ONCHAIN® Labs Privacy Notice (GDPR) v0.2

About This Notice

This notice explains what personal data we collect, how we use it, and the reasons behind our data practices. Rest assured, we will handle your data securely and in compliance with the General Data Protection Regulation (GDPR).

If you have any questions, please reach out to us.

We're Onchain Labs

When we use the terms "we", "us," and "our" in this Notice, we refer to Onchain Labs.

What's In This Notice?

‍Your privacy is important to us. When you provide your details, we ensure they are handled securely and in accordance with this Notice and relevant legal requirements. This document outlines:

What information we collect
How we use your data
Your rights under GDPR

Who Is The Data Controller?

Under data protection law, an organization that determines how your personal information is used is called a data controller. For the personal data you give us, Onchain Labs will be your data controller.

Information We Hold About You

‍Why we need to collect information
‍To set up your early access account, we need specific details from you. Without this information, we won’t be able to sign you up for early access. For more details on how we process your data, see How We Use Your Information.
‍
We’ll directly ask for most of the information we need, such as your email address. Occasionally, we may collect additional data from external sources. Your information will be used to verify your email, manage your access, and communicate updates and offers regarding early access.
‍
‍If you provide us information about someone elseIf you provide us with information about another person, such as a team member of your token project, we expect that:

You have their permission to share this information with us.
They understand how we will use their information.
They have no objections to us holding and using their information.

‍What information we hold about you

The types of personal data we collect and hold include:

Name: To identify you.
Email: For communication and verification.
Project Website: To link to your token project.
Contract Address: To identify your token project's smart contract.
Telegram Handle: For communication and updates via Telegram. We strive to limit our data processing to the personal information listed above, but other related details may be processed if necessary for the purposes outlined in this Notice.

When we mention 'information' throughout this page, we mean all of the items listed above. While we aim to limit our processing to this personal data, the list is not exhaustive.

How Long We Retain Your Data
‍
We will retain your data:

As long as you have an open account with us.
If you have enquired or applied for products with us.
If you have made a complaint, to respond and resolve it.

We regularly review how long we retain personal data. Once we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies.

How We Use Your Information

We use your personal data for the following purposes:

To Set Up Your Early Access Account: To assess and confirm your eligibility for early access.
To Communicate with You: We use your email to send verification codes, updates, and relevant information about early access.
Fraud Prevention and Security: To prevent fraud and ensure the security of our service.
Service Improvement: To enhance our services based on your feedback and interactions.
Compliance with Laws: To ensure compliance with data protection and financial regulations.

Legal Grounds For Processing Your Information

‍We rely on the following legal grounds for processing your information:
‍Contracts

To assess and manage your early access application: We use your personal data to confirm your eligibility and set up your early access account.
To provide ongoing services: We use your information to manage and maintain your account.

Legitimate Interests

To provide early access and manage onboarding: It is in our legitimate interest to contact you regarding early access and manage the onboarding process to ensure a smooth experience. We have conducted a balancing test to ensure this does not infringe on your privacy rights.
To improve services: We use your data to improve our services and understand customer needs.
To promote and market our services: We may use your information for promotional activities, including marketing, unless you opt-out.

Consent

Communication and updates: With your consent, we keep you informed about updates, offers, and promotions related to early access. You can withdraw consent at any time by adjusting your preferences or contacting us.
Marketing Preferences: You can change your preferences or opt-out of marketing communications at any time by updating your settings.

Regulation and Law

Compliance and fraud prevention: We meet legal and regulatory obligations, and we use your information for fraud prevention, risk management, and security checks.

Who We Share Your Information With

We only share your personal data when necessary and as permitted under GDPR:
‍
‍Fraud Prevention and Reporting
‍Under anti-money laundering laws, we are required to report suspicious activity to law enforcement. Fraud prevention agencies may store and share your information for up to six years if a risk is identified. This data can be used to:

Detect and prevent crime, including fraud and money laundering.
Your rights under GDPR

‍Our Suppliers
‍We share your information with trusted third-party suppliers to provide our services:

Financial Services Suppliers: To process payments and manage financial transactions.
Data Management and IT Suppliers: To securely store and manage your personal data. We ensure all third-party providers meet strict data protection standards.
Customer Support Suppliers: To provide timely and effective support, we use third-party customer support platforms such as Intercom. These platforms allow us to manage and respond to your queries efficiently and track support conversations. We ensure that any customer support supplier we engage meets our security and privacy requirements to safeguard your personal data.

We may change the companies we use or appoint to provide these services. Any third-party service providers we work with must meet our strict requirements for security and privacy to protect your data.

‍International Data Transfers
‍If your data is transferred outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Your Rights Under GDPR

You have the following rights regarding your personal data:

The Right to Access: You can request a copy of the personal data we hold about you.
The Right to Rectify: You can ask us to correct any inaccurate or incomplete data.
The Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
The Right to Erasure: You can request deletion of your data, subject to legal and regulatory obligations.
The Right to Data Portability: You can request your data in a structured, machine-readable format to reuse it across other services.
The Right to Object: You can object to certain types of processing, such as direct marketing.
The Right to Withdraw Consent: You can withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

‍To exercise any of your rights, please contact us. We will respond to your request in accordance with GDPR timeframes.

How We Protect Your Data

We implement appropriate technical and organizational measures to protect your data, including encryption, access control, and regular security audits.

Data Breaches

In the event of a data breach, we will notify you and the appropriate supervisory authority where required by law.

Changes to Our Privacy Notice

This Privacy Notice is effective from October 2024. We update our Privacy Notice when necessary to reflect any changes in how we process personal data.