We are a blockchain security, hardware start-up, open for early-stage investors. We maintain our website bitfold.com ("the Website") to present our Bitfold project ("the Project"). If you would like to receive updates on the Project progress or you are interested in participating (financially or by sharing your know-how with us) in the Project, you can send us an e-mail.
In this document, we would like to familiarize you with the most important information and rules regarding the processing of personal data in connection with the Regulation on the Protection of Personal Data (GDPR).
In accordance with the applicable provisions on the protection of personal data, in particular the general Regulation, in order to ensure proper protection of personal data, the data subject must first of all provide information regarding the processing of personal data set out in Article 13 or 14 GDPR - depending on whether they were obtained directly from the data subject or from other sources. The required information is provided below, including, in particular, the principles of protection and processing of Users' Personal Data by the Personal Data Administrator.
Controller/Administrator – the Controller of personal data pursuant GDPR, which is Bitfold AG with its registered seat in Switzerland, 6340 Baar, Kanton Zug Mühlegasse 18, register number: CH-170.3.046.620-3, hereinafter referred to as: “Bitfold”
Joint Controller – the joint controller of personal data pursuant to GDPR, which is Bitfold R&D Sp. z o.o. with its registered seat in Poland, Lodz, zip code: 90-525, ul. Wólczańska 143, entered in the Register of Entrepreneurs operated by the District Court for Łódź – Śródmieście in Łódź, 20th Commercial Department of the National Court Register under KRS number: 0000840803, REGON: 386040760, NIP: 7252299166, with a share capital of PLN 100,000, hereinafter referred to as: “Bitfold R&D”
GDPR – Regulation of the European Parliament and of the Council (UE) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE (J. o L. UE 2016 it. L119);
Website – bitfold.com;
II. Joint Agreements
Under the joint administration agreement concluded between the Controller and the Joint Controller, the scopes of responsibility regarding the fulfillment of obligations under the GDPR have been established as follows:
The provided personal data will be processed by the Administrator and the Co-administrator in order to send up-to-date information about the progress in the implementation of the Project or to inform about possible cooperation, if you are interested (financially or by sharing your knowledge) with prior consent expressed separately to the Administrator and the Co-administrator by e-mail.
IV. How to contact us for more information on the processing of your personal data?
All correspondence regarding matters related to the processing of your personal data, please send in writing to the address of the administrator with the note “Personal data” or to the e-mail address firstname.lastname@example.org also with the inscription “Personal data”. The administrator does not appoint an inspector of personal data protection, as there is no obligation to do so. In particular, the following should be reported to this address:
- all events affecting the security of information transfer;
- possible suspected personal data breach;
- suspicion of sharing files containing viruses and other files of similar nature.
IV. How do we collect your data?
We collect the personal data of our Users through the Website, from themselves – they provide personal data by sending us an e-mail.
V. Requirement to provide personal data
- Providing any personal data is voluntary and depends on your decision.
- However, providing personal data is necessary to receive updates on the Project progress or to receive information from us about possible cooperation if you are interested in participating (financially or by sharing your know-how with us) in the Project. Therefore, to contact with us you have to provide us with your e-mail address.
- Your personal data is stored in the system used by the Administrator to manage contacts with current and potential Bitfold clients, partners and investors.
- By agreeing to receive communications from us, you consent to the transfer of your personal data (e-mail) to a third country Switzerland, which is not member of EEA.
VI. Automated decision making and profiling
We kindly inform you that we do not make automated decision-making, including on the basis of profiling.
VII. What is the purpose of processing your personal data by Bitfold?
For the purpose of contact with you:
If you would like to receive updates on the Project progress – for the purpose of sending to your e-mail address updates on the Project progress;
If you are interested in participating (financially or by sharing your know-how with us) in the Project – for the purpose of contacting with you in matters relating to participation.
VIII. What is the legal basis for the processing of my personal data?
The legal basis for the processing of your data will be:
- Consent granted;
- The necessity to fulfill the legal obligation imposed on the administrator;
- Necessity arising from legitimate interests pursued by the administrator, such as sending updates on the Project progress or contacting with you in matters relating to participation in the Project (financially or by sharing your know-how with us).
IX. What personal information do we collect?
In addition, we also collect operating data that characterizes both the way you use the Website, in particular: IP address (both static and dynamic), digital logs, information about your use of the Website, browser type, domain name and the type of operating system.
