Introduction

At the Onchain Foundation (“Onchain”) we are committed to protecting and respecting Your privacy. Therefore, we want to provide You with the most important information about what happens to Your personal data that we process within Onchain and this website. In this Privacy Policy, we describe how and when we collect Your personal data, what we use it for, who we share it with, how long we keep it for and what rights You have in this context.

Definitions

For ease of use, we have defined below some of the key terms we use in this document:

Privacy Policy  –  the document You are currently reading, the Onchain Privacy Policy.

Terms and Conditions – the terms of service of the Website available at: https://onchain.org/terms-conditions/.

FDAP  –  Swiss Federal Data Protection Act. 

GDPR  –  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website  –  Onchain website available under the address www.onchain.org;

You, Your – the natural person whose personal data we process as their controller.Terms not defined in this Privacy Policy and written in capital letters should be understood in accordance with the definitions set forth in the Terms and Conditions.

Who We Are And Whose Data We Process

We are established in Switzerland with a registered office at Gotthardstrasse 26, 6300 Zug, Switzerland (referred to as “Onchain”, “We”, “Our”, “Us”.)

We act as a data controller for: 

• Visitors to our Website;
• Individuals who follow and interact with our social media profiles;
• Individuals who contact us via email or other communication channels;
• Candidates applying for employment with us;
• Our business partners including advisors, consultants, contractors and service providers;

When and How We Collect Your Data 

​​​​We obtain Your personal data directly from You when:

• You browse and use our Website;
• When You follow and interact with our social media channels;
• When You contact us via email or other available communication channels;
• When You respond to our job offers;
• When You engage with us in the context of business cooperation, advisory services, consulting, or performing and providing services to us;
• When You subscribe to our newsletter.

In addition, if You represent or if You are an employee or an associate of one of our contractual partners (service recipient), Your personal data has been provided to us by them. Specifically, the contractual partner has designated You as a contact person for the execution of the contract concluded with them. In the case of individuals representing the contractual partner, we have obtained the necessary data from the appropriate public register.

We will process Your personal data in accordance with the FDAP. The GDPR would apply to processing of Your personal data as well if You are residing in the EU and such processing is done in connection with us offering You goods or services, irrespective of whether a payment of the data subject is required, or if Your behavior is anyhow monitored.

Purposes And Grounds For Data Processing

We process personal data from the following groups of individuals and for the purposes outlined below, in accordance with applicable legal bases:

1. Website Visitors 

When You visit our Website, we process data such as Your IP address and information stored in cookies. Additionally, certain information is collected automatically and stored in log files, including Your general location, preferred language, device details, browser type, screen resolution, mouse activity, pages visited, and referring URLs.

We process this data for the following purposes:

• To ensure the technical functionality of the Website and to analyze and improve the Website’s performance and user experience, based on our legitimate interest (Article 6(1)(f) GDPR).
• To comply with legal obligations for reporting illegal content, based on Article 6(1)(c) GDPR in conjunction with the Digital Services Act.
• To conduct marketing, retargeting, and statistical profiling, with Your consent (Article 6(1)(a) GDPR).

This Privacy Policy applies only to our Website. For linked external websites, please review their respective privacy policies.

Retention Periods: Log files are retained for a limited time (haproxy logs: 52 days; Cloudfront logs: 1 year). We may use third-party analytical tools to enhance the user experience.

Furthermore, we use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes:

• a device’s IP address (processed during Your session and stored in a de-identified form), 
• device screen size, 
• device type (unique device identifiers), 
• browser information, 
• geographic location (country only), 
• and the preferred language used to display our website. 

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

2. People Who Follow and Interact with Our Social Media Profiles

When You interact with our social media profiles, we process Your name and surname or nickname, information contained in Your comments, and any other publicly available information on Your profile or voluntarily provided by You.

We process this data for the following purposes:

• To inform You about the services we provide and to build a positive image of our Application and Onchain (Article 6(1)(f) GDPR).
• To respond to inquiries and comments received via social media (Article 6(1)(f) GDPR).

Providing Your personal data is necessary to follow our social media profiles and respond to Your inquiries and comments via these platforms.

3. Persons who Contact Us

If You contact us via email, contact form, or other communication channels, we process Your name, surname, email address, and any other information You voluntarily provide.

We process this data to respond to Your inquiries (Article 6(1)(f) GDPR).

When You use the contact form on our Website (http://onchain.org/contact), You must provide Your email address to allow us to reply to Your message. Your email address will be processed solely for communication purposes under our legitimate interests (Article 6(1)(f) GDPR).

While we take reasonable measures to protect Your data, we recommend avoiding the transmission of sensitive personal data through our contact channels. Do not send sensitive personal data (e.g., racial or ethnic origin, sexual orientation, religion, health, or trade union membership) as defined under Article 9 GDPR.

If You provide personal information about others, You confirm that You are authorized to do so and permit us to process that information in line with this Privacy Policy.

4. Candidates for Employment

When You apply for a position at Onchain, we process Your name, surname, email address, telephone number, details about Your education, qualifications, and previous employment, as well as other information in Your resume or voluntarily provided by You.

We process this data for the following purposes:

• To carry out the recruitment process and assess Your abilities, competencies, and suitability for the position (Article 6(1)(b) and 6(1)(a) GDPR).
• To keep records of Your application for future recruitment processes, provided You have given Your consent (Article 6(1)(a) GDPR).
• To fulfill legal obligations arising from labor regulations and other relevant laws (Article 6(1)(c) GDPR).

