Effective Date : 01-07-2020
This Policy is meant to inform you, which Personal Data we collect, store, process, use and/or disclose, for which purposes and on which legal basis. We further inform you about your rights with regard to your Personal Data. We erase your Personal Data when they are no longer required for the purposes listed in this Policy. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.
This Policy was lastly updated on the effective date noted above. This Policy may be amended or updated from time to time to reflect changes in our privacy practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make.
● ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
●‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
● ‘EEA’ means the European Economic Area.
●‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
● ‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
● ‘Services’ means any services provided by us.
●‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under applicable law.
2. Name and contact details of the Controller
Lukso Blockchain GmbH
Köpenicker Chaussee 3a, 10317 Berlin
Which Personal Data we process
We make it clear that these profiles when containing images and text are meant for professional persons or companies and not for natural persons.
If you are a natural person, you need to be aware that certain information is being stored on systems that are outside of our reach such as distributed file storage (e.g. IPFS).
If you create a public profile we and our data processors collect the following data:
● Contact details: email;
● Technical information of your device which you use for orders and communication (cell phone, tablet, notebook, personal computer, etc. (e.g. IP address),
We involve the following data processors in this process:
Data processor Google:
To store your personal data, we are using Google Cloud, G Suite and Google Analytics, a service provided by Google Ireland Limited, a company incorporated under the laws of Ireland with offices at Gordon House, Barrow Street, Dublin 4, Ireland. Google stores your personal data in EU/EEA and the USA, where the level of data protection is lower than in the EU/EEA.
Data processor L14 test network:
If you create a public profile, you are storing a self chosen username in a smart contract on the L14 test network, as well as the hashes to JSON documents that contain links to profile images and profile descriptions. The smart contract itself dos not contain this information. The JSON documents are stored on the distributed file storage IPFS. The L14 is a centralized test network and persistence of data long term can not be guaranteed, as we keep the rights to reset or alter the L14 test network. The control of the smart contract lies with the private key that is sent to your email.
Data processor IPFS:
JSON documents and images and other files stored on IPFS that are stored on the distributed file storage that is not controllable by us. The persistence of the data stored on IPFS depends on the frequency they are requested. Certain files will be "forgotten" by the system if not frequently requested. If you wish to remove personal data from the public profile you can setting it to a different document hash (change the data). This will allow the IPFS network to forget that file, if unpinned within the system.
3. For which purposes and how we process your Personal Data
We will use the contact details you gave us to inform you about progress and stages of development of the project.
e use your email address only if and as long as we have received your explicit prior consent and in accordance with respectively applicable additional legal requirements in your jurisdiction. By subscribing to the newsletter you are giving us such consent.
III. Migration to the LUKSO mainnet
We use your email address to inform you about the migration of your smart contracts to the LUKSO main network, you will have time to decline such a migration, should you not wish that to happen. For this reason send us the account address from the email that was used to create the profile.
4. Your rights when we process your Personal Data
You have the following rights if the legal conditions of such rights are met. You may exercise them at any time.
Right of access
You have the right at any time to demand information on if we process your Personal Data.
Right of rectification
You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
Right of erasure
You may demand your personal data to be deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) your personal data have been processed illegally; (iv) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject. We will then delete all data from systems we control.
Right to restriction of processing
You may request to restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.
Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.
Right to withdraw consent
Any consent is provided freely. If you give us your consent to process your Personal Data, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of processing based on consent before its revocation. To withdraw your consent, please send us an e-mail to firstname.lastname@example.org.
Right to object
You have the right to object to the processing) for certain processing purposes. If we process your data on the basis of a legitimate interest (pursuant to Art. 6 para. 1 f GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. Such reasons exist in particular if they give special weight to your interests and therefore outweigh our interests, for example if we are not aware of these reasons and could therefore not be taken into account in the context of weighing up interests.
If your Personal Data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of Personal Data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.