are outside the direct control of AAV Smart Licensing FlexCo and cannot be deleted without compromising the integrity of the blockchain.

6.1.3 In alignment with Recital 26 of the GDPR and the European Data Protection Board (EDPB) guidelines, the following limitations apply:

  • Personal data embedded within smart contracts or blockchain transactions cannot be removed post-transaction.

  • Off-chain metadata stored by AAV Smart Licensing FlexCo (e.g., KYC data, licensing agreements) can be deleted upon request, provided there is no ongoing legal, financial, or regulatory requirement for retention.

  • The user may request pseudonymization or anonymization measures where feasible, ensuring that their data is no longer directly identifiable.

6.1.4 Users acknowledge and accept that by engaging in blockchain-based transactions, they waive the right to erasure for blockchain-anchored data. AAV Smart Licensing FlexCo will ensure compliance by minimizing the processing of personal data on-chain and utilizing off-chain solutions where necessary.

  • Type of Data

  • Retention Period

  • KYC Data

  • 5 years after account closure (AML compliance)

  • Financial Data

  • Retained as required by tax laws

  • NFT & Blockchain Data

Stored indefinitely due to blockchain immutability

 

7. DATA SUBJECT RIGHTS (GDPR)

You have the right to:

  • Access your data (Art. 15 GDPR)

  • Request correction or deletion (Art. 16 & 17 GDPR)

  • Restrict processing (Art. 18 GDPR)

  • Obtain data in machine-readable format (Art. 20 GDPR)

  • Withdraw consent (where applicable, Art. 7 GDPR)

  • Lodge a complaint with a Data Protection Authority (Art. 77 GDPR)

To exercise your rights, contact privacy@ilicensing.io.

8. NOTIFICATION OF DATA BREACHES

If we detect a personal data breach, we will:

  • Notify affected users within 72 hours (Art. 33 GDPR).

  • Report the breach to relevant data protection authorities.

 

9. KYC & AML COMPLIANCE

9.1. Mandatory KYC Verification

Party B must complete KYC verification via Sumsub, providing:

  • Valid identification documents (passport or national ID).

  • Proof of address (utility bill, bank statement).

  • Any additional AML compliance documents (if requested).

9.2. Data Controller & Processor

  • Party A is the data controller for KYC purposes.

  • Sumsub acts as a data processor, verifying data under Party A’s instructions.

9.3. Data Retention & Storage

  • KYC data is stored for 5 years after Agreement termination (AML laws).

  • Secure deletion after the retention period unless required by authorities.

9.4. Withdrawal of Consent & AML Obligations

  • Withdrawing consent does not override AML retention requirements.

  • If Party B withdraws consent before KYC completion, Party A may refuse services.

9.5. Data Sharing for Compliance

We may share KYC data with:

  • Regulatory authorities, financial institutions, and compliance partners under legal obligations.

 

10. CONTACT US

📧 Email: privacy@ilicensing.io
📍 Address: AAV Smart Licensing FlexCo, 1190, Austria, Wien, Obkirchergasse 21 Tür 34
 

By continuing to use our services, you agree to this Privacy Policy.

bottom of page