Personal Data Protection Policy

To use the platform all functionalities are possible without providing any personal identifiable data.

The only places where you would willingly and consciously provide us with personal data, are:

- When you opt in to receive updates on a pact and the platform.

- When you verify/authenticate your signature with email.

The only personal information in this case is: your email address.

So this privacy policy applies to this sole identifiable data.

1. INTRODUCTORY INFORMATION

At pact.social we respect your right to privacy and take personal data protection extremely seriously, as we would like to provide you with the highest level of protection of the personal data that you have trusted us.

This Policy is based on applicable relevant legislation on the protection of personal data, in particular the General Data Protection Regulation of the EU.

In this Personal Data Protection Policy (hereinafter referred to as: Policy), we define ways of collecting your personal data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it, and your rights regarding the protection of personal data.

2. CONTROLLER OF PERSONAL DATA

This Policy applies to all personal data processed by pact.social, a platform managed pact.social team. (company registration in process)

As a data controller, and only if you choose to share your eMail, pact.social shall be responsible for processing and storing of your personal data.

If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us at the following contact:

- privacy@pact.social

3. POLICY USERS

This Policy is for:

- our users and

- visitors of our platform.

4. TERMS AND DEFINITIONS

Here you can find an explanation of the basic concepts that we use in our Policy.

Each particular concept defined below has the meaning within this Policy as defined in this section.

Personal data means any information that refers to a specific or identifiable individual (for example, the name, surname, e-mail address, telephone number and identifiers that are specific to the individual's physical, physiological, genetic, economic, mental, cultural or social identity, etc.).

Controller means a legal entity that determines the purposes and means of processing of your personal data.

Processor means a legal or natural person who processes personal data on behalf of the controller.

Processing means collecting, storing, accessing and all other forms of use of personal data.

EEA means the European Economic Area, which identifies all the Member States of the European Union, Iceland, Norway and Liechtenstein.

Member is a legal or natural person registered on the Platform.

Pact is the document a Member can create on pact.social. It could be a Petition, a Manifesto or an Open-Letter.

Pact’s owner is the creator of a Pact.

Pact’s follower is a member that opt-in to receive Pact’s updates.

Signers is a user who signs a Pact.

Signature: could be public or anon and encrypted

Collection is a list of Pacts associated to a name

5. PROCESSING OF PERSONAL DATA

At pact.social, we process your personal data solely on the basis of clearly stated and legitimate purposes, securely and transparently.

We collect your personal data when you provide it to us: authenticating with eMail, signing up for our newsletter, keeping informed about Pact’s updates, and inquiring by e-mail.

We don’t collect cookies, but 3rd party providers, wallet connect or cloudflare may use them. Please refer to their respective Privacy Policy. Cloudflare: https://www.cloudflare.com/trust-hub/privacy-and-data-protection/

WalletConnect : https://walletconnect.com/privacy

Mailjet : https://www.mailjet.com/legal/privacy-policy/

5.1. What type of personal data do we collect?

Your personal data can be obtained directly from you when you provide us with this information (for example, by logging into your member account, etc.). We can also obtain your personal data through the use of our services (e.g. pact’s updates, newsletter).

Category of personal data

Personal data collected

Identity data

eMail, Digital Wallet Information

Contact data

eMail

At pact.social, we carefully protect the principle of the minimum amount of data provided by law, and therefore we collect only data that is appropriate, relevant and limited to what is necessary for the purposes for which the data is processed. The purposes for which we collect personal data are defined in Chapter 5.3. of this Policy.

In accordance with the legislation governing the protection of personal data, we may process your personal data on the following legal bases:

- Consent. We process your personal data when you have given consent for the specific purposes of processing, and you are always entitled to revoke that consent;

- The law. When processing is necessary for the fulfillment of legal obligations.

Is the provision of personal data mandatory?

The provision of personal data (eMail only) is mandatory only for eMail authentication, Pacts notification or newsletter subscription. In most cases, you provide us with personal data on a voluntary basis.

Granting consent is always voluntary. However, in case of consent revocation or denial of consent, we will not be able to provide certain services.

5.3. Processing purposes

pact.social will only process your data for specified, explicit and legitimate purposes. We undertake not to process your personal data in a manner incompatible with the purposes defined in this Policy.

The purposes for which we can use your personal data are defined below. pact.social may use your personal data for one or more of the purposes identified below.

Processing purpose

Category of personal data processed

Legal basis

Registration of an account with eMail – become a member*

E-mail (in the sole case of authentication by eMail) otherwise we don’t process any personal data for registration.

Contractual relationship

Processing purpose

Category of personal data processed

Legal basis

Create a Pact

owner’s member ID, Digital wallet information, Name, encrypted e-mail

Contractual relationship

Create a Collection

owner’s member ID, Digital wallet information, Name, encrypted e-mail

Contractual relationship

Signing a Pact

Signer’s member ID, Digital wallet information, Name, encrypted e-mail

Contractual relationship

Processing purpose

Category of personal data processed

Legal basis

Communicating with members in regard with requests (customer support)

Digital wallet public key, eMail

Legitimate interest (providing good user experience)

Providing updates on the platform (maintenance, etc)

E-mail, Digital Wallet public key

Legitimate interest (providing good user experience)

Executing user satisfaction surveys

Categories of personal data we process differ depending on the theme of the survey and shall be disclosed with each survey.

