1. What is this Privacy Notice about?

The Interchain Foundation together with Interchain GmbH are called theInterchain group (also «we», «us»).The Interchain group collects and processes personal data that concerns you but also other individuals («third parties»). We use the word«data» here interchangeably with «personal data».

In this Privacy Notice, we describe what we do with your data when you use interchain.io, cosmos.network, join.builders, ibcprotocol.dev, cometbft.com, interchainsecurity.dev, interchainnfts.dev or other websites maintained by us (collectively «website»), participate in one of our events, apply to and participate in one of our programs or otherwise apply for grants, contribute to software and documentations or other content on the open source libraries supported by us, interact with us in relation to a contract, communicate with us, or otherwise deal with us. In addition, we may inform you about the processing of your data separately (e.g. in forms, terms and conditions or additional privacy notices).

If you disclose data about other persons (e.g. work colleagues) to us, we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.

This Privacy Notice is aligned with the Swiss Data Protection Act («DPA»), the revised Swiss Data Protection Act («revDPA»), the Ordinances associated with each of them and the EU General Data Protection Regulation «GDPR»). However, the application of these laws depends on each individual case.

2. Who is the controller for processing your data?

The Interchain Foundation, Gartenstrasse 4, 6300 Zug, Switzerland (the«Interchain Foundation») is the controller for the Interchain group’s processing under this Privacy Notice, unless we tell you otherwise in an individual case, for example in additional privacy notices, on a form or in a contract. However, unless we tell you otherwise, this Privacy Notice also applies where the Interchain GmbH is the controller, instead of the Interchain Foundation. This applies, in particular, where your data is processed by the Interchain GmbH in connection with its own legal obligations or contracts or where you share data with Interchain GmbH. In these cases, Interchain GmbH is the controller and only if it shares your data with the Interchain Foundation for their own processing, will it become a controller.

You may contact us in relation to data protection concerns and to exercise your rights as follows:

Interchain Foundation
Gartenstrasse 4
CH-6300 Zug
Legal@interchain.io

3. What data do we process?

We process various categories of data about you. The main categories of data are the following:

1. Master data: This is the basic data (e.g. name, contact details), additional information about you (e.g. your role and function, your organization) as well as details of your relationship with us (participant in one of our programs (or applicants thereof) or other events, speaker at one of our events, contributor to repositories supported by us, supplier, visitor, or employee of such etc.), your education and professional experiences and programming skills, and declarations of consent and information about third parties (e.g. contacts, representatives).
2. Registration or application data: This is data that is generated in the course of a registration with us (e.g. for one of our events) or the application to one of our programs or that you provide to us in this context (e.g. user name, e-mail, password, description of your project and your role therein), or, if applicable, access data in the course of access controls.
3. Contract data: This is data that is collected in connection with a contract concluded by us or in the context of the provision of our services to the participants in our programs or other events or to recipients of our grants program, such as information about the type of contract, date of conclusion of the contract, duration of the contract, contractual services, data that was collected during the period leading up to the conclusion of the contract, information required or used for processing (e.g. information regarding invoicing), or financial data (which in some cases may include crypto wallet addresses).
4. Communication data: When you are in contact with us or with third parties (e.g. by email, telephone or by letter or other means of communication or if you post or publish content on one of the blogs or open source libraries or repositories supported by us) we collect the data exchanged between you and us (e.g. content of e-mails or letters or of your posts), including your contact details and the metadata of the communication. This includes audio and video recordings of calls.
5. Technical data: When you use our digital communication channels (e.g. website) or digital offerings (e.g. apps), we collect technical data e.g. the IP address, information about the operating system of your device, the location and the access time. Technical data in itself does not permit us to draw conclusions about your identity. However, technical data might be linked with other categories of data and thus possibly with your person.
6. Behavioural and preference data: This is data about your behaviour and your preferences (e.g. your response to electronic communications, navigation on our website, interactions with our social media pages etc.). We may also supplement this information with third-party information, including from public sources. We describe how tracking works on our website in Section 12.
7. Other data: This may include the following data Data collected in connection with administrative or legal proceedings (e.g. actions, evidence, etc.), data collected on the basis of health protection (e.g. as part of protection concepts), photographs, videos or sound recordings that we produce or receive from third parties and in which you are recognizable (e.g. at events, through security cameras, etc.), access data or rights (e.g. visitor list, when you enter certain buildings or which access rights you have), participation in events or campaigns, when you use our infrastructure and systems.

