XXXXX (“LexDAO”, “the Organization”, “we”, “us”, “our”), is a legal entity incorporated under the laws of ……. with registration number …………. and registered address …………………….
In its capacity as a personal data controller, the Organization carries out its activities in strict compliance with the legal requirements regarding the protection of natural persons with in regard toin connection with in the collection and processing of their personal data. Pursuant to the provisions of Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR), LexDAO hereby provides the necessary information regarding the collectioncollectionng and processing of your personal data while usingwithin this website.
- “Account” means a unique account created for you to access our Service or parts of our Service;
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- “Data subject” means a natural person identified or identifiable whose personal data are processed by the controller.
- “IP address” - every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet;
- “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “You” refers to a person who accesses, views and navigates in the Site;
- Identity and contact details of the controller
- Controller: ………………..;
- Contact details: ………………………………; E-mail ........................................................; Phone ...............................................
Categories of collected and processed personal data The Site does not collect any personal data of the visitors with the exception of the page dedicated to the membership acquisition flow. Therefore, the present Article 3 and the subsequent Article 4 and 5 are mainly referred to the data communicated during the membership acquisition flow. Also, if you decide to send emails or other communications to LexDAO you may include in those communications some personal data which will therefore be processed by LexDAO. The personal data necessary to proceed with the membership flow are as follows: Full name, date and place of birth, citizenship; Contact details (permanent and residential address, mailing address, E-mail, Phone); Crypto wallet address, including related data used to detect cryptocurrency and NFT holdings; Username and password; Any additional personal information provided by email, phone or other correspondence;
Purposes and legal basis of processing 4.1 Purposes LexDAO collects and processes your personal data to fulfil your request of becoming a LexDAO member and later to manage your profile as full member of LexDAO. LexDAO collects and processes your personal data in compliance with its statutory obligations. We must ensure our compliance with various legal obligations imposed by relevant legislation – anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws. For the purpose of auditing our internal processes, fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft, the usage of stored data is of significant importance. Such obligations and requirements imposed on us necessary personal data processing activities for identity verification, payment processing, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls. In case of emails and other communications, LexDAO collects and processes your personal data to examine and answers your request. 4.2 Legal basis If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis to treat your membership request and later to manage your personal data as a LexDAO member as well as to answer to any email or communications is “the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” pursuant to Article 6, 1(b) GDPR.
Period for which the personal data will be stored LexDAO stores your personal data for a reasonable period of time and never for longer than it is absolutely necessary. In establishing contractual relations with you, LexDAO stores your personal data throughout the established relations. Normally, the Organization stores your personal data for 5 (five) years, starting from the beginning of the calendar year following the year of termination of the relationship between us. We may store your personal data for a longer period for reporting, tax and accounting purposes, as well as to protect your legitimate interests. After the expiration of the stipulated terms and if there is no other legal basis for the processing of your personal data, the data will be deleted.
- Disclosure and transfer of personal data LexDAO is a USA based entity and, therefore, the information we collect will be processed and stored in the USA. By using the Site and sending information and/or your personal data to LexDAO you acknowledge that your personal information will be processed in the United States. The USA has not sought nor received a finding of “adequacy” from the European Union pursuant to Article 45 of the GDPR and the Schrems II CJEU decision and, therefore, data will be transferred to the USA one the basis of the consent of data subject or if the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request to pursuant to Article 49, 1, (A) or (B) of GDPR. In strict compliance with the legal requirements, LexDAO may disclose or transfer your personal data to the following recipients under particular circumstances: Agents, businesses, or service providers who process your personal information for providing the Services to you. The respective receiving third parties shall observe and adhere to strict confidentiality agreements. We are committed to maximum protection of your personal information, therefore, we only deal with ethical suppliers and business partners who demonstrate similar values and are bound by privacy laws of the same standard. Law enforcement agencies and/or other public authorities (e.g., a court or a government agency) when required to do so by law. Please note that the LexDAO membership is represented by a non-fungible token which is minted in the Polygon blockchain. If you decide to become a LexDAO member you will receive the membership NFT and some of your personal data will be recorded in the Polygon public blockchain. Public blockchains are distributed ledgers intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis, which can lead to deanonymisation and the unintentional revelation of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled or operated by the Organization, we are not able to erase, modify, or alter personal data from such networks.
- Your privacy rights As a data subject, under the GDPR you have the following rights in relation to the personal data you provide: The right to be informed – you have the right to receive appropriate transparent information about the processed personal data, the purposes and basis of the processing, the recipients or categories of recipients to whom your personal data has been or will be disclosed, the storage period, as well as any other information about your personal data.
The right of access – you have the right to access your personal data processed by LexDAO, as well as to request a copy of the personal data in a structured, commonly used format.
The right to rectification – you have the right to request rectification of your personal data if it is incomplete, inaccurate or out of date.
The right to erasure (the right to be forgotten) – you have the right to request the erasure of your personal data under particular circumstances: it is no longer necessary in relation to the purposes for which it was collected; you have withdrawn your consent to the processing, and there is no other legal basis for processing; when your personal data has been unlawfully processed; in the presence of other legal grounds.
The right to object – you have the right to object to the processing of your personal data.
The right to restrict processing – you have the right to withdraw your consent to the processing of your personal data by the controller or the processor at any time and free of charge.
The right to data portability – you have the right to request the transfer of your personal data to another personal data controller when technically feasible.
Right of protection – you have the right to defend your rights by judicial or administrative means if you believe that your rights as a data subject have been infringed in any way.
Rights related to automated decision-making and profiling.
Last revised Mar 26, 2023