INATBA (“we”) is the operator of the website https://o.inatba.org (the “Website”). We collect and process personal data of individuals (the “User” or “you”) using the Website and the services offered through the Website. The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable data protection laws, in articular with the EU General Data Protection Regulation (the “GDPR“).
In the following, we will inform you what data are collected during your visit of our Website, as well as the legal bases for the processing of personal data, the purpose of the data processing, the use, the duration of the storage of data and your rights.
Name and address of the responsible body
The responsible body (the “Controller”) within the meaning of the GDPR is:
International Association for Trusted Blockchain Applications
Association Internationale sans but lucratif
Avenue de Tervueren 188a/4
If you have any questions relating to data processing and your rights according to the applicable data protection laws, you may contact us by email: firstname.lastname@example.org.
What categories of data do we collect?
- Contact information;
- Technical data: such as your IP address or your operating system when using the website (see below for more information);
- Behaviour: the manner in which you use/handle our website or our e-mails;
- Invoicing and payment data, when amounts must be charged;
- Your correspondence with us;
- If you are (a person of interest at) a prospect (e.g. an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant) for prospection by e-mail (cold mailing) or by phone (cold calling), we may collect your company, name, function, work phone and professional e-mail;
- If you are a job applicant, we process the data you provide us with, the data that results from interviews and tests, data we obtain form persons you designated as referrals and data that is publicly available and relevant to evaluate your application (such as public posts on social media).
To communicate with you
- To communicate with you (e.g. when you ask us a question);
- To provide you with (targeted) information on services and products (only if you are customer or (person of interest at) a prospect, based on legitimate interest, or if you request it, e.g. by subscribing to our newsletter). In any case, you can always opt out of receiving any more of these communications.
Provisioning of the Website and creation of log files
The provider of the Website automatically collects and stores information in so-called server log files. Such information is needed to establish a connection to the Website. The processed information is:
- Browser type and browser version
- Operating system used
- The internet service provider of the User
- The IP address of the User
- Host name of the accessing computer
- Time of the server inquiry
- Websites from which the User’s system reaches the Website
- Websites accessed by the User’s system via our Websites.
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user and is not combined with other data sources.
The legal basis for processing of the data is Article 6 (1)(f) GDPR. The log files are processed for technical and administrative purposes of establishing and maintaining a connection in order to guarantee the security and functionality of the Website and to be able to prosecute any illegal attacks on it if necessary.
Our legitimate interest in data processing pursuant to Art. 6 (1)(f) GDPR results from the security interest mentioned and the necessity of a trouble-free provision of our Websites.
Data will be stored for one month.
We make use of the following type of cookies:
- Strictly necessary cookies. These cookies are necessary for the functioning of our Website. They allow you to log in and use our services.
- Analytical/performance cookies. These cookies analyse the way our Website is used, which pages are most frequently visited, which problems occur, etc. This way we can improve our Website and keep your user experience optimal.
- Functionality cookies. These cookies are used to recognize individual users and to remember their preferences. We can for instance remember your choice of language and other settings so that they are immediately correct on your next visit.
- We do not used targeted or advertising cookies. Such cookies analyse your surfing behaviour (on our and other websites) to show you ads that match your interests and profile. Such cookies generally come from third parties (such as Google or Facebook) that collect that information and also take care of the ads based on it.
As a rule, our cookies expire automatically.
Cookies can also be explained on the basis of who issues them. They can be divided into:
- First party cookies. These cookies come from us. They control and remember e.g. the display of the website in your preferred language or remember the contents of a shopping basket.
- Third-party cookies. These cookies come from other parties. They are often used to track online behaviour across different websites or to analyse website use (such as Google Analytics).
Most of the cookies we use are so-called session cookies. They will automatically be deleted at the end of your visit. Other cookies remain stored on your device until you delete them.These cookies enable us to recognize your browser the next time you visit our Website.
We erase your Personal Data automatically when they are no longer required for the purposes listed above. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.
This Website uses the functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google is certified under the EU Privacy Shield and thus guarantees compliance with European data protection laws,https://policies.google.com/privacy/frameworks?hl=en&gl=de.
Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after one month or earlier in accordance with the settings of your web browser.
This processing is required to pursue our legitimate interests (Art. 6 paragraph 1 lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient’s participation in the “EU-US Privacy Shield”.
The legal basis for storage and processing of data is Article 6 (1) (f) GDPR. The processing is necessary for communication with you being the legitimate interest in data processing pursuant to Article 6 (1) (f) GDPR.
