Lisk is joining the Optimism Superchain ecosystem in 2024! Learn more about our planned migration to Ethereum, and what it means for our community, here

Privacy policy

Introduction

In Lisk Foundation (“Lisk”, “Foundation”, “we”, “our”, “us”) we are committed to protecting and respecting your privacy. We are a foundation established in Switzerland with a registered office at Dammstrasse 16, 6300 Zug, and for the purpose of the EU General Data Protection Regulation (the “GDPR”), if not specified otherwise in this privacy policy, we are the data controller.

We will process your personal data in accordance with the Swiss Federal Data Protection Act (the “FDAP”). The GDPR would apply to processing of your personal data as well if you are residing in the EU and such processing is done in connection with us offering you goods or services, irrespective of whether a payment of the data subject is required, or if your behavior is anyhow monitored. The GDPR would also apply, if any of the third-party service providers we use for processing of your personal data is based in the EU (e.g. Lightcurve GmbH).

This privacy policy (“Policy”) sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with:

  • your use of our website under the domain www.lisk.com (the “Website”) and Lisk Foundation’s website under the domain www.lisk.foundation, as well as Lisk Legacy Explorer Website;
  • your use of our newsletter (the “Newsletter”);
  • your use of the following products: Lisk Core; Lisk Desktop; Lisk Mobile; Lisk SDK; Lisk Service; (collectively: “Lisk Products”);
  • your participation in the following Lisk Programs: Lisk Grant Program (https://lisk.com/grant-program); Bug Bounty Program (https://lisk.com/bug-bounty-program); (collectively: “Lisk Programs”);
  • your participation in events and activities organized by Lisk, such as conferences, meetups, trainings etc. (collectively: “Lisk Events”).

Please read this Policy policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process it. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website, use Lisk Products or apply to Lisk Programs.

For every processing activity we provide you with information on the legitimate basis for such processing under the GDPR. The Swiss FDAP, on the other hand, does not require us to do so.

Changes and updates

This version of the Privacy Policy is effective as of 26th October 2022, and applies to any new user of Websites, Newsletter, Lisk Products, Lisk Programs and people attending Lisk Events. For those who had been using the abovementioned services prior to that date the previous version of the Privacy Policy applies, if they consider it (or parts of it) as more favorable and protecting their interests to a higher extent.

Representative and Joint-controllership

Lightcurve GmbH, postal address: Köpenicker Strasse 126, 10179 Berlin, Germany; email: legal@lightcurve.io, (“Lightcurve”) is our representative in the European Economic Area (the “EEA”) for the purpose of communications and all issues related to data processing under the GDPR. In regards to some of the processing activities, Lisk and Lightcurve act as joint-controllers since they jointly determine the purposes and means of processing of your personal data. Regarding any issues related to such processing of your personal data or the execution of your rights (see section Your rights), feel free to contact either Lisk or Lightcurve (“Joint-controllership”). Appropropriate information is provided in the description of the processing activities in this Policy whenever Joint-controllership occurs.

Lightcurve may also act as a sole data controller for particular processing activities. Each situation of that kind is always clearly specified in this Policy. Should that be the case, your personal data would be processed in accordance with this Policy and you will have the same rights and obligations as stated in this Policy. For further information about the processing of personal data by Lightcurve, please visit Lightcurve’s Privacy Policy.

Therefore, regarding any issues related to the processing of your personal data by Lisk or jointly by Lisk and Lightcurve, issues related to this Policy or execution of your rights (see: Your rights), feel free to contact either Lisk (legal@lisk.foundation) or Lightcurve (legal@lightcurve.io).

Please be informed, however, that Lisk Dev Forum (https://dev.lisk.com/) and Lisk Research Forum (https://research.lisk.com/) that are managed for Lisk by Lightcurve which acts as data controller are exceptions and they are not subject to this Policy.

