Last updated: 18th May 2023
Validation Cloud operates the Websites and determines the collection and use of personal data. As such we are the “controller” or “covered business” for purposes of privacy laws and regulations. If you have any questions about this Policy, you may contact us at Dammstrasse 16, 6300 Zug, Switzerland, or by emailing us at firstname.lastname@example.org. This Policy provides you with notice about how we collect and use your personal data, as well as what rights you have and how to exercise those rights.
For this Policy, we will refer to Validation Cloud interchangeably as Validation Cloud, we, our, or us, and users and visitors to our Websites as “you” and “your.”
Specific Information about this Policy
This Policy is described in a concise, transparent, intelligible, and easily-accessible form. It is set forth in a series of specific components describing how the Policy operates and how it meets certain privacy rights.
This Policy describes what personal data (as we describe further below) we collect about you, how your personal data may be used and shared (if at all), and how your Personal Data will be stored, and how you can access, modify, and if needed, request deletion of your personal data.
Changes to this Privacy Notice
We reserve the right to revise this Policy at any time. We will notify you of any material changes to the Policy by providing a link to the new Policy on our Websites. Therefore, we encourage you to periodically read this Policy to check for any revisions. We recommend that you store a copy of this Policy and any future versions that may apply to you from time to time for your records.
Data Privacy Statement
The purpose of Validation Cloud is to connect organizations into Web3 through a fast, scalable, and intelligent platform. Validation Cloud provides node, staking, and data-as-a-service.
This Policy applies to individuals who are members of the public at large who use the Websites. As such, the privacy of its users is of prime importance. This Policy applies to every covered person, regardless of where you reside, who has dealings with us that results in the collection of personal data. However, please be aware that if you reside in Switzerland, this Policy is designed to meet the requirements of the Swiss Federal Act on Data Protection (“FADP”), including the Ordinance to the Federal Act on Data Protection (“OFADP”), as well as the Telecommunications Act (“TCA”); if you are a resident of the European Economic Area, this explanation and summary of the Policy is designed to meet the requirements of the General Data Protection Regulation (“GDPR”).
“Personal Data” means information relating to an identified or identifiable individual or under the current FADP legal entity, such as personal data that we obtain about you when you interact with us via one of our Websites. Personal data does not include any data that is anonymized or data that cannot identify you in any way.
“Data Protection Manager” means the data protection manager we have engaged to oversee compliance with this Policy. If you have any questions about this Policy or how we handle your Personal Data, please contact email@example.com.
The types of Personal Information we may collect include:
- Personal contact information, such as name, postal address, title, telephone number, and email address
- Social media account information and other information you may share or make public when interacting with us on social media. The following Personal Data is, for example, collected, when you like, comment or share our content: contact information, IP address, and liked/commented/shared content.
- Web3 protocol information such as a wallet address or decentralized name service addresses (for staking services), and smart contracts or addresses interacted with via our nodes.
- Internet Protocol (IP) address associated with a computing device that you use to access our Websites as well as date and time of access, name and URL of the data accessed, the website from which access is made to our domain, your computer’s operating system and the browser you use, the country from which access to our website is made, and the name of your Internet provider.
- Depending on the type of services purchased, Validation Cloud may also collect and require you to provide information including but not limited to proof of identity, proof of residency, incorporation documents, and/or documents proving authority to sign.
- Log Files: We may make use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, viewed pages, clicked links, and any other information your device, application, and/or browser may send to us. We may use such information to personalize your experience when using our Services, analyze trends, administer the Services, track your use of the Services, gather demographic information, and analyze security aspects.
Inferences drawn from the Personal Data listed above, in combination with other information collected during your visit to our Websites, which may be used to create a profile or summary about your commercial preferences, including your browsing habits while you visit our Websites (see "Tracking-Tools" below).
How we collect your Personal Information
We may collect Personal Data about you that you voluntarily agree to provide when you visit our Websites. Such collection may occur when: (1) you communicate with us via email or other channels, like with our contact form; (2) you sign up for or request that we send you newsletters, alerts, or other materials; (3) you apply for a job with us; (4) you sign up for an event with us; (5) you respond to our communications or requests for information; (6) you visit our Websites (so-called log files), and (7) you sign up for services by Validation Cloud.
Third-Party Sources: We may receive information about you from other sources, such as social media platforms or our business affiliates when you interact with us on those sources or platforms, or access our social media content. In some cases, we may collect information from third parties as directed by you. In order to obtain complete information about Third-Party Sources, we request that you consult the privacy policies of any third-party services.
