RariMe Privacy Notice

PLEASE READ THIS PRIVACY NOTICE CAREFULLY, AS IT CONTAINS IMPORTANT INFORMATION AND AFFECTS YOUR LEGAL RIGHTS. PLEASE NOTE THAT THE APPLICATION IS BUILT USING THE TECHNOLOGY DESIGNED TO SIGNIFICANTLY REDUCE THE AMOUNT OF DATA COLLECTED FROM YOU, THE USER, AND TO ELIMINATE THE NEED FOR CENTRALIZED DATA STORAGE OR SHARING.

Last Updated: Mar 20, 2025

This RariMe Privacy Notice (the "Privacy Notice") is designed to help you understand how Rarilabs Inc., a Delaware corporation, having its principal place of business at 1101 Brickell Avenue, South Tower, 8th Floor, Miami, FL 33131, the United States ("Rarilabs", "we", "us" or "our"), collects, uses, and shares your personal information, and to help you understand and exercise your privacy rights. This Privacy Notice is incorporated by the reference into the RariMe General Terms & Conditions (https://rarime.com/general-terms.html) (the "Terms") and together with the Terms constitutes a binding agreement between you and Rarilabs and describes our information handling practices when you access and use the Application (as defined in the Terms), Website (as defined in the Terms), and any other Services (as defined in the Terms). If you choose to access or use the Application, Website or Services, such actions and any Dispute (as defined in the Terms) over privacy is subject to this Privacy Notice and Terms, including limitations on damages.

Capitalized terms used but not defined in this Privacy Notice shall take the meanings assigned to such terms by the Terms.

Notice at Collection. At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt out of such uses, and how long such information is retained. You can find those details in this statement by clicking on the above links.

1. SCOPE AND UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice applies to personal information which may be processed by us as part of our Services. 

Changes to Our Privacy Notice. We may revise this Privacy Notice from time to time in our sole discretion. The revised Privacy Notice will be effective immediately at the time of posting, unless a later effective date is expressly stated therein. We will also revise the "Last Updated" date stated above. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use our Services after the new Privacy Notice takes effect.

It is your responsibility to periodically review this Privacy Notice. You are bound by any changes to this Privacy Notice by using our Services after such changes have been first posted. If you do not agree to the new Privacy Notice, your only remedy is to discontinue use of the Services.

2. PERSONAL INFORMATION PROCESSED IN APPLICATION AND PERSONAL INFORMATION WE COLLECT OR PROCESS

The categories of personal information we collect depend on how you interact with us, our Services, and requirements of applicable law. We collect and process information that you provide to us and information from other sources, as described below.

1. Information Processed in Application

Personal information is typically data that identifies an individual or relates to an identifiable individual. The definition of the personal information depends on the applicable law based on your physical location; only the definition that applies to your physical location will apply to you under this Privacy Notice.

RARILABS ITSELF COLLECTS, PROCESSES, USES, AND STORES THE MINIMUM AMOUNT OF  PERSONAL INFORMATION NEEDED TO PROVIDE SERVICES, WHICH DOES NOT INCLUDE INFORMATION PROCESSED BY THE APPLICATION, AND SHARES PERSONAL INFORMATION WITH THE THIRD PARTIES ONLY IN LIMITED CASES, ALL AS DESCRIBED HEREIN.

AT THE SAME TIME, INHERENT TO ITS DESIGN, THE APPLICATION IS CAPABLE OF PROCESSING SPECIFIC CATEGORIES OF THE PERSONAL INFORMATION, SUCH AS IDENTIFYING DOCUMENTS AND OTHER FORMS OF PERSONALLY IDENTIFIABLE INFORMATION (the "Eligibility Information"). THE ELIGIBILITY INFORMATION SHALL NOT BE DEEMED AS PERSONAL INFORMATION. THE ELIGIBILITY INFORMATION IS COLLECTED, PROCESSED, USED AND STORED SOLELY ON THE USER’S DEVICES (as defined in the Terms), UNTIL IT IS DELETED BY THE USER, WITHOUT ANY INVOLVEMENT OF RARILABS.