Legitimate interest (improvement and optimization of our activities)

Processing purpose

Category of personal data processed

Legal basis

Prevent, detect frauds and security issues

Data such as IP address, Digital Wallet public key

Legitimate interest (keeping the platform safe)

Enforcing any legal claims and to settle disputes

eMail (if so), Digital Wallet public key, can be disclosed in order to protect our business and to enforce and / or protect our rights.

Law

Executing statistical analysis.

In order to improve the user experience, we analyze the use of our website.

Legitimate interest (providing an optimal and efficient website)

Processing purpose

Category of personal data processed

Legal basis

Sending newsletter

e-mail

Consent

Sending Pact’s updates

E-mail, digital wallet public key

Consent

Sending Pact's recommendation

E-mail, digital wallet public

Consent

In the event that there is a need for further processing of personal data (for a different purpose than for the purpose for which personal data were originally obtained), we will inform you in advance and, when necessary, request for consent. You are entitled to revoke at any time any processing of your personal data, based on your consent. You can notify us of the revocation of the consent at any of the contact points defined in Chapter 2 of this Policy.

How does registration using third party services work?

The only case for which pact.social needs a third party services work is when you register with an eMail. In that case, you fill your eMail through pact.social. Then a verification eMail is sent by our partner Mailjet to you. A code is delivered and you have to enter the code in pact.social interface. That’s all, the account is created, and we don’t store nor use your eMail anymore.

5.4. How much time do we keep your personal data?

We keep your personal data only in these particular cases:

  • Pact’s updates subscription

  • Pact’s recommendations subscription

  • Newsletter subscription

  • Support contact

We keep your personal data in accordance with the relevant legislation. We will keep your personal data:

- only for as long as it is absolutely necessary to achieve the purposes for which we are processing (for the purposes for which we process personal data, please refer to Chapter 5.3 of this Policy),

- for a period prescribed by the law (we note here that the deadlines for the retention of personal data may also be prescribed by other laws, not only in the field of personal data protection, such as 10 years for the issued invoices, in accordance with the tax legislation),

- for the period necessary for the fulfillment of the contract, which includes guarantee periods and deadlines in which it is possible to enforce any claims on the basis of a concluded contract (e.g. 5 years after the fulfillment of contractual obligations).

When personal data is obtained on the basis of your consent, we keep it permanently or until you revoke this consent (see how to revoke the consent in Chapter 8 of this Policy). We will delete the information collected on the basis of your consent before your revocation, in case the purpose for which the data was collected has been achieved.

When the retention period for certain personal data expires, we will delete these personal data or anonymize them so that the reconstruction of personal data will no longer be possible.

The retention periods for each category of personal data are defined in Annex 1.

For any additional information, please contact us at any of the contact details defined in Chapter 2 of this Policy.

6. PROTECTION OF YOUR PERSONAL DATA

At pact.social we protect your personal data against illegal or unauthorized processing and/ or access, and against unintentional loss, destruction or damage. We undertake all measures according to our technological capabilities and the impact assessment on your privacy.

For this reason we consider that the sole data owner should be the creator himself. For this reason, no personal data is needed to use pact.social. All personal data are facultative. But if you want to share some personal data with other pact.social users or to associate some personal data with a Pact or a Signature, you can do it. In this case, when you create your profile and fill in personal data like your name, bio, company, and so on, you write it publicly on a Ceramic node. If you fill in your eMail, we always encrypt it before writing it on Ceramic. An encryption key is shared with pact.social and associated with your anon member ID. It’s for this reason we can say that pact.social doesn’t have nor store any personal data. The only owner is you, the creator of the data.

Nevertheless, there are particular cases mentioned in Chapter 5.4 of this policy for which pact.social uses your eMail and sends it to an external partner (MailJet: https://www.mailjet.com/).

In order to ensure that your personal data is safe, we have undertaken the appropriate technical and organizational measures at pact.social, in particular:

- ensuring the regular updating and maintenance of the hardware, software and application equipment that we use for the processing of personal data,

- establishing a restriction on access to personal data,

- data encryption

- careful selection of processors that we trust for the processing of personal data;

- establishing protocols for preventing or limiting damage in case of potential security incidents.

In the event of a violation of the protection of personal data, we will notify without delay about any such violation to the competent supervisory authority.

In the event that there is a suspicion of a criminal offense regarding the violation of personal data, pact.social will also report such violations to the competent authority.

In the event of a violation of data protection that may cause a high risk to the rights and freedoms of individuals, we will inform you of such an event without undue delay.

7. TRANSMITTING OF PERSONAL DATA

Your personal data may be, exclusively in order to achieve the purpose for which it was collected, transmitted, or we may just allow access to them to certain third parties defined below. Such third parties may only process your personal data for the purposes for which they were collected.