Providing some personal data is necessary for the recruitment process. Other data is voluntary and not required to participate. If You prefer us not to process additional data, simply exclude it from Your application.

5. Business Partners (advisors or consultants, contractors and service providers):

We process personal data of advisors, consultants, contractors, service providers, and their employees to manage our business relationships.

We process this data for the following purposes:

• To communicate with employees of our business partners (Article 6(1)(f) GDPR).
• To communicate directly with our business partners as part of our contractual relationship (Article 6(1)(b) GDPR).
• To defend and enforce claims arising from contracts concluded with our business partners (Article 6(1)(f) GDPR).

Providing Your personal data is necessary for establishing and maintaining a business relationship with Onchain. 

When and how we may disclose Your data

Depending on the processing activity, we may share Your personal data with our third-party service providers working on our behalf. This means that Your personal data may be transferred to, and stored at a destination outside of your country of residence or the country from which you access our services. Every third party with whom we share Your personal data is either located in a jurisdiction that guarantees an adequate level of protection as defined by the GDPR or has implemented appropriate safeguards such as Standard Contractual Clauses, to ensure security and privacy of Your data. 

Before we share any personal data of our users with third parties, we enter into appropriate data processing agreements with them. These agreements ensure the security of the data and protect the rights of data subjects, in compliance with the GDPR. Specific details about sharing are provided in the corresponding sections of this Privacy Policy.

How long do we store Your data

We aim to store Your personal data for the minimal period necessary to fulfill the purposes for which it was collected. Specific retention periods are indicated in the relevant sections of this Privacy Policy where they differ. However, in some cases, we may retain Your personal data for a longer period of time to comply with legal obligations imposed on us by applicable laws and regulations.

We regularly review the information we hold and erase or anonymize personal data when it is no longer needed for its original purpose or any legal requirement.

Your rights

In certain circumstances you have rights in relation to the personal data we hold about You. We set out below an outline of those rights and how to exercise those rights. Please note that we will require You to verify Your identity before responding to any requests to exercise your rights.

To exercise any of Your rights, please send Your request by email to: legal@onchain.org.

Please note that for each of the rights below we may have valid legal reasons to refuse Your request. If that is the case, we will inform You of such reasons.

In relation to processing of Your personal data, You have the following rights:

• request access to and rectification of Your personal data

At any time You have the right to access information about You and to have it rectified if it is incorrect.

• deletion of Your personal data and the right to restrict its processing

Upon Your request, we will delete the data collected about You, once the purpose for which the data was collected has been fulfilled. You have the right at any time to request that we delete Your data or restrict its processing.

• right to data relocation

To the extent in which personal data is processed by automated means for the purpose of execution of a contract (Article 6(1)(b) of the GDPR) or on the basis of Your consent (Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR), You have the right to receive Your personal data from us in a structured, commonly used machine-readable format, and You have the right to send this personal data to another data controller without any hindrance from us.

• right to object to processing

To the extent that Your personal data is processed for the execution of our legitimate interests (Article 6(1)(f) GDPR), You have the right to file an objection to the processing of Your personal data.

• the right to lodge a complaint with a supervisory authority

If You believe that our processing of Your personal data violates applicable data protection laws, You have the right to lodge a complaint with the supervisory authority.

• the right to withdraw consent to the processing of personal data

If we process Your personal data on the basis of Your consent, You have the right to withdraw the consent You have given at any time, which does not affect the compatibility of the processing carried out on the basis of this consent before its withdrawal. You may unsubscribe from our newsletters at any time by clicking the following link: https://onchain.org/my-account/account-newsletter/.

Cookies 

If You no longer want cookies to be stored on Your device, You can withdraw Your consent at any time (see: https://onchain.org/?cmpscreen) and by adjusting Your browser settings, so that Your browser refuses all cookies or the cookies from third parties. You can also delete the cookies that have already been placed on Your device.

Google Analytics

We use Google Analytics to collect and analyze usage data through cookies and similar technologies. This allows us to generate statistics, reports, and insights into user behavior, improve our services, assist with fraud prevention, and gauge the effectiveness of our communications and marketing campaigns. This tool does not use the collected data to identify individual users, nor is the data combined in a way that enables personal identification.

To prevent Google Analytics from using Your data, You can find out how to opt out here. For detailed information about Google Analytics’ data collection and processing practices, click here.

Automated Decision-Making

We do not use any of the information you provide for automated decision-making purposes.

Analytical And Marketing Tools

We and our business partners employ various solutions and tools used for analytical and marketing purposes. 

Social Media

We process the personal data of users who follow and interact with our social media profiles. You will find detailed information on the processing of data by the individual entities in their privacy policies or data processing information notices e.g:

• Data Policy for Facebook;
• Instagram Data Policy;
• LinkedIn Privacy Policy;
• TikTok Privacy Policy;
• X’s Privacy Policy;
• YouTube Privacy Policy (Google).

Changes to the Privacy Policy

The provisions of this Privacy Policy may be subject to improvements and changes and the latest version will be published on our website each time and will be dated as of the last update. 

The Privacy Policy is effective from 2026-01-19

Contact

In the event that You wish to make a complaint about how we process Your personal data, please contact us in the first instance at legal@onchain.organd we will endeavor to deal with Your request as soon as possible. This is without prejudice to Your right to launch a claim with the data protection supervisory authority in the EEA country in which You live or work or where You think we have infringed data protection laws.