Pawy 3 Join the First 100 Join the First 100

Privacy Policy

PAWY LIMITED (referred to as “we”, “our”, and “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us, including through your use of the PAWY move2earn running app (“App”).

PAWY LIMITED is a company registered in England and Wales under company number 14573317, with its registered office at Flat 1, 31 Long Acre, Covent Garden, London, England, WC2E 9LA. We act as the data controller for the personal data collected in connection with our services.

This Privacy Policy applies to the personal data we collect and process in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. It does not apply to third-party products or services or the practices of companies that we do not own or control, including other companies you may interact with through our services.

Unless otherwise stated, this Privacy Policy is provided in English. In the event of any discrepancies between translated versions and the English version, the English version shall prevail.

What Information is Covered Under This Policy?

This Privacy Policy applies to your personal data, as defined under the UK GDPR, which includes any information that directly or indirectly identifies you. Examples include your name, username, password, IP address, device identifiers, gender, contact details, date of birth, financial information, photos, videos, and opinions about you.

We may also collect location and movement data to enable the functionality of the App. You can manage location monitoring through your device settings, but disabling this feature may prevent us from tracking and converting your movement into PAWPRINT/PAWSTAR tokens.

All personal data is processed in strict confidence and in compliance with the UK GDPR and the Data Protection Act 2018.

Personal Data That We May Collect From You

We may collect some or all of the following types of personal data:

  • Data that you provide to us directly through your interactions with us;
  • Data that we collect automatically when you use our services; and
  • Data that we receive from third-party sources in connection with the provision of our services.

By using our services and agreeing to this Privacy Policy, you acknowledge that we collect and process your personal data as necessary for the purposes outlined in this policy and in compliance with the UK GDPR and the Data Protection Act 2018.

How Personal Data is Collected

“Personal data” refers to any information that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you, as defined under the UK GDPR.

For the purposes of this Privacy Policy, the terms “personal data” and “personal information” are used interchangeably. You have the right to choose whether or not to provide certain personal data. However, please note that some of our services and features require specific personal data to function.

If you choose not to provide the necessary personal data, you may be unable to access or use certain services or features.

Information That You Give Us

We may collect your personal data directly from your interactions with us. This may include, but is not limited to, the following:

  • Completing forms on our website, social media platforms, the App, or other software and mobile applications;
  • Providing consent for us to access personal data such as photographs, videos, or photo albums;
  • Providing consent for us to access the microphone and/or camera on your device;
  • Contacting us via email, telephone, social media, or other communication channels, either directly through our website or the App, or through third-party platforms;
  • Participating in marketing campaigns, competitions, or surveys, either directly through our website or the App, or via third-party platforms.

You are responsible for ensuring that any personal data you provide to us is accurate and up to date. We will process the data on the assumption that it is correct at the time of submission.

Information That We Collect About You

In this Privacy Policy, “Social Media” refers to social networking platforms, including but not limited to websites or mobile applications such as Facebook, Twitter, Instagram, and LinkedIn, which enable the creation and exchange of user-generated content.

When you use our website, Social Media, App, or other software and mobile applications, we may automatically collect the following information about you:

(1) Technical Information:

  • Your Internet Protocol (IP) address used to connect your device to the internet.
  • The internet browser and version you are using to access our website, Social Media, App, or other software and mobile applications.
  • Any additional plug-ins you are using.
  • Your device's operating system and platform.

(2) Usage Information:

  • The time and date you accessed our website, Social Media, App, or other software and mobile applications.
  • Details of your interactions, including links clicked, content accessed, duration of access, and whether you downloaded any content (whether supplied by us or hosted by a third party).
  • Information about how you navigated to and from our website, Social Media, App, or other software and mobile applications, including links to other sites, apps, or pages hosted by us.

This information is collected to improve the functionality of our services, ensure security, and enhance your user experience. All data collected will be processed in accordance with the UK GDPR and the Data Protection Act 2018.

