Privacy Policy

Effective as of September 28, 2020.

1. Overview

The security and protection of your personal data is one of the top priorities of DFINITY Foundation, a foundation established under Swiss laws, and its affiliates (collectively, the “Foundation”, “us”, “we” or “our”).

This privacy policy (“Privacy Policy”) applies to information collected, used, or shared by the Foundation when you use or access our websites, sign up for information updates from the Foundation, register within the context of the submission of an application idea, request an early access for node provisioning, are member of the Foundation community, or register to receive access to any services and tools, including but not limited to our SDKs or developer networks. This Privacy Policy details the conditions at which the Foundation may collect, keep, use and save information that relates to you, as well as the choices that you have in relation to the collection, use and disclosure of your personal data.

We collect, process and use your personal data in accordance with this Privacy Policy, the Swiss Federal Data Protection Act (“FADP”), the Swiss Ordinance on the Federal Data Protection Act (“OFADP”) and the General Data Protection Regulation (“GDPR”).

If you provide us with the personal data of third persons (such as family members, work colleagues) you should make sure that these persons are familiar with this Privacy Policy and you must only share their personal data if you have permission to do so and ensure that their personal data is correct.

2. Scope

We provide this Privacy Policy to describe our procedures regarding the processing and disclosure of personal data collected by the Foundation while you are using the Foundation website(s) or any services or tools provided by the Foundation.

3. Acceptance

By using the Foundation websites or any services or tools provided by the Foundation, whatever the method or medium used, you acknowledge that the Foundation may collect and process your personal data, and that you agree that you have read and understood this Privacy Policy and agree to be bound by it and to comply with all applicable laws and regulations.

In particular, your consent for our processing of personal data is given if you continue browsing the website, consenting to our use of cookies for analytical purposes, freely submit to us the personal data required to become a member of the Foundation community or register to receive access to any services and tools. This latter understands and agrees that the Foundation is free to use these Personal Data within the limit provided by law and this Policy.

If you do not agree with the terms of this Privacy Policy, please do not become a member of the Foundation community or register to receive access to any services and tools and refrain from using the Foundation website(s).

4. Collection of Data

The Foundation collects personal data in the following ways:

  • When you browse the website, even if you do not subscribe to our information updates, do not become a user and do not contact us, the Foundation automatically collects cookies about you. For information about our use of cookies, please refer to our Cookie Policy.
  • When you become a user, the Foundation shall collect: your name; your country; your IP address; your browser User-Agent; your email address.
  • When you subscribe to our information update, we collect your IP address and your email address for the sole purpose of sending you our information updates.

Please note, you are entitled to unsubscribe from our information updates whenever you want and at your sole discretion by contacting us in accordance with Section 15 of this Privacy Policy.

5. Use of Data

The Foundation may use your personal data for various purposes, not all of the uses below will be relevant to you.

Generally, we collect personal data to enable you to enjoy and easily navigate the website(s), to keep a list of the users who are members of the Foundation community or related to your use of services and tools we provide. If you contact us via email, we will keep a record of that correspondence.

5.1 The Foundation may use your personal data to provide you with access to websites, services and tools, and in particular may use your personal data to:

  • communicate with you;
  • provide you with a better services or tools,
  • provide you with information about new products available, blog posts, promotions, special offers and other information;
  • answer to your questions and comments;
  • send you the information updates, unless you unsubscribe;
  • prevent potentially prohibited or illegal activities;
  • conduct research and compile statistics on usage patterns;
  • process transactions;
  • manage the accounts;
  • enforce the Terms of Use available at the following address: https://dfinity.org/terms-of-use/ or any separate terms that you may have agreed to;
  • comply with our legal requirements; and
  • as otherwise described to you at the point of collection.

5.2 Use of Websites Cookies. By using our website(s), you consent to our use of cookies and similar technologies. For information about the use of cookies, please refer to our Cookie Policy.

5.3 Use of Google Analytics. Our website(s) also use Google Analytics, a web analysis service supplied by Google Inc. (“Google”). Google is an enterprise of the holding company Alphabet Inc., with its principal place of business in the USA. The data generated by the Google Analytics cookies concerning your use of the website(s) (including your IP address) may be forwarded to and stored by Google on servers that may be outside of your country of residence. Google will use this information to evaluate your use of the website(s), compile reports on site activity for its publisher and provide other services relating to the activity of the website and the use of the internet. Google may release such data to third parties if required by law or when third parties process this data on behalf of Google, including, for example, the publisher of the website. Google will not cross-reference your IP address with any other data held by Google. To learn more about how Google Analytics uses cookies, refer to documentation available here.

You may deactivate the use of cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of our website(s) or applicable services or tools. By using our website(s), you specifically consent to the processing of your personal data by Google under the conditions and for the purposes described above.

6. Third Party Disclosure

The Foundation may disclose your personal data with a marketing platform for the information updates, node provisioning and developer applications.