4. What is the source of the data?

1. From you: Much of the data set out in Section 3 is provided to us by you (e.g. when you communicate with us, when you post content on websites maintained by us, when you contribute to or maintain one of the documentation repositories supported by us, when you participate in one of our events, when you apply for one of our programs, when you use the website, etc.). You are not obliged or required to disclose data to us except in certain cases (e.g. because of legal requirements, legally required identification or health protection concepts). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data, as part of your contract. When using our website and apps, the processing of technical data cannot be avoided. If you wish to gain access to certain systems or buildings, you must also provide us with registration data. However, in the case of behavioural and preference data, you generally have the option of objecting or not giving consent.
2. From third parties: As far as it is lawful we may (primarily in the context of entering into commercial contracts or agreements) also collect data from public sources, (e.g. commercial registers, the media, or the internet including social media) or receive data from public authorities and from other third parties (e.g. credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.). This includes the following categories of data: master data, contract data and other data according to Section 3 as well as data from correspondence and discussions with third parties. If you work for an employer, client or someone else who has a business relationship or other dealings with us, they may also provide us with information about you.

5. For what purposes do we process your data?

1. Management of the Foundation: As part of the management of the Foundation, we process the data of the Foundation Council and other bodies as well as of other third parties that contact us. This includes in particular the organization of the Foundation Council and other bodies, the management of the Foundation, but also invoicing and accounting as well as the enforcement of legal claims. For this purpose, we in particular process master data, contract data and communication data but also the other data listed in section 3.
2. Fulfilment of the Foundation's purpose: We process data in the context of fulfilling the Foundation's purpose. This includes the organization of events and the provision of training, mentorship, sponsorship and other services in connection with our Programs. For this, we process master data, contractual data and registration data but may also process other data such as sound and image recordings of participants and applicants and other persons whose projects we support and fund.
3. Communication: In order to be able to communicate with you (e.g. to answer inquiries, to react to posts or content that you publish on one of our blogs, in the context of consulting as well as the execution of a contract), we need to process data (in particular communication and master data, and registration and application data in connection with the application to one of our programs or the registration for one of our events) from you.
4. Initiation, administration and execution of contracts: In connection with the conclusion or execution of contracts with our suppliers, subcontractors or other contractual partners (e.g. project partners), we process related personal data. For this purpose, we also process data for checking creditworthiness. This also includes the enforcement of legal claims arising from contracts , accounting, termination of contracts and public communication. For this purpose, we use in particular master data, contract data and communication data, as well as technical data.
5. Marketing purposes and relationship management: For marketing purposes and relationship management, we process data, for example, to send the participants to our events or the applicants to our programs, other contractual partners and other interested parties personalized advertising (e.g. in print, by email, via app, or on other digital channels) about services and other news from us and from third parties (e.g. from ecosystem projects), in connection with free services (e.g. invitations, vouchers, etc.) or as part of individual marketing campaigns (e.g. events). You can refuse such contacts at any time or refuse or revoke your consent to be contacted for advertising purposes by notifying us (Section 2). With your consent, we can target our online advertising on the Internet more specifically to you (see Section 12). This also includes interaction with existing counterparties and their contacts, which can be personalized on the basis of behavioural and preference data. As part of relationship management, we may also operate a customer relationship management (CRM) system in which we store the data of participants in our events and applicants to our programs and business partners. Finally, we also enable contractual partners of ours to contact our contractual partners for advertising purposes (see Section 7). For marketing purposes and relationship management, we process in particular communication, registration, behavioural and preference data.
6. Website: In order to operate our website (including ensuring security and stability), we process technical data, such as IP address, information about the operating system of your terminal device, browser type and version, region and time of use, the name of the retrieved file, the amount of data transferred and the message about a successful retrieval. As a rule, this information does not contain any personal data. However, personal data that we or providers commissioned by us store from you (e.g., if you have a user account with us) may be linked to the technical data and thus possibly to your person.