Sensitive Personal Data

In the course of providing our services, we may collect and process sensitive personal data about you. Sensitive personal data, as defined under the UK GDPR, includes information such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data used for identification purposes
  • Health information
  • Sexual orientation
  • Criminal convictions or offences

We will only process sensitive personal data where it is strictly necessary and in accordance with the UK GDPR. This means we will process such data only under the following conditions:

  • Explicit Consent: Where you have provided explicit consent for the specific purposes for which the data is collected.
  • Legal Obligations: Where processing is necessary for compliance with a legal obligation.
  • Vital Interests: Where processing is necessary to protect your vital interests or those of another person, and you are incapable of giving consent.
  • Legal Claims: Where processing is necessary for the establishment, exercise, or defence of legal claims.
  • Substantial Public Interest: Where processing is necessary for reasons of substantial public interest, as defined under UK law.

We implement appropriate safeguards to protect sensitive personal data, including encryption, access controls, and regular audits of our data processing activities. Where sensitive personal data is processed based on your explicit consent, you may withdraw your consent at any time by contacting us.

How We Use Your Personal Data

We process your personal data in accordance with the UK GDPR and the Data Protection Act 2018. The purposes for which we process your personal data include the following:

  • Providing Our Services: To deliver the services you request, including the functionality of the App.
  • Verifying Movement and Location: To verify your physical movement and location and issue PAWPRINT/PAWSTAR tokens based on this verified data.
  • Fraud Prevention and Security: To investigate and prevent suspected fraud, criminal activities, or misuse of our services. This includes the collection and analysis of user location and movement data for fraud detection purposes, as well as the operation of our Machine Learning Anti-Cheating System, which involves detailed behavioral analysis.
  • Account and System Integrity: To process information, including your Internet Protocol (IP) address, for fraud detection and to manage the integrity of the PAWY game system and other services. This includes detecting cheating behavior, verifying account ownership, and handling accounts suspected of being stolen or compromised.
  • Compatibility: To collect and use system version information, device make and model, and other technical data for compatibility assessments with our software and services.
  • App Functionality: To create leaderboards of players, including those meeting specific criteria, and to operate the PAWY Marketplace.
  • Dispute Resolution: To investigate and resolve disputes between players.
  • Communication: To provide you with information you have requested, inform you of updates to the App, our website, Terms of Use, or this Privacy Policy, and communicate with you about our services.
  • Authentication: To authenticate your financial account information, credit or debit card details, or process the transfer of digital assets.
  • Marketing: To send you marketing communications about our latest news, events, special offers, and promotions. This includes direct marketing by us or authorised third parties, where you have provided consent. You may opt out of marketing communications at any time.
  • Product Improvement: To seek your feedback on our services for the purposes of product improvement, customisation, and personalisation.
  • Consumer Engagement: To analyse service usage, improve our services, and allow participation in community features such as sharing content or engaging with blogs.
  • Security and Compliance: To ensure website and software security, detect and prevent fraud, maintain internal accounting and administration, and comply with legal obligations.
  • Customer Relationship Management: To manage our relationship with you and other customers.

Certain elements of your personal data may be shared with other users of the App as part of the normal operation of our services. Additionally, if we expand, restructure, or transfer parts of our business, including through the sale of divisions or assets, your personal data may be transferred to the relevant third parties as part of such transactions. Any such transfers will comply with the UK GDPR and the Data Protection Act 2018.

We may transfer your personal data to locations outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data in accordance with the UK GDPR and the Data Protection Act 2018. These safeguards include:

  • Standard Contractual Clauses (SCCs): We use SCCs approved by the UK Information Commissioner’s Office (ICO) to ensure that your personal data is protected when transferred to countries that do not provide an equivalent level of data protection as the UK.
  • Transfer Impact Assessments (TIAs): We conduct TIAs to evaluate the risks associated with international data transfers and ensure that your data is adequately protected.
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the UK government for countries deemed to provide an adequate level of data protection.

In providing our services, we may use IT services, including software, platforms, and infrastructure, which may involve data storage or processing in other countries. While we strive to ensure transparency, the nature of cross-border IT services means it may not always be practicable to determine the exact location of your data at all times. However, we will ensure that any third-party service providers we engage are contractually obligated to process your data in compliance with UK GDPR requirements.

Data Protection Impact Assessments (DPIAs)

We are committed to ensuring that your personal data is processed in a manner that respects your privacy and complies with applicable data protection laws. In accordance with Article 35 of the UK GDPR, we conduct DPIAs for any processing activities that are likely to result in a high risk to your rights and freedoms. This includes, but is not limited to:

  • The collection and processing of sensitive personal data, such as health or biometric data.
  • The use of location tracking and physical movement data through the App.

