logo

Privacy Policy

This privacy policy informs you about how deltaDAO AG (in the following deltaDAO) processes your personal data when you visit our portal demonstrator and when you use one of our portal demonstrator functionalities. Moreover, this privacy policy informs you about your rights.

Last updated on September 01, 2022

1. Contact details of the controller and Data Protection Officer

The controller pursuant to the EU General Data Protection Regulation (“GDPR”) for the processing of your personal data is:

deltaDAO AG
Katharinenstraße 30a (Contor)
20457 Hamburg
Germany
E-mail: contact@delta-dao.com

If you have any questions about the protection of your personal data at deltaDAO, please contact our Data Protection Officer:

Data Protection Officer
deltaDAO AG
Katharinenstraße 30a (Contor)
20457 Hamburg
Germany
E-mail: privacy@delta-dao.com

2. What's personal data?

Personal data is any information that can be directly or indirectly associated with you. deltaDAO takes the protection of personal data seriously and therefore only processes strictly necessary personal data about you. deltaDAO processes the following personal data.

  • IP address: Your IP address is processed when visiting our website.
  • E-mail address: Your e-mail address is processed if you contact us via mail. We will also process additional personal data about you if you provide them in your message (such as your name).
  • Contact and employment data: Your contact data, employer, and position at your employer are processed if a business relationship or initiation exists between you and us. We will process additional personal data about you if you provide them in your inquiry.
  • Self-Description personal data: Personal data included in your Self-Description is processed if you use our Self-Description Signer. Please note that it is not intended to include personal data in the Self-Description.

You can find further information about the processing of your personal data in the chapter “Processing operations according to Article 13 GDPR”.

3. Recipients and cross-border data transfer

3.1 Netlify

When visiting our website, your IP address is processed by Netlify, a service provider that hosts our website. Our website is served by Netlify using a Content Delivery Network, a geographically distributed network, with servers within and outside of the European Economic Area (EEA). This means, if you are located within the EEA, your IP address is highly like processed on a Netlify server within the EEA. Even if this is not the case, your personal data is appropriately handled as defined in the Standard Contractual Clauses (SCC) between Netlify and us. You can make use of your right to receive a copy of these SCC by clicking on the link below.

Here you can find Netlify's SCC (https://www.netlify.com/v3/static/pdf/netlify-dpa.pdf). Here you can find Netlify's privacy policy (https://www.netlify.com/gdpr-ccpa).

3.2 Microsoft

When you contact us via e-mail, our (mail) service provider Microsoft supports us in processing your personal data so we can communicate with you. We have restricted storage on the EEA and signed SCC with our provider. You have the right to receive a copy of these SCC. To exercise your right, please contact us at privacy@delta-dao.com.

3.3 Teamleader Focus

If a business relationship or initiation exists between you and us, our processor Teamleader Focus supports us with storing your personal data in a CRM. We signed a Data Processing Agreement (DPA) with our processor. You have the right to receive a copy of the DPA. To exercise your right, please contact us at privacy@delta-dao.com.

4. Processing operations according to Article 13 GDPR

We process your personal data to provide our website and to respond to your requests via e-mail.

4.1 Providing our website

Our processor Netlify collects and uses your IP address for providing our website on our behalf. Your IP address is not logged or stored in any other way.

Purposes:Your IP address is collected and used because it is a technical requirement for establishing and maintaining communication between your device and our website.

Legal basis:The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR.

Legitimate interests:Our legitimate interest is to provide our website to you.

Retention period:We do not maintain your IP address after visiting our website.

4.2 Contact via e-mail

We collect, use and store your e-mail address and the contained personal data, such as your name, if you reach out to us via e-mail. (Microsoft supports us technically in providing our mail service to you.)

Purposes:Your personal data is collected, used, and stored by us to respond to your inquiries.

Legal basis:The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR.

Legitimate interests:Our legitimate interest is to answer your inquiries.

Retention period:We store your personal data as long as we need it to process your inquires. We only store your personal data beyond this period if we are obliged to do so due to retention obligations or in the event of legal disputes.

