PRIVACY POLICY
Last Updated: February 28, 2023
This privacy policy (“Privacy Policy”) is effective as of the date shown above, and describes how Vechain Foundation San Marino S.r.l. (“vechain,” “we,” “our,” or “us,”) collects, uses, shares and otherwise processes information collected about you when you our website www.vechain.org or any other website offered by us that directly links to this Privacy Policy (herein referred to as the “Site”).
If you are a data subject in the United Kingdom (“UK”) or any part of the European Economic Area (“EEA”) and/or in any case Regulation (EU) 2016/679 applies (“GDPR“), please also see paragraph 11 below entitled “Additional Disclosures for People in Europe”.
1. PRODUCT OVERVIEW
The Site provides information about vechain and its licensor’s products and services, the the VechainThor Blockchain, and may offer links to third party resources. The Site is governed under the Website Terms of Service (“Terms”).
2. THE INFORMATION WE COLLECT ABOUT YOU
In order to provide the Site, there is limited information, which may include personal data that you may provide to us voluntarily, as well as personal data that will be collected automatically. Please read the below carefully to understand what may be collected and how it is used:
(a) Information You May Voluntarily Provide.
When elect to receive more information about vechain, or products and services, and information and questions related to the Site, our Terms, or this Privacy Policy, we may collect certain information from you that you are voluntarily providing including:
(i) Contact Information, including name or email address when you reach out to us for support or other communications;
(ii) Digital Wallet Information, including you public wallet address; and
(iii) Content, including any content in communications with us that you provide;
(b) Information We Collect Automatically.
When you use the Site, we will process limited information automatically including:
(i) Use Data, including data about analytic data use, browser type, operating system, time stamps, and your referring and exiting pages;
(ii) Log Files, which are files that record events that occur in connection with your use of the Site;
(iii) Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate our website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Site. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings; and
(iv) Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level) and, with your consent, precise location data (such as latitude/longitude data);
Use Data and Log Files, and to the extent you share them with us, Contact Information and Content are used to maintain, improve and enhance our Site.
We may also collect aggregate information that does not identify you and used for a variety of purposes. For example, vechain may combine information about general usage patterns on the Site with similar information obtained from other users to help enhance our Site and services (e.g., to learn which pages are visited the most or what features users find the most attractive).
3. HOW WE USE THE INFORMATION WE COLLECT ABOUT YOU
We use the information we collect from and about you for the following business purposes:
(a) To provide, maintain, improve, and enhance our Site;
(b) To understand and analyze how our Site is used and develop new products, services, features, and functionality;
(c) Monitoring and analyzing trends, usage, and activities.
(d) To communicate with you, provide you with updates and other information relating to our Site, provide information that you request, respond to comments and questions, and otherwise provide customer support;
(e) To find and prevent fraud, and respond to trust and safety issues that may arise; and
(f) For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency;
For information on your rights and choices regarding how we use personal data about you, please see paragraph 6 below entitled “Your Rights and Choices”.
4. SHARING OF PERSONAL AND NON-PERSONAL DATA
We share information we collect in accordance with the practices described in this Privacy Policy. The types of entities we may have shared information with or may share information with in the future include the following:
(a) Third Parties Providing Services On Our Behalf. In order to make various features, services and materials available to you through the Site, perform analytics, host the Site, and respond to your requests and inquiries, we may share your information you provide with third parties that perform functions on our behalf;
(c) Business Transfers. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition, business combination of all or any portion of our business or assets, change of control, or a transfer of all or a portion of our business or assets to another third party (including in the case of any bankruptcy proceeding);
(d) Legal Disclosure. Under certain circumstances, we may be required to cooperate with legal investigations and/or we may be subject to legal requirements to disclose information collected through the Site, such as a by court or a governmental agency. We may also disclose personal data to investigate any violation or potential violation of the law, this Privacy Policy, or applicable Terms or to protect or defend the rights and property of vechain; and
(e) Consent. We share information with notice to you and your consent.
If GDPR applies to you, you can also contact us to receive additional information on subjects for we share your personal data.
5. ANALYTICS
We use analytics services, such as Google Analytics, to help us understand how users access and use the Site. We use this data to further develop and improve the Site as well as new products and services. For information about your rights and choices regarding analytics, please see paragraph 6, subparagraph (d) below entitled “Your Rights and Choices – Analytics”.
