Last updated: October 28, 2020
We take the protection of personal data very seriously. Personal data in this sense refers to all information relating to an identified or identifiable person.
For data collection, data processing and data usage, we ensure appropriate security and observe the provisions of the applicable law, including, as the case may be, the EU General Data Protection Regulation 2016/679 (GDPR) or the Swiss Federal Data Protection Act of 19 June 1992.
If you have any questions regarding data protection, get in touch with us by sending us an email to email@example.com.
The controller within the meaning of article 4 GDPR which is responsible for the processing of your personal data is: Concordium Foundation, Bahnhofstrasse 20, 6300 Zug, Switzerland. As such Concordium Foundation is responsible for collecting processing and using your personal data in compliance with the applicable data protection law.
The Websites are being operated by Concordium AG, Bahnhofstrasse 20, 6300 Zug, Switzerland, a wholly owned subsidiary of Concordium Foundation. Concordium AG processes the personal data as a processor on its own behalf and on behalf of Concordium Foundation as controller.
How we will use your data?
If you have subscribed to the Newsletter, Concordium processes your email address so that we can email you with updates about Concordium based on your express consent (article 6(1)(a) GDPR).
You can withdraw your consent at any time by contacting firstname.lastname@example.org or by hitting Unsubscribe at the bottom of the Newsletter.
To enable us to process your Newsletter subscription and to provide you with the Newsletter, your address is shared with Upscribe.
If you have an account for our participants’ website https://deck.concordium.com we will process your personal information (email address) to be able to provide you with and maintain your personalized login details to our participants’ website. Your personal data will be collected on the basis of your consent as well as to enable us to comply with any legal obligations we may have to limit access to our participants’ website (articles 6(1)(a) and (c) GDPR).
Storage and exchange of data with third-parties
Storage of data
If you sign-up for our Newsletter, we will store and process your personal data as long as we provide you with the Newsletter and you have not unsubscribed from the Newsletter.
Transfer of personal data to Substack
To enable us to process your Newsletter subscription and to provide you with the Newsletter, your email address is shared with Substack ( https://substack.com. Substack is an email marketing tool we use to provide you with the Newsletter if you have signed-up for the Newsletter.
The transfer of personal data between Concordium and Substack occurs on the basis of the following terms https://substack.com/pa. Substack will store and process your personal data required to enable us to provide you the Newsletter and in accordance with Substacks privacy terms included in the link above.
If you request login details to our participants’ website www.concordiumcdev.com and we provide you with a login to our participants’ website, we will store and process your personal data [email] required to maintain your login details for as long as you remain a potential participant in the Concordium community.
Concordium stores your data at our servers at wpengine in Belgium. We only store personal data for as long as it is necessary for the above described uses, subject to statutory obligations which require us to store the data for a longer period of time, if any. Such obligations to store data may, namely, arise out of accounting law, civil law or tax law. According to these laws, business communication, concluding contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes or in accordance with other legal obligations we may have.
General information about the exchange of data with third parties
We may also disclose your personal data to outside parties who help us deliver you the services we offer, create, operate, and maintain the Website(s), namely specialized services such as email distribution, monitoring or analytics. We provide these service providers only with the information they need to perform their services.
The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them, and are at your own risk.
We may disclose your data when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website(s) or the services described herein, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of the Website(s) or the services described herein or the public.
We have embedded links on our Website(s) to the websites of some of our partners and to other relevant websites. If you access such links from our website it may be that data will be disclosed to the owner of the website that you are accessing. This does not mean that we endorse these website(s) or the goods or services they provide. We do not make any representation or warranties about any website(s) that may be linked to the Website(s). Such other website(s) are independent from us, and we have no control over, or responsibility for their information, products or activities.
International transfer of data
For the sake of completeness, for users residing or domiciled in Switzerland, the EU and the European Economic Area (EEA), we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland, the EU and the EEA to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.
Country specific user notices
International user notice
Legal basis for processing personal data under GDPR
We may process personal data under the following conditions (article 6(1) GDPR):
Consent: You have given your consent for processing personal data for one or more specific purposes.
Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject, in particular, but not limited to anti-money laundering regulations.
Vital interests: Processing personal data is necessary in order to protect your or another person’s vital interests.
Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
Legitimate interests: Processing personal data is necessary for the purposes of our legitimate interests.
In any case, Concordium will help clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your rights under GDPR
We undertake to respect the confidentiality of your personal data and to enable you to exercise your rights.