We will delete your personal data as soon as the purpose of the storage no longer applies.
Data processing in connection with a membership with us
We collect the following data from our members:
Corporate Name, Logo, Email, Postal Address, Legal representative, email, Membership category.
We use your e-mail address to communicate with you. We use G Suite, the e-mail service provider of Google. For more information please see https://gsuite.google.com/terms/dpa_terms.html?_ga=2.33963492.433621457.1528117485-659710155.1528117485.
Data may be disclosed to professional service providers, we might engage for administration of membership fees.
The legal basis for data processing is Article 6 (1) (b) GDPR. The data processing described in this section is needed to conclude and/or execute the membership contract with you.
Personal data are stored for the duration of (i) contract and the winding-up of the contract after termination, and (ii) any existing legal retention obligations according to applicable laws obliging us to keep on storing after that moment.
Data processing in connection with an INATBA's petition
In order to allow you to support an INATBA’s petition, we collect the following data from website users: first name, last name, organization, position, email address.
The legal basis for data processing is Article 6 (1) (a) of the GDPR. The data processing described in this section is based on the consent you give to INATBA to process your personal data to support the petition.
The Data processed by the INATBA will be subject to the following processing activities: recording, organization, consultation, storage. If you have chosen not to contribute anonymously, your data may also be subject to the following additional processing activities: adaptation and dissemination/disclosure.
As explained further below in the section “Your rights in connection with processing of personal data” you have the right to withdraw your consent at any time.
We will only keep your personal data for as long as is strictly necessary for the purposes of ensuring the success of the petition campaign and where we have a continuing and legitimate business need for such retention or for other essential purposes such as meeting our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse.
Legal basis for the processing of your data
We process your personal data in strict accordance with the applicable privacy legislation and on the basis of the following legal grounds:
- Performance of the agreement: we need to process some of your data to deliver our services, to comply with our obligations (for example to you as a member, as described above), to communicate with you prior to entering into a (membership) contract with you and to evaluate the opportunity of such a contract. For example, we need your contact details to be able to contact you and your invoicing data to be able to invoice.
- Legal obligation: in some cases, we are legally obligated to process certain information about you, for example, when we have to send your invoices, we need your VAT number.
- Legitimate interest: if you are a partner, sponsor or more generally in an existing trade relationship with us, we may send you information and newsletters about our activities based on a legitimate interest to do so. Unless you unsubscribe of course. INATBA’s legitimate interest in processing this data pursuant to Article 6(1)(f) GDPR is to keep you informed of recent and upcoming INATBA events and/or initiatives.If you are (a person of interest at) a “prospect” (e.g. an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant), we may collect your personal data as described above and contact you by phone and/or e-mail to inform you about our products. INATBA’s legitimate interest in processing this data pursuant to Article 6(1)(f) GDPR is to inform you of and seek your involvement in INATBA’s events and/or initiatives or to connect you with existing INATBA members. If you are a government, academic, corporate or other industry participant who wishes to participate in the INATBA COVID Task Force , we may collect and use your personal data to contact you by phone and/or email, and to connect you with other INATBA COVID Task Force participants and users. INATBA’s legitimate interest in processing this data pursuant to Article 6(1)(f) GDPR is to identify, connect and manage the above mentioned industry participants to carry out research and identify issues relating to the COVID 19 crisis, and work towards blockchain-related solutions to mitigating these issues. You are free to object to any processing of your personal data on grounds of legitimate interest at any time, cf. Your rights in connection with processing of personal data.
- Consent: we may also process your data if we are given express consent, e.g. when you register for a newsletter or for certain (targeted) offers (direct marketing, such as for our events), or support an INATBA’s online petition.
1. How do we collect your data?
- When using our website
- When communicating with us
- When using our services
- From public sources. For example, if you are (a person of interest at) a “prospect” (e.g. an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant), we may gather your personal contact details via publicly available sources such as your company website.
2. How do we protect your data?
1- Reliable partners
2- Technical security measures
In terms of access (login requirements, password policy, role division, etc.), storage (encryption, backup, etc.), and protection against outside access (firewall, antiviral software, etc.) of the media on which personal data can be stored.
3- Organisational measures
This includes raising awareness among employees and service providers concerning the importance of privacy, the enforcement of policies, the continuous maintenance of a data register, compliance with a data policy, etc.
If we process your personal data based on grounds of legitimate interest (such as processing for prospection purposes to persons we have no prior relationship with), we will conduct a “legitimate interest assessment” (or “balancing test”) to assure that additional safeguards are foreseen and applied. This way, we guarantee a proportionate and balanced processing of your data in accordance with the privacy legislation.
