Privacy Policy

Effective as of June 26, 2020.

Introduction

The security and protection of your Personal data is one of the top priorities of DFINITY foundation, a foundation established under Swiss laws, and its affiliates (hereafter: the “Foundation”, “Us” or “We”).

The Foundation may collect Personal data from both natural or legal persons who browse the Foundation’s websites (hereinafter: the “Visitors”). In addition, the Foundation may collect Personal data from both natural or legal persons who signed up for information updates from the Foundation, has registered within the context of the submission of an application idea or has requested an early access for node provisioning or is in one form or another a member of the community or from any individual or entities registered to receive access to any services and tools, including but not limited to Foundation SDKs or Developer Networks (hereinafter: the “Users”).

This Privacy Policy (hereinafter: the “Policy”) aims to protect the privacy and the fundamental rights of Visitors and Users when their Personal data are processed by the Foundation, while they are browsing the Foundation website(s) or services and tools which may be provided to Users. The Foundation uses privacy by default and privacy by design standards and undertake to store your Personal data in a secured manner and to process your Personal data with all appropriate care and attention in accordance with the Federal Data Protection Act, the Ordinance on the Federal Data Protection Act and the General Data Protection Regulation from the European Union (Data Protection Regulations).

1. Definitions

Consent: shall mean any freely given, specific and informed indication of his or her wishes by which a Data subject signals agreement to the Processing of Personal data relating to him or her.

Data controller: shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal data and who is in charge of this Processing.

Data subject: shall mean natural or legal persons whose data is processed, whether it is a User or a Visitor.

Disclosure: shall mean making Personal data accessible, for example by permitting access, transmission or publication.

Personal data: shall mean all information relating to an identified or identifiable person.

Personal data breach: shall mean a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal data transmitted, stored or otherwise processed.

Processing: shall mean any operation or set of operations – by automated and other means – that is performed upon Personal data or sets of Personal data, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, or erasing.

Recipient: means third, public authority, agency or other body – that is, someone or something other than the Data subject or the Foundation – to which the Personal data is disclosed.

2. Scope

The Foundation provides this Policy to describe its procedures regarding the Processing and Disclosure of Personal data collected by the Foundation while using the Foundation websites or any services or tools provided by the Foundation.

This Policy shall apply to any use of the website, services or tools, whatever the method or medium used. It details the conditions at which the Foundation may collect, keep, use and save information that relates to you, as well as the choices that you have made in relation to the collection, utilization and Disclosure of your Personal data.

3. Acceptance

By browsing the website, Visitors acknowledge that the Foundation may collect and process a certain number of Personal data that relate to them and that they have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations.

Users acknowledge that the Foundation may collect and process a certain number of Personal data that relate to them and that they have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations.

In particular, the Consent for the Processing of Personal data is given once the Visitor and/or the Users is informed that if s/he continues browsing the website, s/he gives his consent to our use of cookies for analytical purposes.

The Consent is also given when the Users freely submit to the Foundation the Personal Data required to become a User. This latter understands and agrees that the Foundation is free to use these Personal Data within the limit provided by law and this Policy.

If you do not agree with the terms of this Policy, please do not become a User and refrain from using the website.

4. Principle for Processing Personal Data

While Processing Personal data, the Foundation will respect the following general principle:

a. Fairness and lawfulness - When Processing Personal data, the individual rights of the Data subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.

b. Restriction to a specific purpose - Personal data handled by the Foundation should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

c. Transparency - The Data subject must be informed of how his/her Personal data is being handled. When the Personal data is collected, the Data subject must be informed of: the existence of the present Policy; the identity of the Data controller; the purpose of Personal data Processing; third-parties to whom the data might be transmitted.

d. Consent of the Data subject - Personal data must be collected directly from the individual concerned and the Consent of the Data subject may be required before Processing Personal data. The Consent must be obtained in writing or electronically for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data subject is not given before Processing Personal data, this one should be secured in writing as soon as possible after the beginning of the Processing.

Personal data can be processed without Consent if it is necessary to enforce a legitimate interest of the Foundation. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims) or financial (e.g. valuation of companies) nature. The Processing of Personal data is also permitted if national legislation requests, requires or allows this.

e. Accuracy - Personal data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal data should not be kept on file and deleted.

5. Collected Data

This Policy applies to all information which is received during your visit to or use of the website, when you sign up for information and/or register within the context of the submission of an application idea and/or request an early access for node provisioning and/or when you become a User.

In particular, the Foundation will collect the following Personal data:

a. Visitors data - When you browse the website, even if you do not subscribe to our information update, do not become a User and do not contact us, the Foundation automatically: collects your cookies; uses Google Analytics; uses Google Tag Manager; uses Facebook Pixel; uses Hotjar; uses Mailchimp; uses FullStory; uses Twitter Connect.

b. User’s data - When you become a User, the Foundation shall collect: your name; your country; your IP address; your browser User-Agent; your email address.

c. Information update’s subscriber data - When you, as a Visitor or a User, subscribe to our information update, We collect your IP address and your email address for the sole purpose to send you our information update.

Please note that you are entitled to unsubscribe from our information update whenever you want and at your sole discretion by contacting us in accordance with Section 19 of this Policy.

6. Use of Data

The following paragraphs describe the various purposes for which the Foundation uses your Personal data. Please note that not all of the uses below will be relevant to every individual.

