Privacy Policy - Lisk - The Growth Platform for EM Founders

Introduction

In Lisk Limited (“Lisk”, “we”, “our”, “us”) we are committed to protecting and respecting your privacy. Therefore, we want to provide you with the most important information about what happens to your personal data that we process on our website and in related services. In this Policy we describe how and when we collect your personal data, what we use it for, who we share it with, how long we keep it for and what rights you have in this context.
We are a limited company, duly registered under the laws of the United Arab Emirates with a registered office at Cloud Bubble B03, Level 14, Al Sarab Tower, ADGM Square, Al Maryah Island, Abu Dhabi, United Arab Emirates, and for the purpose of the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, the “GDPR”), if not specified otherwise in this privacy policy, we are the data controller.
We will process your personal data in accordance with the GDPR and the Abu Dhabi Global Market (ADGM) Data Protection Regulations of 2021 (the “ADPR”), local ADGM regulation will apply only when necessary and if incompatible with the GDPR. The GDPR would apply to processing of your personal data, e.g. if you are residing in the EU and such processing is done in connection with us offering you goods or services, irrespective of whether a payment of the data subject is required, or if your behavior is anyhow monitored. The GDPR would also apply, if any of the third-party service providers we use for processing of your personal data is based in the EU (e.g. Lightcurve GmbH).

This privacy policy (“Policy”) sets out the basis on which we will process any personal data or usage information we collect from you (i.e. natural person using the website or related services, whose personal data we process as their controller), or that you provide to us, in connection with:
Your use of our website under the domain www.lisk.com (the “Website”);
Your use of our newsletter (the “Newsletter”);
Your use of our Discord Channel (the “Discord Channel”)
Your use of Lisk Products;
Your participation in the following Lisk Programs: Lisk Grant Program; Lisk Incubator plan; (collectively: “Lisk Programs”);
Your participation in events and activities organized by Lisk, such as conferences, meetups, trainings etc. (collectively: “Lisk Events”).

Please read this Policy policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process it. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website, use Lisk Products or apply to Lisk Programs.
For every processing activity we provide you with information on the legitimate basis for such processing under the GDPR and the ADPR.

Changes and updates

This version of the Privacy Policy is effective as of November 12, 2024, and applies to any new user of Websites, Discord Channel, Newsletter, Lisk Products, Lisk Programs and people attending Lisk Events. For those who had been using the aforementioned services prior to that date the previous version of the Privacy Policy applies, if they consider it (or parts of it) as more favorable and protecting their interests to a higher extent.

Representative and Joint-controllership

Lightcurve GmbH, postal address: Köpenicker Strasse 126, 10179 Berlin, Germany; email: [email protected], (“Lightcurve”) is our representative in the European Economic Area (the “EEA”) for the purpose of communications and all issues related to data processing under the GDPR. In regards to some of the processing activities, Lisk and Lightcurve act as joint-controllers since they jointly determine the purposes and means of processing of your personal data. Regarding any issues related to such processing of your personal data or the execution of your rights (see section Your rights), feel free to contact either Lisk or Lightcurve (“Joint-controllership”). Appropriate information is provided in the description of the processing activities in this Policy whenever Joint-controllership occurs.
Lightcurve may also act as a sole data controller for particular processing activities. Each situation of that kind is always clearly specified in this Policy. Should that be the case, your personal data would be processed in accordance with this Policy and you will have the same rights and obligations as stated in this Policy. For further information about the processing of personal data by Lightcurve, please visit Lightcurve’s Privacy Policy.
Therefore, regarding any issues related to the processing of your personal data by Lisk or jointly by Lisk and Lightcurve, issues related to this Policy or execution of your rights (see: Your rights), feel free to contact either Lisk ([email protected]) or Lightcurve ([email protected]).

