Verifiable timestamps and ordering of events.
Last Modified: 18 April 2019
For the purposes of EU data protection laws ("Data Protection Legislation"), Hedera is data controller (i.e., the company who is responsible for, and controls the processing of, your personal data).
1. WHAT INFORMATION DO WE COLLECT AND FOR WHAT PURPOSE?
The categories of information we collect can include:
Information you provide to us directly. We may collect personal information, such as your name, phone number, location, date of birth, occupation, payment information, driver’s license/photo ID, social media accounts, and email address when you register for our Service, sign up for our mailing list, enter a contest or sweepstakes, or otherwise communicate with us. We may also collect any communications between you and Hedera and any other information you provide to Hedera, including without limitation, information about your interests, such as your interests in developing and/or launching a distributed application, interests in learning about hosting and running a node, interest in becoming a system integration partner, interest in supporting the Distributed Ledger Foundation and/or the Free + Fair voting initiative. Additionally, if you intend to receive tokens from us or otherwise interact with the platform, you will be asked to provide us or our third party service providers with the following information in order to meet our know-your-customer (KYC) and anti-money laundering (AML) checks: name, email, address, date of birth, phone number, copies of driver’s license or passport, and any other information necessary to confirm your status (collectively, “Verification Information”). This Verification Information will be used to screen you against Office of Foreign Assets Control (OFAC) watch lists as well as gather information about you for Bank Secrecy Act (BSA) compliance purposes.
Data collected through the use of the Service. We may collect information about how you use the Service, your actions on the Service, and content you store on or post to the Service, and any content you provide through other functionalities on the Service (“User Content”). Please remember that Hedera may, but has no obligation to, monitor, record, and store User Content in order to protect your safety or the safety of other users, to assist with regulatory or law enforcement efforts, or to protect and defend our rights and property. By using the Service, you consent to the recording, storage, and disclosure of such communications you send or receive for these purposes.
Information we receive from third parties. From time to time, we may receive information about you from third parties, such as our service providers. We may also collect information about you that is publicly available.
We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages. We may also send you Service-related emails or messages (e.g., account verification, updates to features of the Service, technical and security notices). For more information about your communication preferences, see “Control Over Your Information” below.
Legal Basis for processing in the EU
If you are a resident in the EU, we need to tell you the legal basis on which we collect and use your personal information. Please note that we will use the following such legal basis:
The provision of personal information by you may be necessary for the performance of any contractual relationship we have with you; or
Where it is necessary for compliance with our legal obligations laid down by EU law; or
Where in our legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities and branches in our group of companies) for the following purposes: (i) to contact you and respond to your requests and enquiries; (ii) for business administration, including statistical analysis; (iii) to personalize your visit to the Service; (iv) for fraud prevention and detection and to comply with applicable laws, regulations or codes of practices; and (v) in the case of Verification Information only, for the purpose of receiving tokens through our Service or otherwise interacting with the platform, including without limitation, to ensure that you meet our KYC and AML checks.
Additionally, our Service permits you to remove any and all personal data that you enter or upload into the Service by submitting a delete request to the Service. If you withdraw your consent or remove your personal data from the Service and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Service.
In summary, we need certain categories of personal data in order to provide you with the Service. Certain other personal data is processed for our legitimate interests in cases where this does not result in prejudice to you. Certain other personal data is processed based on consent.
We, and our third-party partners, automatically collect certain types of usage information when you visit our Service, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”). For example, we collect information about your device and its software, such as your IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp (a unique ID that allows us to uniquely identify your browser, mobile device, or your account), and other such information. We also collect information about the way you use our Service, for example, the site from which you came and the site to which you are going when you leave our website, the pages you visit, the links you click, how frequently you access the Service, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service. When you access our Service from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the Service and to understand more about the demographics of our users. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners and view its currently available opt-out options at https://tools.google.com/dlpage/gaoptout. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices. Although we do our best to honor the privacy preferences of our users, we are unable to respond to Do Not Track signals set by your browser at this time.
We use or may use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) recognize and contact you across multiple devices; (d) provide and monitor the effectiveness of our Service; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Service; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our Service.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.
