The Tezos Foundation is committed to protecting the privacy and security of the personal data that is provided to us or collected by us. We process personal data in accordance with the Swiss Data Protection Act and – to the extent applicable – the European Union (EU) General Data Protection Regulation or GDPR.
1. Who Is Responsible For Your Personal Data?
The Tezos Foundation (CHE-290.597.458), Dammstrasse 16, 6300 Zug/Switzerland, is responsible for the processing of your personal data (as a “data controller” pursuant to the GDPR).
2. What Information Do We Receive About You?
Personal data about you (or your representatives and/or beneficial owners) is collected by our third party service providers that help us conduct the AML/KYC process (described below) as part of our efforts to identify our contributors and their beneficial owners which contributed to the Tezos Foundation in the year 2017. The type of personal data collected includes name, contact details (such as your address, email address and telephone number), address, identification document, and other relevant information which are customary or may be required in the context of an AML/KYC process.
We may also collect your email address if you agree to receive information about the Tezos Foundation, such as our newsletter.
3. How Do We Use Your Personal Data?
KYC and AML review. We will use your personal data to verify your identity as a part of a Know Your Customer (KYC) and Anti-Money Laundering (AML) review and to compare it with sanction lists and/or other similar lists issued by Swiss and foreign authorities. Processing of this information is necessary for our legitimate interest in preventing fraud or other financial crime, and complying with statutory and regulatory requirements in relation to anti-money laundering and terrorist financing investigation and prevention.
In case you or the organization for which you are acting does not provide the relevant information or the information we received or have identified ourselves indicates that the Tezos Foundation is exposed to any legal or reputational risks in Switzerland or abroad, we may not be able to provide the activation code that is required for you to access your recommended allocation in the genesis block to be proposed by the Foundation.
Informational Emails. If you consent to us doing so at the time you provide us with your personal data, we may use your contact details to send you certain information that will be of interest to you. You have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you or by contacting us as indicated below.
Cookies are small text files that are placed in browser directories on your computer or mobile device when you visit our website. Our website uses session cookies and persistent cookies. Session cookies enable you to move from page to page within the website and any information you enter to be remembered. A session cookie is deleted when you close your browser or after a short time. Persistent cookies allow the website to remember your preferences and settings when you visit the website in the future. Persistent cookies expire after a set period of time.
- Strictly Necessary Cookies: Used to ensure that you can use and navigate our website. Without these cookies, basic functions of our website would not work. Because these cookies are strictly necessary to deliver the website, you cannot refuse them.
5. How And Why Do We Share Your Personal Data?
We will disclose your personal data as follows, as required or permitted by law:
- Vendors and Service Providers. We use service providers who help us conduct the AML/KYC checks in order to research and verify your identity who are based in Switzerland, the United Kingdom and the United States. Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
- Legal Requirements. If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of our customers or website users, or the public, or (iv) protect against legal liability
6. How We Protect Your Personal Data
We have put in place appropriate security measures to hold your personal data securely in electronic and physical form to protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss.
Our partners, staff and third party service providers who have access to confidential information (including personal data) are subject to confidentiality obligations.
7. How Long We Keep Your Personal Data
We will retain your personal data for as long as is necessary for the purpose for which it was collected. We will further retain your personal data to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interest, including data security, requires.
If you have elected to receive informational communications from us, we retain information about your preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8. Your Rights
Pursuant to the applicable EU and Swiss data protection laws, you have rights that you can exercise under certain circumstances in relation to the personal data that we hold. These rights are to:
- request access to your personal data and certain information in relation to its processing;
- request rectification of your personal data;
- request the erasure of your personal data, unless we have a legitimate basis to continue to process your data;
- request that we restrict or “block” the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it;
- object to the processing of your personal data at any time, and we will comply with this request if (i) we are relying on a legitimate interest to process your personal data (unless we demonstrate compelling legitimate grounds for continue processing it), or (ii) if we are processing your personal data for direct marketing purposes;
request portability, i.e. to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, if applicable, and that we process through automated means. We will give you your personal data in a structured, commonly used and machine-readable format;
- lodge a complaint with the competent data protection authority, if you have a concern about our privacy practices, including the way we handled your personal data.
Moreover, if you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
We may refuse to provide access if the relevant data protection legislation or other legislation, in particular the attorney client privilege, allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
If you would like to exercise these rights, please contact us in writing by emailing to email@example.com or by letter to:
Attention: Data Protection
You will not, in general, have to pay a fee to exercise any of your individual rights. However, we may a fee for access if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
9. International Users
The Tezos Foundation is based in Switzerland and we use a service provider to help us conduct the AML/KYC checks located in Switzerland. We are permitted to transfer your personal data to our servers and to our supplier in Switzerland because Switzerland is currently on the European Commission’s list of countries found to provide adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data.
Your information is also transferred to our service provider TokenSoft, Inc. in the United States as necessary to conduct the AML/KYC checks described above. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your personal data out of the EU we will take steps to ensure that your personal data receives an adequate level of protection where it is processed and your rights continue to be protected.
Attention: Data Protection
If you are an individual in the EU, you can also contact VeraSafe, who has been appointed as Tezos Foundation’ representative in the EU pursuant to Article 27 of the General Data Protection Regulation, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road Cork T23AT2P