Privacy
Policy

We use cookies to ensure that we give you the best experience on our website. However we won’t enable cookies unless you approve first.

Last updated: October 28, 2020

Concordium Foundation, Bahnhofstrasse 20, 6300 Zug, Switzerland, and Concordium AG, Bahnhofstrasse 20, 6300 Zug, Switzerland, a wholly owned subsidiary of Concordium Foundation (individually or collectively, “Concordium” or we/our/us) respect your privacy and are committed to protect it by complying with this policy (the “Privacy Policy”). We are the owners and operators of the following websites (the “Websites”):

www.concordium.com
https://developer.concordium.software/en/mainnet/
https://developers.concordium.com/testnet/
www.concordiumcdev.com

Investors Pitch

We take the protection of personal data very seriously. Personal data in this sense refers to all information relating to an identified or identifiable person.

For data collection, data processing and data usage, we ensure appropriate security and observe the provisions of the applicable law, including, as the case may be, the EU General Data Protection Regulation 2016/679 (GDPR) or the Swiss Federal Data Protection Act of 19 June 1992.

This Privacy Policy will explain what information and data Concordium collects, how Concordium uses the personal data we collect from you when you use the Website(s) and with whom we may share it.

Please, read this Privacy Policy carefully to understand how we handle your data. If at any time you do not agree to this Privacy Policy, please do not use the Website(s).

If you have any questions regarding data protection, get in touch with us by sending us an email to dataprotection@concordium.com.

Controller

The controller within the meaning of article 4 GDPR which is responsible for the processing of your personal data is: Concordium Foundation, Bahnhofstrasse 20, 6300 Zug, Switzerland. As such Concordium Foundation is responsible for collecting processing and using your personal data in compliance with the applicable data protection law.

The Websites are being operated by Concordium AG, Bahnhofstrasse 20, 6300 Zug, Switzerland, a wholly owned subsidiary of Concordium Foundation. Concordium AG processes the personal data as a processor on its own behalf and on behalf of Concordium Foundation as controller.

How we will use your data?

If you have subscribed to the Newsletter, Concordium processes your email address so that we can email you with updates about Concordium based on your express consent (article 6(1)(a) GDPR).

You can withdraw your consent at any time by contacting dataprotection@concordium.com or by hitting Unsubscribe at the bottom of the Newsletter.

To enable us to process your Newsletter subscription and to provide you with the Newsletter, your address is shared with Upscribe.

If you have an account for our participants’ website https://deck.concordium.com we will process your personal information (email address) to be able to provide you with and maintain your personalized login details to our participants’ website. Your personal data will be collected on the basis of your consent as well as to enable us to comply with any legal obligations we may have to limit access to our participants’ website (articles 6(1)(a) and (c) GDPR).

Storage and exchange of data with third-parties

Storage of data

If you sign-up for our Newsletter, we will store and process your personal data as long as we provide you with the Newsletter and you have not unsubscribed from the Newsletter.

Transfer of personal data to Substack

To enable us to process your Newsletter subscription and to provide you with the Newsletter, your email address is shared with Substack ( https://substack.com. Substack is an email marketing tool we use to provide you with the Newsletter if you have signed-up for the Newsletter.

The transfer of personal data between Concordium and Substack occurs on the basis of  the following terms https://substack.com/pa. Substack will store and process your personal data required to enable us to provide you the Newsletter and in accordance with Substacks privacy terms included in the link above.

If you request login details to our participants’ website www.concordiumcdev.com and we provide you with a login to our participants’ website, we will store and process your personal data [email] required to maintain your login details for as long as you remain a potential participant in the Concordium community.

Concordium stores your data at our servers at wpengine in Belgium. We only store personal data for as long as it is necessary for the above described uses, subject to statutory obligations which require us to store the data for a longer period of time, if any. Such obligations to store data may, namely, arise out of accounting law, civil law or tax law. According to these laws, business communication, concluding contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes or in accordance with other legal obligations we may have.

General information about the exchange of data with third parties

We may also disclose your personal data to outside parties who help us deliver you the services we offer, create, operate, and maintain the Website(s), namely specialized services such as email distribution, monitoring or analytics. We provide these service providers only with the information they need to perform their services.

We also work with third parties, such as analytics companies, and they may collect information about your online activities over time and across the Website(s). We require that these outside individuals and/or companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us unless otherwise stated in this Privacy Policy.

The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them, and are at your own risk.

We may disclose your data when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website(s) or the services described herein, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of the Website(s) or the services described herein or the public.

Links

We have embedded links on our Website(s) to the websites of some of our partners and to other relevant websites. If you access such links from our website it may be that data will be disclosed to the owner of the website that you are accessing. This does not mean that we endorse these website(s) or the goods or services they provide. We do not make any representation or warranties about any website(s) that may be linked to the Website(s). Such other website(s) are independent from us, and we have no control over, or responsibility for their information, products or activities.

