We are delighted that you have chosen to visit our website. We take our data protection responsibilities with the utmost seriousness and we have designed our website so that you may navigate and use our website without having to provide Personal Data.
This Policy sets out what Personal Data we collect, how we process it and how long we retain it. This Policy applies to all of our processing activities where we act as a data controller. In this policy, "we", "us" and "our" refers to the Holochain Foundation, a foundation established and operated in Gibraltar with its registered address at Portland House, Glacis Road, Gibraltar, GX11 1AA. For more information about us, see the Contact Us section of this policy. In this Policy, “personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
1. Navigating this Policy
If you are viewing this policy online, you can click on the below links to jump to the relevant section:
- 1. Navigating this Policy
- 2. How We Use Personal Data
- 2.1. When visiting our website
- 2.2. When subscribing to our Newsletter
- 2.3. When receiving our Newsletter
- 2.4. When receiving our Holochain info - email
- 2.5. When visiting our Twitter or Medium Profile
- 2.6. When using the Holochain Forum
- 2.7. When using any Holochain Telegram, Discord, Reddit or other channel
- 3. Use of Third Party Applications
- 4. Sharing Your Personal Data
- 5. Transferring Your data outside of the EU
- 6. Existence of Automated Decision-making
- 7. Data Security
- 8. Your Rights as a Data Subject
- 9. Storing Personal Data
- 11. Our details
2. How We Use Personal Data
2.1. When visiting our website
We may collect and process Personal Data about your use of our website. This data may include:
- the browser types and versions used;
- the operating system used by the accessing system;
- the website from which an accessing system reaches our website (so- called referrers);
- behaviour: subpage, duration, and revisit;
- the date and time of access to our website, the Internet protocol address (“IP address”);
- the Internet service provider of the accessing system;
- and any other similar data and information that may be used in the event of attacks on our information technology systems.
This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies. The data will be stored for 14 months and will be deleted automatically afterwards.
2.2. When subscribing to our Newsletter
We may collect and process the Personal Data that you provide to us for the purpose of subscribing to our email newsletter. This data may include:
- your email address;
- the date and time of registration;
- your IP address.
This data is collected and processed for the purpose of sending you our newsletter.
The legal basis for this processing is your consent as provided in the double opt-in confirmation part of our newsletter sign-up process.
Your email address will be stored as long we have the consent to send you a newsletter.
2.3. When receiving our Newsletter
If you have subscribed to our newsletter, each time you receive a newsletter from us, we may collect and process Personal Data. This data may include:
- the date and time you opened the email;
- what (if any) links or URLs you accessed from our newsletter;
- the location it was accessed from
This data is collected and processed for the purpose of improving the content of our newsletter. The legal basis for this processing is your consent as provided in the double opt-in confirmation part of our newsletter sign-up process.
2.4. When receiving our Holochain info - email
If you have subscribed to our info - email each time you receive a newsletter from us we may collect and process Personal Data. This data may include:
- the date and time you opened the email;
- what (if any) links or URLs you accessed from our Newsletter;
- and the location it was accessed from This data is collected and for the purposes of improving the content of our info- email.
The legal basis for this processing is your consent The collected data will be deleted after 6 months.
2.5. When visiting our Twitter or Medium Profile
We may collect and process Personal Data about your use of our Twitter or Medium Pro. This data may include:
- clicks on a shortened URL;
- a history of referral URLs for clicks of a shortened URL;
- and a history of IP addresses used to access a shortened URL.
The purpose of this data collection is to track the success of marketing campaigns, blog posts, and other marketing material, and for user demographics in order to identify target markets. This data is collected and processed for the purpose of improving the content of our shared links, pursuant to our legitimate interests.
2.6. When using the Holochain Forum
We may collect and process Personal Data about your activity on the Holochain Forum and on the Holochain Forum. This data may include:
- Name and email address
The purpose of this data collection is to moderate the forum.
2.7. When using any Holochain Telegram, Discord, Reddit or other channel
We may collect and process Personal Data about your use of Holochain Telegram, Discord, Reddit or other social/forum channel. This data may include:
- Name, handle, email address.
The purpose of this data collection is to provide support and information.
2.7.1 Other uses of your Personal Data
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. Further, we may process your Personal data where such processing is necessary in order for us to comply with a legal obligation to which we are subject. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights.
3. Use of Third Party Applications
3.1. Mailing List software
We use mailing list to send out newsletters to subscribers. This allows us to prepare customized Emails and manage our subscribers.
We do not store any information collected by our mailing list provider.
3.2. Webform collection
We use various systems for the registration and submission process of webforms. One example of webform collection we use is Typeform.
Further information and the applicable data protection provisions of typeform please visit https://admin.typeform.com/to/dwk6gt. Typeform’s purpose and function is further explained under the following Link https://www.typeform.com/product/
3.3. Transmitting Social Media Links
At the end of our website we link to our social media profiles. Those services might also collect Personal Data. Below is a broad selection of social media applications that we may currently use or potentially use in the future:
3.3. Ethereum Blockchain
The information will be displayed permanently and public, this is part of the nature of the blockchain.
If you a new to this field, we highly recommend informing yourself about the blockchain technology before using our services.
4. Sharing Your Personal Data
We may pass your information to our Business Partners, administration centres, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing our services to you.
In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure, that they keep your information secure and not to use it for their own direct marketing purposes.
In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
5. Transferring Your data outside of the EU
The distribution of our newsletter is realized with Drip, which is based in the US. Drip is certified under the EU-US Privacy Shield and is GDPR compliant.
However, when interacting with the blockchain, as explained above in this Policy, the blockchain is a global decentralized public network and accordingly any personal data written onto the blockchain may be transferred and stored across the globe
6. Existence of Automated Decision-making
We do not use automatic decision-making or profiling when processing Personal Data.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
8. Your Rights as a Data Subject
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information.
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
However, when interacting with the blockchain we may not be able to ensure that your personal data is deleted. This is because the blockchain is a public decentralized network and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances we will only be able to ensure that all personal data that is held by us is permanently deleted.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defence of legal claims.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
However, when interacting with the blockchain, as it is a public decentralized network, we will likely not be able to prevent external parties from processing any personal data which has been written onto the blockchain. In these circumstances we will use our reasonable endeavours to ensure that all processing of personal data held by us is restricted, notwithstanding this, your right to restrict to processing may not be able to be fully enforced.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
As explained above, we do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us.
We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
- you have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the above details.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data ProtectionCommissioner under the Data Protection Act, which is presently the Gibralt ar Regulatory Authority (GRA). You may contact the GRA on the below details:
- Gibraltar Data Protection Commissioner
- Gibraltar Regulatory Authority
- 2nd Floor, Eurotowers 4
- 1 Europort Road
- Email: [email protected]
- Phone: (+350) 200 74636
- Fax: (+350) 200 72166
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.
9. Storing Personal Data
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this policy.
However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes, and change the ‘Last updated’ date above. We encourage you to review the Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of this website.
11. Our details
This website is owned and operated by Holochain Foundation, established in Gibraltar with its registered address at Portland House, Glacis Road, Gibraltar, GX11 1AA.