DPIAs help us identify and mitigate risks associated with our data processing activities, ensuring that appropriate safeguards are in place to protect your personal data.

Legitimate Interests Assessment (LIA)

When we rely on legitimate interests as the legal basis for processing your personal data, we ensure that such processing is necessary and does not override your rights and freedoms. To achieve this, we conduct a Legitimate Interests Assessment (LIA) to evaluate the necessity and proportionality of the processing. This assessment considers:

  • The purpose of the processing and its benefits to you and us.
  • The necessity of the processing for achieving the stated purpose.
  • The potential impact on your rights and freedoms and the safeguards in place to mitigate any risks.

You have the right to object to processing based on legitimate interests at any time. For more information on how we assess legitimate interests or to exercise your right to object, please contact us.

Legal Obligations to Disclose

We may be required to disclose your personal data for the purposes for which it was collected and in compliance with our legal obligations, including but not limited to the following circumstances:

  • As required by law, including compliance with any court orders, legal processes, or regulatory requirements;
  • To any person where necessary in connection with the provision of our services; and
  • On a confidential basis to our external service providers, advisors, or auditors.

We may also disclose your personal data to our business partners, suppliers, subcontractors, advertisers, advertising networks, analytics providers, search engine providers, and other third parties, provided such disclosure is necessary for the purposes of delivering our services or is ancillary to the purposes for which the data was originally collected.

In certain circumstances, we may share your personal data with third-party business partners for their own marketing purposes, including online advertisers or ad tech companies, to provide you with targeted advertising and marketing communications, where permitted by law. This may include information collected through your use of our services and through cookies or similar technologies.

We may disclose your personal data to third parties in the following additional scenarios:

  • If we buy or sell any business or assets, including in connection with a merger, acquisition, or sale of our business;
  • If we are under a duty to disclose your personal data to comply with legal obligations; or
  • If the disclosure is necessary to investigate or prevent unlawful activities, fraud, or other misconduct.

We will ensure that any disclosures of personal data to third parties comply with the UK GDPR and the Data Protection Act 2018. Where personal data is transferred to recipients outside the UK, we will implement appropriate safeguards, such as Standard Contractual Clauses, to ensure the protection of your data.

How We Store Your Personal Data

We implement appropriate technical, administrative, and physical security measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures are designed to comply with the requirements of theUK GDPR) and the Data Protection Act 2018.

When your credit or debit card details, financial account information, or digital wallet data are transmitted through our services, they are protected using cryptographic protocols. Please note that we do not store your credit or debit card details directly. Instead, we rely on third-party payment processors who act as independent data controllers for this information. We ensure that our contracts with these third parties require them to maintain the security and confidentiality of your personal data.

While we take all reasonable steps to secure your personal data, we cannot guarantee the absolute security of data transmissions over the internet or that unauthorised third parties will never be able to bypass our security measures or those of our service providers.

To the extent permitted by applicable law, we disclaim liability for any unauthorised access, disclosure, or other breaches beyond our control.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The specific retention periods for different categories of data are as follows:

  • Account Information: Retained for the duration of your account's active status and up to 6 years after account closure to comply with legal and regulatory obligations.
  • Transaction Data: Retained for 6 years to comply with financial and tax regulations.
  • Marketing Data: Retained until you withdraw your consent or opt out of marketing communications.
  • Location and Movement Data: Retained for 12 months to support app functionality and fraud prevention.
  • Sensitive Personal Data: Retained only for as long as strictly necessary for the purpose for which it was collected.

Once the retention period expires, your personal data will be securely deleted or anonymised.

Your personal data may be stored and processed within the United Kingdom or transferred to countries outside the UK, including countries that may not provide the same level of data protection as the UK. In such cases, we will ensure that appropriate safeguards, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO), are in place to protect your data.

We take reasonable steps to ensure the security of any data transmitted to or from our services. However, any transmission of data over the internet is at your own risk. Once we receive your personal data, we store it securely using encrypted servers and other security measures to prevent unauthorised access. In some cases, we may also store your personal data in physical form, which is protected by strict access controls.

All employees and contractors with access to your personal data are bound by confidentiality obligations and are required to handle your data in compliance with this Privacy Policy and applicable laws.