In addition, our privacy practices may differ from those of these other website(s). If you provide data at one of those website(s), you are subject to the privacy policy of the operator of that website(s), not our Privacy Policy. Please make sure you understand any other website’s privacy policy before providing any data.

International transfer of data

General information

We are entitled to transfer your personal data to third parties (contracted service providers) abroad for the purpose of the data processing described in this Privacy Policy. These are bound to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland, the EU and the European Economic Area (EEA), we will ensure, to the extent possible, that the protection of your personal data corresponds to that in Switzerland, the EU and the European Economic Area at all times.

For the sake of completeness, for users residing or domiciled in Switzerland, the EU and the European Economic Area (EEA), we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland, the EU and the EEA to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.

We would like to point out to users residing in Switzerland, an EU and/or EEA member state, that from the point of view of Switzerland and the EU, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this Privacy Policy that recipients of data may be based in the USA, we will ensure, to the best of our possibilities, that your data is protected at an appropriate level by our service providers, namely through contractual arrangements with these companies.

Country specific user notices

International user notice

For international users, please note that it may be necessary to transfer your information internationally and, in particular, your information may be transferred to and processed in the USA. For residents of the EU, the data protection and other laws of other countries outside the EU may not be as comprehensive as those of the USA. Please be assured that we take steps to ensure that your privacy is protected as described in this Privacy Policy. By using the Website(s) or the services described herein, you agree to have your information used and transferred to the USA as set forth in this Privacy Policy.

GDPR privacy

Legal basis for processing personal data under GDPR

We may process personal data under the following conditions (article 6(1) GDPR):

Consent: You have given your consent for processing personal data for one or more specific purposes.

Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.

Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject, in particular, but not limited to anti-money laundering regulations.

Vital interests: Processing personal data is necessary in order to protect your or another person’s vital interests.

Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.

Legitimate interests: Processing personal data is necessary for the purposes of our legitimate interests.

In any case, Concordium will help clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your rights under GDPR

We undertake to respect the confidentiality of your personal data and to enable you to exercise your rights.

Concordium would like to make sure you are fully aware of all of your data protection rights. To the extent that GDPR applies you have the following rights:

→ The right of access (article 15 GDPR) – You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, to access the personal data. We are required to provide you this information free of charge. However, we may charge you a reasonable fee on administrative costs for this service if you have already received such a copy.
→ The right to rectification (article 16 GDPR) – You have the right to request that Concordium correct personal data concerning you that is inaccurate. You also have the right to request that Concordium complete personal data concerning you that is incomplete.
→ The right to erasure (right to be forgotten; article 17 GDPR) – You have the right to request that Concordium erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent.
→ The right to restrict processing (article 18 GDPR) – You have the right to request that Concordium restrict the processing of your personal data under the conditions set forth in article 18 GDPR.
→ The right to object to processing (article 21 GDPR) – If the processing of your personal data is based on article 6(1)(e) or 6(1)(f) GDPR, you have the right to object to Concordium’s processing of your personal data at any time.
→ The right to data portability (article 20 GDPR) – You have the right to receive from us the personal data concerning you provided by you in a structured commonly used and machine-readable format and to have this data transmitted to another controller provided that (i) the processing is based on consent or an agreement entered into with you; and (ii) the processing is carried out by automated means.
→ The right to withdraw your consent (article 7(3) and 13(2)(c) GDPR) – You have the right to withdraw your consent on us using your personal data at any time.

Please note that any erasure of personal data, objection to processing, withdrawal of your consent to use your personal data, or any other request limiting or preventing us from holding, using, processing, or storing your personal data might result in Concordium being required to deny access to the Concordium network, thereby preventing you from using the network, or any of the Websites or from receiving the Newsletter.

How to exercise your rights under GDPR

You may exercise your abovementioned rights by contacting us (for contact details see above “How to contact us”). Please note that we may ask you to verify your identity before responding to such a request.

If you make a request, we will respond as soon as possible.

If you believe that the processing of your personal data infringes the applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR). For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

Privacy policies of other websites

The Concordium website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Applicable law and jurisdiction

This Privacy Policy and the contracts concluded on the basis of or in connection with this Privacy Policy are subject to Swiss law, unless the law of another country is mandatory. The Place of jurisdiction shall be the registered office of Concordium Foundation, unless another place of jurisdiction is mandatory.

Changes to our privacy policy

Should individual parts of this Privacy Policy be invalid, this shall not affect the validity of the rest of the Privacy Policy. The invalid part of this Privacy Policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

Concordium keeps its privacy policy under regular review and places any updates on this web page. Due to further developments of our Website(s) or changes to statutory requirements, it may become necessary to amend this Privacy Policy. We reserve the right to change or update this Privacy Policy by posting such changes or updates to the Website(s).