SINCE THE DI (as defined in the Terms) IS ANONYMIZED USING ZERO-KNOWLEDGE PROOFS, YOU HEREBY CONFIRM AND AGREE, THAT YOU, AS THE USER CARRY ANY AND ALL ELIGIBILITY INFORMATION SOLELY AND EXCLUSIVELY WITHIN YOUR DEVICES. AS A USER OF THE APPLICATION, YOU ARE SOLELY RESPONSIBLE FOR KEEPING YOUR DEVICE AND ANY ELIGIBILITY INFORMATION SECURE. NEITHER RARILABS NOR ANY OTHER PERSON, OTHER THAN YOURSELF AS THE USER, HAS ACCESS TO ANY ELIGIBILITY INFORMATION. IN NO EVENT DOES RARILABS COLLECT, PROCESS, USE, SHARE OR STORE ANY ELIGIBILITY INFORMATION. RARILABS COLLECTS, PROCESSES, USES, AND STORES ONLY PROVIDED INFORMATION (as defined below) (BESIDES CERTAIN LIMITED EXCEPTIONS, DESCRIBED HEREIN). THE PRIVACY PROTECTIONS REFERENCED BELOW ARE APPLICABLE ONLY TO SUCH PROVIDED INFORMATION, UNLESS OTHERWISE PROVIDED FOR HEREIN.

The Application is intentionally designed to minimize the collection, processing, use, storage, and sharing of the Eligibility Information. Accordingly, the below explanation of the processing level and depth is provided to ensure you fully understand how Rarilabs safeguards your privacy and that Rarilabs has no access to the Eligibility Information.

The Eligibility Information is gathered directly from the User by the Application and processed solely and exclusively within the Application on the Device, without being visible to Rarilabs or any other person under the following circumstances:

• The User downloads and uses the Application.
• The User creates the Digital Identity (as defined in the Terms) through the Application.

The Application and Services use an identity system based on zero-knowledge cryptography. This system allows you to prove certain statements about your identity (such statements listed below) to third parties without exposing such User’s personal information to such third parties and Rarilabs.

Your DI is the virtual representation that you passed credential-based verification. The Digital Identity includes: (i) anonymized identifier of the User in the form of the hash of the User’s Identifying Document (the "Identifier"), and (ii) anonymized verifiable credential in the form of the hash of the following User’s Eligibility Information, contained in the Identifying Document and provided by you voluntarily within the process of the Application use: full name, citizenship, sex, date of birth, number of the Identifying Document, and date of expiry of the Identifying Document, anonymized by the hash of the relevant User’s private key to the User’s Digital Assets Wallet (as defined in the Terms) and attached to the public key to such User’s Digital Assets Wallet, provable on the basis of the zero-knowledge proof of the relevant Identifying Document (the "Verifiable Credential" or "VC").

Third parties, to whom the User intends to prove certain statements about such User’s identity (such statements listed below), may have access to very limited parts of data (metadata) which are provable via zero-knowledge proof and Verifiable Credential, but such data is not, and cannot technically be, connected even to the Identifier of the User, and, therefore, cannot identify the relevant User or be interpreted as relating to such User.

All the Eligibility Information, used by the Application, is anonymized through the use of zero-knowledge proofs. Zero-knowledge proofs are a method by which we help you stay anonymous; they are a mathematical method to prove certain statements about you without disclosing any of the underlying personal information. The statements that may be verified through zero-knowledge proofs are carefully selected to ensure full anonymity and make real identification through indirect means impossible.