Collection of Your Information Using Cookies and Other Tracking Technologies

Our website, App, and other mobile applications use cookies and similar tracking technologies. Cookies are small text files stored on your device that allow us to recognize you and collect information to provide a better and more personalized experience.

Through the use of cookies, we may collect information such as your IP address, browsing activity, and browser details. However, we do not collect or store sensitive information, such as your passwords, through cookies. We use both persistent cookies, which remain on your device until they expire or are deleted, and session cookies, which are temporary and deleted when you close your browser.

The types of cookies we use include:

  • Essential Cookies: Necessary for the operation of our website and App.
  • Analytical and Tracking Cookies: Help us understand how visitors interact with our services.
  • Advertising and Retargeting Cookies: Allow us to deliver relevant advertisements to you.

We will only use cookies and similar technologies where you have provided your explicit consent, as required under the UK Privacy and Electronic Communications Regulations (PECR). You can manage your cookie preferences or withdraw consent at any time through your browser settings or our cookie management tool.

For more details about how we use cookies, please refer to our Cookie Policy. You should also review our website's Terms of Use for additional information.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request access to the personal data we hold about you. To make such a request, please contact us by emailing privacy@pawy.io or writing to us at the following address:

PAWY Limited Flat 1, 31 Long Acre, Covent Garden, London, England, WC2E 9LA Attn: Legal

If we are unable to provide you with access, we will inform you in writing and explain the reasons for our inability to comply with your request.

  • Right to Rectification: If any personal data we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct it. You can contact us at the above email or postal address to make such a request.
  • Right to Object to Processing: You have the right to object to the processing of your personal data for certain purposes, including direct marketing. You can exercise this right by adjusting your preferences in the relevant sections of our website, App, or other mobile applications, or by contacting us at the above address. Right to
  • Withdraw Consent: You may withdraw your consent to receive marketing communications or other correspondence from us at any time. To do so, please contact us by emailing privacy@pawy.io or writing to us at the above address.
  • Additional Rights: Depending on the circumstances, you may also have the right to request the erasure of your personal data, restrict its processing, or request data portability.

For more information on these rights, please contact us using the details provided above. We will respond to all requests in accordance with the UK GDPR and the Data Protection Act 2018.

Jurisdiction-Specific Provisions – Residents of the EEA and the United Kingdom

Through our website, social media platforms, App, and other software or mobile applications, we provide services to users worldwide. As a company established in the United Kingdom, we are primarily bound by the UK GDPR and the Data Protection Act 2018.

For users located in the European Economic Area (EEA), we also comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “EU GDPR”). The purpose of this section is to provide you with a clear, transparent, and concise explanation of how we process your personal data in accordance with Articles 13 and 14 of the UK GDPR and, where applicable, the EU GDPR.

If you have any questions about our data protection practices or wish to exercise your rights, please contact our Data Protection Officer at privacy@pawy.io.

We recognise the following rights under applicable data protection laws with respect to your personal data:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data. This information is detailed in this Privacy Policy.
  • Right of access: You may request information from us at any time regarding whether we hold your personal data and what personal data we hold. We will provide this information to you free of charge, subject to legal exceptions.
  • Right to rectification: If your personal data held by us is inaccurate or incomplete, you have the right to request that we correct or update it.
  • Right to erasure: You have the right to request that we delete your personal data if the data is no longer necessary for the purposes for which it was collected; you withdraw your consent (where processing is based on consent) and there is no other legal basis for processing; you object to the processing and there are no overriding legitimate grounds for us to continue processing; the data has been unlawfully processed; the data must be erased to comply with a legal obligation. However, your right to erasure does not apply if we are required to retain the data to comply with a legal obligation; the data is necessary for the establishment, exercise, or defence of legal claims.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to object to processing: If we process your data based on legitimate interests, you have the right to object to such processing at any time.
  • Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or, if you are in the EEA, with your local data protection supervisory authority.

Complaints

If you have concerns about the way your personal data is being handled or believe there has been a breach of your privacy, please contact us at privacy@pawy.io. We take all complaints seriously and are committed to addressing them in a timely, effective, fair, and consistent manner.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). You can contact the ICO via their website at www.ico.org.uk or by calling their helpline at 0303 123 1113.

Privacy Policy Updates

This Privacy Policy was last updated in March 2025. We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other circumstances. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.