Amendments to this Privacy Policy will be posted at this URL and will be effective when posted. It is your responsibility to review any such changes or updates and to check the Website(s) regularly to be sure you understand all terms and conditions, agreements and policies of the Website(s) and are in compliance with them. You can tell if the policy has changed by checking the last updated date noted at the top of this page. Your continued use of the Website(s) and the services addressed herein following the posting of any amendment, modification or change shall constitute your acceptance thereof.

Complaints

If you reside within the EU or the EEA you have the right to complain to a data protection supervisory authority at any time (article 77 GDPR).

What data do we collect, and with whom do we share it?

We will collect and process your email address if you sign up for email updates (the “Newsletter”). This processing of your personal data is based on your consent (article 6(1)(a) GDPR).

To enable us to process your Newsletter subscription and to provide you with the Newsletter, your is shared with Substack, an email marketing service provider.

If you request a login to our participants’ website https://deck.concordium.com we will collect your email address to be able to provide you with personalized login details to our participants’ website. Your personal data will be collected on the basis of your consent as well as to enable us to comply with any legal obligations we may have to limit access to our participants’ website (articles 6(1)(a) and (c) GDPR).

We will use cookies for statistical purposes and to optimize our internet presence. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data to offer you a good user experience.

The data collected may also be used in the event of attacks on the network infrastructure or other unauthorized or abusive use of the Website(s) to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve the Website(s) and our services described herein accordingly.

Your security

We strive to keep your personal data private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of data collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Concordium uses technical and organizational security precautions to protect personal data against manipulation, loss, accidental or unlawful destruction or against access by unauthorized persons or unauthorized disclosure. Our security precautions are regularly improved in line with technological development.

If you ever use a public computer to access the Website(s) or the services described herein, we strongly encourage you to log out at the conclusion of your session and to ensure that your information is not accessible to anyone else from that computer.

Unfortunately, despite our best efforts, the transmission of data over the internet cannot be guaranteed to be 100 percent secure. While we will use reasonable means to ensure the security of information you transmit through the Website(s) or the services described herein, any transmission of data is at your own risk. We cannot guarantee that such information will not be intercepted by third parties and we shall not be liable for any breach of the security of your data resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third-party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism and we are not responsible for the circumvention of any privacy settings or security measures contained on the Website(s) or in relation to the services described herein.

Use of the Website(s) and the services described herein by children

Our Website(s) or the services described herein is not intended for children, and we do not knowingly collect, use or disclose data from anyone under 18 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 18, we will make reasonable efforts to delete such information from our records.

Automatically collected information

Our partners may collect certain information automatically, including through the use of cookies and other technologies. This information may include  collection and processing of  data and is carried out for the purpose of optimizing the Website(s) as well as for internal statistical purposes. It is within our legitimate interest to process such data in order to be able to continuously provide the Website(s) and the services described herein (article 6(1)(f) GDPR).

To optimize the Website(s), we use cookies. Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

Cookies may either be “permanent/persistent” cookies or “transient/session” cookies. Persistent cookies remain on your device while session cookies are deleted when you leave the Website(s).

We use both session and persistent cookies for the purposes set out below:

What types of cookies do we use?

There are a number of different types of cookies our website uses:

– Concordium uses these cookies so that we recognize you on our website and remember your previously selected cookie preferences. These cookies are administered by us. We use these cookies for compliance with our legal obligations under the applicable law (article 6(1)(c) GDPR).

– Concordium uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. These cookies are administered by us (see below). We only use analytics cookies with your express consent (article 6(1)(a) GDPR).

Host: .concordium.com

Description: We use the web analysis tool “Google Analytics” to analyse the behaviour of website users on an anonymous and aggregated level. Google’s possibility to use and share information collected by Google Analytics about your visits to our Website is restricted by the Google Analytics Terms of Service, available at http://www.google.com/analytics/terms/us.htmland the Google Privacy Policy, available at http://www.google.com/intl/en

How to manage cookies 

→ You can set your browser not to accept cookies. Please refer to the Help and settings of your browser on how to remove cookies from your browser.

What are your data protection rights?

To the extent provided by the applicable law you have the following data protection rights:

To the extent we process personal data based on your consent you can withdraw the right to use and process your personal data without giving any reasons. In this case please send a message to dataprotection@concordium.com. After receiving your request, we will no longer use the personal data to the extent we have relied on your consent.

You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data.

You also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the email address dataprotection@concordium.com. In order to process your requests, we may request proof of your identity.

In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.

How to contact us

If you have any questions about or requests regarding your privacy or security at the Website(s) or with regard to the services addressed herein or wish to update your data, please send an email to dataprotection@concordium.com. We will respond as soon as possible.

Data subjects from Switzerland, the EU and the European Economic Area can also write us at:
Concordium
Bahnhofstrasse 20
6300 Zug
Switzerland

Please always include your name, mailing address and email address in your message.