Personal Data Protection Policy
In progress and not yet legally binding document.
Personal Data Protection Policy
Citizen.chat is a tool created by CitizenLab S.L. a company registered in Spain. When we use Citizen.chat in this document CitizenLab S.L. is the legal responsible behind citizen.chat.
To use the platform all functionalities are possible without providing any personal identifiable data.
The only places where you would willingly and consciously provide us with personal data, are:
- When you opt in to receive updates on the citizen.chat website and the platform.
The only personal information in this case is: your email address.
So this privacy policy applies to this sole identifiable data.
1. INTRODUCTORY INFORMATION
At CITIZEN.chat we respect your right to privacy and take personal data protection extremely seriously, as we would like to provide you with the highest level of protection of the personal data that you have trusted us.
This Policy is based on applicable relevant legislation on the protection of personal data, in particular the General Data Protection Regulation of the EU.
In this Personal Data Protection Policy (hereinafter referred to as: Policy), we define ways of collecting your personal data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it, and your rights regarding the protection of personal data.
2. CONTROLLER OF PERSONAL DATA
This Policy applies to all personal data processed by CITIZEN.chat, a platform managed CITIZEN.chat team. (company registration in process)
As a data controller, and only if you choose to share your eMail, CITIZEN.chat shall be responsible for processing and storing of your personal data.
If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us at the following contact:
- privacy@CITIZEN.chat
3. POLICY USERS
This Policy is for:
- our users and
- visitors of our platform.
4. TERMS AND DEFINITIONS
Here you can find an explanation of the basic concepts that we use in our Policy.
Each particular concept defined below has the meaning within this Policy as defined in this section.
Personal data means any information that refers to a specific or identifiable individual (for example, the name, surname, e-mail address, telephone number and identifiers that are specific to the individual's physical, physiological, genetic, economic, mental, cultural or social identity, etc.).
Controller means a legal entity that determines the purposes and means of processing of your personal data.
Processor means a legal or natural person who processes personal data on behalf of the controller.
Processing means collecting, storing, accessing and all other forms of use of personal data.
EEA means the European Economic Area, which identifies all the Member States of the European Union, Iceland, Norway and Liechtenstein.
Member is a legal or natural person registered on the Platform.
Data Set is the collection of uploaded documents and added urls content that a member can create on CITIZEN.chat. We also call this the Curated Data.
Data Set’s owner is the creator of a Data set.
Data Set’s follower is a member that opt-in to receive Data set’s updates. (soon)
5. PROCESSING OF PERSONAL DATA
At CITIZEN.chat, we process your personal data solely on the basis of clearly stated and legitimate purposes, securely and transparently.
We collect your personal data when you provide it to us: authenticating with eMail, signing up for our newsletter, keeping informed about CITIZEN.chat updates, and inquiring by e-mail.
We don’t collect cookies, but 3rd party providers, wallet connect or cloudflare may use them. Please refer to their respective Privacy Policy. Cloudflare: https://www.cloudflare.com/trust-hub/privacy-and-data-protection/
WalletConnect : https://walletconnect.com/privacy
Mailjet : https://www.mailjet.com/legal/privacy-policy/
5.1. What type of personal data do we collect?
Your personal data can be obtained directly from you when you provide us with this information (for example, by logging into your member account, etc.). We can also obtain your personal data through the use of our services (e.g. CITIZEN.chat updates, newsletter).
Category of personal data
Personal data collected
Identity data
eMail, Digital Wallet Information
Contact data
At CITIZEN.chat, we carefully protect the principle of the minimum amount of data provided by law, and therefore we collect only data that is appropriate, relevant and limited to what is necessary for the purposes for which the data is processed. The purposes for which we collect personal data are defined in Chapter 5.3. of this Policy.
5.2. On what legal basis do we collect and process your personal data
In accordance with the legislation governing the protection of personal data, we may process your personal data on the following legal bases:
- Consent. We process your personal data when you have given consent for the specific purposes of processing, and you are always entitled to revoke that consent;
- The law. When processing is necessary for the fulfillment of legal obligations.