6. YOUR RIGHTS AND CHOICES
(a) Communications.
E-mails: You can opt-out of receiving promotional emails from us at any time by following the removal instructions in the specific communication that you receive, or emailing us at the email address provided in paragraph 10 below entitled “Contact Us” with the word UNSUBSCRIBE in the subject field of the email. Note that your opt out is limited to the email address used;
(b) Cookies and other Tracking Technologies
(i) Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations; and
(ii) Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove tracking technologies some parts of the Site may not function correctly; and
(c) Your Rights and Choices – Analytics
Our analytic service provider, Google, provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout. Please note that the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs provided by our analytic provider.
7. DATA SECURITY
Vechain uses reasonable security measures designed to prevent unauthorized intrusion to the Site and the alteration, acquisition or misuse of personal data. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you, collected from you, or submitted by you. We will not be responsible for loss, corruption or unauthorized acquisition or misuse of information that you provide or that we collect through the Site that is stored by us or our service providers, or for any damages resulting from such loss, corruption or unauthorized acquisition or misuse.
8. CHILDREN’S PRIVACY
The Site is not directed towards, nor was it designed to attract the attention of any children, and we do not knowingly collect or maintain personal data from any person under the age of thirteen.
9. CHANGES TO THIS PRIVACY POLICY
We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Site indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address, by informing you about such changes through our website and/or via other channels we may use to communicate with you.
10. CONTACT US
Please contact us at info@vechain.org if you have any questions or concerns about this Privacy Policy.
11. ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN EUROPE
(a) Roles.
GDPR and data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). vechain acts as a controller with respect to personal data collected as you interact with our Site;
(b) Lawful Basis for Processing.
GDPR and data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include the following:
(i) To fulfill obligation in the contract between you and vechain. When you agree to the Site Terms, you and vechain entered into an agreement and in order for vechain to fulfill its obligations with respect to providing the Site under such agreement, we have to collect your Digital Wallet Data, Log Data, and Transaction Data to provide the necessary functionality as further described in subparagraph 2(b) above entitled “Information Collected Automatically”;
(ii) To pursue our legitimate interests. We rely on legitimate interests pursued by us to process your information, including understanding how our Site is functioning, improving our Site, developing new products and preventing fraud. Information we will use include Use Data, Log Data and Cookie Data. Where we solely rely on legitimate interest, we carry out a balancing test to weight our interests against your right to personal data protection, our processing will never override your fundamental rights and freedoms, and you can always exercise your right to object to such processing;
(iii) Consent. In certain situations where you provide us with consent, we may process your information; and
(iv) To comply with law. In limited circumstances, we may process information in order to comply with legal obligations. To the extent we have received such information from third parties where we have agreed to contractual requirements such as standard contractual clauses, we will use our reasonable efforts to dispute making such disclosures unless legally required to do so.
(c) Retention of Information.
Once the purpose of processing is fulfilled, we retain personal data for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or anonymize personal data once the applicable retention period has expired;
Note that blockchains (including our Blockchain) are designed by default to permanently record information across a wide network of computer systems; therefore, while we commit not to store immediately identifiable personal data, some pseudonymized information will be stored across the Blockchain and therefore it will not be possible to delete such information;
(d) Data Transfer.
If GDPR applies and your data is transferred outside UK or the EEA to the United States or any other country, we will transfer your personal data subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of article 45 the GDPR, or Standard Contractual Clauses as provided from time to time by the European Commission. You can receive additional information on where your data is transferred, and which are the appropriate safeguards by contacting us;
(e) Your Data Subject Rights.
(i) Your Rights to Your Information. If you are a data subject according to the GDPR, subject to certain conditions you have the right to:
- access, rectify, or erase any personal data we process about you;
- data portability, asking us to transfer to any third party at your choice
- restrict or object to our processing of personal data we process about you; and
- where applicable, withdraw your consent at any time for any data processing.
(ii) How to Exercise Your Rights. You may exercise your rights by submitting a written request to us at the email address set out in paragraph 10 above entitled “Contact Us”. We will respond to your request within thirty (30) days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions; and
(iii) When Information May Be Retained. Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes including to perform under the contract, as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
(f) Complaints.
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the Data Protection Supervisory Authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.
