Table of content

Privacy Policy

Effective date: August 31, 2021

At GATACA, we know that you care about your personal data and want you to know how we will process it. With our Privacy Policy (“Policy”) we aim to explain in a clear and transparent manner, how and when we collect, share and protect your personal data.

This Policy applies to the Website, Gataca Platform, the Wallet and any other products and services (collectively, “Services”) provided by GATACA.

Please note that anonymised information or purely statistical data used by GATACA will not be considered personal data.

1. Who are we?

Gataca España S.L.U., a Spanish limited liability company, with tax identification number B88524525, duly registered in the Madrid Commercial Register, Volume 39832, Folio 100, Entry 8, Page M707679, and its affiliates (“Gataca” or “we” or “our”) will act in the capacity of Data Controller.

2. Definitions

Service/s
Service/s means the website gataca.io (the “Website”), a backend platform and client applications (collectively, “Gataca Platform”) a mobile application called GATACA Wallet (the “Wallet”) and any other online products and services provided by GATACA.
Personal Data
Personal Data means data about natural persons who can be identified, directly or indirectly, from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies
Cookies are small files that may be stored on your device (computer or mobile device).
DIDs
Decentralized IDentifiers (DIDs) are a new type of identifiers that enable verifiable, decentralized digital identity. The Wallet and the GATACA Platform creates on your behalf one or more DIDs.
Cryptographic keys
The GATACA Wallet creates on your behalf one or more cryptographic key pairs for each DID. Cryptographic key pairs are composed of one public key and one private key. The public keys will be linked to your DIDs and published on a designated blockchain network.
Secrets
Secrets are any private key or security code chosen by you or automatically generated by the Service.
Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Policy, we are a Data Controller of your Personal Data.
Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of us, the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.

3. Information, Collection and Use

By reading and accepting this Policy, you are informed of the circumstances in which your Personal Data will be processed in relation to the Service. Furthermore, in the event that this is the necessary legal basis for the processing of your data, your free, informed, specific and unambiguous consent will be requested so that the Personal Data that you provide through the Service or any forms dependent on the Service may be processed by GATACA, as well as the data derived from your browsing and any other data that you may provide in the future.

The data requested through the Service are generally mandatory (unless otherwise specified in the required field) in order to fulfil the purposes for which they are being collected.

Therefore, if your Personal Data is not provided or is not provided correctly, the Service cannot be fulfilled, without prejudice to the fact that you may freely view the content of the Service.

Please read this Policy carefully before using the Service.

4. What personal data does GATACA access about You?

We may collect your Personal Data from different sources:

Data that you provide to us:

Identity data: your first name, last name, date of birth, role, employer and country;
Contact data: telephone number and e-mail address;
Profile data: interests, preferences, feedback, forms and survey responses;
Correspondence data: feedback, problems with the Service, received customer support or otherwise corresponded with us;
Ordering data: contracts, purchases you make through the Service and billing details;
Payment data: your credit card number, bank account number and any other payment-related information.

Data that we collect automatically:

Technical data: your Decentralized Identifiers (DIDs), public keys and your unique device identifier.
Browsing data: the Service may automatically detect your IP address, domain name, unique device identifier, device and browser type, operating system, demographic information, the pages of our Sites to you browsed and the time spent on those pages or features, the frequency with which the Sites are used by you, search terms, the links on our Sites that you clicked on and other statistics. We use this information to administer the Service and we analyze this information with the purpose of improving the Service.

Information we will never collect:

We will never ask you to share your Secrets.

5. What Third Party Services do we use to collect and process your Data?

We use cookies to collect Usage Data through the Website. You can control the use of cookies in your browser. For more information, please see our Website’s Cookies Policy.

We use Google Analytics to collect Usage Data through the Website. You can find more information about Google Analytics’ use of your personal data here: https://marketingplatform.google.com/about/analytics/terms/us/

We use HubSpot, a customer relationship management software, in order to store information you provide to us. You can find more information about Hubspot’s use of your Personal Data here: https://legal.hubspot.com/privacy-policy

We use Holded, an accounting software, to store identity, contact, ordering and payment data. You can find more information about Fullstory’s use of your personal data here: https://www.holded.com/privacy

We use Amazon Web Services to store technical data. We only use servers located in Europe. You can find more information about Amazon Web Services use of your personal data here: https://aws.amazon.com/privacy

6. What are the purposes and legal basis for the processing of your data?

PURPOSE	COLLECTED DATA	LEGAL BASIS
To provide you with access to our Services and execute the legal contracts that govern the use of our Services	Identity, contact, technical, usage, ordering, and payment data	Necessary for the provisioning of the Service Necessary to comply with legal obligations Legitimate interest in improving our Service Consent of the Data Subject
To respond to any inquiry raised by you in the "Contact us" section of our Website	Identity, contact, and correspondence data	Consent of the Data Subject
To provide customer support and to detect, prevent and address technical issues of the Service	Identity, contact, correspondence, profile, technical & usage data	Necessary for the provisioning of the Service Necessary for the performance of a contract to which the data subject is party Legitimate interest in improving our Service
To improve our Service	Technical & usage data	Legitimate interest in improving our Service
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased	Identity and contact	Legitimate interest in advertising our products and services unless the Data Subject opted not to receive such information. Consent of the Data Subject

7. With which recipients will your data be shared?

We do not share the Personal Data that you provide to us with other organizations without your express consent, except as described in this Policy. We disclose Personal Data to third parties under the following circumstances:

Affiliates: We may disclose your Personal Data to our corporate affiliates (i.e. our family of companies that are related by common ownership or control) for purposes consistent with this Policy.
Business Transfers: We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction.
Compliance with Laws and Law Enforcement: Protection and Safety. We may share Personal Data for legal, protection, and safety purposes.
Professional Advisors and Service Providers: We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

8. International transfer of Data

Personal Data that GATACA processes may be transferred to third parties based in countries outside the European Economic Area (EEA). These transfers will be performed according to the appropriate safeguards to ensure an equivalent degree of protection as set out in the GDPR, which may include the relevant Standard Contractual Clauses.

9. Retention of Data

GATACA will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

GATACA will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

10. Your Data Protection Rights under the General Data Protection Regulation (GDPR)

GATACA aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.

Under GDPR you have the following data protection rights:

The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section in the corresponding Service. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your Personal Data rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
The right to data portability. You have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where GATACA relied on your consent to process your Personal Data.

11. Changes to this Privacy Policy

We may update our Policy from time to time.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Policy.

You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

12. Contact

If you have any questions about this Policy, please contact us by e-mail: gdpr@gataca.io.

Table of content