Effective as of September 28, 2020.
The security and protection of your personal data is one of the top priorities of DFINITY Foundation, a foundation established under Swiss laws, and its affiliates (collectively, the “Foundation”, “us”, “we” or “our”).
4. Collection of Data
The Foundation collects personal data in the following ways:
- When you become a user, the Foundation shall collect: your name; your country; your IP address; your browser User-Agent; your email address.
- When you subscribe to our information update, we collect your IP address and your email address for the sole purpose of sending you our information updates.
5. Use of Data
The Foundation may use your personal data for various purposes, not all of the uses below will be relevant to you.
Generally, we collect personal data to enable you to enjoy and easily navigate the website(s), to keep a list of the users who are members of the Foundation community or related to your use of services and tools we provide. If you contact us via email, we will keep a record of that correspondence.
5.1 The Foundation may use your personal data to provide you with access to websites, services and tools, and in particular may use your personal data to:
- communicate with you;
- provide you with a better services or tools,
- provide you with information about new products available, blog posts, promotions, special offers and other information;
- answer to your questions and comments;
- send you the information updates, unless you unsubscribe;
- prevent potentially prohibited or illegal activities;
- conduct research and compile statistics on usage patterns;
- process transactions;
- manage the accounts;
- comply with our legal requirements; and
- as otherwise described to you at the point of collection.
6. Third Party Disclosure
The Foundation may disclose your personal data with a marketing platform for the information updates, node provisioning and developer applications.
The Foundation may share your personal data to: any relevant third parties, in particular to provide you with our services and tools; if we are requested to do so to comply with a court order or law enforcement authorities request; or if we find it necessary, as determined in the Foundation’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.
7. International Transfers of Personal Data
Where cross-border transfer is made to third parties outside of Switzerland and the European Union (“EU”), such third parties are obligated to protect data privacy to the same extent as we do. If the level of data protection does not correspond to the Swiss and EU data protection level, the Foundation will contractually ensure that the protection of your personal data corresponds to that in Switzerland and the EU at all times with written agreements that comply with GDPR.
8. Storage of Personal Data
You agree that the Foundation may store your personal data in any country of the EEA, including Switzerland, as well as the United States.
The Foundation will process and store your personal data only for the period necessary to achieve the purposes for which your personal data was collected or as far as this is granted by the applicable laws or regulations. If the storage purpose is not applicable, or if a storage period prescribed by the applicable laws expires, the personal data is routinely erased in accordance with the legal requirements.
9. Your Rights Regarding Your Personal Data
9.1 Right to be informed You have the right to obtain confirmation as to whether or not your personal data is being processed by the Foundation.
9.2 Right to access You have the right to obtain from the Foundation as to whether or not your personal data is being processed by the Foundation and a copy of this information from the Foundation, at no cost to you. Where that is the case, you will have access to your personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the Foundation rectification or erasure of personal data, or restriction of processing of your personal data, or to object to such processing;
- the existence of the right to submit a complaint with a supervisory authority;
- where the personal data is not collected directly from you, any available information as to its source; and
- the existence of automated decision-making, including profiling.
9.3 Right to rectification You have the right to obtain from the Foundation without undue delay rectification of any of your inaccurate personal data. Taking into account the purposes of the processing, you shall have the right to complete incomplete personal data, including by providing a supplementary statement.
9.4 Right to erasure (right to be forgotten) You have the right to obtain from the Foundation erasure of your personal data as soon as possible, and the Foundation shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- You withdraw consent to which the processing is based, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
- Your personal data has been unlawfully processed;
- Your personal data must be erased for compliance with a legal obligation in accordance with the applicable law to which the Foundation is subject; and/or
- Your personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
9.5 Right to restriction of processing You have the right to obtain from the Foundation restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling the Foundation to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead;
- the Foundation no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or
- the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Foundation override those of the data subject.
9.6 Right to data portability You have the right to receive your personal data, which you have provided to the Foundation, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from the Foundation. You may exercise this right by contacting us through our contact form or writing to us at: email@example.com. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such cases, the Foundation may charge you a reasonable request fee according to applicable laws.
The Foundation may refuse, restrict or defer the provision of personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
9.7 Right to object You have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
The Foundation shall no longer process your personal data in the event of the objection, unless the Foundation can demonstrate reasonable grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
In order to exercise the right to object, you may directly contact the responsible person.
9.8 Automated individual decision-making, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and the Foundation, or (2) is not authorized by the applicable law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between you and the Foundation, or (2) it is based on your explicit consent, the Foundation shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.
9.9 Right to withdraw data protection consent You have the right to withdraw your consent to processing of your personal data at any time. Such withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
11. Protection of Personal Data
The Foundation is committed to securing your personal data. We use appropriate technological and organizational measures to help protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration, and destructions. We comply with applicable data protection, privacy, and security breach notification laws.
12. Our Policy Toward Children
The Foundation’s website(s) and services and tools are not directed to individuals under the age of 18, and we do not knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal data, please contact us at firstname.lastname@example.org. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information as soon as possible.
Our website(s) may contain links which direct you to third-party websites. When you click on a link to a third-party website from our website(s), your activity and use on the linked website is governed by that third-party website’s policies, not by those of the Foundation. We encourage you to visit their websites and review their privacy and use policies.
14. Contacting Us
You may contact us at email@example.com or at DFINITY Stiftung, Stockerstrasse 47, 8002 Zürich, Switzerland if you:
- wish to make a compliance request or have a concern about our handling of your personal data; or
- want to report a possible breach of privacy laws.