Despite the security measures that we take, it is important to know that the transfer of data via an Internet connection is never without risks and you must take the necessary precautions when you are connected with the Internet in order to protect yourself from viruses, malware, etc.null
Your rights in connection with processing of personal data
In the following, we inform you on your rights that you have in connection with the processing of personal data by us and may exercise according to applicable data protection laws, in particular to the GDPR.
Right of access
You have the right at any time to demand information on if we process your personal data. In the event of such processing, you may request the following information from us: (i) the purposes for which personal data are processed; (ii) the categories of personal data which are processed; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you; (viii) the existence of automated decision-making,including profiling in accordance with Article 22 paragraph 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees in connection with the transfer of data.
Right to rectification
You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
Right to erasure
You may demand your personal data to be deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;(ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (iv) your personal data have been processed illegally;(v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
Right to restriction of processing
You may request to restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.
Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.
Right to object
On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of Article 6 (1) (f) GDPR. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
Right to revoke the declaration of consent under data protection law
If you give us the consent to process your personal data, you have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Right to lodge a complaint with the supervisory authority
You have the right to address the supervisory authority for any questions or complaints. The supervisory authority is: https://www.dataprotectionauthority.be
Where do we process your data?
- Within the EU as much as possible.
- Outside the EU when an adequate level of protection is guaranteed in compliance with the GDPR.
Which third parties process your data?
For the following processing tasks, we collaborate with other companies that process your data but which are not allowed to use this data themselves:
- Hosting of our data, our app, and our website
- Analysing our website
- Other services, such as online petition tool, recruitment and job services or lead development ( e.g. to find interesting parties for sponsorships, for partnerships or for participation to an event as speaker or attendant)
There are also companies that could process your data for their own purposes via third-party cookies.
BC100+ Data Protection Notice
BC100+ is an initiative that brings together a variety of organizations across different sectors. The initiative’s main goal is to raise awareness about the potential of blockchain for social impact and sustainability. BC100+ explores the potential of blockchain technology to address systemic issues such as inequality, poverty, and climate change by rebuilding trust, empowering communities, asserting accountabilities, and re-distributing value on the global level. With its core features, blockchain technology could play a role in the acceleration of much-needed changes within our global food system, energy infrastructure and biodiversity protection among other issues. At the core, BC100+ intends to promote quality debate, raise awareness and clarify the opportunities of blockchain’s role in realising the UN Charter Values and the 2030 Agenda.
This notice applies to all categories of persons acting for, and on behalf of their respective organisations for organisational membership purposes, and personal data processing in furtherance of the BC100+ Initiative.
2. Why we collect and process your personal data
Personal data is collected for the purposes of the Manifesto and the BC100+.
As BC100+ is a global initiative that aims to convene the blockchain ecosystem to support the broader efforts of UN agencies and global initiatives, it is a requirement that the organisations that join the initiative by signing the Manifesto have specific characteristics that fulfill the vision of the initiative and therefore enhance the aim of the initiative itself by generating trust in those outside of the blockchain ecosystem.
The Steering Committee designed an application process that allows it to receive, review and approve, on a monthly basis, the applications of organizations wishing to join the initiative based on the following steps:
- Each organization completes a form in which various questions about the organization and the project are submitted in full.
- Confirmation that the person who completes the form has the right to sign on behalf of their organization or has asked for permission to do so, from the leaders in the organization.
- For organizations developing or implementing a concrete blockchain solution, their project should be registered in the PositiveBlockchain.io global open database by filling out their own form. This helps ensure the project exists, is active, and has a solid link to the SDGs. A partial view of the database containing close to 1400 projects and startups in Blockchain for SDGs is presented here https://docs.google.com/spreadsheets/d/1RZYTtu0HA9OqDm3JdKOJ-s__ymm3I-eGPzo1GvVYjP4/edit.
We collect your personal data when you provide us with it by filling the xxx form to become a signatory of the manifesto and join the BC100+ initiative. For this purpose, we rely on your consent which can be withdrawn at any time.
In order to approve the membership request of your organisation and in our legitimate interest, we ensure that you have the authority of your organisation to do so.
On monthly basιs the Steering Committee meets and reviews together, the applications to decide on which organizations can join BC100+. We do this in our legitimate interest to ensure that only projects, organizations and entities that exists, are active, and have a strong link to the SDGs and meet our requirements are selected from the pool of applicants.