X. The period of processing and storage of personal data
- In accordance with applicable law, we do not process your personal information perpetually but for the time that is needed to achieve the purpose of processing. After this period, your personal data will be irretrievably deleted or destroyed.
- The period of storage of personal data for the time of the Project implementation + 3 months after the Project finishes and in case of deregistration – up to 3 months from the day of deregistration.
- The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the end of the processing period, the data is irretrievably deleted or anonymized.
XI. Your rights
1. Your basic rights are as follows:
- Access your personal data;
- Correction of personal data;
- Removal of personal data;
- Update your data;
- Restrictions on the processing of personal data;
- Oppose the processing of personal data;
- Transfer of personal data.
- Withdrawing consent to the processing of personal data
- To file a complaint regarding the processing of personal data by us.
2. We indicate that these rights are not absolute, and therefore we may legally refuse you to comply in some cases. However, if we refuse to accept the request, then only after careful consideration and only if the refusal to consider the request is necessary.
3. The rights referred to in point 1 you carry out:
- by e-mail to email@example.com or
- in writing to the address of the Data Administrator, In order to verify your application, the Administrator may ask for additional information or for sending documents necessary to confirm the identity of the applicant; in the absence of providing this information or sending documents, the Administrator reserves the right to leave the application without recognition. If the application is correct, the Administrator executes it within 7 days from the day of the submission of the correct application (this deadline is due to technical issues). In exceptional cases, this period may be longer, about which the Administrator will notify the User.
4. A request to delete (remove) personal data takes place when:
- Your data will no longer be necessary for the purposes for which it was collected by the Administrator;
- You withdraw your consent to the processing of personal data;
- You will object to the processing of your data;
- Your data will be processed illegally;
- The data should be deleted in order to fulfill the obligation arising from the law; or
- The data was collected in connection with the provision of electronic services offered to the child;
Removal of personal data from our database means that it will not be processed in it and will not be shared with other entities. However, it does not mean the cessation of data processing by entities to whom the Data was previously made available (eg the fact that your personal data will be removed from our database does not mean that the entity that previously provided your personal data from us will not send you e- e-mail. Any complaints in this regard and requests to delete personal data should be directed to the Sender.
5. The right to request limitation of data processing shall be due if:
- You will notice that your data is incorrect – you can then request to limit the processing of your data for a period of time that allows us to check the correctness of this data or
- Your data will be processed unlawfully, but you will not want to be removed;
- Your data will no longer be needed but may be needed to defend or enforce claims; or
- You will object to the processing of the data pending the determination of whether the legitimate grounds on our side are superior to the grounds of objection.
6. The right to oppose further processing shall apply if:
The processing of your personal data is based on a legitimate interest or for statistical purposes, and the opposition is justified by the specific situation in which you have found yourself. However, according to the law, we may refuse to take into account the objection if we show that:
– There are legitimate grounds for processing which override your interests, rights and freedoms (such as tax law, accountancy law, obligation to prove accountability)
– There are grounds for establishing, pursuing or defending claims.
7. The right to lodge a complaint in relation to the processing of your personal data by us – you do so by submitting it to the supervisory body, which is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. Detailed information is available on the web page https://uodo.gov.pl/pl/83/155.
8. If the processing of personal data takes place on the basis of consent, you may withdraw your consent at any time – at its sole discretion.
9. If you would like to withdraw your consent to the processing of personal data, simply send an e-mail to the following address: firstname.lastname@example.org
10. If the processing of your personal data took place on the basis of consent, its withdrawal does not mean that the processing of personal data up to this point was illegal. In other words, until the withdrawal of consent, we have the right to process your personal data and its revocation does not affect the legality of the current processing.
XII. Who do we share your personal information with?
1. Our subcontractors (processors), such as:
- Accounting firm servicing the Administrator;
- Legal and IT companies, contractors of services at the request of the Administrator;
- Polish Agency for Enterprise Development – under a grant agreement;
- Lease server
- Our employees and people cooperating with us;
- Entities providing software and e-internet service platform.
2. Entities or bodies entitled under the law.
XIII. Will your personal data be transferred outside the European Economic Area?
Your personal data are transferred to Switzerland, which is not member of EEA.
XIV. Responsibility for securing and processing personal data
- The Controller and the Joint Controller are responsible for the processing of Personal Data in accordance with the law.
- The Administrator and the Joint Controller are not responsible for the effects of providing Personal Data to a public authority if the obligation to disclose results from the law or from the request of such authority; all claims in this respect should be addressed to that public authority.
XV. Final provisions