Below is a list of statements that may be proven using a Verifiable Credential created through the Application, once authorized by you:

• Proof-of-citizenship: country of your citizenship.
• Proof-of-adultness: is the VC holder over 18 years old or the age of majority in their jurisdiction? [yes/no].
• Proof-of-uniqueness: is the VC holder a unique person? This statement is proven by an anonymized distinguisher (a hash of the private key and a random number assigned by the third party to which the User intends to prove this statement) and a zero-knowledge proof that demonstrates the distinguisher was correctly calculated using the private key, has a corresponding public key in the registered Verifiable Credential, but without revealing the specific Identifier or Verifiable Credential.

2. Personal Information You Provide to Us Directly

With respect to your personal information, we may collect only that personal information that you provide to us (the "Provided Information") (besides certain limited exceptions, described herein), including:

• Your Communications with Us. We may collect any correspondence that you send to us and any personal information contained therein or related thereto, such as email address, phone number, or mailing address when you request information about Rarilabs or our Services, request support, or otherwise communicate with us.
• Information Provided via Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
• Information Submitted via Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered "public", unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
• Information Provided for Participation in Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
• Information Provided for Participation at Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
• Information Collected for Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

3. Personal Information Collected Automatically

We may have access to certain information when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier and other unique identifiers, browser or Device information, location information (including approximate location derived from IP address), blockchain information (such as your Digital Assets Wallet address, on-chain activities, interactions with the Services and other similar activities), but we do not process such information intentionally, except in limited cases, such as when requested by you as the User or to ensure the security and operations of the Services.

We use such cookies and similar tracking technologies to make it easier for you to log-in and to facilitate the Website and Services activities, to analyze performance and marketing activities, and to personalize your experience. Please see which cookies we place and why at "Cookies And Other Tracking Technologies" section below. We also use standard analytics tools, as described in the section titled "Aggregated and Analytics Information" of this Privacy Notice.

4. Personal Information Collected from Other Sources

Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about your friends through our referral service. Our referral services may also allow you to forward or share certain content with a friend or colleague, such as an URL with unique invitation code inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).

3. HOW WE USE YOUR PERSONAL INFORMATION

Provide Our Services. We use your personal information to fulfill our contract with you, to provide you with our Services and to comply with the law, such as:

• Providing access to certain areas, functionalities, and features of our Services.
• Answering requests for customer or technical support.
• Communicating with you, activities on our Services, and policy changes.
• Allowing you to register for events.

Administrative Purposes. We use your personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as research and development, network and information security, and fraud prevention.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
• Improving, upgrading, or enhancing our Services.
• Developing new products and services.
• Ensuring internal quality control and safety.
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice.
• Debugging to identify and repair errors with our Services.
• Auditing relating to interactions, transactions, and other compliance activities.
• Sharing personal information with third parties as needed to provide the Services (only in certain, limited cases).
• Enforcing our agreements, policies and intellectual property rights.
• Recommending new products or services to you.
• Carrying out activities that are required to comply with our legal obligations.

With Your Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION

We disclose your personal information to third parties only in certain limited cases, described below.

1. Disclosures to Provide Our Services

Without the support of other companies, we would not be able to provide our Services in the desired form. To use the services of these companies, it is necessary to share your personal information with these companies to a certain extent. The disclosure of data is limited to selected third-party service providers and only to the extent necessary for the optimal provision of our Services. For example, if you provide us with any Provided Information describing an error with our Services, we may share this information with our service provider responsible for fixing the error.

The legal basis for this data processing is the performance of a contract within the meaning of Article 6(1)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR").

Your data may be disclosed to third parties to the extent necessary for the fulfilment of the contractual relationship. The legal basis for these disclosures is the necessity for the performance of a contract within the meaning of Article 6(1)(b) of the GDPR. For these data processing activities, the third-party service providers are considered data controllers under the data protection laws, and not us. It is the responsibility of these third-party service providers to inform you about their own data processing, which may extend beyond the mere sharing of data for the provision of services, and to comply with data protection laws.

The categories of third parties with whom we may share your personal information are described below.

• Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

2. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; or assist with an investigation or prosecution of suspected or actual illegal activity.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in protecting our rights and fulfilling our obligations.

3. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in protecting our rights and fulfilling our obligations, as well as in the sale of our company or parts thereof.

5. SPECIFIC INFORMATION ABOUT USE OF OUR SERVICES

1. When You Contact Us

If you contact us through our contact addresses and channels (e.g., by e-mail), your personal information may be processed. We may process the data you provide us with, such as, for example, your name, email address, phone number, and your request. Additionally, the time of receipt of the request will be documented. We may process this data to address your request (e.g., providing information about our products and services, providing customer and technical support, incorporating your feedback into the improvement of our Services, etc.).

The legal basis for the Provided Information processing is our legitimate interest under Article 6(1)(f) of the GDPR in addressing your request or, if your request is aimed at the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Article 6(1)(b) of the GDPR.

2. When you Interact with Application

Downloading Application

When downloading the Application, the respective application store provider collects your personal information, in particular:

• Username.
• Email address.
• Customer number.
• Time of download.
• Payment information if applicable.
• Individual device identification number.

For the purposes and scope of such data processing, please refer to the privacy policy of the relevant application store providers:

• Google Play (Android): Google LLC, having its principal place of business at 1600 Amphitheatre Parkway, Mountain View, California 94043, United States: https://policies.google.com/privacy?hl=en&gl=de.
• App Store (iOS): Apple Inc., having its principal place of business at One Apple Park Way, Cupertino, California, the United States, 95014: https://www.apple.com/legal/privacy/.

By downloading our Application from the App Store or Google Play, you have legitimized yourself to the respective application store (e.g., via your Apple ID). A use by Apple Inc. or Google LLC of the data collected in connection with the download or use of the applications that is not in compliance with the GDPR can therefore not be ruled out on the part of Rarilabs. We have no influence on this. However, we do not pass on data to Apple Inc. or Google LLC.

The legal basis for the data processing is your consent by deciding to download the application within the meaning of Article 6(1)(a) of the GDPR and the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

Using Application

The exhaustive explanation of the Application and process of processing of the information in the Application is provided for in "Personal Information Processed in Application and Personal Information We Collect" section above.  

6. YOUR PRIVACY CHOICES AND RIGHTS

1. Your Privacy Choices.

The privacy choices you may have about your personal information are determined by applicable law and are described below.

• Email Communications. If you receive an unwanted email from us, you may use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We may also send you certain non-promotional communications regarding us and our Services, and you may not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Notice). Note that you will continue to receive transaction-related emails regarding products or Services you have requested.
• Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in "Contact Us" below.
• Phone Calls. If you receive an unwanted marketing phone call from us, you may opt out of receiving future phone calls from us by following the instructions which may be available on the call or by otherwise contacting us as set forth in "Contact Us" below.
• "Do Not Track". Do Not Track (the "DNT") is a privacy preference that Users can set in certain web browsers. Please note that we do not respond to or honor the DNT signals or similar mechanisms transmitted by web browsers.

2. Your Privacy Rights.

In accordance with applicable law, you may have the following rights:

• Right of access: you have the right to request access to your personal information stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal information concerning you we process and whether we process it in accordance with applicable data protection regulations.
• Right to rectification: you have the right to have inaccurate or incomplete personal information rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves dis-proportionate effort.
• Right to erasure: you have the right to obtain the erasure of your personal information under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.
• Right to restriction of processing: you have the right to request that the processing of your personal information be restricted.
• Right to data portability: you have the right to receive from us, free of charge, the personal information you have provided to us in a readable format.
• Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).
• Right to withdraw consent: you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below. We will process such requests in accordance with applicable laws. Please note that many of the above rights are subject to exceptions and limitations. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions.

Your rights and our responses will vary based on your country or state of residency. Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled.

In the United States, state consumer privacy laws may provide their residents with additional rights regarding our use of such residents’ personal information. For example:

• Colorado, Connecticut, Virginia and Utah each provide their state residents with rights to:

• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt out of personal data processing for targeted advertising and sales.

