Alt.town Privacy Policy

Thank you for using KY International Inc. (“we” “Alt.town” or “Company”) respects your privacy and is committed to protecting your personal data as you (“you” or “User”) use our Services. This Privacy Policy (this “Policy”) describes how we collect, use, and handle your personal data when you use our platforms, websites, and services, including Alt.town (“Services”).

If you have any questions regarding this Policy or our privacy practices, please contact our Data Protection Department as listed in this Policy. It is crucial that you thoroughly read and understand the terms of this Policy, as it details your rights concerning your personal data under applicable data protection laws. Please note that this Policy should be read in conjunction with our Terms of Service as well as any other privacy notices we may issue in relation to specific occasions or services.

Controller

The Company is the data controller responsible for your personal data pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, or “GDPR”).

Terms used in this Policy shall have the meaning set forth in the relevant laws and regulations and our Terms of Service; other matters shall be subject to general commercial practice.

Collection and Use of Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data)

During your use of the Services or any interaction with us, we may collect and use the following types of personal data below:

Personal Information You Provide Directly.

• E-mail address

Information Provided by Third Parties.

• Wallet information(including but not limited to, wallet address, transaction history and public key)
• While wallet addresses and public keys are technically pseudonymous, they may be considered personal data under applicable privacy laws when associated with identifiable individuals. Accordingly, we treat such information with appropriate safeguards and protection standards.

Automatically Collected When You Access Our Service.

• IP address, browser information, device tokens, cookies, access logs, service usage records, and records of improper usage.

Purposes and Method of Collecting and Processing Your Data

We process your personal data as follows to facilitate your better use of our Services as follows:

1. To deliver and facilitate the delivery of Services to you
2. To execute the Services contract
3. To respond to your inquiries and/or offer support to you through our customer service
4. To provide you with certain Service materials and contents
5. To protect our Services, including prevention of and sanction of any act or improper usage that interrupts normal service operation of Service.

The provision of personal data may be a statutory or contractual requirement, or necessary to enter into a contract with us.

We collect personal data from and about you through various methods, including:

1. Direct Interactions:

You directly provide us with your personal data when you:

• Apply for our Services
• Create an account on our website or on ALT.TOWN
• Participate in an event, promotion, or survey
• Provide feedback or contact us.

2.  Automated Technologies and Cookies:

As you interact with our Services, we automatically collect Technical Data about your device, browsing actions, and usage patterns. This data is gathered through cookies, server logs, and other similar technologies. Cookies refer to small amounts of data that is sent by the server that operates the website or the Services on your browser, which may be stored on the hard disk of your computer. They are used to manage security measures, enhance and develop services, offer personalized Services and provide tailored advertisements through analyzing user access, such as the frequency and timing of access, identify patterns in the user’s usage, track user activities, and access to security measures. You may set your browser to not accept cookies, but this may limit your ability to use the Services. We may also use third-party service providers that set cookies and similar technologies to promote our Services.

3. Third Parties or Publicly Available Sources:

We may also work with service providers such as analytics tools (e.g., Google Analytics), cloud infrastructure services, customer community platforms (e.g., Discord, Notion), or user engagement tools. The list of partners may be updated periodically and will comply with applicable data protection laws.

Legal Basis for Processing Personal Data

We only collect and process your personal data when we have a lawful basis to do so. The specific legal basis depends on the context in which we process the personal data, including the Service you use and the nature of the personal data involved.

The legal bases we rely on for processing your personal data include:

1. Performance of a Contract: We process your personal data to fulfill our contractual obligations to you. This includes providing the Service, communicating with you regarding your use of the Service, and ensuring compliance with our Terms of Service.
2. Legitimate Interests: We process your personal data when necessary for our legitimate interests or the legitimate interests of third parties, provided that such processing is not overridden by your data protection rights. This may include preventing fraud, securing our Services, protecting our legal rights, conducting market research, developing products, and for marketing purposes.
3. Compliance with Legal Obligations: We process your personal data to comply with applicable laws, regulations, court orders, or official requests from government or law enforcement authorities.
4. Consent: We process your personal data when you have provided your explicit consent, such as when you agree to receive marketing communications from us. You may withdraw your consent at any time by contacting us at our Data Protection Department.