On becoming a member, we communicate important updates to you via the email address that you have provided us with or you may be invited to join our Slack channel strictly for communication purposes. We rely on your legitimate interest which can be withdrawn at any time by contacting us at email@example.com. Please note that by withdrawing your consent to be contacted, we will not be able to contact you with important updates about your application, the BC100+ initiative and its activities.
3. The personal data we collect about you
- - First name
- - Last name
- - Email address
- - Name of organisation
- - Position or job title within the organisation
4. How we protect your personal data
We make use of technical and organisational measures to protect your personal data. The personal data you share with us is protected from unauthorised access. Only members of the Steering committee, who are bound by confidentiality, have access to the personal data that you share with us. You can find a list of the members of the steering committee here.
We engage only service providers who commit to secure data processing. When we correspond using approved channels of communication, messages are encrypted to prevent unauthorised access by unathorised persons.
5. Data sharing and the use of third-party service providers
We do not share your personal data outside of the BC100+ initiative. Only members of the Steering Committee of BC100+ have access to this data.
To collect your personal data and record your signature for purposes of the BC100+ initiative, we make use of typeform, via a paid license held by GBBC, a member of the Steering Committee of BC100+.
After your application is approved, we make use of Slack to communicate with you. This will only happen when you join the channel using the invitation link sent to you.
The parties guarantee that the necessary data processing agreements are in place with all third-party service providers engaged and that where international data transfers occur, additional safeguards such as the use of standard contractual clauses are in place.
Here is the Data Processing Agreement addendum for Google, including for Google Sheets: https://cloud.google.com/terms/data-processing-addendum/ I think this is what the agreement is an addendum to: https://cloud.google.com/terms/cloud-privacy-notice
6. Data retention
We will store your personal data for the membership duration of your organization.
If we determine that your application does not meet the requirements, we will inform you however we will storage the data for future reviews. If you would like your application to be considered in the future, you can apply by completing the form again.
If you no longer wish to be affiliated with the organisation due to a change in employment or for other reasons, you can send us a request by sending an email to: firstname.lastname@example.org.
7. Data subject rights available to you
Relative to the processing activities outlined above, and provided that we can identify you, the following rights and what they afford are available to you:
- a. The rights of access
You have the right to obtain the following information from us:
- - What data is being processed about you;
- - The purposes those activities serve;
- - The recipients of the data;
- - How long the data is needed and kept;
- - Whether automated decision making is made that impacts your freedom and liberties;
- - What applicable safeguards are applied when transferring your data and a copy of these documents.
b. The right to rectification
You have the right to request the rectification of inaccurate data or the completion of incomplete data.
c. The right to erasure
You have the right to request that we delete your data in the following cases:
- - Data is no longer necessary;
- - You have objected to the processing under our legitimate interests and we have not been able to provide convincing evidence that these interests override your freedoms and liberties;
- - The processing takes place unlawfully (i.e., outside of the cases described;
- - We have collected data from publicly accessible sources.
We will not, however, be able to delete the data in the following cases:
- - Where we are unable to identify you;
- - In the instance of a running contract in which you are a party;
- - We must retain your information to comply with existing law (e.g., tax or invoice records if your data appears in our payment documents);
- - For the establishment, exercise, or defence of legal claims.
d. The right to restriction
You have the right to request that we mark your data (restrict) against further processing in the following cases:
- - You contest the accuracy of the data;
- - You believe the processing we carry out is unlawful;
- - You believe your data is no longer needed relative to the original purpose of its collection.
e. The right to portability
You have the following rights:
- - To receive the personal data we hold about you in a structured, commonly used, machine-readable format;
- - To request the direct transmission of that data to another organisation of your choosing.
f. The right to object
You have the right to object to processing based on our legitimate interest and we will halt further processing until we are able to demonstrate compelling grounds which override your rights and freedoms.
g. The right to lodge a complaint with a supervisory authority
You have the right to contact a data protection authority of your choice to lodge a complaint. Without prejudice to your unfettered right to lodge a complaint, we kindly request that you contact us first, for the exercise of your data subject rights as we are responsible for fulfilling them. Where you have contacted us with the request to exercise one or more of the rights listed above and you have not heard back from us within a month of your request or you have heard back from us but do not find our response satisfactory, you have the right to contact a data protection authority.
Responsible for your personal data is:
International Association for Trusted Blockchain Applications (INATBA)
Avenue de Tervueren 188a/4
If you have any questions, please contact us at email@example.com.