Effective date: August 31, 2021
This Policy applies to the Website, Gataca Platform, the Wallet and any other products and services (collectively, “Services”) provided by GATACA.
Please note that anonymised information or purely statistical data used by GATACA will not be considered personal data.
1. Who are we?
Gataca España S.L.U., a Spanish limited liability company, with tax identification number B88524525, duly registered in the Madrid Commercial Register, Volume 39832, Folio 100, Entry 8, Page M707679, and its affiliates (“Gataca” or “we” or “our”) will act in the capacity of Data Controller.
Service/s means the website gataca.io (the “Website”), a backend platform and client applications (collectively, “Gataca Platform”) a mobile application called GATACA Wallet (the “Wallet”) and any other online products and services provided by GATACA.
Personal Data means data about natural persons who can be identified, directly or indirectly, from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small files that may be stored on your device (computer or mobile device).
Decentralized IDentifiers (DIDs) are a new type of identifiers that enable verifiable, decentralized digital identity. The Wallet and the GATACA Platform creates on your behalf one or more DIDs.
The GATACA Wallet creates on your behalf one or more cryptographic key pairs for each DID. Cryptographic key pairs are composed of one public key and one private key. The public keys will be linked to your DIDs and published on a designated blockchain network.
Secrets are any private key or security code chosen by you or automatically generated by the Service.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Policy, we are a Data Controller of your Personal Data.
Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of us, the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
3. Information, Collection and Use
By reading and accepting this Policy, you are informed of the circumstances in which your Personal Data will be processed in relation to the Service. Furthermore, in the event that this is the necessary legal basis for the processing of your data, your free, informed, specific and unambiguous consent will be requested so that the Personal Data that you provide through the Service or any forms dependent on the Service may be processed by GATACA, as well as the data derived from your browsing and any other data that you may provide in the future.
The data requested through the Service are generally mandatory (unless otherwise specified in the required field) in order to fulfil the purposes for which they are being collected.
Therefore, if your Personal Data is not provided or is not provided correctly, the Service cannot be fulfilled, without prejudice to the fact that you may freely view the content of the Service.
Please read this Policy carefully before using the Service.
4. What personal data does GATACA access about You?
We may collect your Personal Data from different sources:
Data that you provide to us:
Identity data: your first name, last name, date of birth, role, employer and country;
Contact data: telephone number and e-mail address;
Profile data: interests, preferences, feedback, forms and survey responses;
Correspondence data: feedback, problems with the Service, received customer support or otherwise corresponded with us;
Ordering data: contracts, purchases you make through the Service and billing details;
Payment data: your credit card number, bank account number and any other payment-related information.
Data that we collect automatically:
Technical data: your Decentralized Identifiers (DIDs), public keys and your unique device identifier.
Browsing data: the Service may automatically detect your IP address, domain name, unique device identifier, device and browser type, operating system, demographic information, the pages of our Sites to you browsed and the time spent on those pages or features, the frequency with which the Sites are used by you, search terms, the links on our Sites that you clicked on and other statistics. We use this information to administer the Service and we analyze this information with the purpose of improving the Service.
Information we will never collect:
We will never ask you to share your Secrets.
5. What Third Party Services do we use to collect and process your Data?
We use Google Analytics to collect Usage Data through the Website. You can find more information about Google Analytics’ use of your personal data here: https://marketingplatform.google.com/about/analytics/terms/us/
We use HubSpot, a customer relationship management software, in order to store information you provide to us. You can find more information about Hubspot’s use of your Personal Data here: https://legal.hubspot.com/privacy-policy
We use Holded, an accounting software, to store identity, contact, ordering and payment data. You can find more information about Fullstory’s use of your personal data here: https://www.holded.com/privacy
We use Amazon Web Services to store technical data. We only use servers located in Europe. You can find more information about Amazon Web Services use of your personal data here: https://aws.amazon.com/privacy
6. What are the purposes and legal basis for the processing of your data?
|PURPOSE||COLLECTED DATA||LEGAL BASIS|
To provide you with access to our Services and execute the legal contracts that govern the use of our Services
Identity, contact, technical, usage, ordering, and payment data
|To respond to any inquiry raised by you in the "Contact us" section of our Website||Identity, contact, and correspondence data||Consent of the Data Subject|
|To provide customer support and to detect, prevent and address technical issues of the Service||Identity, contact, correspondence, profile, technical & usage data|
|To improve our Service||Technical & usage data||Legitimate interest in improving our Service|
|To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased||Identity and contact|
8. International transfer of Data
Personal Data that GATACA processes may be transferred to third parties based in countries outside the European Economic Area (EEA). These transfers will be performed according to the appropriate safeguards to ensure an equivalent degree of protection as set out in the GDPR, which may include the relevant Standard Contractual Clauses.
9. Retention of Data
GATACA will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
GATACA will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
10. Your Data Protection Rights under the General Data Protection Regulation (GDPR)
GATACA aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
Under GDPR you have the following data protection rights:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section in the corresponding Service. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your Personal Data rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
The right to data portability. You have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where GATACA relied on your consent to process your Personal Data.
We may update our Policy from time to time.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Policy.
You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.
If you have any questions about this Policy, please contact us by e-mail: firstname.lastname@example.org.