The Foundation may share your personal data to: any relevant third parties, in particular to provide you with our services and tools; if we are requested to do so to comply with a court order or law enforcement authorities request; or if we find it necessary, as determined in the Foundation’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.

7. International Transfers of Personal Data

Where cross-border transfer is made to third parties outside of Switzerland and the European Union (“EU”), such third parties are obligated to protect data privacy to the same extent as we do. If the level of data protection does not correspond to the Swiss and EU data protection level, the Foundation will contractually ensure that the protection of your personal data corresponds to that in Switzerland and the EU at all times with written agreements that comply with GDPR.

8. Storage of Personal Data

You agree that the Foundation may store your personal data in any country of the EEA, including Switzerland, as well as the United States.

The Foundation will process and store your personal data only for the period necessary to achieve the purposes for which your personal data was collected or as far as this is granted by the applicable laws or regulations. If the storage purpose is not applicable, or if a storage period prescribed by the applicable laws expires, the personal data is routinely erased in accordance with the legal requirements.

9. Your Rights Regarding Your Personal Data

9.1 Right to be informed You have the right to obtain confirmation as to whether or not your personal data is being processed by the Foundation.

9.2 Right to access You have the right to obtain from the Foundation as to whether or not your personal data is being processed by the Foundation and a copy of this information from the Foundation, at no cost to you. Where that is the case, you will have access to your personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the Foundation rectification or erasure of personal data, or restriction of processing of your personal data, or to object to such processing;
  • the existence of the right to submit a complaint with a supervisory authority;
  • where the personal data is not collected directly from you, any available information as to its source; and
  • the existence of automated decision-making, including profiling.

9.3 Right to rectification You have the right to obtain from the Foundation without undue delay rectification of any of your inaccurate personal data. Taking into account the purposes of the processing, you shall have the right to complete incomplete personal data, including by providing a supplementary statement.

9.4 Right to erasure (right to be forgotten) You have the right to obtain from the Foundation erasure of your personal data as soon as possible, and the Foundation shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • You withdraw consent to which the processing is based, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • Your personal data has been unlawfully processed;
  • Your personal data must be erased for compliance with a legal obligation in accordance with the applicable law to which the Foundation is subject; and/or
  • Your personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If you wish to request erasure of your personal data stored by the Foundation, you may contact us at any time in accordance with Section 15 of this Privacy Policy.

9.5 Right to restriction of processing You have the right to obtain from the Foundation restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling the Foundation to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead;
  • the Foundation no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or
  • the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Foundation override those of the data subject.

If any one of the above conditions is met, and you wish to request the restriction of the processing of your personal data stored by the Foundation, you may contact us at any time in accordance with Section 15 of this Privacy Policy.

9.6 Right to data portability You have the right to receive your personal data, which you have provided to the Foundation, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from the Foundation. You may exercise this right by contacting us through our contact form or writing to us at: [email protected] If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such cases, the Foundation may charge you a reasonable request fee according to applicable laws.

The Foundation may refuse, restrict or defer the provision of personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

9.7 Right to object You have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The Foundation shall no longer process your personal data in the event of the objection, unless the Foundation can demonstrate reasonable grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

In order to exercise the right to object, you may directly contact the responsible person.

9.8 Automated individual decision-making, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and the Foundation, or (2) is not authorized by the applicable law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between you and the Foundation, or (2) it is based on your explicit consent, the Foundation shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.

Please note that the Foundation does not use automatic decision-making, but we may use profiling in accordance with this Privacy Policy.

9.9 Right to withdraw data protection consent You have the right to withdraw your consent to processing of your personal data at any time. Such withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise this right, you contact us in accordance with Section 15 of this Privacy Policy.

10. Changes to the Privacy Policy

The Foundation may modify this Privacy Policy from time to time, and we will post the most current version on the website at https://dfinity.org. We encourage you to periodically review our Privacy Policy to stay informed about our data protection practices and the ways you can help protect your privacy.

11. Protection of Personal Data

The Foundation is committed to securing your personal data. We use appropriate technological and organizational measures to help protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration, and destructions. We comply with applicable data protection, privacy, and security breach notification laws.

12. Our Policy Toward Children

The Foundation’s website(s) and services and tools are not directed to individuals under the age of 18, and we do not knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal data, please contact us at [email protected] If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information as soon as possible.

13. Links

Our website(s) may contain links which direct you to third-party websites. When you click on a link to a third-party website from our website(s), your activity and use on the linked website is governed by that third-party website’s policies, not by those of the Foundation. We encourage you to visit their websites and review their privacy and use policies.

14. Contacting Us

You may contact us at [email protected] or at DFINITY Stiftung, Stockerstrasse 47, 8002 Zürich, Switzerland if you:

  • have questions about this Privacy Policy;
  • wish to make a compliance request or have a concern about our handling of your personal data; or
  • want to report a possible breach of privacy laws.