If you wish to withdraw your consent or object to the processing of your personal data, please contact us at our Data Protection Department. If you feel your concerns have not been addressed adequately or believe we have violated applicable data protection laws, you may file a complaint with your local data protection supervisory authority.

Disclosure of Personal data

To provide the Services, we may share information as discussed below. Please note that we will not sell your personal data to advertisers or other third parties.

1. Disclosure of personal data to a third party
2. We may engage certain third-party service providers (including, but not limited to, providers of customer support and IT services) to assist us in delivering, improving, protecting, and promoting our Services. These service providers may process your personal data on our behalf, but only to the extent necessary for the fulfillment of these business purposes. The processing of your personal data by these third parties is subject to strict contractual obligations to ensure compliance with applicable data protection laws. Disclosure of personal data to other users

Some features of our Services may display your personal data, such as your username, profile picture, device information, wallet addresses, and usage details, to other users with whom you collaborate or choose to share information. Additional personal data may also be made visible to other users if you choose to do so through certain features.

3. Other applications..

You may choose to connect your account with third-party services. When you do so, the Company and the third-party services may exchange information about you and your data to enhance, protect, and promote both services. Please note that this Policy does not apply to the collection and processing of personal data by third-party services, and we recommend reviewing their respective privacy policies for more information.

4. Required Disclosure

We may disclose your personal data to third parties if we reasonably determine that such disclosure is necessary to:

• Comply with any applicable law, regulation, legal process, or government request;
• Protect the safety or life of any individual;
• Prevent fraud or abuse of the Company’s Services or protect our users;
• Safeguard the rights, property, safety, or interests of the Company or our users; or
• Perform a task carried out in the public interest.

Transfer of Your Personal Data Overseas

To provide you with the Services, we may store, process, and transmit your personal data in the Republic of Korea or other locations outside the European Economic Area (“EEA”)—including those outside your country. Data may also be stored locally on the devices you use to access the Services. When we transfer your personal data outside the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or the Republic of Korea.

Measures to Protect Your Personal Data

At the Company, safeguarding your personal data is a top priority and a responsibility we take seriously. We are committed to ensuring that your personal data is afforded the same level of protection, whether it is stored on our Services or on your personal devices. In handling government requests for access to your personal data, including national security requests, we adhere to the following principles:

1. Transparency: We strive to be open about the requests we receive
2. Challenging Blanket Requests: We will fight overly broad or blanket requests for your data
3.  Protecting All Users: We safeguard the privacy rights of all our users
4. Providing Trusted Services: We are committed to maintaining services that users can trust

We are dedicated to keeping your personal data secure and testing for vulnerabilities in our Services. We have implemented robust security measures to safeguard your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures are designed to protect your personal information at all times. Access to your data is restricted to employees, agents, contractors, and third parties who have a legitimate business need to process it. These individuals and entities are required to follow our instructions and are bound by strict confidentiality obligations.

In the event of a suspected data breach, we have established comprehensive procedures to promptly address and mitigate any risks. Where legally required, we will notify both you and the relevant regulatory authorities of any data breach that may impact your personal data.

Data Retention

We will retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, including to comply with any legal, regulatory, tax, accounting, or reporting obligations. In certain circumstances, such as in the event of a complaint or where there is a reasonable expectation of litigation related to our relationship with you, we may retain your personal data for a longer period.

To determine the appropriate retention period, we take into account several factors, including the volume, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we are processing the data and whether those purposes can be achieved through other means, as well as any relevant legal, regulatory, tax, accounting, or other applicable requirements.

Subject to the foregoing, in principle, we will destruct your personal data without delay when (i) the purpose of collection and use has been achieved; (ii) you withdraw your account from the Service; (iii) the legal or management needs have been achieved; (iv) or receipt of your request.

Please note that certain transaction records and wallet interactions recorded on public blockchains are immutable and cannot be altered or deleted. While we can delete off-chain data stored on our systems, we are unable to modify or erase any on-chain activity.

Your Responsibility for Securing Personal Data

You are responsible for ensuring the security of your personal data. This includes choosing a sufficiently strong password and keeping your credentials, including your password, confidential at all times. You are also obligated to respect the privacy and personal data of others and must not infringe upon or misuse third-party personal data. Please avoid disclosing your personal data, such as your password, and refrain from actions that may harm or compromise the personal data or privacy of others.

While we employ rigorous security measures to protect your personal data, we will not be liable for any loss, unauthorized access, or misuse of your personal data that results from your own actions, such as failing to secure your account or sharing your password with others. It is your responsibility to safeguard your personal data and respect the privacy and security of others.

It is equally important that the personal data we hold about you is accurate and up to date. Please notify us promptly if any of your personal data changes during your use of our Services, to help us maintain the accuracy and integrity of the information. We will not be liable for any loss, unauthorized access, or misuse of your personal data that occurs as a result of your failure to promptly update your personal data.

Your Rights to Your Personal Data

You have control over your personal data and how it is collected, used, and shared by the Company. As a user of our Services, you may exercise the following rights concerning your personal data:

1. Right to access to personal data: You have the right to request access to the personal data we hold about you.
2. Right to deletion: You may request the deletion of personal data from your account or our databases. Upon your request for deletion, your personal data will be erased within a reasonable period, typically within 14 business days, unless retention is required by applicable law or for legitimate business purposes. Some immutable data stored on blockchain networks may not be subject to deletion.
3. Right to correction: You can manage your account, including editing your personal data at any time.
4. Right to restrict processing and objection: You may object to the processing of your personal data or request a temporary suspension or restriction of data processing.
5. Right to data portability: You may request the transfer of your personal data to another party.
6. Right to avoid automated decision-making: You may request to stop automated processing of personal data, including profiling, which significantly impacts or can legally affect them.
7. Right to withdraw consent: You may withdraw your consent to the processing of your personal data at any time.

• Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal. However, withdrawing consent may limit our ability to provide certain Services to you. We will inform you if this is the case at the time of withdrawal.

To exercise any of the above rights, please contact us at our Data Protection Department. We will take appropriate action without undue delay. Note that we may deny your request only if there is a legitimate reason prescribed by law.

Protection of Personal data of Children

The Services provided by the Company are intended for general audiences, and we do not knowingly collect personal data from children under the age of 16 or the equivalent minimum age as defined by the laws of relevant jurisdictions. However, if we must collect personal data from children under the age of 16 (or the equivalent minimum age in the relevant jurisdiction) for unavoidable reasons, we will take additional steps to ensure the protection of that personal data, including:

1. Verification: We will make reasonable efforts to verify that the individuals are children of an age requiring parental or guardian consent, and that the person providing consent is authorized to do so.
2. Parental Consent: We will obtain verifiable consent from the parent or legal guardian before collecting personal data or providing services directly to children.
3. Parental Notification: We will provide parents or guardians with notice of this Policy, detailing the types of personal data collected, the purpose of collection, and any sharing of the data.
4. Parental Rights: We will grant parents or guardians the right to:

•  Access their child's personal data;
• Request correction or deletion of their child's personal data;
• Request the suspension of processing their child's personal data;
• Withdraw their consent for the processing of their child's personal data.

5. Data Minimization: We will collect only the personal data necessary for the provision of our Services.

Contact Information

If you have any questions about this Policy or our privacy practices, please contact our Data Protection Department in the following ways:

Attention: Peter Kim                          

Email address: contact@ky-international.xyz                  

If they cannot answer your question, you have the right to contact your local data protection supervisory authority.

Changes to the Privacy Policy

We reserve the right to revise this Policy from time to time. In the event of any changes, we will provide notice by posting the updated policy on our Services or through other appropriate means, such as email notifications or a pop-up screen requesting acceptance when you sign in.

Last modified: May 1, 2025