Last Updated: October 25, 2022
Better DAO Foundation (collectively, “Better DAO Foundation”, “we”, “us,” “our”) is committed to protecting individual privacy and maintaining the trust of users to our website (collectively, “Users”). It is important to us that we provide transparency regarding our collection, use, and disclosure of your personal data. This includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We refer to this information as “Personal Data” throughout this policy.
This Policy describes how we use, share, and protect your Personal Data. It also describes your rights and choices regarding the use, access to, and correction of Personal Data.
For the purposes of data protection laws of the European Union (“EU”) (“Data Protection Laws”), Better DAO Foundation is a data controller (i.e., the company who is responsible for, and controls the processing of, your Personal Data).
Personal Data Collected and Reasons for Collection
As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your transactions on the blockchain. We only collect your wallet address and transaction record for any transactions made through the Platform to facilitate transactions. We do not collect any information on your activity on our Platform.
Methods of Collecting Personal Data
To the extent permissible under applicable Data Protection Laws, we may collect Personal Data about you and any other party whose details you provide to us when you:
- Access or use our Platform;
- Complete online forms, take part in surveys, post on any forums, download information such as white papers or other publications, or participate in any interactive areas that appear on our Platform;
- Interact with us using social media;
- Provide your contact details to us when registering to use or access any services that we may make available or when you update those details; and
- Contact us or otherwise connect with us, online or offline.
We may also collect your Personal Data where you only partially complete and/or abandon any information inputted into our Platform and/or other online forms and may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.
Reasons and Legal Bases for Processing Personal Data
We collect and process Personal Data about you only where we have a legal basis for doing so. Our legal bases for processing Personal Data are dependent on the purpose and context of the processing activity.
Our legal bases include:
We process Personal Data to further our own legitimate interests, which may include:
- Provide, operate, and maintain our Platform;
- Improve, personalize, and expand our Platform;
- Understand and analyze how you use our Platform;
- Develop new products, services, features, and functionality;
- Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Platform, and for marketing and promotional purposes; and
- Find and prevent fraud.
Better DAO Foundation may be required under applicable law to obtain and store certain Personal Data. For example, Better DAO Foundation may be required to obtain and store data relating to Users for reporting purposes.
Usage of Personal Data
In general, Personal Data you submit to us is used either to respond to requests that you make, or to aid us in serving you better. To the extent permissible under Data Protection Laws, we use your Personal Data to:
- Provide, maintain, protect and improve our Platform;
- Manage, monitor, and administer your use of the Platform and provide an enhanced, personal, user experience;
- Manage our relationship with you;
- Undertake internal testing of our Platform or systems to test and improve their security and performance (in these circumstances, we would de-identify any information used for such testing purposes);
- Provide any information or services that you have requested or ordered;
- Compare information for accuracy and to verify it with third-parties;
- Send you email notifications, such as security or support and maintenance advisories;
- Send you email notifications related to actions on the Platform;
- Deliver advertising, marketing or information which may be useful to you;
- Contact you to see if you would like to take part in our customer research (for example, feedback on your use of our Platform);
- Monitor, carry out statistical analysis and benchmarking (provided that in such circumstances it is on an aggregated basis which will not be linked back to you or any individual);
- Provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
- Detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes); and
- Deliver joint content and services with third-parties with whom you have a separate relationship (for example, social media providers).
Disclosures and Sharing of Personal Data
We will not disclose any Personal Data we collect from you to any third-parties except as indicated below:
- Legal Request – We may disclose Personal Data to comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
- Business Transfer – We may disclose Personal Data to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Better DAO Foundation’ assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which Personal Data held by Better DAO Foundation are among the assets to be transferred.
Personal Data of Minors
We do not knowingly collect Personal Data from children under the age of 13 without authorization by a holder of parental responsibility. If you believe that we may have collected Personal Data from or about a child under the age of 13 without such authorization, please contact us at firstname.lastname@example.org.
Protection of Personal Data
At Better DAO Foundation we take the protection of your Personal Data seriously. Better DAO Foundation employees who have access to your Personal Data are made aware of the importance of keeping it confidential. We care about the security of the information and use various administrative, and technological safeguards to preserve the integrity and security of all information collected through our Platform. This is not limited to authentication protected pages which only the user has access to via their web3 signatures & appropriate data encryption methods applied while storing them on our infrastructure providers.
When we rely on service providers that may require access to your Personal Data, we require them to have adequate privacy and security standards. We use contracts and other legally binding measures with our service providers to maintain the confidentiality and security of your Personal Data, and to prevent such information from being used for any other purpose.
However, no data security measures can guarantee complete security; we also depend on you to take common sense steps to ensure your Personal Data remains secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Platform. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Platform.
Retention of Personal Data
We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which they were obtained and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Platform to you;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your Rights and Choices
You may provide us with instructions on what to do with your Personal Data. You have a choice and control over your Personal Data. Where we need to collect Personal Data and you fail to provide that data when requested, we may have to block your access to the Platform. Since your choices and instructions may result in loss of access to the Platform, please review your options carefully.
