Privacy Policy

Privacy Policy

House of Pranksy / PRANKSY LIMITED

This Privacy Policy sets out how PRANKSY LIMITED collects, uses, discloses, and protects personal data in connection with the House of Pranksy website, membership programme, and associated digital or physical services (“Services”). This Privacy Policy applies to all individuals who access or use the Services, regardless of location.

1. Data Controller - The data controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 is:

PRANKSY LIMITED

Company Number: 13400584

105 High Street

Worcester

Worcestershire

WR1 2HW

United Kingdom

Contact for privacy matters: revolution@pranksy.io

2. Categories of Personal Data Processed - We may collect, use, and store the following categories of personal data: Category Examples, Identity Data, Name, username or alias, Discord handle or equivalent identifiers, Contact Data, Email address, shipping address (if a Physical Membership Certificate is issued), Membership Credential Data, Public blockchain wallet address, membership tier, membership status held in the Membership Registry, Transaction Data, Payment confirmation, purchase dates, credential issuance records (we do not store payment card numbers), Technical Data, IP address, device and browser information, access logs, session metadata, Communication Data, Support requests, administrative correspondence, submitted forms, voluntary disclosures in community areas

3. Special Notes Regarding Blockchain Data

3.1 Public blockchain transactions are inherently transparent. Public wallet addresses and transaction histories recorded on a blockchain may be publicly accessible and may be linked to individuals through external analysis.

3.2 We do not request or store private wallet keys. You are solely responsible for maintaining the security of your wallet and your private wallet keys. We do not back up your private wallet keys, it is your responsibility to take such steps as you deem appropriate to protect these.

3.3 Blockchain records are immutable. We cannot modify or delete on-chain data.

4. Legal Bases for Processing (UK / EU) - We process personal data only where a lawful basis under UK GDPR applies: Purpose, Lawful Basis, Provision, verification, and maintenance of membership access, Performance of a contract, Maintenance of Membership Registry and identity verification for non-NFT membership, Legitimate interests, Delivery of Physical Membership Certificates, Performance of a contract, Communications regarding membership administration, Legitimate interests, Security, fraud prevention, regulatory compliance, Legal obligation / Legitimate interests, Analytics and service improvement, Legitimate interests (with proportionality assessment) Consent is not relied upon except where explicitly required.

5. How We Use Personal Data - We use personal data to: Administer and verify membership access rights; Maintain the official Membership Registry; Issue and deliver Membership Credentials (digital or physical); Operate and moderate community and communication platforms; Provide account and support communications; Comply with legal and regulatory obligations; Maintain system security and prevent fraud. We do not use personal data for behavioural advertising or commercial profiling.

6. Sharing of Personal Data - We may disclose personal data to:

Service providers engaged to support the operation of the Services (e.g., hosting, access gating, email delivery, customer support, payment processing, logistics); Digital community platform providers (e.g., Discord, gated access providers) solely for the purpose of administering membership access control;Professional advisers (legal, financial, technical, compliance); Regulatory or governmental authorities where required by law. We do not sell or share personal data as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

7. International Transfers - Where personal data is transferred outside the UK or EEA, such transfers are conducted in accordance with applicable data transfer mechanisms, such as Standard Contractual Clauses approved by the UK or EU, or equivalent recognised safeguards.

8. Data Retention - We retain personal data only for as long as necessary for the purposes outlined in this policy, including:

Membership Registry records are retained for the duration of active membership and, where membership is defined as lifetime, on an ongoing basis as necessary to verify membership validity. Transaction and accounting records are retained for a minimum of six (6) years to comply with statutory audit requirements. Communications and administrative correspondence are retained for operational necessity and audit review.

9. Data Security - We implement technical and organisational security measures including encryption, access controls, credential security procedures, and environment hardening. However, no system can guarantee absolute security. You are responsible for the security of your own devices and blockchain wallet private keys.

10. Rights of Individuals (UK / EU) - You may, subject to lawful exemptions, exercise the following rights: Right of access to personal data; Right to rectification of inaccurate data; Right to erasure where legally applicable; Right to restrict or object to processing;

Right to data portability where processing is contractual and automated. Requests may be submitted to: [insert email] We may request identity verification before fulfilling a request.

11. Additional Rights for U.S. Residents (CCPA / CPRA) - If you are a resident of California or a U.S. state with equivalent privacy legislation, you may have the following rights: Right to Know the categories of personal data collected and purposes of use (as set out in Section 2 and Section 5). Right to Request Deletion of personal data, subject to lawful exceptions. Right to Request Correction of inaccurate personal data. Right to Opt-Out of any “sale” or “sharing” of personal data. We do not sell or share personal data. Right to Non-Discrimination for exercising privacy rights. Requests may be submitted to: revolution@pranksy.io We will verify identity before responding.

12. Cookies - We use cookies or similar technologies for site functionality and security. A separate Cookie Policy may apply.

13. Third-Party Links - We are not responsible for the privacy practices of external websites.

14. Changes to This Policy - We may update this Privacy Policy. The most recent version will be posted on our website.

15. Contact - For all data protection enquiries:

Email: revolution@pranksy.io

Address: PRANKSY LIMITED, 105 High Street, Worcester, WR1 2HW, United Kingdom