Privacy Policy

Introduction

In Onchain we are committed to protecting and respecting Your privacy. Therefore, we want to provide You with the most important information about what happens to Your personal data that we process within Onchain and this website. In this Privacy Policy, we describe how and when we collect Your personal data, what we use it for, who we share it with, how long we keep it for and what rights You have in this context.

Definitions

For ease of use, we have defined below some of the key terms we use in this document:

Terms and Conditions – the terms of service of the Website and Services available at: https://onchain.org/terms-conditions/.

FDAP – Swiss Federal Data Protection Act.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – Onchain website available under the address www.onchain.org;

Services – all services that Onchain renders based on these Terms and Conditions through the Website; the Services include among others providing access to the Magazine, Newsletter, and Store;

Magazine – a collection of digital content published on the Website;

Newsletter – an electronic report containing news related to our Services or information about our Products or Services, which we send out to our subscribers;

Store – the online store available through our Website in which the Customer can purchase Products;

Digital Products – digital content (e.g. research reports) offered by Onchain through the Store;

You, Your – the natural person whose personal data we process as their controller.

Web3 Insights Marketplace – platform where registered users can actively contribute and engage by creating profiles, publishing content such as posts or articles, and participating in related activities. This collaborative environment enables users to share insights, thoughts, and experiences, fostering a dynamic and interactive community.

Events – events and activities organized by Onchain, such as conferences, meetups, training etc.

Terms not defined in this Privacy Policy and written in capital letters should be understood in accordance with the definitions set forth in the Terms and Conditions.

Who We Are And Whose Data We Process

We are established in Switzerland with a registered office at Gotthardstrasse 26, 6300 Zug, Switzerland (referred to as “Onchain”, “We”, “Our”, “Us”.)

We act as a data controller for:

Customers of our Store
Visitors to our Website;
Purchasers of Digital Products;
Contributors to the Web3 Insights Marketplace;
Participants to our Events;
Individuals who follow and interact with our social media profiles;
Individuals who contact us via email or other communication channels;
Candidates applying for employment with us;
Our business partners including advisors, consultants, contractors and service providers;
Subscribers to our newsletter.

When and How We Collect Your Data

We obtain Your personal data directly from You when:

You browse and use our Website;
You use our Online Store
You use or subscribe to Digital Products such as Research Reports;
When You contribute to the Web3 Insights Marketplace, including creating a profile, publishing posts or articles, and participating in related activities;
When You follow and interact with our social media channels;
When You contact us via email or other available communication channels;
When You respond to our job offers;
When You engage with us in the context of business cooperation, advisory services, consulting, or performing and providing services to us;
When You subscribe to our newsletter.

In addition, if You represent or if You are an employee or an associate of one of our contractual partners (service recipient), Your personal data has been provided to us by them. Specifically, the contractual partner has designated You as a contact person for the execution of the contract concluded with them. In the case of individuals representing the contractual partner, we have obtained the necessary data from the appropriate public register.

We will process Your personal data in accordance with the FDAP. The GDPR would apply to processing of Your personal data as well if You are residing in the EU and such processing is done in connection with us offering You goods or services, irrespective of whether a payment of the data subject is required, or if Your behavior is anyhow monitored.

Purposes And Grounds For Data Processing

We process personal data from the following groups of individuals and for the purposes outlined below, in accordance with applicable legal bases:

1. Website Visitors

When You visit our Website, we process data such as Your IP address and information stored in cookies. Additionally, certain information is collected automatically and stored in log files, including Your general location, preferred language, device details, browser type, screen resolution, mouse activity, pages visited, and referring URLs.

We process this data for the following purposes:

To ensure the technical functionality of the Website and to analyze and improve the Website’s performance and user experience, based on our legitimate interest (Article 6(1)(f) GDPR).
To comply with legal obligations for reporting illegal content, based on Article 6(1)(c) GDPR in conjunction with the Digital Services Act.
To conduct marketing, retargeting, and statistical profiling, with Your consent (Article 6(1)(a) GDPR).