Lisk Dev Forum’s privacy policy: https://dev.lisk.com/privacy Lisk Research Forum’s privacy policy: https://research.lisk.com/privacy

How do we process your personal data

Personal data you give to us

Website

Our Website collects certain information automatically and stores it in log files. The information may include:

  • IP addresses,
  • the region or general location where your computer or device is accessing the internet,
  • preferred language used to display the website,
  • device screen resolution,
  • device type, browser type and operating system,
  • mouse events (movements, locations and clicks),
  • referring URL and domain,
  • keypresses,
  • date and time when the page was accessed,
  • pages visited,
  • model of your CPU and GPU.

In general, the above mentioned information is necessary to enter any website on the Internet with Hypertext Transfer Protocol (http); the applicable legal basis is the performance of the contract under GDPR Art.6.1(b) (terms and conditions of using the website).

We also use this information to help us design our Website to improve the user experience; the applicable legal basis for this is our legitimate interests under GDPR Art.6.1(f). For this purpose, we may also use tools provided by third parties, in particular analytical tools serving improvement of user experience.

As for the log files - we keep the haproxy logs for 52 days and cloudfront logs for a year.

The Website contains links to other websites. This Privacy Policy applies only to our Website, so if you click on a link to another website, you should read its privacy policy.

Social media sharing buttons:

You can share different content from our Website on your social media accounts by simply clicking on sharing buttons. For that purpose we use services provided by AddToAny (www.addtoany.com) which is both GDPR and CCPA compliant. Therefore, when clicking on the sharing buttons no personal data would be collected from you and shared with the social media providers.

Cookies:

When entering for the first time any of the websites we host (the Website, Lisk Legacy Explorer, Lisk Faucet) you will be provided with a cookie notice. It will explain what type of cookies we use and will allow you to grant us consent on using them.

Cookies are text files placed on your device to collect standard Internet log information and visitor behavior information.

More information about the cookies we use and how we process information collected with their use may be found in our Cookie Notice & Settings.

We use Matomo as a third party analytics service, and to track our advertising campaigns on third party websites and services. We use Matomo to collect information about how our Website performs and how our users, in general, navigate through it. Types of information which may be collected from you vary and may include:

  • your device and browser information;
  • user ID (given to you by Matomo);
  • anonymized IP-address;
  • geolocation data;
  • date, time, and duration of use of the Website;
  • links you visited;
  • links, by which you were addressed to the Website.

Matomo provides further information about its own privacy practices and cookieless tracking https://matomo.org/cookie-consent-banners/.

Furthermore, we use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes:

  • a device's IP address (processed during your session and stored in a de-identified form),
  • device screen size,
  • device type (unique device identifiers),
  • browser information,
  • geographic location (country only),
  • and the preferred language used to display our website.

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

This helps us evaluate our users' use of the Website; compile statistical reports on activity; and improve our content and Website performance; the applicable legal basis is your consent under GDPR Art.6.1(a). Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage the Website.

Foundation’s website

Apart from the Website which is the main communication channel for the Lisk project, we also operate the website dedicated to the Foundation under the following domain name: www.lisk.foundation.

As with any other websites, when you enter the Foundation’s website, certain personal data is being collected from you (see Website above for the types of personal data being collected). This information is necessary for connecting to servers where the Foundation’s website is hosted and for browsing the website; the applicable legal basis is the performance of the contract under GDPR Art.6.1(b) (terms and conditions of using the website). No additional personal data is being collected from you.

We use cookies at the Foundation’s website. More information about them is available in our Cookie Notice & Settings.

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage and host the Foundation’s website.

Contact form

You may reach out to us through a contact form available on the Website: https://lisk.com/contact as well as on the Foundation’s website: https://lisk.foundation/contact.

In order to do that, apart from writing your message or request, it is necessary that you provide us with your email address so we can contact you back. Your email address will be processed solely for the purpose of communicating with you in regards to your message or request; the applicable legal basis for this is our legitimate interests under GDPR Art.6.1(f).

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity.