3. SHARING OF YOUR INFORMATION
We may share your personal information in the instances described below. For further information on your choices regarding your information, see the “Control Over Your Information” section below.
Remember, we allow you to submit content to the Service and all transactions are public and traceable. Your information, including your Account ID, public key, any information disclosed in the memo field, and any other personal information submitted by you, will be available publicly by default when you make a transaction and submit content to the Service or other public spaces of the Service. Except for transactions, which only remain on the Service temporarily, all other personal information you post to the Service will remain on the Service until you choose to remove it by submitting a delete request to the Service. Notwithstanding the foregoing, personal information that you provide directly to Hedera during registration will not be made public. Please do not submit personal information to the Service you would not want to be public, unless it is provided as part of the registration process. As noted above, any removal of personal information may affect the functionality of the Service.
We may share your personal information with:
The public and other members of the Service. Your profile information and content you post to public areas of the Service, including public groups, will be viewable by others on the Service and the public;
Other users of the Service. We share your information with third parties with whom you communicate on the Service. You control who you want to communicate with and what information you share;
Third parties at your request. For example, you may have the option to share your activities on the Service with your friends through email, text, or on various social media sites;
Third parties with whom we partner to provide contests and sweepstakes, which will usually be identified by name in the Official Rules of the contest or sweepstakes;
Third-party vendors and other service providers that perform services on our behalf, as needed to carry out their work for us, which may include identifying and serving targeted advertisements, providing mailing services, providing KYC and AML verification services, providing tax and accounting services, contest fulfilment, web hosting, or providing analytic services;
Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings; and
We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
4. CONTROL OVER YOUR INFORMATION
User Information Settings. You may update the information that you have provided to us, such as your contact information, interests, and developer status by emailing us at firstname.lastname@example.org.
How to control your communications preferences. You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. You may not opt out of service-related communications (e.g., changes/updates to features of the Service, technical and security notices).
Modifying or deleting your information. If you have any questions about reviewing, modifying, or deleting your information, you can contact us directly at email@example.com.
5. THIRD-PARTY TRACKING AND ONLINE ADVERTISING
We may share, or we may permit third party online advertising networks, social media companies and other third party services, to collect, information about your use of our website over time so that they may play or display ads on our Service, on other devices you may use, and on other websites, apps or services, including on Facebook. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the site and other information. We may also share a common account identifier (such as an email address or user ID) to help us identify you across devices. We and our third party partners use this information to research the market and/or make the advertisements you see online more relevant to your interests. As noted above, depending on your browser or mobile device, you may be able set your browser to delete or notify you of cookies and other tracking technology by actively managing the settings on your browser or mobile device. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest based ads” (Android). To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org/choices, and/or the DAA’s resources at http://www.aboutads.info/choices, and you may also adjust your ad preferences through your Facebook settings. Some of these opt-outs may not be effective unless your browser is set to accept cookies. Furthermore, if you use a different device, change browsers or delete the opt-out cookie, you may need to perform the opt-out task again. You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.
Google Analytics and Advertising. We use Google Analytics to recognize you and link the devices you use when you visit our site or Service on your browser or mobile device, log in to your account on our Service, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Service and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's site “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Service. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by visiting NAI’s online resources at http://www.networkadvertising.org/choices.
6. HOW WE STORE AND PROTECT YOUR INFORMATION
For individuals based in the EU, we store personal data for as long as necessary to fulfill the purposes for which we collect the data (see above under "What Information Do We Collect And For What Purpose?") and in accordance with our legal obligations and legitimate business interest, except if required otherwise by law.
Keeping your information safe: We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
7. CHILDREN’S PRIVACY
Hedera does not knowingly collect or solicit any information from anyone under the age of 13 on this Service. In the event that we learn that we have inadvertently collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us at firstname.lastname@example.org.
8. LINKS TO OTHER WEB SITES AND SERVICES
The Service may contain links to and from third-party websites of our business partners, advertisers, and social media sites and our users may post links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third-party sites.
9. EU PRIVACY RIGHTS
If you are located in the EU, you have the following rights in respect of your personal data that we hold:
a. Right of access. The right to obtain access to your personal data.
b. Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
c. Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
d. Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
e. Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
f. Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
10. HOW TO CONTACT US