This Privacy Policy applies only to our Website. For linked external websites, please review their respective privacy policies.

Retention Periods: Log files are retained for a limited time (haproxy logs: 52 days; Cloudfront logs: 1 year). We may use third-party analytical tools to enhance the user experience.

Furthermore, we use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes:

a device’s IP address (processed during Your session and stored in a de-identified form),
device screen size,
device type (unique device identifiers),
browser information,
geographic location (country only),
and the preferred language used to display our website.

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

2. Customers of our Online Store

When You purchase Products through our Store, we process Your name, title, salutation, billing address, delivery address, email address, phone number (if applicable), and payment information such as company name and VAT ID.

We process this data for the following purposes:

to fulfill and manage Your orders, process payments, and comply with legal obligations under tax and warranty laws. This is necessary for the performance of a contract (Article 6(1)(b) GDPR) or to comply with legal obligations (Article 6(1)(c) GDPR);
to ensure that the delivery of the goods meets Your wishes, we use Your email address in order to provide you with details regarding the delivery process, e.g. the delivery time (Article 6(1)(e) GDPR).

Third-Party Processors:

Stripe Payments UK Ltd: Handles credit card payments. All entries of credit card data are entered directly into the system of Stripe and cannot be read or stored by us.
Coinbase Commerce: Processes cryptocurrency transactions. All entries of payment data are entered directly into the Coinbase Commerce system and cannot be read or stored by us. For payment processing, we transmit Your name, invoice amount, and delivery address to Coinbase Commerce if You have chosen this payment method. Without the transmission of Your personal data, we cannot process a payment via Coinbase Commerce, but You can choose another payment method. Further information on data processing by Coinbase Commerce can be found at: https://commerce.coinbase.com/legal/privacy-policy/
Team Sunday: Manages order deliveries. In cases when the goods are not shipped by a shipping partner, we pass on information about delivery, such as Your delivery address, as well as any necessary order data, to a company commissioned by us for the purpose of processing the purchase contract, Team Sunday. Further information on data processing by Team Sunday can be found at: https://teamsunday.com/legal/privacy-policy/

Retention Periods: Your data is retained only for as long as necessary to fulfill contractual obligations and meet statutory retention periods.

If we do not use Your contact data for advertising purposes, we store the data collected for contract processing until the expiration of the statutory or possible contractual warranty and guarantee rights. After this period, we keep the information required for the contractual relationship for the legally specified periods under commercial and tax law. For this period, the data are processed again solely in the event of an audit by the tax authorities.

3. Subscribers to our Digital Products

You can purchase our Digital Products such as our Research Reports if You want to receive solution-oriented research reports focused on real-world industries that are or can already be improved thanks to blockchain. In order to do so, You will need to provide us with Your email address to which the Reports will be sent.

By purchasing the Digital Products, You consent to the processing of Your email address. We will not use these personal data for any other purpose than circulating the Products.

In order to circulate the Digital Products, we use the services provided by Hubspot with which we will share Your email address.

If You no longer wish to receive digital reports, You can opt-out at any time by contacting us.

4. Contributors to our Web3 Insights Marketplace

Registered users of our Web3 Insights Marketplace have the opportunity to contribute content that is displayed on our Website’s feed. This includes creating a profile, publishing posts or articles, and participating in related activities. When You engage with the Web3 Insights Marketplace, we process Your personal data as follows: Your name, username, email address, profile picture, interaction data (such as likes, comments, and other engagement metrics) and the content You publish, such as posts, articles, attached images, and any associated metadata like timestamps and interaction metrics.

This data is processed for the following purposes:

To enable the publishing and display of Your contributions, necessary for the performance of the user agreement (Article 6(1)(b) GDPR).
To facilitate interactions, such as likes and comments on Your content, based on our legitimate interest in fostering a community-oriented platform (Article 6(1)(f) GDPR).
To moderate content and ensure compliance with our Terms and Conditions, necessary to comply with legal obligations and protect other users (Article 6(1)(c) GDPR).