When and how do we process your personal data

Personal data you give to us
Using of our Website

Our Website collects certain information automatically and stores it in log files. The information may include:

IP addresses;
The region or general location where your computer or device is accessing the internet;
Preferred language used to display the website,
Device screen resolution;
Device type, browser type and operating system;
Mouse events (movements, locations and clicks);
Referring URL and domain;
Key-presses;
Date and time when the page was accessed;
Pages visited; and
Model of your CPU and GPU.

In general, the above mentioned information is necessary to enter any website on the Internet with Hypertext Transfer Protocol (http) and its features including but not limited to enabling you to use the following features: creating and maintaining personal account which you use while using the Website and/or the Discord Channel. The applicable legal basis is the performance of the contract under GDPR Art.6.1(b) (terms and conditions of using the website).
We also use this information to help us design our Website to improve the user experience (such as carrying out analysis (including statistical analysis) of the Website use, i.a. for its functioning, improvement of the performance of the available services, or assessment of the main interests and needs of Application users, which constitutes our legitimate interest;defending and asserting claims arising from contracts concluded with users; sending marketing, commercial or other information related to the services provided to users – based on your consent or our legitimate interest in informing you about our services in connection with your consent (Article 6(1)(a) or Article 9(2)(a) or Article 6(1)(f) of GDPR)). For this purpose, we may also use tools provided by third parties, in particular analytical tools serving improvement of user experience.
Providing your personal data is necessary for the use of the Website, and other related features. To the extent that processing is based on consent, the provision of data is voluntary.
As for the log files – we keep the haproxy logs for 52 days and cloudfront logs for a year.
The Website contains links to other websites. This Privacy Policy applies only to our Website, so if you click on a link to another website, you should read its privacy policy.
Social media:
You can share different content from our Website on your social media accounts by simply clicking on sharing buttons. Therefore, when clicking on the sharing buttons no personal data would be collected from you and shared with the social media providers.
Cookies
When entering for the first time the Website we host you will be provided with a cookie notice. It will explain what type of cookies we use and will allow you to grant us consent on using them.
Cookies are text files placed on your device to collect standard Internet log information and visitor behavior information.
More information about the cookies we use and how we process information collected with their use may be found in our Cookie Notice & Settings.
We use Google Analytics to better understand our users’ interactions with our website, allowing us to improve our services and user experience. Google Analytics collects data on users’ behavior (such as time spent on pages and interactions with links) and on users’ devices, including:
IP Address (used to approximate geographic location, though anonymized in most cases),
Device Information (such as type, operating system, and screen size),
Browser Information, and
Geographic Location (city and country).
Google Analytics may place cookies on your device to gather this information. We use these data in aggregate form, with no personally identifiable information. For more information on Google’s data practices, please see https://policies.google.com/privacy.
You can opt out of Google Analytics tracking by using the Google Analytics Opt-Out Browser Add-on https://tools.google.com/dlpage/gaoptout?hl=en.
This helps us evaluate our users’ use of the Website; compile statistical reports on activity; and improve our content and Website performance; the applicable legal basis is your consent under GDPR Art.6.1(a).
Your personal data will be processed also by our main contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to manage the Website.
Necessary
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Cookie
Duration
Description
intercom-id-*
8 months 26 days 1 hour
Intercom sets this cookie that allows visitors to see any conversations they’ve had on Intercom websites.
intercom-session-*
7 days
Intercom sets this cookie that allows visitors to see any conversations they’ve had on Intercom websites.
intercom-device-id-*
8 months 26 days 1 hour
Intercom sets this cookie that allows visitors to see any conversations they’ve had on Intercom websites.
__cf_bm
1 hour
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga_*
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
Newsletter
You can subscribe to our Newsletter if you want to receive general updates on the Lisk project and regular updates on the development of various Lisk tools. In order to do so, you will need to provide us with your email address to which the Newsletter will be sent.
By subscribing to the Newsletter, you consent to processing of your email address. We will not use these personal data for any other purpose than circulating the Newsletter.
You may unsubscribe at any time by clicking the following link:
https://lisk.us12.list-manage.com/unsubscribe?u=201693389b5cea4883858163e&id=14c69eecc3