7. Registration and security purposes as well as technical and physical access controls: In order to use certain services (e.g. website’s login areas), you must register (directly with us or via our external login service providers), for which we process data. Furthermore, we also collect additional personal data about you during the use of those services. We continuously check and improve the appropriate security of our IT and our other infrastructure (e.g. buildings). We therefore process data, for example, for monitoring, controls, analyses and tests of our networks and IT infrastructure, for system and error checks, for documentation purposes and as part of security copies. Access controls include, on the one hand, controlling access to electronic systems (e.g. logging into user accounts), and on the other hand, physical access control (e.g. building access). For security purposes (preventive and incident investigation) we may keep access logs or visitor lists and use surveillance systems (e.g. security cameras). For this purpose, we process registration data and technical data in particular, but also other data mentioned in Section 3.
8. Compliance with laws, directives and recommendations from authorities and internal regulations («Compliance»): We may process personal data as part of our compliance with laws (e.g. anti-money laundering, tax law obligations or for the implementation of health and safety concepts). In addition, data processing may take place in the course of internal investigations as well as external investigations (e.g. by a law enforcement or supervisory authority or an appointed private body). For this purpose, we process in particular master data, contract data and communication data, but under certain circumstances also behavioural data, technical data and data from other data categories. The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry standards, our own «corporate governance» and official instructions and requests.
9. Risk management and corporate governance: We may process personal data as part of our risk management (e.g. to avoid becoming victims of crime and abuse) and corporate governance, including our business organization (e.g. resource planning) and corporate development. For this purpose, we process in particular master data, contract data, registration data and technical data, but also behavioural and communication data.
10. Further purposes: These other purposes include, for example, training and educational purposes, administrative purposes (e.g. master data management or accounting), safeguarding our rights, and evaluating and improving internal processes. We may record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will notify you separately and you are free to tell us if you do not want to be recorded or to terminate the communication (if you simply do not want your image recorded, please turn off your camera). In general, such recordings may only be made and used in accordance with our internal guidelines. The protection of other legitimate interests is also one of the other purposes, which cannot be named exhaustively.

6. On what basis do we process your data?

To the extent necessary and depending on the situation and processing purpose, we base the processing of your data on the following legal bases:

1. Contract: Insofar as we process data for the conclusion and execution of contracts that we conclude or have concluded for you or with you or your employer, client or other persons for whom you work, this is also the legal basis on which we process your data.
2. Legal Obligations: We may further process your data based on applicable legal, regulatory and professional requirements with which we must comply.
3. Legitimate interest: We may process your data based on our legitimate interest or a legitimate interest of a third party. This applies in particular in relation to the achievement of the purposes and objectives set out in Section 5 and for the implementation of related measures. Among other things, we have a legitimate (and overriding) interest in marketing our products and services and in gaining a better understanding of the markets relevant to us and our activities (in particular, in the efficient and secure handling of our processes and the further development of our activities), in the efficient and effective management of our company and in safeguarding the security of our systems and our interests vis-à-vis third parties.
4. Consent: If we ask for your consent to process data from you, this is the legal basis on which we process your data. In doing so, we will inform you of the purpose of the processing. You may revoke your consent at any time by notifying us in writing (by mail or, unless otherwise specified or agreed, by email), with effect for the future (see Section 2 regarding our contact details and Section 12 regarding revocation of your consent in the area of online tracking). Once we have received and processed your withdrawal, we will no longer process your data for the purposes to which you originally consented (unless further processing may be carried out on the basis of another legal basis).
5. Other legal bases: In specific cases, we may also carry out data processing based on other legal bases. If this is the case, we will inform you in each individual case.