CAUTION! We do not advise you to send us any data that is considered to be sensitive personal data in the meaning of Art. 9 GDPR, i.e. information on your racial or ethnic origin, sexual orientation, marital status, political affiliation, religion or any other beliefs, health, criminal records or a trade union membership.

Moreover, If you disclose personal information about others in your message, you declare and warrant that you are authorized to do so and that you will permit us to use such information in accordance with this Privacy Policy.

Newsletter

You can subscribe to our Newsletter if you want to receive general updates on the Lisk project and regular updates on the development of various Lisk tools. In order to do so, you will need to provide us with your email address to which the Newsletter will be sent.

By subscribing to the Newsletter, you consent to processing of your email address. We will not use these personal data for any other purpose than circulating the Newsletter.

You may unsubscribe at any time by clicking the following link: https://lisk.us12.list-manage.com/unsubscribe?u=201693389b5cea4883858163e&id=14c69eecc3.

In order to circulate Lisk Newsletter, we use the services provided by Mailchimp with which we will share your email address.

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to provide content for and manage the Newsletter.

Lisk Core (Lisk Mainnet)

Lisk Core is a decentralized network that consists of many different servers (or nodes) and which follows the Lisk protocol. It is where the true Lisk economy exists. Within this network Lisk users can transfer LSK tokens from one account to another, register accounts as delegates, vote for other delegates or register dApps. Lisk Core was launched in May 2016.

Node operators are required to set up Lisk Core on a server, and then connect it to the desired network. Lisk Core is the program that actually implements the Lisk protocol. In order to run a node which will participate in the network, Lisk Core must be installed. Furthermore, this also applies to every additional machine that is required to run a node. You can find additional information about Lisk Core here.

CAUTION! In general, blockchains are designed to be immutable. Any information stored on the blockchain at Lisk Core will remain there forever. Thus, maximum caution should be exercised when storing any personal data on the blockchain at Lisk Core both in the form of a plain text as well as pseudonymised.

All types of personal data mentioned above are stored on the blockchain at Lisk Core which has to be downloaded and regularly updated by every node participating in the network. Thus, personal data stored on the blockchain is processed by every node participating in Lisk Core.

It is therefore impossible to designate one data controller which determines the purposes and means of the processing of personal data within Lisk Core. We have no means of controlling Lisk Core which operates as a decentralized network. Furthermore, there are no means by which we could interfere with the already validated transactions or information stored on the blockchain at Lisk Core. For this reason, when deciding to participate in Lisk Core, you need to take into account that some of your rights concerning your personal data may be significantly limited or even impossible to execute.

Furthermore, the Lisk Foundation itself is not running any nodes. But service providers of Lisk Foundation might run nodes, as for example the service provider Lightcurve GmbH. This is, however, outside of the sphere of influence of the Lisk Foundation and can be subject to privacy policies of such nodes’ operators.

Nevertheless, we want to assure you that your right to privacy is important to us. At Lisk Foundation we try to do whatever possible within the existing legal framework to protect your personal data.

There are ongoing discussions on how data protection regulations should apply to a processing of personal data which takes place on blockchains. Nevertheless, so far there has not been any official guidance released which addresses the issue of data controllership or the exercising of data subjects’ rights in blockchain architectures.

Lisk Desktop

Lisk Desktop is an all-in-one solution to manage your Lisk account, access send tokens, and vote for delegates, among other functions. It combines the functionalities of a cryptocurrency wallet and a network dashboard.

In case you download Lisk Desktop from Lisk’s Website, please check the provisions as set forth in the Lisk Website section in regard to how your personal data is being processed.

In general, Lisk Desktop stores any information and data solely locally on your device. Neither the Lisk Foundation nor Lightcurve have access to this data.

As long as you connect to Lisk Core (Mainnet), Lisk Testnet and Lisk Betanet, we will process the above mentioned data. In case you decide to connect to any other network, Lisk will not have access to any data you share when you use Lisk Desktop.

Please note that when you use Lisk Desktop for the first time, you must login first to enable the option to be able to use other servers/networks which are not Lisk Core or Lisk Testnet. Therefore before you change the server/network, you will be connected to our Lisk Core public API servers by default.

Lisk Desktop makes API calls to Lisk Service (i.e. transfers user information, such as IP address or user-agent header). This transfer is strictly aimed at retrieving blockchain information and making transactions.

Lisk Desktop contains features of the former Lisk Explorer (i.e. allows users to browse all transactions, forged blocks, delegates and other network data). Thus, when using it, we will process personal data collected from you on Lisk Core, Lisk Testnet and Lisk Betanet. To see the particular categories of the personal data, see respective sections of the Policy above.

In order to determine a geolocation of every node of a particular network (Lisk Core, Lisk Testnet, Lisk Betanet) we share its IP address with a third-party service provider Maxmind (https://www.maxmind.com/en/home). Maxmind provides us with as accurate geolocation data as possible which is then displayed at Lisk’s Network Monitor (Home/Network Monitor). The data is processed as long as a node is connected to the network.

You can also help us to improve Lisk Desktop by allowing us to gather your usage data for analytical purposes. Such data will be collected fully anonymously and will be used solely for analytical purposes. We will collect your data only upon your explicit consent, which can be withdrawn anytime in the Settings menu of Lisk Desktop. When collecting and processing such data we use the open-source analytics platform Matomo (www.matomo.org). The collected data is not shared with any third-party service provider but is analyzed by ourselves.

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage and develop Lisk Desktop as well as it which operates our API servers.

Lisk Mobile

Lisk Mobile is a mobile wallet app offering a limited feature-set, available on iPhone and Android devices. Consensus algorithm features such as registering a delegate and voting for delegates are currently limited to Lisk Desktop.

In general, Lisk Mobile stores any information and data solely locally on your device. Neither the Lisk Foundation nor Lightcurve have access to this data.

As long as you connect to Lisk Core (Mainnet), Lisk Testnet and Lisk Betanet, we will process the above mentioned data. In case you decide to connect to any other network, Lisk will not have access to any data you share when you use Lisk Mobile.

Please note that when you use Lisk Mobile for the first time, you must login first to enable the option to be able to use other servers/networks which are not Lisk Core or Lisk Testnet. Therefore before you change the server/network, you will be connected to our Lisk Core public API servers by default. Lisk Mobile makes API calls to Lisk Service (i.e. transfers user information, such as IP address or user-agent header). This transfer is strictly aimed at retrieving blockchain information and making transactions.

In order to determine a geolocation of every node of a particular network (Lisk Core, Lisk Testnet, Lisk Betanet) we share its IP address with a third-party service provider Maxmind (https://www.maxmind.com/en/home). Maxmind provides us with as accurate geolocation data as possible which is then displayed at Lisk’s Network Monitor (Home/Network Monitor). The data is processed as long as a node is connected to the network.

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage and develop Lisk Desktop as well as it which operates our API servers.

Lisk Explorer (Legacy)

Lisk Explorer was a blockchain explorer for Lisk Core and Lisk Testnet. It allowed users to browse all transactions, forged blocks, delegates and other network data. As this product has been discontinued, currently it is possible to use Lisk Explorer legacy website, which provides historical information under the following domain:

Lisk Explorer Legacy is still displaying data related to historical transactions that took place on Lisk Core, Lisk Testnet and Lisk Betanet until its discontinuation. To see the particular categories of the personal data, see respective sections of the Policy above.

As with any other websites, when you enter Lisk Explorer, certain personal data is being collected from you (see Website above for the types of personal data that may be collected). This information is necessary for connecting to servers where Lisk Explorer is hosted and for browsing the website; the applicable legal basis is the performance of the contract under GDPR Art.6.1(b) (terms and conditions of using the website). No additional personal data is being collected from you.

We use cookies at Lisk Explorer. More information about them is available in our Cookie Notice & Settings.

Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage and host Lisk Explorer.

