The Tezos Foundation is committed to protecting the privacy and security of the personal data that is provided to us or collected by us. We process personal data in accordance with the Swiss Data Protection Act ("FADP") and the European Union (EU) General Data Protection Regulation ("GDPR").
This Privacy Policy explains the types of personal data we may collect, how we may use and disclose such data, and your rights in relation to such data.
Personal data is any information that relates to an identifiable natural person and includes inter alia name, address, e-mail address and user behaviour.
We may provide you with additional privacy notices where we believe that it is appropriate to do so. Those additional notices supplement and should be read together with this Privacy Policy.
1. Who Is Responsible For Your Personal Data?
The Tezos Foundation (CHE-290.597.458), Dammstrasse 16, 6300 Zug/Switzerland, is responsible for the processing of your personal data (as a “data controller” pursuant to the GDPR).
2. What Information Do We Receive About You?
Personal data about you (or your representatives and/or beneficial owners) is collected by our third party service providers that help us conduct the AML/KYC process (described below) as part of our efforts to identify our contributors and their beneficial owners which contributed to the Tezos Foundation in the year 2017.
The type of personal data collected includes name, contact details (such as your address, email address and telephone number), address, identification document, and other relevant information which are customary or may be required in the context of an AML/KYC process.
We may also collect your email address if you agree to receive information about the Tezos Foundation, such as our newsletter.
If you provide information about your representatives and/or beneficial owners, you are responsible for (i) informing any third party individual to whom the personal data relates of the disclosure and use of such data in accordance with this Privacy Policy and (ii) obtaining any necessary consents to such disclosure and use, if required.
3. How Do We Use Your Personal Data?
KYC and AML review. We will use your personal data to verify your identity as a part of a Know Your Customer (KYC) and Anti-Money Laundering (AML ) review and to compare it with sanction lists and/or other similar lists issued by Swiss and foreign authorities. Processing of this information is necessary for our legitimate interest in preventing fraud or other financial crime, and complying with statutory and regulatory requirements in relation to anti-money laundering and terrorist financing investigation and prevention.
In case you or the organization for which you are acting does not provide the relevant information or the information we received or have identified ourselves indicates that the Tezos Foundation is exposed to any legal or reputational risks in Switzerland or abroad, we may not be able to provide the activation code that is required for you to access your recommended allocation in the genesis block to be proposed by the Foundation.
Informational Emails. If you consent to us doing so at the time you provide us with your personal data, we may use your contact details to send you certain information that will be of interest to you. You have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you or by contacting us as indicated below.
4. Cookies
Our website uses cookies to operate and administer the website and gather usage data on our website.
Cookies are small text files that are placed in browser directories on your computer or mobile device when you visit our website. Our website uses session cookies and persistent cookies. Session cookies enable you to move from page to page within the website and any information you enter to be remembered. A session cookie is deleted when you close your browser or after a short time. Persistent cookies allow the website to remember your preferences and settings when you visit the website in the future. Persistent cookies expire after a set period of time.
We use cookies the following ways:
● Strictly Necessary Cookies: Used to ensure that you can use and navigate our website. Without these cookies, basic functions of our website would not work. Because these cookies are strictly necessary to deliver the website, you cannot refuse them.
● Google Analytics: We use Google Analytics which provides us with information about how visitors use our website. Google uses cookies as part of the process to collect statistics such as the number of visitors to the website, where they are from, the pages they visit and the length of time they have spent on our website. The length of time that a Google Analytics cookie remains on your computer or device depends on what it is and what it is used for. Some Google Analytics cookies expire at the end of your browser session, whilst others can remain for up to two years. You can prevent your data from being collected by Google Analytics on our website by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser. For more information on Google Analytics privacy practices, read here.
You can also change your browser settings to block cookies or to alert you when cookies are being sent to your device. Please note that if you decide to disable cookies, you may not be able to access certain functions of our website. By continuing to use our website without changing your settings you consent to our use of cookies.
5. How And Why Do We Share Your Personal Data?
We will disclose your personal data as follows, as required or permitted by law:
● Vendors and Service Providers. We use service providers who help us conduct the AML/KYC checks in order to research and verify your identity who are based in Switzerland. Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
● Legal Requirements. If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of our customers or website users, or the public, or (iv) protect against legal liability
6. How We Protect Your Personal Data
We have put in place appropriate security measures to hold your personal data securely in electronic and physical form to protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss.
Our partners, staff and third party service providers who have access to confidential information (including personal data) are subject to confidentiality obligations.
7. How Long We Keep Your Personal Data
We will retain your personal data for as long as is necessary for the purpose for which it was collected. We will further retain your personal data to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interest, including data security, requires.
If you have elected to receive informational communications from us, we retain information about your preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8. Your Rights
Pursuant to the applicable EU and Swiss data protection laws, you have rights that you can exercise under certain circumstances in relation to the personal data that we hold. These rights are to:
● request access to your personal data and certain information in relation to its processing;
● request rectification of your personal data;
● request the erasure of your personal data, unless we have a legitimate basis to continue to process your data;
● request that we restrict or “block” the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it;
● object to the processing of your personal data at any time, and we will comply with this request if (i) we are relying on a legitimate interest to process your personal data (unless we demonstrate compelling legitimate grounds for continue processing it), or (ii) if we are processing your personal data for direct marketing purposes;
● request portability, i.e. to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, if applicable, and that we process through automated means. We will give you your personal data in a structured, commonly used and machine-readable format; and
● lodge a complaint with the competent data protection authority, if you have a concern about our privacy practices, including the way we handled your personal data.
Moreover, if you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
We may refuse to provide access if the relevant data protection legislation or other legislation, in particular the attorney client privilege, allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
If you would like to exercise these rights, please contact us in writing by emailing to [email protected] or by letter to:
Tezos Foundation
Attention: Data Protection
Dammstrasse 16
6300 Zug
Switzerland
You will not, in general, have to pay a fee to exercise any of your individual rights. However, we may a fee for access if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
9. International Users
The Tezos Foundation is based in Switzerland and we use a service provider to help us conduct the AML/KYC checks located in Switzerland. We are permitted to transfer your personal data to our servers and to our supplier in Switzerland because Switzerland is currently on the European Commission’s list of countries found to provide adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data.
Where we transfer your personal data out of the EU we will take steps to ensure that your personal data receives an adequate level of protection where it is processed and your rights continue to be protected.
10.Changes To The Privacy Policy
We may change this Privacy Policy at any time and when we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our website or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.
11.Contact Us
Please feel free to contact us if you have any questions about our Privacy Policy or to exercise your rights in relation to your personal data.
You may contact us as follows: You may send an email to [email protected] or send mail to:
Tezos Foundation
Data Protection
Dammstrasse 16
6300 Zug
Switzerland
If you are an individual in the EU, you can also contact VeraSafe, who has been appointed as Tezos Foundation’ representative in the EU pursuant to Article 27 of the General Data Protection Regulation, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/ privacy-services/contact-article-27-representative.
Alternatively, VeraSafe may be contacted at:
Matthew Joseph
Zahradníčkova 1220/20A
Prague 15000
Czech Republic
or
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
If you are an individual in the UK, you can also contact VeraSafe, which has been appointed as Tezos Foundation’s representative in the UK pursuant to Article 27 of the UK GDPR, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.
Alternatively, VeraSafe may be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom