In Lisk Foundation (“we”, “our”, “us”) we are committed to protecting and respecting your privacy. We are a foundation established in Switzerland with a registered office at Dammstrasse 16, 6300 Zug, and for the purpose of the EU General Data Protection Regulation (the “GDPR”), we are the data controller.
This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our website at https://lisk.io (the “Website”) and use of our tools: Lisk Protocol, Lisk Network Token, Lisk Desktop, Lisk Elements, Lisk Commander, Lisk Mobile and Lisk Core (collectively: “Lisk Services”).
What types of information do we collect and how we use it?
Information you give us. You may provide information by contacting us via our Website, Lisk Chat, email or when using Lisk Services. You also provide us with information by creating your Lisk Chat account or signing up for the Lisk newsletter. Personal data must be processed lawfully, fairly and transparently to data subject. This means that we will process your personal data only under allowable legal basis and we will provide you certain information when collecting your personal data and when you exercise your rights (see Your rights). We expect that the legal basis for processing your personal data will be either:
• your unambiguous, informed, freely given and specific consent, which you can withdraw at any time, or
• a contract between us, formed for example when you decide to use Lisk Services.
It is also possible that we may be required to process your personal data in in order to fulfil a legal obligation specified in applicable law (EU or EEA member state) or to protect our legitimate interest. We will inform you about this and we will attempt to balance our interests against your rights and freedoms before processing.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we will use your information to:
• communicate with you;
• administer and provide services and customer support per your request;
• personalise our services for you;
• if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
• provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
Technical usage information. When you visit the Website, use Chat or you use Lisk Services, we collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
• your IP address;
• device information including, but not limited to, identifier, name, and type of operating system;
• mobile network information; and
• standard web information, such as your browser type and the pages you access on our Website.
We collect this information in order to:
• personalise our Website to ensure content from the Website is presented in the most effective manner for you and your device;
• monitor and analyse trends, usage and activity in connection with our Website and services to improve the Website;
• administer the Website and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
• keep the Website safe and secure; or
• measure and understand the effectiveness of the content we serve to you and others.
• We use Intercom performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable.
• We use Google Analytics which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
How do we share your personal data?
• Lightcurve GmbH supports Lisk by procuring IT services and other support services on Lisk’s behalf. Lightcurve is established in Germany and contracts with many of the service providers below on behalf of Lisk.
• AWS, a cloud storage provider and provider of cloudfront CDN services. We use AWS to ensure that our website can be accessed from anywhere in the world and to store our data both for the services and for disaster recovery purposes. AWS may store your personal data in any country in the world. We have in place contractual provisions with AWS which include adequacy requirements for transfers of EU data outside of the EEA (see Where do we store your personal data?).
• Intercom provides customer support services and performance and functionality cookies for our Website. In providing its services, Intercom may transfer personal data from the EU to the US. Intercom has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield.
• Provided you have consented to receipt of our newsletter and other marketing, we will share your personal data with Mailchimp who distribute our marketing materials. Mailchimp is located in the US and has self-certified to the EU-US and Swiss-US Privacy Shield.
• Analytics and search engine provider, Google, located in the United States that assist us in the improvement and optimisation of the Website.
• Matomo provides us with usage analytics services for Lisk Desktop. Matomo’s services are fully GDPR compliant.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with a legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
• in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
• if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Where do we store your personal data?
The information that we collect from you will be transferred to, and stored at/processed within the EEA, Switzerland, the United States and in other countries where our third parties are located. We will take all steps reasonably necessary to ensure that your personal data is treated securely, with a level of protection adequate to GDPR and in accordance with this policy. We have provided further details below regarding the steps taken to ensure adequacy of the processing of your personal data.
• White Listed Countries: We transfer data to Switzerland which was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.
• Privacy Shield: Some of our third parties (see How do we share your personal data?) comply with the US Department of Commerce's EU-US Privacy Shield and have certified that they adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
• Model Clauses: If we are transferring data to a third party located outside of the EEA who is not in a White Listed Country or registered with Privacy Shield, we will enter into the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification. We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
Your obligations regarding your personal data
It is important that you inform us of any changes to your personal data as soon as possible by writing an e-mail to email@example.com where the change request is described in detail as well as your name is included. We also require you to take appropriate steps to keep confidential any data that you do not want shared. Please do not disclose personal data on Lisk Chat. If you receive personal data from others on Lisk Chat, please use it appropriately and keep it confidential – please assume that such data is being disclosed only for your personal use and not to be shared with others.
How long do we store your personal data?
We will retain your information as follows:
• if you contact us via email we will keep your data for 12 months;
• your technical usage information for 12 months;
• data on your use of our Website and Lisk Chat for 12 months.
You can close your Lisk Chat account at any time. When you close your account, we will delete all of your personal data (and all of your chat history) within 90 days of you closing your Lisk Chat account.
In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email firstname.lastname@example.org. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
• Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
• Correction: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
• Erasure: You may request that we erase the personal data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data, we are processing it on the basis of your consent and you wish to withdraw your consent, we are processing your data on the basis of our legitimate interest and you object to such processing, you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data.). Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
• Restriction of Processing to Storage Only: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances: you believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate, we wish to erase the personal data as the processing we are doing is unlawful but you want us to simply restrict the use of that data; we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defence of legal claims; and you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
• Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
Withdrawal of Consent
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by clicking on this opt-out link.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you marketing including where we build profiles for such purposes and we will stop processing the data for that purpose.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.