Generally, the main reason why We collect Personal data is to enable you to enjoy and easily navigate the website and to keep a list of the Users who are members of the DFINITY community or your use of services and tools provided by the Foundation. If you contact us via email, We will keep a record of that correspondence.

a. Users data: The Foundation will employ Users’ Personal data to provide them with access to websites, services and tools, and in particular may use to:

  • communicate with them;
  • provide them with a better services or tools,
  • provide them with information about new products available, blog posts, promotions, special offers and other information;
  • answer to their questions and comments;
  • send them the information updates, unless they unsubscribe;
  • prevent potentially prohibited or illegal activities;
  • conduct research and compile statistics on usage patterns;
  • process transactions;
  • manage the accounts;
  • enforce the Terms of Use available at the following address: https://dfinity.org/terms-of-use/ or any separate terms that you may have agreed to;
  • comply with our legal requirements; and as otherwise described to the Users at the point of collection.

b. Use of cookies: For information about the use of cookies, please refer to our Cookie policy.

c. Use of Google Analytics: The website uses Google Analytics, an Internet site analysis service supplied by Google Inc. (“Google”). Google Analytics uses cookies which are text files placed on your computer to help to analyse the use made of the website by its users. The data generated by the cookies concerning your use of the website (including your IP address) may be forwarded to, and stored by, Google on servers that may be outside of user’s country of residence. Google will use this information to evaluate your use of the website, compile reports on site activity for its publisher and provide other services relating to the activity of the website and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties process these data for the account of Google including, in particular, the publisher of the website. Google will not cross-reference your IP address with any other data held by Google. To learn more about how Google Analytics use cookies, refer to documentation available here.

You may deactivate the use of cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of the website. By using the website, you specifically Consent to the Processing of your Personal data by Google under the conditions and for the purposes described above.

7. Third Party Disclosure

The Foundation discloses your personal data with a marketing platform for the information updates, node provisioning and developer applications.

The Foundation may share your Personal data to any other relevant third parties, in particular to provide you with services and tools, if We are requested to do so to comply with a court order or law enforcement authorities request, or if We find it necessary, as determined in the Foundation’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.

In any case where cross-border transfer is done, the Foundation ensures that an adequate protection is guaranteed for Personal data to be transferred outside of Switzerland and the European Union (hereinafter: the “ EU ”). In some specific cases when this level of protection is not guaranteed, the Foundation will obtain your prior Consent or establish with the Recipient of Personal data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Foundation.

Unless otherwise stated, the third parties who receive data from the Foundation are prohibited to use this Personal data beyond what is necessary to provide the product or service to you, directly or by participating in the Foundation’s activities.

8. Storage of Your Personal Data

You agree that the Foundation may store your Personal data in any country of the EEA, including Switzerland as well as the United States.

The storage as well as the Processing of your Personal data may require that your Personal data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence. Where permitted by law, by accepting the terms of this Policy, you agree to such transferring, transmission, storing and/or Processing. You also agree that such activities may take place to or in countries offering a lower level of protection than your country of residence.

9. Retention of Your Personal Data

In accordance with applicable laws, the Foundation will use your Personal data for as long as necessary to satisfy the purposes for which your Personal data was collected or to comply with applicable legal requirements.

10. Security of Your Personal Data

The Foundation applies high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure.

In the event of a Personal confirmed data breach, the Foundation shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Foundation shall communicate this breach to you, if it is feasible, without undue delay.

11. Access to Your Data and Information Rights

You have the right to request access to or information about the Personal data relating to you which are processed by the Foundation.

Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal data; and (iv) revoke Consent to any of our data Processing activities, if the Foundation is relying on your Consent and does not have another legal basis to continue Processing your data.

These rights can be exercised by contacting us through our contact form or writing to us at: [email protected] If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Foundation may charge you a reasonable request fee according to applicable laws.

The Foundation may refuse, restrict or defer the provision of Personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

12. Portability of Your Data

You also have the right to receive your Personal data, which you have provided to the Foundation with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Foundation.

This right can be exercised by contacting us through our contact form or writing to us at: [email protected] If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Foundation may charge you a reasonable request fee according to applicable laws.

The Foundation may refuse, restrict or defer the provision of Personal data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

13. Privacy by Design and by Default

The Foundation will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, which are designed to implement data-protection principles, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of Data Protection Regulations and protect your rights.

The Foundation will implement appropriate technical and organizational measures for ensuring that, by default, only Personal data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of your Personal data We collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal data are not made accessible without your intervention to an indefinite number of third parties.

14. Contacting the Foundation and Complaints

The Foundation hopes to be able to answer any questions or concerns you have about your Personal data. You can get in touch with the Foundation at the postal address or email address given in Section 19 hereafter.

You have the right to make a complaint if you feel your Personal data has been mishandled or if the Foundation has failed to meet your expectations. You are encouraged to contact the Foundation about any complaints or concerns but you are entitled to complain directly to the relevant supervisory authority.

15. Changes to the Privacy Policy

The Foundation may modify this Policy from time to time, and will post the most current version on the website at https://dfinity.org.

16. Data Controller

The data controller of the file is: DFINITY Stiftung, Stockerstrasse 47, 8002 Zürich, Switzerland.

17. Links

The website may contain links which direct you to third party sites. The Foundation rejects any liability relating to the privacy policy in force on said third party sites, the collection and use of your Personal data by the latter and relating to the contents of said sites (whether the links are hypertext links or deep-links).

Furthermore, the Data subject acknowledges and agrees that using our website could imply to download other applications. Under no circumstances the Foundation shall be liable for the utilization of these others applications, especially regarding the Data protection rules.

18. Jurisdiction and Governing Law

This Policy and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law.

Any dispute relating to this Policy must exclusively be brought before the courts of Zurich, Switzerland, subject to an appeal to the Swiss Federal Court.

19. Contact

To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:

a. our email address: [email protected]; or b. our address: DFINITY Stiftung, Stockerstrasse 47, 8002 Zürich, Switzerland.

We will acknowledge and investigate any complaint pursuant to this Policy.