Lisk SDK

Lisk SDK is a software development kit for developers for building blockchain applications based on the Lisk protocol. The Lisk SDK operates on the NodeJS runtime and consists primarily of an application framework (Lisk Framework), a collection of libraries providing blockchain application functionalities (Lisk Elements), and a powerful Command Line Interface (Lisk Commander) which allows developers to manage a Lisk node instance and interact with a Lisk compatible network.

Lisk SDK can be downloaded via external websites (GitHub or npm). For further details on how your data may be collected or processed as a result of such download, we refer you to their privacy policy. No personal data shall be collected nor processed by us as a result of usage of Lisk SDK itself.

Lisk Service

Lisk Service is a web application that allows interaction with various blockchain networks based on Lisk protocol.

The main focus of Lisk Service is to provide data to the UI clients such as Lisk Desktop and Lisk Mobile. Lisk Service makes it possible to access all blockchain live data in a similar way to the regular Lisk SDK API, and in addition provides users with much more details and endpoints, such as geolocation and various statistics about network usage.

Once connected to Lisk Core, Lisk Service will process the following data:

  • Client IP address;
  • URL (path only);
  • User-agent header;
  • Address of your Lisk account;
  • Your public keys (Lisk);
  • Current LSK balance of your Lisk account;
  • Volume of transactions (Lisk);
  • History of LSK account balance;
  • Delegate’s username (if you are a delegate);
  • Votes casted on delegates;
  • Transactional data (Lisk).

Processing of the above mentioned data is necessary for the provision of the services for which Lisk Service is designed for; the applicable legal basis is the performance of the contract under GDPR Art.6.1(b) (Terms and Conditions).

In addition, we process nodes’ geolocation data in order to determine the regional spread of nodes participating in the network. We firmly believe that decentralized networks based on trust such as Lisk information like that are especially important. This also allows us to monitor for potential dangers associated with disturbing the balance in regional representation of nodes participating in the network. We share the nodes’ IP addresses with a third-party service provider Maxmind (https://www.maxmind.com/en/home). Maxmind provides us with as accurate geolocation data as possible. The data is processed as long as a node is connected to the network.

All data processed by Lisk Service apart from Client IP address, URL (path only), User-agent header, delegate’s username and geolocation data, is derived from the information stored on publicly available blockchains of Lisk Core. The other data is stored by us only for the time necessary for safely running the services provided by Lisk Service.

Servers of Lisk Service for Lisk Core are managed and operated by Lightcurve. Your personal data will therefore be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve also helps us to manage and develop Lisk Service. Processing of these data is necessary for the provision of the services for which Lisk Mobile is designed for.

Lisk Programs

Lisk runs two programs which are open for anybody to apply to:

In order to participate in both programs, one needs to file a submission (an application for Lisk Builders Program; report a bug for Lisk Bug Bounty Program); the applicable legal basis is the performance of the contract or in order to take steps prior to entering into a contract under GDPR Art.6.1(b) (Terms and Conditions). For the purpose of reviewing the submission we will process the applicant’s:

  • email address, and
  • discord username.

Since both programs provide for potential monetary grants/bounties, we need to verify the identity of the recipients (KYC) beforehand in accordance with the applicable anti-money laundering as well as combating the financing of terrorism regulations (AML & CFT). In order to do that, we will ask for the following KYC information confirmed by a scan/photo of a valid passport or an ID:

  • name and surname;
  • date of birth,
  • residential address,
  • nationality.

Finally, we will ask for a Lisk wallet address to which the grant/bounty shall be transferred. We will store the aforementioned personal data in a secure manner for the period required by the applicable regulations in the area of AML & CFT. The personal data will be processed also by our main contractor Lightcurve which helps us to manage Lisk Programs and process the submissions. Lightcurve will then act as a data processor.

In addition, for the purposes of AML & CFT verification, we are using KYC Spider tool, provided by external service provider, i.e. KYC Spider AG. For further information on processing the personal data by KYC Spider AG, please refer to its Privacy Policy.

Lisk Events

Lisk organizes different types of events, both online and offline. In order to participate in some of the Lisk Events, you may be required to register beforehand and provide us with following personal data:

  • Your name;
  • Your email address;
  • Depending on the event, we might also process your discord username upon your prior consent.

The abovementioned personal data will be used only for the purpose of communicating with you in regards to that particular event you registered for and for verifying your identity when you join the event; the applicable legal basis is performance of contract under GDPR Art.6.1(b).

In addition to that, you may also be asked to provide your consent to reproduce your physical likeness for marketing purposes (in case the event will be filmed or photographed). In case you decide to refuse to grant such consent, this shall not harm your right to participate in any particular Lisk Event. All your personal data obtained in that form will be processed solely for the purpose you consented for. Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to organize and run Lisk Events.

Personal data we get from third parties

In exceptional cases (such as events, contents and competitions as well as when purchasing the LSK token on our webpage), we may obtain your personal data from third parties - service providers. We will process it only if it was obtained in compliance with the applicable data protection regulation.

Whenever we will process personal data obtained from third parties, this Policy shall apply.

When and how we share your data

Depending on the processing activity, we may share your personal data with our third-party service providers working on our behalf. Every third party with which we will share your personal data comes from a jurisdiction which guarantees an adequate level of protection to the one provided for in the GDPR. Furthermore, as a rule, before we share any personal data of our users with third parties, we conclude appropriate data processing agreements with the recipients that guarantee security of the data and the rights of the data subjects.

Lightcurve

Your personal data will be shared with our main partner and representative in the EEA - Lightcurve. Depending on the processing activity, Lightcurve may act either as a sole controller of your data, as a joint controller with Lisk or as a processor. Specific information about Lightcurve’s role in regards to your personal data is stated in respective sections of this Privacy Policy which refer to particular processing activity. There, you will also find information about purposes of the processing as well as about applicable lawful bases for processing.

Lightcurve is based in Berlin, Germany and its privacy policy may be found here: https://lightcurve.io/privacy-policy.

Other third-party service providers

We may also share your personal data with other third party service providers. When doing so, we make sure that your personal data is processed and transferred, if necessary, in accordance with the applicable data protection regulations (e.g. the GDPR and the Swiss Data Protection Act). The following categories of third-party providers are used to enable / improve the work of our website:

  • Cloud storage providers,
  • Web hosting providers;
  • Email notification provider;
  • Webpage analytics providers;
  • CRM Software provider,
  • Internal content management systems (CMS);
  • Internal collaboration tools.
  • Fiat on-ramp provider (we collaborate with Moonpay, for more information please visit Moonpay’s privacy policy here: https://www.moonpay.com/legal/privacy_policy).

Should you wish to know more about the third party service providers with whom we share your personal data as well as to know the actual categories of the personal data, feel free to reach out to us at legal@lisk.foundation.

Where do we store your data

The information that we collect from you will be transferred to, and stored at/processed within the European Economic Area (EEA), Switzerland, the United Kingdom, the United States and in other countries where our third party service providers are located. We will take all steps reasonably necessary to ensure that your personal data is treated securely, with a level of protection adequate to GDPR and in accordance with this policy. We have provided further details below regarding the steps taken to ensure adequacy of the processing of your personal data.

White Listed Countries:

Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.

The United Kingdom was found to have an adequate level of protection of personal data under Commission Implementing Decision of 28th June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom.

Consequences of invalidation of Privacy Shield:

CAUTION! Taking into account the Court of Justice of the European Union’s decision in “Schrems II” C-311/18 in which the CJEU declared the EU-US Privacy Shield invalid, we undertake to ascertain the adequate level of protection of your personal data by entering into Model Clauses (described below) with our third-party service providers located in the US.

Model Clauses:

If we are transferring data to a third party located outside of the EEA who is not in a White Listed Country, we will enter into the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU - SCCs) with the relevant data importer. Prior to entering into SCCs we assess, on a case-by-case basis, as outlined in the CJEU decision in Schrems II case, whether an adequate level of data protection, comparably to the level of data protection within the EU is given in the country where the data will be transferred to. If the appropriate level of protection is not given, additional protection provisions and measures will be contractually agreed and/or implemented by us to ensure the protection of personal data.