If you have any questions about your Personal Data, our use of this Personal Data, or your rights when it comes to any of the foregoing, contact us at email@example.com.
Your Rights if you are located in California
The information and rights in this section apply specifically to California residents.
We do not sell, trade, or rent out Personal Data for compensation, nor have we done so in the preceding 12 months.
California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Currently, Better DAO Foundation does not disclose Personal Data to third parties for their direct marketing purposes. Thus, upon receipt of such a request by a California consumer, and as required by California state law, we will either (1) respond with a confirmation that we have not disclosed any Personal Data to third parties in the previous calendar year, or (2) if our practices have changed, we will provide the categories of Personal Data that has been shared in the past 12 months and categories of third parties to whom such Personal Data was disclosed, whichever is relevant.
California consumers have the right to:
- Request disclosure of the categories and specific pieces of Personal Data that Better DAO Foundation has collected about you;
- Request disclosure of the categories of third-party sources, if any, from which Better DAO Foundation has collected Personal Data about you;
- Disclosure of the business or commercial purpose(s) for which your Personal Data has been collected by Better DAO Foundation;
- Receive a list of the categories of third parties with whom Better DAO Foundation has shared your Personal Data;
- Request that Better DAO Foundation delete any Personal Data that it has collected from you (subject to exceptions); and
- Not be discriminated against by Better DAO Foundation (e.g. charged different rates, provided different levels of service, denied goods or services, or suggested any of the preceding) for exercising any of the individual rights granted above.
To exercise any of your rights as a California consumer, you can submit to firstname.lastname@example.org.
Before complying with your request, we will need to verify that it is you that is making the request. To accomplish this, you may be requested to (1) confirm specific Personal Data that we already know about you; and/or (2) provide us with appropriate identification and documentation as we request. California consumers are limited to two requests for Personal Data per 12-month period.
Only you or an authorized agent may make a verifiable data subject request related to your Personal Data. The verifiable data subject request must provide sufficient information and documentation to allow us to verify that you (or an authorized agent) are the person about whom we collected Personal Data.
We will not provide you with Personal Data if we cannot verify your identity and/or authority to make the data subject request and confirm the Personal Data belongs to you or the represented individual. We use Personal Data provided in a verifiable data subject request solely to verify the requestor’s identity or authority to make the request.
We will acknowledge receipt of your data request within ten days. We will respond to a verifiable data subject request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. If you have an account with us, we will deliver our response to the email address for that account. If you do not have an account with us, we will deliver our response by US mail or electronically at the email address in your request, at your option. All disclosures we provide will only cover the 12-month period preceding the verifiable employee request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable data subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Your Rights if you are located in the EU or Switzerland
Under the General Data Protection Regulation (“GDPR”) (and subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of Personal Data.
If you wish to exercise one of these rights, please contact us at email@example.com and we will respond within 30 days of the request. If you request access to your Personal Data, we will provide all information to you by email in addition to context regarding data use. If you request erasure of your Personal Data, we will respond with a confirmation of erasure by email within 30 days of the request. If your request is deemed unfounded and/or excessive, under the GDPR we retain the right to refuse to respond to the request or to charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. If we refuse to respond, or charge a reasonable fee, we will provide our reasons for doing so. If you are not satisfied with the reasons, you may complain to the relevant supervisory authority, the Information Commissioners Office. You can also elect not to receive marketing communications by following the unsubscribe instructions in each communication.
We will retain Personal Data in order to comply with legal requirements, protect our and others’ rights, resolve disputes, or enforce our legal terms or policies, to the extent permitted under applicable law.
If you feel your Personal Data has been inappropriately handled, you can lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Your principal rights under the GDPR are:
- Right to Access – You can ask us for copies of your Personal Data;
- Right to Rectification – You can ask Better DAO Foundation to update/correct any inaccurate Personal Data and to complete incomplete Personal Data;
- Right to Erasure – You can ask us to erase your Personal Data;
- Right to Restrict Processing – You can ask us to restrict the processing of your Personal Data;
- Right to Object to Processing – You can object to the processing of your Personal Data;
- Right to Data Portability – You can ask that we transfer your Personal Data to another organization or to you;
- Right to Complain to a Supervisory Authority – You can complain about our processing of your Personal Data; and
- Right to Withdraw Consent – To the extent that the legal basis of our processing of your Personal Data is consent, you can withdraw that consent.
Transfers Outside of the European Economic Area (“EEA”)
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our Platform, you understand that your information may be transferred to countries outside of your country of residence, including the US, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
Please note that when your Personal Data are located outside of the EEA, they may be subject to the laws of the country in which they are hosted.
Updating Your Information and Contacting Us
If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of Personal Data, or if you would like to update your information, please contact us at firstname.lastname@example.org.