Privacy Policy – GiveOnChain

Last updated: October 18, 2024

1. Definitions

For the purposes of this Policy, the following terms have the meanings set out below:

  • "Platform" or "GiveOnChain": the website, Web3 interface and all online services provided under the "GiveOnChain" name, enabling in particular the creation and management of crowdfunding campaigns using cryptocurrencies.
  • "Data Controller": the legal or natural person who determines the purposes and means of the processing of personal data, as identified in Article 2.
  • "User": any natural person who accesses the Platform, whether or not they have an Account, and whatever their role (visitor, Project Owner, Contributor).
  • "Account": the personal space created by a User on the Platform.
  • "Project Owner": any User who creates and publishes a crowdfunding campaign (a "Campaign") on the Platform.
  • "Contributor": any User who makes a contribution in cryptocurrency to a Campaign via the Platform.
  • "Personal Data" or "Data": any information relating to an identified or identifiable natural person, within the meaning of Regulation (EU) 2016/679 ("GDPR"), where applicable.
  • "KYC" ("Know Your Customer"): identification and identity-verification procedures implemented in particular for regulatory compliance purposes (anti-money laundering and counter-terrorism financing).
  • "Wallet": a cryptocurrency wallet controlled by the User (for example via MetaMask or any compatible wallet).
  • "Tokens" or "Cryptocurrencies": digital assets supported by the Platform, currently including ETH, USDC and USDT, subject to changes to the list of supported assets.
  • "On-chain Data": data that is permanently recorded on a public blockchain (for example, transactions, amounts, wallet addresses, timestamps).

2. Data Controller and Scope

2.1. Data Controller

The Data Controller for the processing of Personal Data collected through the Platform is:

GiveOnChain SAS

Address: 37 Bd Suchet, 75016 Paris, France

Email: [email protected]

2.2. Scope of this Policy

This Policy applies to all processing of Personal Data carried out when browsing and using the Platform, creating and managing an Account, creating and managing Campaigns, making Contributions, and communicating with the GiveOnChain team.

This Policy does not cover processing carried out independently by Project Owners outside the Platform or by third parties acting as separate data controllers.

3. Data We Collect

GiveOnChain is committed to collecting only the Personal Data that is strictly necessary for the purposes described in Article 4.

3.1. Identification and account data

  • First name, last name (where provided or required)
  • Display name / username
  • Email address
  • Language / communication preferences
  • Password (if a classic login system is used – stored in hashed/encrypted form)

3.2. Wallet and transaction data

  • Wallet addresses connected to the Platform
  • Blockchain network used (for example: Ethereum)
  • Contribution-related information: transaction identifier (hash), amount and type of Token (ETH, USDC, USDT), date and time of transaction, related Campaign, status of the Contribution

Important – Public On-chain Data: On-chain Data (wallet addresses, amounts, transaction hashes) is, by design, public and immutable on the blockchain. This Policy primarily governs how GiveOnChain may associate or use On-chain Data together with off-chain Data in the context of the Platform.

3.3. KYC and verification data

For certain Users, in particular Project Owners and, where relevant, some Contributors, GiveOnChain may collect:

  • Identity information: first name, last name, date and place of birth, nationality, postal address, copy of an official identity document
  • Entity-related information (for legal entities): legal name, legal form, registration number, registered office, articles of association, information regarding directors/beneficial owners
  • Additional information that may be requested by the KYC provider: selfie, short identification video, proof of address, etc.

3.4. Technical and usage data

  • IP address
  • Log data
  • Browser type and version, operating system, device type
  • Dates and times of visits, pages viewed, time spent
  • Error logs, performance data

3.5. Communication data

  • Content of messages sent via contact forms or by email
  • Information relating to support requests (subject, timestamps, follow-up)
  • Any feedback, surveys and comments regarding the Platform

4. Purposes and Legal Bases

GiveOnChain processes Personal Data for the purposes set out below, on the following legal bases (where GDPR is applicable):

4.1. Providing and operating the Platform

Purposes: Creating and managing User Accounts, enabling Campaign creation and management, enabling Contributions, managing the Milestone system and refund mechanisms.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) – i.e. the Terms of Use accepted by the User.

4.2. KYC, compliance, fraud prevention, AML / CFT

Purposes: Implementing KYC procedures, wallet screening, detecting and preventing fraud, complying with anti-money laundering and counter-terrorism financing obligations.

Legal bases: Compliance with legal obligations (Article 6(1)(c) GDPR); Legitimate interests (Article 6(1)(f) GDPR).