In order to circulate Lisk Newsletter, we use the services provided by Mailchimp with which we will share your email address.
Your personal data will be processed also by our contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to provide content for and manage the Newsletter.
Lisk Events
Lisk organizes different types of events, both online and offline. In order to participate in some of the Lisk Events, you may be required to register beforehand and provide us with following personal data:
Your name;
Your email address; and
Depending on the event, we might also process your discord username upon your prior consent.
The aforementioned personal data will be used only for the purpose of communicating with you in regards to that particular event you registered for and for verifying your identity when you join the event; the applicable legal basis is performance of contract under GDPR Art.6.1(b).
In addition to that, you may also be asked to provide your consent to reproduce your physical likeness for marketing purposes (in case the event will be filmed or photographed). In case you decide to refuse to grant such consent, this shall not harm your right to participate in any particular Lisk Event. All your personal data obtained in that form will be processed solely for the purpose you consented for.
Your personal data will be processed also by our contractor Lightcurve. Lisk and Lightcurve act as Joint-controllers in regards to this processing activity, since Lightcurve helps us to organize and run Lisk Events.
Personal data we get from third parties
In exceptional cases (such as events, contents and competitions as well as when purchasing the LSK token on our webpage), we may obtain your personal data from third parties – service providers. We will process it only if it was obtained in compliance with the applicable data protection regulation.
Whenever we will process personal data obtained from third parties, this Policy shall apply.
When and how we share your data
Depending on the processing activity, we may share your personal data with our third-party service providers working on our behalf. Every third party with which we will share your personal data comes from a jurisdiction which guarantees an adequate level of protection to the one provided for in the GDPR. Furthermore, as a rule, before we share any personal data of our users with third parties, we conclude appropriate data processing agreements with the recipients that guarantee security of the data and the rights of the data subjects.
Lightcurve
Your personal data might be shared with our partner and representative in the EEA – Lightcurve. Depending on the processing activity, Lightcurve may act either as a sole controller of your data, as a joint controller with Lisk or as a processor. Specific information about Lightcurve’s role in regards to your personal data is stated in respective sections of this Privacy Policy which refer to particular processing activity. There, you will also find information about purposes of the processing as well as about applicable lawful bases for processing.
Lightcurve is based in Berlin, Germany and its privacy policy may be found here: https://lightcurve.io/privacy-policy.
Other third-party service providers
We may also share your personal data with other third party service providers. When doing so, we make sure that your personal data is processed and transferred, if necessary, in accordance with the applicable data protection regulations (e.g. the GDPR and the ADPR).
The following categories of third-party providers are used to enable / improve the work of our website:
Cloud storage providers;
Web hosting providers;
Email notification provider;
Webpage analytics providers;
CRM Software provider;
Internal content management systems (CMS);
Internal collaboration tools.
Should you wish to know more about the third party service providers with whom we share your personal data as well as to know the actual categories of the personal data, feel free to reach out to us at [email protected].
Where do we store your data
The information that we collect from you will be transferred to, and stored at/processed within the European Economic Area (EEA), Switzerland, the United Kingdom, the United States and in other countries where our third party service providers are located. We will take all steps reasonably necessary to ensure that your personal data is treated securely, with a level of protection adequate to GDPR and in accordance with this policy. We have provided further details below regarding the steps taken to ensure adequacy of the processing of your personal data.
Whitelisted Countries:
Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.
The United Kingdom was found to have an adequate level of protection of personal data under Commission Implementing Decision of 28th June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom.
Consequences of invalidation of Privacy Shield:
CAUTION! Taking into account the Court of Justice of the European Union’s decision in “Schrems II” C-311/18 in which the CJEU declared the EU-US Privacy Shield invalid, we are committed to ensuring the adequate level of protection of your personal data. We do so by using the European Commission’s updated Standard Contractual Clauses (SCCs) with third-party service providers located in the U.S. and other non-EEA countries.