Accordingly, any third party to whom we transmit personal data is bound to comply with the applicable law as well as to the provisions of this personal data protection policy. With external processors, however, the protection of personal data is further defined by the contract.

Your personal data may be transmitted to:

1. Our external processors who take care of the needs of pact.social: accounting services, law firms, eMail provider (MailJet)

2. When this is required by the law (e.g. tax authorities, courts, etc.).

3. Third party Service providers enabling registration, storage and transfer of funds (Wyre, Metamask, Rainbow, Coinbase, WalletConnect)

8. ACCESS TO SOCIAL NETWORKS

On our website we offer you the ability to use the following social networks: Twitter, Instagram, Discord, Telegram, Facebook

The mentioned social networks operate in accordance with their terms of use and privacy policy, where the usage of personal data for each social network is also defined.

Privacy policies are available at the links provided below:

- Twitter: https://twitter.com/en/privacy

- Instagram: https://help.instagram.com/519522125107875

- Facebook: https://www.facebook.com/privacy/policy/

- Discord: https://discord.com/privacy

- Telegram: https://telegram.org/privacy

We would like to remind you that any use of social networks that is enabled on our website is in the sole responsibility of the individual. In the event of any questions and/or requests, an individual is required to contact a particular social network.

pact.social does not assume any responsibility for the use of social networks.

9. RIGHTS OF INDIVIDUALS

At pact.social the only personal data we store are encrypted eMail and encrypted member ID. All the other data like digital wallet information, name, biography, organisation, title, country, city, encrypted eMail are written on Ceramic Network. The sole owner is the creator of the data (the pact.social member). When a processing is needed, the data owner gives the right to pact.social to operate a processing, but the data is not stored neither owned by pact.social. The only exception to this rule concerns the encrypted eMail, especially to be able to keep the user informed about pact.social activities. In this case the encrypted hash of the eMail is stored by pact.social, only if the user subscribe or proceed to one or several following cases:

  • Pact’s updates subscription

  • Pact’s recommendations subscription

  • Newsletter subscription

  • Support contact

You have the following rights regarding the personal data processing for the hashed data we store.

9.1. Access to personal data:

You may request information from pact.social whether we are processing your personal data, and if we do, you can request access to your personal data and information about the processing (which data is processed and from where this data originated).

9.2. Correction of personal data:

you may request from pact.social to correct or complete your incomplete or inaccurate data being processed.

9.3. Restriction of the personal data processing:

you may request from pact.social a restriction of the processing of your personal data (when, for example, checking accuracy or the completeness of your personal data).

9.4. Deletion of personal data:

you may request from pact.social to delete your personal data (we cannot delete those personal data that we keep on the basis of legal requests or contractual relation).

9.5. Printout of personal data:

you may request from pact.social to provide you with the personal data that you have provided us with in a structured, widely used and machine-readable form.

you have the right to withdraw consent as to the use of your personal data, which we collect and process on the basis of consent, at any time. The consent may be revoked in any manner specified in Chapter 2 of this Policy. The revocation of the consent has no negative consequences, but it is possible that pact.social will no longer be able to provide you with certain services.

9.7. Objection to the processing of personal data:

You have the right to object to the processing of your personal data when processing is for direct marketing purposes or in the event of transmitting your personal information to third parties for the purposes of direct marketing. You can also object processing when your data is used for direct marketing purposes using customized or individual offers ("profiling"). You can make an objection in any manner defined in Chapter 2 of this Policy.

9.8. The right to data transmission:

you have the right to request the printout of personal data that you have provided us with. We will provide you with information in a structured, widely used and machine-readable form. You are entitled to provide this data to another controller of your choice. Where technically feasible, you may request that your personal data be transmitted directly to another controller.

Contacts for the exercise of rights:

If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us at any of the following contacts:

- privacy@pact.social

You have the right to file a complaint against us with the competent authority for the protection of personal data.

The integrity of personal data processed and regular updating is a priority for pact.social. Please kindly inform us of any change of your personal data to the above contacts. We will take care of the correction or supplementing your personal data in the shortest possible time.

In case of exercising any of the rights, we may require additional personal data (such as digital wallet public key, name, surname, e-mail address) for identification purposes. We will only need additional information when the information you provide is not sufficient for reliable identification (in this way, we want to prevent your personal data from being transmitted to a third party due to unreliable identification).

10. FINAL PROVISIONS

At pact.social, we can change this Policy at any time. We shall notify you of the change of the Policy on our web site. We shall consider that you agree with the new version of this Policy if, after the new version enters into force, you continue to use our website and other services defined by this Policy.

The current version of this Policy will be available on our website: https://pact.social/privacy-policy

Annex 1: Definition of retention periods

Processing purpose

Retention period

Registration of an account – become a member buy using eMail

5 years after the deletion of account

Sending Pact’s updates

Until revoked

Sending Pact's recommendation

Until revoked

Communicating with members in regard with requests (customer support)

30 days after the conclusion of communication

Providing updates on the platform (maintenance, etc)

Until the user account has been deleted

Executing user satisfaction surveys

Data is anonymized immediately after execution of the survey

Sending newsletter

Until revoked

Last updated