Cookies and Web beacons: We, our subsidiaries, and our service providers use various technologies to collect information about you, including cookies and web beacons (i.e. pixel tags). Cookies are small data files stored in the device memory of your computing device that help us to, among other things, improve your experience while using our Websites, see which areas and features of our Websites are popular, and count visits. Web beacons are clear, electronic images that may be used on our Websites or in our emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine if an email has been opened and acted upon. For information on which cookies are used for tracking purposes see below under "Tracking-Tools".
How we use your Personal Information
We use your Personal Information for various specific purposes, including to:
- Respond to your inquiries or requests for information. In these cases, we process your Personal Data for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR or based on our legitimate interest (answering your inquiry) according to art. 6 para. 1 lit. f GDPR.
- Respond to your messages that you submit via our contact form. In these cases, we process your Personal Data, such as your first name, family name, e-mail and your message to us based on our legitimate interest (answering your contact request) according to art. 6 para. 1 lit. f GDPR.
- Provide you with services, and send service-related communications. In these cases, we process your Personal Data for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR.
- Send you newsletters, updates, event information, marketing communications, and other information that may interest you. In these cases, we process the Personal Data based on your consent according to art. 6 para. 1 lit. a GDPR. In some cases you may receive marketing information on products because you have bought similar products. In the latter case we process your information based on our legitimate interest (marketing to pre-existing customers) according to art. 6 para. 1 lit. f GDPR. If you no longer wish to receive marketing communications from us, you can let us know by sending an email to firstname.lastname@example.org, or you may follow opt-out instructions included with those communications.
- Conduct data analytics studies to review and better understand how our Websites are being used. In these cases, we have a legitimate interest according to art. 6 para. 1 lit. f GDPR.
- Enable the use of the Websites (connection establishment), to ensure the long-term security and stability of the system and to optimize the Websites, and for internal statistical purposes. However, such information will not be linked to or stored with Personal Data. Only in the case of an attack on the network infrastructure of our Websites or in case of suspicion of other unauthorized or improper use of the Websites, the IP address will be evaluated for clarification and defense and, if necessary, used in criminal proceedings for identification and to bring legal action against the users concerned under civil and criminal law. In this case, we have a legitimate interest according to art. 6 para. 1 lit. f GDPR.
- Process your job application, which may be enabled directly on our website. There you have to directly enter specific Personal Data, such as your first name, family name, e-mail, phone, location and information about your education. You are able to upload other application documents such as your resume, on the Website. In this case, we process your Personal Data for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR. Application documents of unsuccessful applicants will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period.
Disclosing your Personal Information to Third Parties
Validation Cloud does not sell your Personal Information to third parties.
However, various third-party service providers are explicitly mentioned in this Policy. We may share your Personal Data to our subsidiaries or non-related third-party service providers that perform services on our behalf
- AirTable, 799 Market Street, 8th Floor. San Francisco, CA 94103, USA
- Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA
- Auth0, Inc., 10800 NE 8th St #700, Bellevue, WA 98004, USA
- Datadog 620 8th Ave 45th Floor, New York, NY 10018 USA
- Greenhouse, 18 West 18th Street, 11th Floor New York, NY 10011, USA
- Greenhouse, 42 Charlemont Exchange – Suite 02W105, Dublin 2, D02 VN88, Irland
- Medium, 799 Market St 5th Floor, San Francisco, 94103, USA
- Salesforce, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA
- Sanity, 2345 Yale St, Palo Alto, California, 94306, USA
- SendGrid, 1801 California St #500, Denver, CO, 80202, USA
- Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105-2250, USA
- Stripe Capital Europe, Limited, Ireland
- Stripe Payments UK, Ltd.
- Stripe Technology Europe, Limited, Ireland
- Stripe, Inc. 354 Oyster Point Blvd, South San Francisco, CA 94080, USA
- The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Avenue, Northeast, Suite 5000, Atlanta, GA 30308, USA
- TypeForm, Carrer de Bac de Roda, 163, Barcelona, Spain
- Vercel 440 N Barranca Ave #4133, Covina, CA 91723, USA
- Workable, 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom,
- Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
- Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google")
In many instances, these activities are for the purpose of completing a service request or inquiry from you, or to inform a previous user about new services which may be of interest. In these cases, we process your Personal Data for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR, or based on our legitimate interest according to art. 6 para. 1 lit. f GDPR.
Data Sharing and Cross-Border Transfers
We may share your Personal Data with subsidiaries or affiliates of Validation Cloud, when necessary to pursue our legitimate interest in fostering the activities of the Validation Cloud. In some instances, that sharing requires us to transfer your Personal Data to one or more of our affiliates outside of Switzerland, including to the United States, where your Personal Data is stored.