4.3. Security and integrity of the Platform

Purposes: Managing IT and network security, detecting technical anomalies, protecting Platform integrity.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

4.4. Service improvement and statistics

Purposes: Analyzing platform usage, measuring audience and performance, developing and improving features.

Legal bases: Legitimate interests (Article 6(1)(f) GDPR); Consent (Article 6(1)(a) GDPR) where required.

4.5. Communication with Users

Purposes: Responding to support requests, sending service-related notifications, sending platform updates.

Legal bases: Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR); Consent (Article 6(1)(a) GDPR) for marketing communications.

5. Recipients of the Data

Personal Data may be shared only with the following categories of recipients, on a need-to-know basis:

5.1. GiveOnChain team

Authorized members of the GiveOnChain team (technical, support, compliance, product), all bound by confidentiality obligations.

5.2. Service providers and processors

GiveOnChain may use third-party providers for:

  • KYC / identity verification
  • Wallet screening and blockchain analytics
  • Hosting and infrastructure (servers, cloud, CDN)
  • Support, helpdesk and messaging tools
  • Analytics and audience measurement tools
  • Logging and security tools

5.3. Public authorities

GiveOnChain may be required to disclose certain Data to administrative, judicial or regulatory authorities where required by law.

5.4. Other Users and the public

  • Certain information about Campaigns is publicly visible on the Platform.
  • On-chain Data is public on the relevant blockchain and visible via block explorers.
  • GiveOnChain does not publish KYC Data or identity documents.

GiveOnChain does not sell Personal Data to third parties.

6. International Data Transfers

Some recipients may be located outside the European Union. Where such transfers involve Personal Data from the EU/EEA, GiveOnChain will implement appropriate safeguards (for example, Standard Contractual Clauses approved by the European Commission).

7. Data Retention

GiveOnChain retains Personal Data for a limited period, not longer than necessary in light of the purposes for which it is processed.

Indicatively:

  • Account data: for the duration of platform use, then [X years] from Account closure or last activity.
  • KYC / AML data: for the duration of the relationship, then for the period required by applicable AML/CFT regulations (often 5 years after the end of the relationship).
  • Contributions and Campaigns data: for the period necessary to manage operations and comply with accounting/tax obligations.
  • Technical and security logs: generally between [X months] and [X years], depending on needs.
  • Communication data: for the time necessary to process requests, then archived or deleted after a reasonable period.

On-chain Data recorded on the blockchain is, by nature, permanent and cannot be erased by GiveOnChain.

8. Cookies and Tracking Technologies

The Platform may use cookies or similar technologies to:

  • ensure the technical operation of the site (strictly necessary cookies);
  • measure audience and performance (analytics);
  • potentially improve the user experience.

Where required by applicable law, a cookie banner will be displayed and Users may accept, refuse or configure non-essential cookies.

9. Mandatory vs. Optional Data

Fields marked as mandatory in forms are necessary either to perform the contract or to comply with legal obligations (KYC/AML). If these mandatory details are not provided, Account creation, Campaign creation, or participation in certain operations may be impossible or refused.

10. Users' Rights

Where GDPR or similar laws apply, Users have the following rights:

  • Right of access: to obtain confirmation as to whether their Data is being processed and to receive a copy.
  • Right to rectification: to have inaccurate or incomplete Data corrected.
  • Right to erasure ("right to be forgotten"): to request deletion of certain Data, subject to legal limitations.
  • Right to restriction of processing: to request temporary suspension of certain processing operations.
  • Right to object: to object to certain processing based on GiveOnChain's legitimate interests.
  • Right to data portability: to receive certain Data in a structured, commonly used and machine-readable format.
  • Right to withdraw consent: where processing is based on consent.

To exercise these rights, Users may contact GiveOnChain at:
[email protected]

GiveOnChain will endeavour to respond within one (1) month, which may be extended by two (2) additional months where necessary.

Users also have the right to lodge a complaint with the competent supervisory authority, for example the CNIL in France (www.cnil.fr).

11. Security

GiveOnChain implements reasonable technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • encryption of communications (HTTPS / TLS);
  • access control and role-based permissions;
  • internal procedures for access management;
  • security logging for certain critical operations;
  • backups and resilience measures.

However, Users acknowledge that no system is completely secure.

12. Minors

The Platform is not intended for individuals under the age of [18]. GiveOnChain does not knowingly collect Personal Data relating to minors via the Platform.

13. Changes to this Policy

GiveOnChain may amend this Policy at any time. In case of material changes, GiveOnChain may inform Users by appropriate means (banner notice, in-account notification, email, etc.).

The version in force is the one published on the Platform at the time of use.

14. Contact

For any questions regarding this Policy or the protection of your Personal Data, you may contact:

[email protected]