Important Information for Contributors: Do not include sensitive personal data (e.g., racial or ethnic origin, health information, or other special categories under Article 9 GDPR) in Your contributions.

Third-Party Processing:

To display and enhance content visibility, we may use third-party tools or plugins that support feed management and analytics. Information about the specific tools used will be available in our platform’s documentation.

Retention Period: Your contributions remain visible on our platform until You delete them or terminate Your account. Metadata and interaction data may be retained for analytical purposes for as long as necessary to fulfill the platform’s operational needs.

5. Participants to our Events

Onchain organizes different types of Events, both online and offline. When You register for and participate in events, we process Your name, email address, company/employer name, and Discord username (if applicable).

We process this data for the following purposes:

To manage event registration and verify Your identity: This is based on the performance of a contract (Article 6(1)(b) GDPR).
To use Your likeness for marketing purposes (e.g., event photography or videography): This is based on Your consent (Article 6(1)(a) GDPR).

6. People Who Follow and Interact with Our Social Media Profiles

When You interact with our social media profiles, we process Your name and surname or nickname, information contained in Your comments, and any other publicly available information on Your profile or voluntarily provided by You.

We process this data for the following purposes:

To inform You about the services we provide and to build a positive image of our Application and Onchain (Article 6(1)(f) GDPR).
To respond to inquiries and comments received via social media (Article 6(1)(f) GDPR).

Providing Your personal data is necessary to follow our social media profiles and respond to Your inquiries and comments via these platforms.

7. Persons who Contact Us

If You contact us via email, contact form, or other communication channels, we process Your name, surname, email address, and any other information You voluntarily provide.

We process this data to respond to Your inquiries (Article 6(1)(f) GDPR).

When You use the contact form on our Website (http://onchain.org/contact), You must provide Your email address to allow us to reply to Your message. Your email address will be processed solely for communication purposes under our legitimate interests (Article 6(1)(f) GDPR).

While we take reasonable measures to protect Your data, we recommend avoiding the transmission of sensitive personal data through our contact channels. Do not send sensitive personal data (e.g., racial or ethnic origin, sexual orientation, religion, health, or trade union membership) as defined under Article 9 GDPR.

If You provide personal information about others, You confirm that You are authorized to do so and permit us to process that information in line with this Privacy Policy.

8. Candidates for Employment

When You apply for a position at Onchain, we process Your name, surname, email address, telephone number, details about Your education, qualifications, and previous employment, as well as other information in Your resume or voluntarily provided by You.

We process this data for the following purposes:

To carry out the recruitment process and assess Your abilities, competencies, and suitability for the position (Article 6(1)(b) and 6(1)(a) GDPR).
To keep records of Your application for future recruitment processes, provided You have given Your consent (Article 6(1)(a) GDPR).
To fulfill legal obligations arising from labor regulations and other relevant laws (Article 6(1)(c) GDPR).

Providing some personal data is necessary for the recruitment process. Other data is voluntary and not required to participate. If You prefer us not to process additional data, simply exclude it from Your application.

9. Business Partners (advisors or consultants, contractors and service providers):

We process personal data of advisors, consultants, contractors, service providers, and their employees to manage our business relationships.

We process this data for the following purposes:

To communicate with employees of our business partners (Article 6(1)(f) GDPR).
To communicate directly with our business partners as part of our contractual relationship (Article 6(1)(b) GDPR).
To defend and enforce claims arising from contracts concluded with our business partners (Article 6(1)(f) GDPR).

Providing Your personal data is necessary for establishing and maintaining a business relationship with Onchain.

10. Newsletter Subscribers

You can subscribe to our Newsletter if You want to receive recent information and updates about our Services.

We will process Your email address based on Your consent (Article 6(1)(a) GDPR).

By subscribing to the Newsletter, You consent to processing of Your email address. We will not use these personal data for any other purpose than circulating the Newsletter.

You may unsubscribe at any time by clicking the following link: https://onchain.org/my-account/account-newsletter/.

In order to circulate the Newsletter, we use the services provided by Brevo with which we will share Your email address.