When we transfer your Personal Data to another country, we ensure that our affiliate is able to provide the same adequate protection of that data as we provide, through internal standard contractual clauses or binding corporate rules.
In addition, we may share your Personal Data with a third party in order to complete our business commitment to you or to comply with a legal obligation associated with our relationship, as necessary to administer that relationship with you or in relation to our Websites. In those situations, Validation Cloud conducts the same evaluation of adequacy to ensure that your Personal Data is protected. We will ensure by contract that the third party will not be permitted to process your Personal Data for any other purposes and in any other manner than we would be permitted.
Validation Cloud will not share or sell your Personal Data with a third party for any purpose other than to comply with a legal obligation, as necessary to facilitate or complete our business relationship with you or in relation with the optimization of the Websites.
Links to other Websites and Third-Party content
We may provide links to or embed content hosted by third-party websites, services, and applications that operate outside the control of Validation Cloud. Third-party services may include an activity feed, social media buttons, and widgets. This Policy does not address the privacy, security, or other practices of third parties that provide such content. We encourage you to review the privacy policies of those third parties before providing any information to us through them.
The Websites uses Google Analytics, a web analysis service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google") on the basis of your consent according to art. 6 para. 1 lit. a GDPR. Google Analytics uses methods that allow an analysis of the use of the website, such as "cookies". These generates information about your use of the Websites such as
- navigation path that a visitor takes on the site,
- length of stay on the Website or sub-page,
- the sub-page on which the Website is left,
- the country, region, or city from where access takes place,
- device (type, version, colour depth, resolution, width and height of the browser window),
- recurring or new visitors,
- browser type/version,
- the operating system used,
- the referrer URL (the page previously visited),
- host name of the accessing computer (IP address), and
- time of the server query
that are transferred to the USA and stored there on servers of Google, a company of the holding company Alphabet Inc. The IP-address will be shortened by the activation of IP anonymisation (“anonymizeId P”) on our Websites, before transmission within the member states of the European Union or other states party to the agreement on the European Economic Area, as well as in Switzerland. The anonymised IP address that the user’s browser transmits within the scope of Google Analytics will not be merged with any other data held by Google. In exceptional cases only, the complete IP address may be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.
The information is used in order to evaluate the use of the Websites, to compile reports on the activities on the Websites and to provide other services related to the use of the Websites and the Internet for the purposes of market research and tailor-made website design. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google’s behalf. According to Google, no connection is ever made between the IP address and other data relating to the user. You can prevent the collection of the data (including the IP address) generated by the cookie and related to the Website use by the respective user’s as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link:http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in, you can amend your browser settings to prevent the collection of Personal Data by Google Analytics on this website in the future (see "Your Choices" below).
For the creation of pseudonymized user profiles for advertising and analysis purposes, we rely on a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. This applies to all listed data processing operations. The legitimate interest consists of direct marketing and analysis of the use of our website.
You can object to the aforementioned data processing in various ways:
- by adjusting your browser settings accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;
- by disabling cookies for conversion tracking by setting your browser to block cookies from the domain, https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies;
- by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads", through the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
- by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin.
Links to our social media presences
We have incorporated links to our social media profiles on the following networks:
- GitHub of GitHub Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA, https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement;
- Linkedin, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
- Gitbook, 23 rue Paul Montrochet, 69002 Lyon, France
- Twitter of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, https://twitter.com/en/privacy
- Medium.com,799 Market St 5th Floor, San Francisco, United States. https://policy.medium.com/medium-privacy-policy-f03bf92035c9
If you click on the relevant social network icons, you will be automatically redirected to our profile on the relevant network. In order to use the functions of the relevant network there, you must log in to your user account for the relevant network. When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This gives the network the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged in to your account on the relevant network, the contents of our page may be linked to your profile in the network, which means that the network can link your visit to our Websites directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the relevant network after clicking on the link.
- Withdrawal of Consent: You may withdraw your consent for us to collect, use, and disclose your Personal Data at any time with effect for the future by unsubscribing to any email or by sending us an email to email@example.com
- Disabling Cookies: You may choose to disable our cookies via your internet browsers and computing devices. Most browsers and computing devices include settings that allow you to clear or decline cookies. If you disable cookies, however, some of the features of our Websites may not function properly. To prevent your data from being used by Google Analytics or any other web-based analytical tool, you can install the appropriate opt-out browser add-on.
