Last Updated: September 2021
This Policy sets out what Personal Data (as defined below) we collect, how we process it and how long we generally retain it. This Policy applies to our processing activities related to our websites where we act as a data controller, including https://rootstock.io/, https://rifos.org, https://iovlabs.org, https://explorer.rsk.co, https://explorer.testnet.rsk.co and it´s subdomains (the “Websites”).
In this policy, “user,” “you,” and “your” refer to the person or entity accessing or using the Websites. “We,” “us,” and “our” refers to IOV Labs Ltd., a company incorporated in Gibraltar with its registered address at Suite 2a, 2nd Floor, 5/4 Crutchett’s Ramp, Gibraltar, GX11 1AA and incorporation number 116697 and its affiliates. For more information about us, see the Contact Us section of this policy.
In this Policy, “Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In this Policy, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
If you are viewing this policy online, you can click on the
below links to jump to the relevant section:
We collect information about you when you:
The personal information we collect might include your:
Name; address; email address; social media handles; IP address; the type of device through which you browse our Websites which may including the operating system; your location; time date and duration of your visit to our Websites; and previous visits to our Websites.
We use Personal Data about you in connection with the following purposes:
Provision of services and management:
If you no longer want your Personal Data used for marketing purposes, please contact us via the contact details provided below or click on the unsubscribe link contained in any of our email communications with you.
We do not use automated-decision making methods. This means decisions are not made by robots or computers and therefore not ‘automated’. However, certain third parties may use certain automated decision-making tools or software. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.
Use of Third Party Applications & Cookies
In addition to the uses of cookies described above, these entities may use other methods, such as the technologies described below, to collect information about your use of our website and other websites and online services. These are:
Pixels tags – Pixel tags (which are also called clear GIFs, web beacons, or pixels), are small pieces of code that can be embedded on website and emails. Pixels tags may be used to learn how you interact with our Websites pages and emails and this information helps us and our partners provide you with a more tailored experience.
Device Identifiers- A device identifier is a unique label can be used to identify a mobile device. Device identifiers may be used to track, analyze and improve the performance of the website and ads delivered.
We use the following third party services:
We use Google Analytics to analyze the use of our Websites. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our Websites is used to create reports about the use of our Websites. More information on how Google collects and processes data can be found here www.google.com/policies/privacy/partners/. The relevant cookies are: “_gat. _anonymizeIp”
You may prevent Google Analytics from using cookies when you visit our Websites at any time by means of a corresponding adjustment to the settings of your web browser.
You also have the option of objecting to the collection of Personal Data by Google Analytics from our Websites by downloading and installing a browser add-on which can be found under the link https://tools.google.com/dlpage/gaoptout
Google Analytics, it purpose and function is further explained under the following Link https://www.google.com/analytics/
We use Facebook pixels to analyze and optimize the use of our Websites and our marketing. Facebook gathers information about website use by means of cookies. The information gathered relating to our Websites is used to create reports about the use of our Websites, and for marketing purposes.
Facebook’s Data policy is available at: https://www.facebook.com/about/privacy/update. The relevant cookies are: “Facebook Pixel Code”
You may prevent Facebook from using cookies when you visit our Websites at any time by means of a corresponding adjustment to the settings of your Facebook account.
Further information and the applicable data protection provisions of Facebook please visit https://www.facebook.com/business/gdprhttps://www.facebook.com/business/news/facebooks-commitment-to-data-protection-and-privacy-in-compliance-with-the-gdpr.
Facebook Pixel, it purpose and function is further explained under the following Link https://www.facebook.com/business/learn/facebook-ads-pixel
Amazon Web Service
We use Amazon Web Service to host our Websites. Amazon Web Service is a cloud based service with servers located throughout the world. Therefore, it is possible that your Personal Data will be stored outside the EEA. However, Amazon Web Service is part of the EU-US Privacy Shield scheme that seeks to secure your data to an equivalent level as that required within the EEA.
Social Media Links
We use links to our social media profiles on our Websites. When you click on those links those services might also collect Personal Data. Please refer to the respective privacy policies below for more information.
Facebook: https://www.facebook.com/policy.php Twitter: https://twitter.com/privacy Instagram: https://help.instagram.com/519522125107875 LinkedIn: https://www.linkedin.com/legal/privacy-policy Telegram: https://telegram.org/privacy
When you visit our site, you are able to opt-out of the use of all cookies which are not strictly necessary. If you opt-out, you may continue to browse our Websites but certain functionality may not be available due to technological constraints as some features of our Websites relies on cookies to operate correctly.
Retention periods are determined based on the type of record, the nature of the record and activity and the legal or regulatory requirements that apply to those records. Typically, Personal Data which is collected pursuant to our legal obligations (such as Anti-Money-Laundering obligation) are retained for 5 years. Where Personal Data is collected pursuant to a contract or prior to the creation of a contract, these are retained for 6 years after the termination of the contract pursuant to our legitimate interests in defending any legal claims which may be brought against us.
However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person or where we have a legitimate interest to do so.
All Personal Data is retained in accordance with our internal Retention and Deletion Policy.
We may pass your information to our related entities, affiliates, administration centers, third party service providers, agents, subcontractors and other associated organizations for the purposes of completing tasks and providing our services to you.
In addition, when we use any other third party service providers, we will disclose only the Personal Data that is necessary to deliver the service required and we will ensure that they keep your information secure and not to use it for their own direct marketing purposes.
In addition, we may transfer your Personal Data to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganization, or if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
Transferring your information outside of the European Economic Area
We may share your Personal Data with third party companies where we have a legal basis for doing so such as to provide you with our services or because we ourselves use service providers outside of the European Economic Area (EEA). The EEA includes the European Union countries as well as Iceland, Liechtenstein and Norway. Transfers outside of the EEA are sometimes referred to as ‘third country transfers’.
If we transfer your information outside of the EEA to third parties, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Policy. This may require us to take certain additional steps to ensure that appropriate safeguards are in place if that third country is not deemed by the European Commission to offer an adequate level of protection for your privacy rights, which may include use of contractual safeguards to allow you to be able to enforce your rights and ensure these are preserved. In certain circumstances, we may need to ask you for your explicit consent to such third country transfers and will always do so in writing and will give you full information about why we need your consent and your right to withdraw that consent at any time (together with the consequences of withdrawal).
You may have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website (https://ec.europa.eu/info/law/law-topic/data-protection_en).
Right to Information and access
Right to rectification
You have the right to have any inaccurate Personal Data about you rectified and to have any incomplete Personal Data about you completed. You may also request that we restrict the processing of that information.
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your Personal Data in the following circumstances:
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
You also have the right to object to processing of your Personal Data under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
As explained above, we do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your Personal Data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless:
You have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above); or
You have otherwise given your prior consent (such as when you download one of our guides).
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your Personal Data. You may also opt-out at any time by contacting us on the above details.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Data that we hold or process. To protect your Personal Data, we follow internal verification and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the above details.
Right to withdraw consent
Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your Personal Data
If you wish to raise a complaint on how we have handled your Personal Data, you can contact us via the contact details provided below and we will then investigate the matter.
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act, which is presently the Gibraltar
Regulatory Authority (GRA). You may contact the GRA on the below details:
Gibraltar Data Protection Commissioner Gibraltar Regulatory Authority 2nd Floor, Eurotowers 4 1 Europort Road Gibraltar Email: email@example.com Phone: (+350) 200 74636 Fax: (+350) 200 72166
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
Review of this Policy
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes, and change the ‘Last updated’ date above. We encourage you to review the Policy whenever you access or use our Websites to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of the Websites.
Any questions regarding our Policy or your rights as a Data Subject should be sent to: firstname.lastname@example.org