Concordium would like to make sure you are fully aware of all of your data protection rights. To the extent that GDPR applies you have the following rights:
→ The right of access (article 15 GDPR) – You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, to access the personal data. We are required to provide you this information free of charge. However, we may charge you a reasonable fee on administrative costs for this service if you have already received such a copy. → The right to rectification (article 16 GDPR) – You have the right to request that Concordium correct personal data concerning you that is inaccurate. You also have the right to request that Concordium complete personal data concerning you that is incomplete. → The right to erasure (right to be forgotten; article 17 GDPR) – You have the right to request that Concordium erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent. → The right to restrict processing (article 18 GDPR) – You have the right to request that Concordium restrict the processing of your personal data under the conditions set forth in article 18 GDPR. → The right to object to processing (article 21 GDPR) – If the processing of your personal data is based on article 6(1)(e) or 6(1)(f) GDPR, you have the right to object to Concordium’s processing of your personal data at any time. → The right to data portability (article 20 GDPR) – You have the right to receive from us the personal data concerning you provided by you in a structured commonly used and machine-readable format and to have this data transmitted to another controller provided that (i) the processing is based on consent or an agreement entered into with you; and (ii) the processing is carried out by automated means. → The right to withdraw your consent (article 7(3) and 13(2)(c) GDPR) – You have the right to withdraw your consent on us using your personal data at any time.
Please note that any erasure of personal data, objection to processing, withdrawal of your consent to use your personal data, or any other request limiting or preventing us from holding, using, processing, or storing your personal data might result in Concordium being required to deny access to the Concordium network, thereby preventing you from using the network, or any of the Websites or from receiving the Newsletter.
How to exercise your rights under GDPR
You may exercise your abovementioned rights by contacting us (for contact details see above “How to contact us”). Please note that we may ask you to verify your identity before responding to such a request.
If you make a request, we will respond as soon as possible.
If you believe that the processing of your personal data infringes the applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR). For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.
Privacy policies of other websites
Applicable law and jurisdiction
If you reside within the EU or the EEA you have the right to complain to a data protection supervisory authority at any time (article 77 GDPR).
What data do we collect, and with whom do we share it?
We will collect and process your email address if you sign up for email updates (the “Newsletter”). This processing of your personal data is based on your consent (article 6(1)(a) GDPR).
To enable us to process your Newsletter subscription and to provide you with the Newsletter, your is shared with Substack, an email marketing service provider.
If you request a login to our participants’ website https://deck.concordium.com we will collect your email address to be able to provide you with personalized login details to our participants’ website. Your personal data will be collected on the basis of your consent as well as to enable us to comply with any legal obligations we may have to limit access to our participants’ website (articles 6(1)(a) and (c) GDPR).
The data collected may also be used in the event of attacks on the network infrastructure or other unauthorized or abusive use of the Website(s) to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve the Website(s) and our services described herein accordingly.
We strive to keep your personal data private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of data collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Concordium uses technical and organizational security precautions to protect personal data against manipulation, loss, accidental or unlawful destruction or against access by unauthorized persons or unauthorized disclosure. Our security precautions are regularly improved in line with technological development.
If you ever use a public computer to access the Website(s) or the services described herein, we strongly encourage you to log out at the conclusion of your session and to ensure that your information is not accessible to anyone else from that computer.
Unfortunately, despite our best efforts, the transmission of data over the internet cannot be guaranteed to be 100 percent secure. While we will use reasonable means to ensure the security of information you transmit through the Website(s) or the services described herein, any transmission of data is at your own risk. We cannot guarantee that such information will not be intercepted by third parties and we shall not be liable for any breach of the security of your data resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third-party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism and we are not responsible for the circumvention of any privacy settings or security measures contained on the Website(s) or in relation to the services described herein.
Use of the Website(s) and the services described herein by children
Our Website(s) or the services described herein is not intended for children, and we do not knowingly collect, use or disclose data from anyone under 18 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 18, we will make reasonable efforts to delete such information from our records.
Automatically collected information
Cookies may either be “permanent/persistent” cookies or “transient/session” cookies. Persistent cookies remain on your device while session cookies are deleted when you leave the Website(s).
We use both session and persistent cookies for the purposes set out below:
What types of cookies do we use?
There are a number of different types of cookies our website uses:
– Concordium uses these cookies so that we recognize you on our website and remember your previously selected cookie preferences. These cookies are administered by us. We use these cookies for compliance with our legal obligations under the applicable law (article 6(1)(c) GDPR).
– Concordium uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. These cookies are administered by us (see below). We only use analytics cookies with your express consent (article 6(1)(a) GDPR).
How to manage cookies
→ You can set your browser not to accept cookies. Please refer to the Help and settings of your browser on how to remove cookies from your browser.
What are your data protection rights?
To the extent provided by the applicable law you have the following data protection rights:
To the extent we process personal data based on your consent you can withdraw the right to use and process your personal data without giving any reasons. In this case please send a message to email@example.com. After receiving your request, we will no longer use the personal data to the extent we have relied on your consent.
You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data.
You also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the email address firstname.lastname@example.org. In order to process your requests, we may request proof of your identity.
In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.
How to contact us
If you have any questions about or requests regarding your privacy or security at the Website(s) or with regard to the services addressed herein or wish to update your data, please send an email to email@example.com. We will respond as soon as possible.
Data subjects from Switzerland, the EU and the European Economic Area can also write us at:
Please always include your name, mailing address and email address in your message.