- Disabling Web Beacons: In order to prevent the use of Web Beacons, please set your email programme so that no HTML is displayed in messages, if this is not already the case by default. On the following pages you will find explanations on how to make this setting for the most common email programmes (Microsoft Outlook or Email for Mac (“Download remote content in messages”)).
- Opt-Out Information: If you no longer wish to receive marketing communications from us, you can let us know by sending an email to firstname.lastname@example.org, or you may follow opt-out instructions included with those communications. If you choose to opt-out, we may still send you non-promotional communications (e.g., responses to questions you ask or information you solicit).
Your Rights and Obligations
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during the period in which our relationship is active.
Your rights in connection with Personal Data
Under certain circumstances, under applicable privacy laws, you have the right to:
- Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are processing it lawfully.
- Request correction of the Personal Data. This enables you to request that we correct errors in your Personal Data.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that causes you to object to processing on this ground.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or reason for processing it.
- Request the transfer of your Personal Data to another party, which we may be able to do if it is feasible to do so (e.g., if such a transfer can be accomplished technically) or if it is appropriate to do so (e.g., if the other entity is willing to accept your Personal Data directly from us).
- Right to file a complaint with the competent data protection authority at any time.
- A final right you have is to request erasure of your Personal Data from our structured applications. This right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing. However, you should be aware there are specific exemptions under which Validation Cloud will NOT honor a request for erasure:
- Where we have an ongoing legal obligation to retain your Personal Data because of a regulatory requirement (e.g., securities laws, KYC, AML);
- Where retaining the information is necessary for us, our affiliates, or our service provider(s) to complete the transaction for which we collected the Personal Data, to provide a good or service that you requested, to take actions reasonably anticipated within the context of our ongoing business relationship with you, or to otherwise perform our contract with you; and
- Where the continued use of your Personal Data is necessary in order to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
If you want to review, verify, correct, or request erasure of your Personal Data, object to the processing of your Personal Data, revoke your consent or request that we transfer a copy of your Personal Data to another party, please contact our Data Protection Manager in writing.
Information for European Economic Area and Swiss Residents
When we process your personal data, we will only do so when we have your consent or if we can rely on any other legal basis permitting the processing of personal data. When processing is based on consent, you have the right to revoke your previously granted consent at any time with effect for the future by sending an email to email@example.com.
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Data are available in our retention policy, which is available from our Data Protection Manager. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. When permitted or it is appropriate to do so, we will securely destroy your Personal Data in accordance with applicable laws and regulations. There may be specific statutory data retention obligations. Swiss law requires, for example, that business communication, concluded contracts and booking receipts must be stored for up to 10 years.
We are entitled to pass on your personal data to third-party companies abroad as described above under "Disclosing your personal data to Third Parties". These third-party companies are obliged to respect your privacy to the same extent as we do. If the level of data protection in a country is considered inadequate within the meaning of the FADP or the GDPR, we will ensure, by means of a contract, that your personal data is protected according to Swiss regulations or the GDPR at all times.
Subject to certain limitations, you have the right to request to know more about the Personal Data (and categories of information) we collect, use, and disclose, and to request the deletion of your Personal Data. To make any such a request, please send an email to firstname.lastname@example.org.
Validation Cloud will not disclose your personally identifiable information to third parties for marketing without giving you notice and getting your consent. Please note this opt-out doesn’t prohibit disclosures for non marketing purposes. You can opt out for free by contacting us at email@example.com or writing to us at: Dammstrasse 16, 6300 Zug, Switzerland.
Some website browsers may be able to send a do not track signal to websites. Our Website does not respond to do not track signals or similar mechanisms and requests. If you block cookies through your browser, you will block cookies, as noted above.
Information and Privacy Security
Validation Cloud uses a variety of adequate physical, administrative, and technological safeguards designed to protect your Personal Data against loss, misuse, and unauthorized access or disclosure and follows the applicable legal and regulatory requirements for safeguarding such information. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures. Our measures consider the sensitivity of the information we collect, use, and store, and the current state of technology. Our security measures include data encryption, firewalls, data use and access limitations for our personnel and subcontractors and physical access controls to our facilities and cloud-based data storage servers.
Please be aware that, you are responsible for keeping account information for accessing any of our networks operated confidential. Despite our best efforts, no security measures are perfect. As a result, we cannot guarantee or warrant the security of any submitted Information. In the event of a security breach that involves your Personal Data, Validation Cloud will notify the appropriate officials and notify you if we have reason to believe that your data has been compromised.
Affirmative Consent and Withdrawal Right