Last updated: August 2018
In contrast to traditional/mainstream social media services, the InkDrop GmbH (i.G.) (developers, contractors or founders of InkDrop) (“we”, “our”, “us”) cares deeply about your privacy and is committed to protecting and respecting it. Please read this policy carefully, as it sets out the basis on how we will collect, use and process your personal data or usage information as well as your related rights and obligations.
This policy describes the data or information we collect from you, or that you provide to us, in connection with your use of our InkDrop branded application accessible through https://app.inkdrop.tech (“Network”) and our website or newsletter at https://inkdrop.tech (“Website”). For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller with regards to the Website.
The InkDrop Social Network is part of the Web 3 movement. Being fully decentralized, it is powered by the Ethereum Virtual Machine and the Inter Planetary File System (IPFS). It is therefore not under control of any legal entity or private individual. While the InkDrop GmbH (i.G.) has developed and will continue to develop InkDrop, it does not operate or control it and/or the content made available by its users. The InkDrop GmbH (i.G.) merely operates the web-interface (https://app.inkdrop.tech) used to access InkDrop.
Because the current version of the InkDrop Network is a Private-Beta release only, we may ask you to review and accept new or supplemental terms that apply to your interaction with InkDrop and newly introduced functionalities in the future.
1. Information We Collect
1.1 We use Google Analytics, a web analytics tool that uses first-party cookies to track user interactions, to collect information about how users use our site and improve our Website and Network. The information disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
1.2 We designed InkDrop in a way that you remain in control of your personal data and of how you share it with others. The InkDrop GmbH (i.G.) will not collect and use your personal data for any other purposes than chosen by you.
1.3 You may provide information by contacting us via our Website. As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our organisation and services, we will use your information to:
- communicate with you;
- administer and provide services and support per your request;
- personalize our services for you;
- enforce our Website terms and conditions;
- if you have opted in to the newsletter, communicate with you about product related announcements, promotions or events and other news;
- or provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
2. Why We Collect This Information
2.1 We collects this information in order to:
- personalise our websites to ensure content from the Website and Network is presented in the most effective manner for you and your device;
- monitor and analyse trends, usage and activity in connection with our websites and services to improve the websites;
- administer the websites and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- keep the websites safe and secure;
- or measure and understand the effectiveness of the content we serve to you and others.
3. How We Share Your Personal Data
3.1 As the Network is intended to have public discussions, information you provide on your user profile or posted on public timelines can be viewed by the public worldwide. Please do not submit any information to you would not want to be publicly available. Please note that search engines may index information which you make public.
3.2 Your user profile and other information will be available to and downloadable by other users of the Network.
3.4 We share your information with selected recipients, which include:
- AWS, a cloud storage provider and provider of cloudfront CDN services. We use AWS to ensure that our website can be accessed from anywhere in the world and to store our data both for the services and for disaster recovery purposes. AWS may store your personal data in any country in the world. We have in place contractual provisions with AWS which include adequacy requirements for transfers of EU data outside of the EEA (see "Where We Store Your Personal Data" section).
- Provided you have consented to receipt of our newsletter, we will share your personal data with Mailchimp who distribute our marketing materials. Mailchimp is located in the US and has self-certified to the EU-US and Swiss-US Privacy Shield.
- Analytics and search engine provider, Google, located in the United States that assist us in the improvement and optimisation of the Website.
3.5 We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
4. How We Store Your Personal Data
4.1 All publicly available user content (excluding personal data which is not publicly available on the Network) collected in connection with the use of the Network will be stored electronically using global decentralised storage technology. However, there is no guarantee that information that we store may not be accessed, collected, used, disclosed, copied, modified, or deleted by breach of any technical or operational safeguards that we have in place. We will not be keeping physical files of any user content. Consequently, personal information published on InkDrop is not under control of any legal entity or private individual.
4.2 The information that we collect from you will be transferred to, and stored at/processed within the EEA, Switzerland, the United States and in other countries where our third parties are located. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy. We have provided further details below regarding the steps taken to ensure adequacy of the processing of your personal data.
- White Listed Countries: We transfer data to Switzerland which was found to have an adequate level of protection for personal data under Commission Decision 2000/518/EC of 26 July 2000.
- Privacy Shield: Some of our third parties (see How do we share your personal data?) comply with the US Department of Commerce's EU-US Privacy Shield and have certified that they adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
- Model Clauses: If we are transferring data to a third party located outside of the EEA who is not in a White Listed Country or registered with Privacy Shield, we will enter into the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer.
4.3 Unfortunately, no data transmitted via the Internet can be guaranteed to be wholly secure during transmission. As such, we cannot warrant the security of any information you transmit to us before we receive it and any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
4.4 We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
4.5 We will retain your information if you contact us via email or your technical usage of our Website for 12 months.
5. Rights & Obligations Concerning Personal Data
5.1 You may not fully delete any data published through InkDrop on the underlying IPFS storage layer. When you remove data, it is only delisted on the InkDrop Network which makes it more difficult to be found for others. However, removed data persist without any time limitation and may still be available to others. It is envisaged that updated versions of the InkDrop Network will offer the functionality to self-remove personal data. For the beta version, however, we require you to send an according request to firstname.lastname@example.org.
5.2 We require you to take appropriate steps to keep confidential any data that you do not want shared. Do not disclose personal data on InkDrop. If you receive personal data from others on InkDrop, use it appropriately and keep it confidential – assume that such data is being disclosed only for your personal use and not to be shared with others.
5.3 Please note that when creating an Identity on InkDrop, you will connect your personal data to an Ethereum Address (i.e. public key). The Ether (ETH) balance of that public key will be displayed on your profile. Therefore, we recommend you set up a new address.
5.4 We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email to email@example.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
- Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Correction: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
- Erasure: You may request that we erase the personal data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data, we are processing it on the basis of your consent and you wish to withdraw your consent, we are processing your data on the basis of our legitimate interest and you object to such processing, you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data.). Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
- Restriction of Processing to Storage Only: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances: you believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate, we wish to erase the personal data as the processing we are doing is unlawful but you want us to simply restrict the use of that data; we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defence of legal claims; and you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
- Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
7. Contact Us
Questions, comments, requests, and complaints regarding this policy or about how we process your personal data are welcomed and should be addressed to firstname.lastname@example.org.