• Colorado, Connecticut and Virginia also provide their state residents with right to:

• Correct inaccuracies in their personal information, taking into account the information’s processing purpose.
• Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below.

We do not discriminate against individuals who exercise any of their rights described in this Privacy Notice. However, when you exercise your deletion right, in particular, you may lose access to any aspects of the Services that require your personal information.

If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

Supervisory Authority. If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.

• EEA Data Protection Authorities (DPAs).
• Swiss Federal Data Protection and Information Commissioner (FDPIC).
• UK Information Commissioner’s Office (ICO).

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

1. Transfer of Personal Information to Third Countries

We have the right to transfer your personal information to third parties located abroad if it is necessary to carry out the data processing described in this Privacy Notice. Specific data transfers have been mentioned above. When making such transfers, we will ensure compliance with the applicable legal requirements for disclosing personal information to third parties. The legal provisions governing the disclosure of personal information to third parties are duly observed. The countries to which data is transmitted include those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (such as the member states of the EEA or, from the European Union's (the "EU") perspective, Switzerland), as well as those countries (such as the United States) whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance and the website of the EC). If the country in question does not provide an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of appropriate safeguards, unless an exception is specified on a case-by-case basis for the individual data processing (see Article 49 of the GDPR). Unless otherwise specified, this refers to the choice of companies certified under the Privacy Framework agreement or standard contractual clauses as referred to in Article 46(2)(c) of the GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EC. If you have any questions regarding the implemented measures, please contact us as set forth in "Contact Us" below.

2. Information on Data Transfers to the United States

For the sake of completeness, we would like to inform Users residing or based in Switzerland or EU that certain third-party service providers mentioned in this Privacy Notice are located in the United States. It is important to note that there are surveillance measures by the United States authorities in place that generally allow for the storage of all personal information of individuals whose data has been transmitted from Switzerland or EU to the United States. This occurs without differentiation, limitation, or exception based on the purpose for which the data is being collected and without an objective criterion that would restrict the United States authorities' access to the data and its subsequent use to specific, strictly limited purposes that can justify the interference associated with accessing and using the data. Furthermore, we would like to point out that affected individuals from Switzerland or EU do not have legal remedies or effective judicial protection against general access rights of the United States authorities, which would allow them to access the data concerning them and to rectify or delete it. We explicitly highlight this legal and factual situation to enable you to make an informed decision regarding your consent or opposition to the use of your data.

For Users residing in Switzerland or a member state of the EU, we also want to inform you that, from the perspective of the EU and Switzerland, the United States does not provide an adequate level of data protection, among other reasons, as explained in this paragraph. In cases where we have mentioned in this Privacy Notice that data recipients are located in the United States, we will ensure through the choice of companies certified under the Privacy Framework agreement or through contractual arrangements with these companies and, if necessary, additional appropriate safeguards, that your data is adequately protected at our third-party service providers.

8. AGGREGATED AND ANALYTICS INFORMATION

We use standard analytics tools like Google Analytics to learn about how you and other Users use our Website and Services, how we should improve your user experience and which improvements we should prioritize. In order to find out how Google uses data when you use their services you can visit: https://policies.google.com/technologies/partner-sites. We may use additional or other analytics tools, from time to time, in support of our Services-related activities and operations. The privacy practices of these tools are subject to their own privacy policies.

We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.

9. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small, sometimes encrypted text files that are stored on computer hard drives by websites that you visit. They are used to help users navigate websites efficiently as well as to provide information to the owner of the websites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org.

There are also similar technologies which are not technically cookies that are used for similar purposes, such as local storage objects. When this section refers to "cookies" it is referring to both cookies and such similar technologies.

We may use web beacons, pixel tags, and other tracking technologies on the Website to help customize the Website and improve your experience. A "web beacon" or "pixel tag" is a tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages and viewed emails, and acquire other statistical data. They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined.  