Standard Contractual Clauses and Data Transfer Impact Assessment: When transferring data to a third party located outside of the EEA in a country not recognized as providing adequate protection, we enter into the European Commission’s updated Standard Contractual Clauses for international transfers of personal data. Prior to this, we conduct a Data Transfer Impact Assessment (DTIA), as outlined in the CJEU’s Schrems II decision, to assess whether the destination country offers an adequate level of data protection comparable to that of the EU. If an adequate level of protection is not assured, we implement additional protective measures, such as encryption or access restrictions, to maintain the security and privacy of personal data
How long do we store your data
We aim to always store your personal data for the minimal period of time thus for the time we actually need it. We may, however, keep your personal data for a longer period of time. We will do that only in order to meet legal requirements imposed on us by the applicable laws and regulations.
We regularly review our information and erase or anonymize personal data when we no longer need it.
The security of your personal data
Unfortunately, the transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website, Lisk Products or over email; any transmission is at your own risk.
Nevertheless, once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal data against loss, theft and unauthorized use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
Your rights
In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights.
To exercise any of your rights, please send your request by an email to: [email protected].
Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
CAUTION! Please also bear in mind that we are not a data controller in regards to any personal data stored on the Lisk blockchain. Therefore we will not be able to satisfy your requests if you decide to exercise your rights.
Access:
You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
Correction:
You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
Erasure:
You may request that we erase the personal data we hold about you in the following circumstances:
Where you believe it is no longer necessary for us to hold the personal data;
We are processing it on the basis of your consent and you wish to withdraw your consent;
We are processing your data on the basis of our legitimate interest and you object to such processing; and
You no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data.
Please provide us with as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
Restriction of Processing to Storage Only:
You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances:
You believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate;
We wish to erase the personal data as the processing we are doing is unlawful but you want us to simply restrict the use of that data;
We no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment;
Exercise or defence of legal claims; and
You have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
Objection:
You have the right to object at any time to our prospective processing of data about you and we will consider your request. Please provide us with details as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
Withdrawal of Consent:
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time.
Newsletter: You may unsubscribe at any time by clicking the following link:
https://lisk.us12.list-manage.com/unsubscribe?u=201693389b5cea4883858163e&id=14c69eecc3.
Cookies: If you no longer want cookies to be stored on your device, you can withdraw your consent at any time (see Cookie Notice & Settings) and by adjusting your browser settings, so that your browser refuses all cookies or the cookies from third parties. You can also delete the cookies that have already been placed on your device.
The European Interactive Digital Advertising Alliance website Your Online Choices allows you to install opt-out cookies across different advertising networks.
Data Portability:
In case you have provided information directly to us, you have the right to receive a copy of these data and require us to transfer it to a third party. This right, however, only applies to information you provided to us and , not to the information we collected about you.
Objection to Marketing:
At any time you have the right to object to our processing of data about you in order to send you marketing including where we build profiles for such purposes and we will stop processing the data for that purpose.
Complain to the authority:
At any time you have the right to lodge a complaint to the competent supervisory authority.
Lisk is established in the United Arab Emirates which is not a part of the EEA. Thus, there is no lead supervisory authority over processing activities described in this Policy. Therefore, you are free to contact any data protection authority which is competent for the place of your residence or for the place where you think we have infringed your rights within the EEA. Contact details for data protection authorities in the EEA are available here.
Nevertheless, for any processing activity where joint-controllership between Lisk and Lightcurve occurs, you can lodge a complaint to the Berlin Commissioner for Data Protection (Berliner Beauftragte für Datenschutz und Informationsfreiheit).
Disclaimer
This Privacy Policy contains links to other websites. Please note that by clicking on a link you will be redirected to another website or document. These websites can be beyond Lisk’s sphere of influence. Liability is excluded. The operators of the linked websites are solely responsible for their content. We refer you to their privacy policy.
Contact
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at [email protected] and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EEA country in which you live or work or where you think we have infringed data protection laws.