4.3 CRM

If a business relationship or initiation exists between you and us, we collect, structure, organize, and store your contact data, employer, position at your employer, and inquiries in our CRM system (Teamleader). Our processor Teamleader Focus GmbH supports us with storing your personal data. Beyond that, no transmission to third parties will take place.

Purposes: Your personal data is processed by us to respond to your inquiries in an organized way and to ensure a successful business relationship.

Legal basis: The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR.

Legitimate interests: Our legitimate interest is to answer your inquiries and maintain an effective business relationship.

Retention period: We store your personal data for the period of our business relationship or initiation and as long we need it to process your inquiries. We only store your personal data beyond this period if we are obliged to do so due to retention obligations or in the event of legal disputes.

4.4 Self-Description Signer Service

We offer a Self-Description Signer which can be used by you to sing your Self-Descriptions in the context of the Gaia-X Hackathon and usage of our MVG (Minimal Viable Gaia-X) demonstrator. If you include any personal data in your Self-Description, it will be collected and sent by our service to the Gaia-X Compliance Service to validate and sign your Self-Description. Beyond that, no transmission to third parties or further processing will take place.

Purposes: Your personal data is processed by us to support you with signing your Self-Description for testing purposes in the context of the Gaia-X Hackathon and usage of our MVG demonstrator.

Legal basis: The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR.

Legitimate interests: Our legitimate interest is to provide the Self-Description Signer Service to you.

Retention period: Your personal data is only processed during the validation and signing process. We do not store your input and the response.

5. Cookies and web storage

A cookie is a file that stores information in your browser. Cookies can be either created by the website owner (first-party cookie) or by a third party (third-party cookie). When you first visit a website, your browser downloads and saves cookies. When you visit the website again, the cookie is sent to the website owner or to a third party. Some cookies are necessary for making websites work, and others are used for enhancing your experience on the visited website. Cookies can also be used for marketing and analytics purposes.

deltaDAO uses only functional first-party cookies or web storage, which do not transfer personal data about you, to operate our website and enhance your user experience. Web storage (local storage and session storage) has similar functionality to cookies. Whether we use cookies or web storage depends on your browser. You can disable cookies in your browser settings. Moreover, in your browser settings, you can delete cookies and web storage from your hard disk at any time.

6. External links

Our website contains links to websites owned by third parties. These websites are beyond our control and responsibility.

7. Your rights

Pursuant to the GDPR, you have the following rights. If you wish to exercise your rights or have any questions, do not hesitate to contact us.

7.1 Right of access (Art. 15 GDPR)

You have the right to obtain confirmation about whether deltaDAO processes personal data about you. If we do so, you have the right to access these personal data along with the information defined in Art. 15 GDPR.

7.2 Right to rectification (Art. 16 GDPR)

You have the right to obtain from us the rectification of inaccurate personal data about you without undue delay. Also, you have to obtain from us the completion of incomplete personal data about you.

7.3 Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of your personal data without undue delay, where the legal grounds defined in Art. 17 GDPR apply.

7.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing personal data about you where the legal grounds defined in Art. 18 GDPR apply.

7.5 Right to data portability (Art. 20 GDPR)

You have the right to receive from us your personal data in a structured, commonly used, and machine-readable format and the right to transmit the received data to another controller without hindrance from us, where the legal grounds defined in Art. 20 GDPR apply.

7.6 Right to object (Art. 21 GDPR)

You have the right to object to the processing of your personal data, where we base the processing on legitimate interests (Art. 6(1)(f) GDPR). We will no longer process your personal data except we can demonstrate compelling legitimate grounds, which override your freedoms, rights, and interests, or if we have to establish, exercise, or defend legal claims.

7.7 Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement if you think that deltaDAO processes your personal data in a way that infringes the GDPR.

8. Questions

If you have any questions about our privacy policy, please send us an e-mail at privacy@delta-dao.com.

9. Changes to the privacy policy

This privacy policy will be amended from time to time. You can see the date of the last alteration at the top of the privacy policy.