QRL Privacy Policy

Effective Date: 9 Nov, 2020

This Privacy Policy applies to the QRL open source project and its comprising applications, websites, subdomains and services collectively described as the “Services”. The QRL Foundation (Die QRL Stiftung) (“The QRL”, “The Foundation”, “we” or “us”) knows that you care how information about you is used, stored, and shared.

This Privacy Policy explains what personal data of yours will be collected by us when you access the Services, how the data will be used, and how you can control the collection, correction and/or deletion of data.

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Privacy Policy complies with the requirements of the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).

This Privacy Policy does not apply to information we collect by other means (including offline) or from other sources. We will not use or share your personal data with anyone except as described in this Privacy Policy.

The use of personal data collected through our Services shall be limited to the purposes under this Privacy Policy.

Data Protection Overview

The Foundation, as operators of all QRL Services takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this Privacy Policy.

If you use any of our Services, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the Internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Likewise, due to the inherent transparency of many blockchains, including the public QRL blockchain whose open source software is maintained by the Foundation, transactions that individuals broadcast via our Services may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent or received, and any other data a user has chosen to include in a given transaction. Information stored on a blockchain may be public, immutable, and difficult or even impossible to remove or delete. Transactions and addresses may reveal information about the user’s identity and information can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement. Users are encouraged to review how privacy and transparency on the blockchain works.

This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Processor

The data collected from our Services are processed by the Data Operator. The operator is Die QRL Stiftung (“The QRL Foundation”) with registered domicile c/o STAX AG, Bahnhofstrasse 21, 6300 Zug, Switzerland.

For any queries regarding your personal data, please contact us at the above address or via email to legal@qrl.foundation

Data collection

We do not track users over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals.

We may collect personal information you choose to provide to us. For example, when you contact us for support or sign up for our email newsletter, you give us with your e-mail address and any other information that you choose to provide.

Other data is collected automatically by our IT systems when you visit our Sites and Services. This is primarily technical data such as which browser and operating system you are using but also contains your IP address.

Third party services which are used to provide additional functionality to our services may also collect and process your personal data under the terms of their own privacy policies, links to which can be found at the end of this policy.

Data use

We may use the Personal Information we collect from and about you to:

• provide you with information or services that you request from us, including to respond to your comments, questions, and/or provide customer service;
• monitor and analyse usage and trends and personalise and improve the Services and your experience using the Services;
• for any other purpose with your consent.

We may share the Personal Information we collect from and about you:

• to fulfil the purpose for which you provided it;
• with your consent;
• for legal, protection, and safety purposes;
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to protect the rights of The Foundation, our agents, customers, and other users, including by enforcing our agreements, policies, and terms of service;
• with those who need it to do work for us (our Service Providers, as defined below).

Data protection

Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

All sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology or TLS encryption for security reasons and for the protection of the transmission of confidential content. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

We use regular Malware Scanning. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

Children

We do not direct the Services to, nor do we knowingly collect any Personal Information from children under 13. Children under 13 are not eligible to use the Services. If we learn that someone using our Services is under 13 years of age, we will take steps to remove any Personal Information from our database and to prevent them from utilising the Services.

Retention

Your data is retained for as long as is required to perform the task for which it was collected until you explicitly express that you want us to delete your data or you use any unsubscribe or account deletion facility provided by the Service. By making either an explicit or implicit request for your personal data to be removed from our systems, you are exercising your right “to be forgotten” and we have the obligation to erase your personal data within 90 days after your request.

Data and information collected by our Services will be destroyed/deleted after a reasonable period of time, as determined at our sole discretion based upon its purpose with regard for this Policy and all applicable law.

Data rights

We are committed to protecting the security of Personal Information. We have taken certain physical, administrative, and technical steps to help safeguard the information we collect from and about you. While we take steps to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures.

In certain circumstances, you will also have the following rights:

• Right to access: the right to request certain information about, access to and copies of any Personal Information about you that we are holding (please note that you are entitled to request one copy of the Personal Information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs);
• Right to rectification: the right to have your Personal Information rectified if it is inaccurate or incomplete;
• Right to erasure/“right to be forgotten”: where the processing of your information is based on your consent, the right to withdraw that consent and the right to request that we delete or erase your Personal Information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation, or if we require the information to establish or defend any legal claim);
• Right to restriction of use of your information: the right to stop us from using your Personal Information or limit the way in which we can use it;
• Right to data portability: the right to request that we return any information you have provided in a structured, commonly used, and machine-readable format, or that we send it directly to another company, where technically feasible;
• Right to object: the right to object to our use of your Personal Information including where we use it for our legitimate interests.
• Right to complain: in the event of a breach of data protection legislation, the individual(s) affected may file a complaint with the competent regulatory authorities.

Requests in relation to the above rights should be sent to: legal@qrl.foundation

Cookies

The Services utilise anonymous information through small data files known as “cookies,” which are stored in a User’s local browser. This allows for a browser to act in favourable ways based on previous activity. For example, they may be used to ensure our Services are presented in accordance with your preferences or for other enhanced performance features not contemplated by this Policy.

We specifically utilise localStorage for the storage of these pieces of data and as such this information is only stored in a User’s browser, not on our servers, and may be deleted by a user at any time by clearing his or her browser’s cache.

The cookies and local storage we use can be additionally classified as follows:

• Strictly necessary: these cookies do not gather information about you nor do they track where you’ve been on the Internet.

• Performance cookies collect data for statistical purposes on how visitors use a website, they don’t contain personal information such as names and email addresses, and are used to improve your user experience on our Sites and Applications.

We use performance cookies from the following services and partners:

• Google Analytics - Tracks user behavior on the Websites, which helps us better understand how users are using the Websites. Learn more at https://www.google.com/policies/privacy/;

We also use strictly necessary service cookies from:

• Google - As part of a Content Delivery Network to ensure the correct and secure loading of dependencies. https://www.google.com/policies/privacy/;
• Cloudflare - To ensure a Service loads correctly and securely. Learn more at https://www.cloudflare.com/en-gb/cookie-policy/

Google Analytics

Some of our Services use Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses the so-called “cookies”. These are text files that are stored on your device and that enable us to analyze your user behavior on our Sites and Applications. The information generated by the cookie about your use is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The Sites and Applications’ operator has a legitimate interest in analyzing user behavior to optimize online services and advertising activities.

We have activated the IP anonymization feature where applicable on our Services where Google Analytics are used. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Opt out

You can disable cookies / prevent the storage of cookies by selecting the appropriate settings in your browser. However, be aware that doing so you may not be able to be able to use the full functionality of our services.

Newsletter

If you would like to receive our Newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent as per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the Newsletter. The data processed before we receive your request may still be legally processed.

The data you provide in the Newsletter sign-up form will be used for its regular distribution until you cancel your subscription. If you decide to unsubscribe, the above-mentioned data will be deleted. Data we have stored for other purposes - e.g. email addresses of users that have contacted us for service or support - remain unaffected.

For sending newsletter and service status emails we use the services of MailChimp.

MailChimp

Our Sites and Applications use the services of MailChimp to send newsletters. This service is provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

MailChimp is a service that organises and analyses the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the United States.

MailChimp is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

We use MailChimp also to analyse our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you clicked on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analysed by MailChimp, you should unsubscribe using the designated link available in each newsletter. Data processing is based on Art. 6 (1) (a) GDPR. You may revoke your consent at any time by unsubscribing from the Newsletter. The data processed before we receive your request may still be legally processed.

The data provided when subscribing for the newsletter will be used to distribute it until you cancel your subscription when said data will be deleted. Data we have stored for other purposes - e.g. email addresses of registered users on our Sites and Applications - remain unaffected.

We have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our subscribers and not to disclose it to third parties.

Google Web Fonts

Some of our Services use web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Changes to this policy

The Foundation may alter this Privacy Policy at its discretion at any time for any or no reason. Any changes will include a corresponding “Last updated” date shown at the top of this page and such changes will go in effect immediately. If you are an ongoing user of our Services require awe recommend you check for updates regularly.

The latest version of the Privacy Policy will be considered as superseding any previous version unless otherwise noted.

Contact

If you have any questions, comments, or suggestions about our privacy policy, please contact legal@qrl.foundation