Please note that third parties (including for example providers of external services like web traffic analytics) could also use cookies which are out of our direct control. These cookies are most often analytical ones or such used for providing personalized content. These cookies might include third-party social media sites, which allow easier sharing through various platforms.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. You can at any time change or withdraw your consent from the Cookie banner on our website. Your consent applies to the following domains: www.rarime.com.  

Our uses of these cookies fall into the following general categories:

• Operationally Necessary. This includes cookies that allow you access to our Services, applications, and tools that are required to identify irregular website behaviour, prevent fraudulent activity, improve security, or allow you to make use of our functionality.
• Performance-Related. We may use cookies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services.
• Functionality-Related. We may use cookies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.

You may stop or restrict the placement of cookies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

10. RETENTION OF PERSONAL INFORMATION

How long we retain your personal information depends on the context in which, and purposes for which, we collected it. We store the personal information we collect as described in this Privacy Notice for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve Disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

11. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

This Supplemental Notice for California Residents supplements our Privacy Notice and only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (the "CCPA").

The CCPA provides California residents with the right to know what categories of personal information Rarilabs has collected about them, whether Rarilabs disclosed that personal information for a business purpose (e.g., to a service provider), whether Rarilabs "sold" that personal information, and whether Rarilabs "shared" that personal information for "cross-context behavioral advertising" in the preceding twelve months. California residents can find this information below:

The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in "Personal Information Processed in Application and Personal Information We Collect", "How We Use Your Personal Information", and "How We Disclose Your Personal Information" above, respectively. We will retain personal information in accordance with the time periods set forth in "Retention of Personal Information".

Additional Privacy Rights for California Residents

Opting Out of "Sales" of Personal Information and/or "Sharing" for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the "sale" of personal information (if any) and "sharing" of personal information (if any) for "cross-context behavioral advertising." California residents may exercise these rights by using the information found in "Contact Us".

Disclosure Regarding Individuals Under the Age of 16. Rarilabs does not have actual knowledge of any "sale" of personal information of minors under 16 years of age. Rarilabs does not have actual knowledge of any "sharing" of personal information of minors under 16 years of age for "cross-context behavioral advertising."

Disclosure Regarding Opt Out Preference Signals. Applicable law may provide for an opt out by broadcasting an Opt Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Disclosure Regarding Sensitive Personal Information. Rarilabs may only uses and discloses sensitive personal information for the following purposes:

• To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at Rarilabs and to prosecute those responsible for those actions.
• To ensure the physical safety of natural persons.
• To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Rarilabs, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Rarilabs.
• For purposes that do not infer characteristics about individuals.

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA. 

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include Rarilabs’s request for the specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent using the information found in "Contact Us" below and ask us for additional instructions.

12. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in "Contact Us" below.

13. CHILDREN’S INFORMATION

The Services are not directed to children under 18 (eighteen) (or other age as required by local law), and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to our Services without your consent, you may contact us as described in "Contact Us" below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.

14. OTHER PROVISIONS

Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our Users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Verification Process. Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. If you designate an authorized agent to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.

The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Our verification process may also include a request for additional information to confirm your identity or your authorized agent’s identity (such as your name, email address and date of birth) or to obtain proof that you have given your authorized agent permission to act on your behalf. If our verification process is successful, we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, we will attempt to contact you to inform you.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We will deliver our written response by mail or electronically, at your option. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the personal information from one entity to another entity without hindrance, specifically by electronic mail communication. Further, if you would like to appeal any decision we make about your request, you may contact us as stated in the "Contact Us" section below.

15. CONTACT US 

Rarilabs is the controller of the personal information we process under this Privacy Notice.

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at:

• Name: Rarilabs, Inc., a Delaware corporation.
• Address: 1101 Brickell Avenue, South Tower, 8th Floor, Miami, FL 33131.
• Email: legal@rarilabs.com.