7. With whom do we share your data?

In relation to our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes set out in Section 5, we may disclose your personal data to third parties, in particular to the following categories of recipients:

1. Group companies: The group companies named in section 1 may use your data for the same purposes as we do, as described in this Privacy Policy (see Section 5). The recipients process the data under their own responsibility
2. Service providers: We work with service providers locally and abroad (third parties) who process data about you (i) on our behalf, (ii) under joint responsibility with us or (iii) data they have received from us under their own responsibility (e.g. IT providers, advertising service providers, security companies, banks, insurance companies, credit agencies, address checkers, consulting companies or lawyers).
3. Contractual partners: Recipients include contractual partners with whom we cooperate, especially but not exclusively for the organization marketing communication instances and other events and the organization, planning and implementation of our programs or who advertise on our behalf. Contractual partners receive, for example, master data of the participants to our events or to our programs. The recipients process the data under their own responsibility or, in exceptional cases, in joint responsibility with us.
4. Authorities: We may disclose personal data to offices, courts and other authorities locally and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The recipients process the data under their own responsibility.
5. Other persons: This refers to other cases where the inclusion of third parties results from the purposes pursuant to Section 5. Other recipients are, for example, persons involved in official or legal proceedings. If we cooperate with the media and transmit material to them (e.g. photos), you may also be affected by this under certain circumstances. In the course of business development, we may sell or acquire businesses, operations, assets or companies, or enter into partnerships, which may also result in the disclosure of information (including information about you, for example, as a participant in our events or as a applicant or participant in one of our programs) to the persons involved in those transactions. In the course of communication with our competitors, industry organizations, associations and other bodies, data may also be exchanged which may affect you.

All these categories of recipient may in turn involve third parties, so that your data may also become accessible to them. We can in some circumstances restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.). We also allow certain third parties to collect personal data from you on our website and at events organized by us (e.g. media photographers, providers of tools that we have embedded on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly.

8. Is your personal data disclosed abroad?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA). However, we may occasionally disclose data to service providers and other recipients (see Section 7) that are located or process data outside of this area, generally in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in the event of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if the data has been made generally available by you and you have not objected to the processing.

Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically required (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.

If no legal retention requirements exist in individual cases, we generally process data for the duration of the business relationship or contract term and then, depending on the applicable legal basis, for a further five, ten or more years. This corresponds to the period during which we can assert legal claims against third parties or third parties can assert legal claims against us. Ongoing or anticipated legal proceedings may result in processing beyond this period. See section 12.2 for more information on the storage period of cookies.

10. How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risks of loss, accidental loss or alteration, unauthorized disclosure or access. However, security risks cannot be completely eliminated in general - a certain residual risk is unavoidable.

11. What are your rights?

Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing.

To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

1. The right to request information from us as to whether and what data we process from you;
2. The right to have us correct data if it is inaccurate;
3. The right to request erasure of data;
4. The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
5. The right to withdraw consent, where our processing is based on your consent;
6. The right to receive, upon request, further information that is helpful for the exercise of these rights.

12. Do we use online tracking, online advertising and similar techniques?

On websites operated by us, we use various technologies (e.g. cookies, tracking pixels and similar technologies), with which we and third parties engaged by us can track and monitor how you use the website.

We do so in order to improve the functionality or content of our website, to compile statistics on how visitors use our websites, and to enable us and authorized third parties to provide you with a personalized web experience (e.g. personalized advertising, interactions on social media sites, etc.).

12.1 What are cookies and similar techniques?

A cookie is a small text file with an identifier (a sequence of letters and numbers) that is transmitted between the server and your system. This allows us and the third-party providers we engage or cooperate with to recognize visitors to our website and track them across multiple visits and across different websites. Cookies enable recognition of a specific device or browser and do not necessarily contain information that personally identifies a user. However, personal data that we or third-party providers contracted by us store from you (e.g. if you have a user account with us or these providers) may be linked to the information stored in and obtained from cookies and thus possibly to your person.