When and how we may disclose Your data

Depending on the processing activity, we may share Your personal data with our third-party service providers working on our behalf. Every third party with whom we share Your personal data is either located in a jurisdiction that guarantees an adequate level of protection as defined by the GDPR or has implemented appropriate safeguards such as Standard Contractual Clauses, to ensure security and privacy of Your data.

Before we share any personal data of our users with third parties, we enter into appropriate data processing agreements with them. These agreements ensure the security of the data and protect the rights of data subjects, in compliance with the GDPR. Specific details about sharing are provided in the corresponding sections of this Privacy Policy.

How long do we store Your data

We aim to store Your personal data for the minimal period necessary to fulfill the purposes for which it was collected. Specific retention periods are indicated in the relevant sections of this Privacy Policy where they differ. However, in some cases, we may retain Your personal data for a longer period of time to comply with legal obligations imposed on us by applicable laws and regulations.

We regularly review the information we hold and erase or anonymize personal data when it is no longer needed for its original purpose or any legal requirement.

Your rights

In relation to processing of Your personal data, You have the following rights:

request access to and rectification of Your personal data

At any time You have the right to access information about You and to have it rectified if it is incorrect.

deletion of Your personal data and the right to restrict its processing

Upon Your request, we will delete the data collected about You, once the purpose for which the data was collected has been fulfilled. You have the right at any time to request that we delete Your data or restrict its processing.

right to data relocation

To the extent in which personal data is processed by automated means for the purpose of execution of a contract (Article 6(1)(b) of the GDPR) or on the basis of Your consent (Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR), You have the right to receive Your personal data from us in a structured, commonly used machine-readable format, and You have the right to send this personal data to another data controller without any hindrance from us.

right to object to processing

To the extent that Your personal data is processed for the execution of our legitimate interests (Article 6(1)(f) GDPR), You have the right to file an objection to the processing of Your personal data.

the right to lodge a complaint with a supervisory authority

If You believe that our processing of Your personal data violates applicable data protection laws, You have the right to lodge a complaint with the supervisory authority.

the right to withdraw consent to the processing of personal data

If we process Your personal data on the basis of Your consent, You have the right to withdraw the consent You have given at any time, which does not affect the compatibility of the processing carried out on the basis of this consent before its withdrawal.

You may unsubscribe from our newsletters at any time by clicking the following link: https://onchain.org/my-account/account-newsletter/.

Cookies

If You no longer want cookies to be stored on Your device, You can withdraw Your consent at any time (see: http://onchain.org/privacy-policy) and by adjusting Your browser settings, so that Your browser refuses all cookies or the cookies from third parties. You can also delete the cookies that have already been placed on Your device.

Google Analytics

We use Google Analytics to collect and analyze usage data through cookies and similar technologies. This allows us to generate statistics, reports, and insights into user behavior, improve our services, assist with fraud prevention, and gauge the effectiveness of our communications and marketing campaigns. This tool does not use the collected data to identify individual users, nor is the data combined in a way that enables personal identification.

To prevent Google Analytics from using Your data, You can find out how to opt out here. For detailed information about Google Analytics’ data collection and processing practices, click here.

Automated Decision-Making

We do not use any of the information you provide for automated decision-making purposes.

Analytical And Marketing Tools

We and our business partners employ various solutions and tools used for analytical and marketing purposes.

We process the personal data of users who follow and interact with our social media profiles. You will find detailed information on the processing of data by the individual entities in their privacy policies or data processing information notices e.g:

Changes to the Privacy Policy

The provisions of this Privacy Policy may be subject to improvements and changes and the latest version will be published on our website each time and will be dated as of the last update.

The Privacy Policy is effective from [enter the publishing date].

Contact

In the event that You wish to make a complaint about how we process Your personal data, please contact us in the first instance at legal@onchain.organd we will endeavor to deal with Your request as soon as possible. This is without prejudice to Your right to launch a claim with the data protection supervisory authority in the EEA country in which You live or work or where You think we have infringed data protection laws.