How long do we store your data

We aim to always store your personal data for the minimal period of time thus for the time we actually need it. We may, however, keep your personal data for a longer period of time. We will do that only in order to meet legal requirements imposed on us by the applicable laws and regulations (e.g. AML & CFT for Lisk Programs).

We regularly review our information and erase or anonymise personal data when we no longer need it.

The security of your personal data

Unfortunately, the transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website, Lisk Products or over email; any transmission is at your own risk.

Nevertheless, once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal data against loss, theft and unauthorized use, access or modification.

We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

Your rights

In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights.

To exercise any of your rights, please send your request by an email to: legal@lisk.foundation.

Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

CAUTION! Please also bear in mind that we are not a data controller in regards to any personal data stored on blockchains at Lisk Core and Lisk Testnet. Therefore we will not be able to satisfy your requests if you decide to exercise your rights.

Access:

You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.

Correction:

You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.

Erasure:

You may request that we erase the personal data we hold about you in the following circumstances:

  • where you believe it is no longer necessary for us to hold the personal data,
  • we are processing it on the basis of your consent and you wish to withdraw your consent,
  • we are processing your data on the basis of our legitimate interest and you object to such processing,
  • you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data.

Please provide us with as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.

Restriction of Processing to Storage Only:

You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances:

  • you believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate,
  • we wish to erase the personal data as the processing we are doing is unlawful but you want us to simply restrict the use of that data;
  • we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment,
  • exercise or defence of legal claims; and
  • you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.

Objection:

You have the right to object at any time to our prospective processing of data about you and we will consider your request. Please provide us with details as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

Withdrawal of Consent:

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time.

Newsletter. You may unsubscribe at any time by clicking the following link: https://lisk.us12.list-manage.com/unsubscribe?u=201693389b5cea4883858163e&id=14c69eecc3.

Cookies: If you no longer want cookies to be stored on your device, you can withdraw your consent at any time (see Cookie Notice & Settings) and by adjusting your browser settings, so that your browser refuses all cookies or the cookies from third parties. You can also delete the cookies that have already been placed on your device.

The European Interactive Digital Advertising Alliance website Your Online Choices allows you to install opt-out cookies across different advertising networks.

Lisk Desktop. In case you consented on sharing your usage data for analytical purposes at Lisk Desktop, you can always change it by withdrawing your consent. You can do that directly in the Lisk Desktop application by simply entering the Settings/Privacy and changing your preferences.

Data Portability:

In case you have provided information directly to us, you have the right to receive a copy of these data and require us to transfer it to a third party. This right, however, only applies to information you provided to us and , not to the information we collected about you.

Objection to Marketing:

At any time you have the right to object to our processing of data about you in order to send you marketing including where we build profiles for such purposes and we will stop processing the data for that purpose.

Complain to the authority:

At any time you have the right to lodge a complaint to the competent supervisory authority. Lisk is established in Switzerland which is not a part of the EEA. Thus, there is no lead supervisory authority over processing activities described in this Policy. Therefore, you are free to contact any data protection authority which is competent for the place of your residence or for the place where you think we have infringed your rights within the EEA. Contact details for data protection authorities in the EEA are available here.

Nevertheless, for any processing activity where joint-controllership between Lisk and Lightcurve occurs, you can lodge a complaint to the Berlin Commissioner for Data Protection (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

Disclaimer

This Privacy Policy contains links to other websites. Please note that by clicking on a link you will be redirected to another website or document. These websites can be beyond Lisk’s sphere of influence. Liability is excluded. The operators of the linked websites are solely responsible for their content. We refer you to their privacy policy.

Contact

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at legal@lisk.foundation and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EEA country in which you live or work or where you think we have infringed data protection laws.