In addition to cookies, there are other similar techniques such as device fingerprinting and web beacons, also known as tracking pixels, which are small, usually invisible images or a program code that are loaded by a server and provide the server operator with certain information (e.g. access to a website). These pixels can also, with your consent, let third-party social media platforms know that you visited our website - in order to show you relevant advertisements. For more information about how these third-party providers use your personal data collected, please refer to their respective privacy notices. Device fingerprints consist of information collected during your visit to the website about the configuration of your terminal device or browser, which makes it possible to distinguish your device from other devices. This data is primarily used to improve the functionality of the website (e.g. by saving your dark mode preferences), to show you relevant advertisements, or for security purposes.

12.2 What types of cookies and similar technologies do we use?

The cookies and similar technologies we use on our websites serve the following purposes (similar technologies are included in each case):

1. Necessary cookies: Some cookies are essential for the use of the website and its functions. These cookies ensure the essential functionality of the website, for example, the ability to navigate from page to page without the disappearance of products placed in the shopping cart. They also ensure that you remain connected to the website. These cookies have an expiration date of up to 13 months.
2. Performance and analytics cookies: Performance and analytics cookies collect information about how our website is used and allow us to perform analytics about how the website is used, such as which pages are viewed most frequently and how visitors navigate our website. These cookies are used to make visiting the website easier and faster and generally improve user experience and comfort. For this purpose, we use third-party analytics services. These cookies have an expiration date of up to 13 months.
3. Marketing cookies: marketing cookies help us and our advertising partners to show you advertisements on our website for offers or services that may be of interest to you, or to display our advertisements if you continue to browse the Internet after leaving our website, i.e. to show you targeted advertisements. These cookies have an expiration time of a few days to 13 months, depending on the circumstances.

Some of the third-party vendors we use may be located outside of Switzerland. For information on the disclosure of data abroad, please refer to section 8.

If you consent to the use of cookies, you accept that your data may be transferred to a country that does not have an adequate level of data protection and accept the risk that your data may be exposed to access by foreign authorities in the country of the recipient, who may not adhere to adequate data protection regulations in doing so. You may revoke your consent to cookies at any time, as explained in Section 12.3.

12.3 How can I control the use of cookies and similar technologies?

In your browser, you can, at any time, deactivate cookies in the settings entirely or in part.

Browsers can automatically accept or reject cookies, but allow you to change these settings. You can also disable or delete cookies that you have previously accepted. Note that all settings are lost if you delete all cookies, including the setting that you do not want to accept cookies, as this in turn requires that an opt-out cookie has been set. The settings must be made separately for each browser you use. You can find out how to manage cookies in your browser in the help menu of your browser.

If you choose to decline cookies and similar technologies, you can still use our website, but your access to some features and areas of our website may be limited.

13. What data do we process on our social media pages?

We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and process the data about you described in section 3 and elsewhere in this notice. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms' providers may analyze your use of our online presence (e.g. how you interact with us, how you use our online presence, what you view, comment on, or «like») and process this data along with other data they have about you (e.g. information about your age and gender and other demographic information). In this way, they create profiles about you and statistics about the use of our online presences. They use this data and profiles to display our or other advertisements and other personalized content on the platform and to drive behaviour on the platform, but also for market and user research and to provide us and other parties with information about you and the use of our online presence. To the extent that we are jointly responsible with the provider for certain types of processing, we will enter into a corresponding contract with the provider. You can find out about the main content of this contract from the provider. They also process this data for their own purposes, in particular for marketing and market research purposes (e.g. to personalize advertising) and to manage their platforms (e.g. to decide what content to show you), and act as separate controllers for this purpose.

We are entitled, but not obliged, to review content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform. In the event of violations of decency and conduct rules, we may also notify the provider of the platform on which the user account in question is located for blocking or deletion.

For further information on processing by the platform providers, please refer to the data protection notices of the respective platforms. There you can also find out in which countries your data is processed, what rights of access and deletion you have and how you can exercise these or obtain further information.

14. Can we update this Privacy Notice?

This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.

Last updated: 29 August 2023