Is the provision of personal data mandatory?
The provision of personal data (eMail only) is mandatory only for eMail authentication, Data set’s notifications or newsletter subscription. In most cases, you provide us with personal data on a voluntary basis.
Granting consent is always voluntary. However, in case of consent revocation or denial of consent, we will not be able to provide certain services.
5.3. Processing purposes
CITIZEN.chat will only process your data for specified, explicit and legitimate purposes. We undertake not to process your personal data in a manner incompatible with the purposes defined in this Policy.
The purposes for which we can use your personal data are defined below. CITIZEN.chat may use your personal data for one or more of the purposes identified below.
Processing purposes related to user account management:
Processing purpose
Category of personal data processed
Legal basis
Registration of an account with eMail – become a member*
E-mail (in the sole case of authentication by eMail) otherwise we don’t process any personal data for registration.
Contractual relationship
Processing purposes related to usage of our platform:
Processing purpose
Category of personal data processed
Legal basis
Create a Data Set
owner’s member ID, Digital wallet information, Name, encrypted e-mail
Contractual relationship
Create a Subscription
owner’s member ID, Digital wallet information, Name, encrypted e-mail
Contractual relationship
Try out for free
Digital wallet information, Name, encrypted e-mail
Contractual relationship
Processing purposes related to communication with CITIZEN.chat:
Processing purpose
Category of personal data processed
Legal basis
Communicating with members in regard with requests (customer support)
Digital wallet public key, eMail
Legitimate interest (providing good user experience)
Providing updates on the platform (maintenance, etc)
E-mail, Digital Wallet public key
Legitimate interest (providing good user experience)
Executing user satisfaction surveys
Categories of personal data we process differ depending on the theme of the survey and shall be disclosed with each survey.
Legitimate interest (improvement and optimization of our activities)
Processing purposes related to security, and administrative procedures:
Processing purpose
Category of personal data processed
Legal basis
Prevent, detect frauds and security issues
Data such as IP address, Digital Wallet public key
Legitimate interest (keeping the platform safe)
Enforcing any legal claims and to settle disputes
eMail (if so), Digital Wallet public key, can be disclosed in order to protect our business and to enforce and / or protect our rights.
Law
Executing statistical analysis.
In order to improve the user experience, we analyze the use of our website.
Legitimate interest (providing an optimal and efficient website)
Processing purposes related to marketing activities:
Processing purpose
Category of personal data processed
Legal basis
Sending newsletter
Consent
Sending Data Set’s updates
E-mail, digital wallet public key
Consent
Sending Data set’s recommendation
E-mail, digital wallet public
Consent
In the event that there is a need for further processing of personal data (for a different purpose than for the purpose for which personal data were originally obtained), we will inform you in advance and, when necessary, request for consent. You are entitled to revoke at any time any processing of your personal data, based on your consent. You can notify us of the revocation of the consent at any of the contact points defined in Chapter 2 of this Policy.
How does registration using third party services work?
The only case for which CITIZEN.chat needs a third party services work is when you register with an eMail. In that case, you fill your eMail through CITIZEN.chat. Then a verification eMail is sent by our partner Mailjet to you. A code is delivered and you have to enter the code in CITIZEN.chat interface. That’s all, the account is created, and we don’t store nor use your eMail anymore.
5.4. How much time do we keep your personal data?
We keep your personal data only in these particular cases:
Data Set’s updates subscription
Data Set’s recommendations subscription
Newsletter subscription
Support contact
We keep your personal data in accordance with the relevant legislation. We will keep your personal data:
- only for as long as it is absolutely necessary to achieve the purposes for which we are processing (for the purposes for which we process personal data, please refer to Chapter 5.3 of this Policy),
- for a period prescribed by the law (we note here that the deadlines for the retention of personal data may also be prescribed by other laws, not only in the field of personal data protection, such as 10 years for the issued invoices, in accordance with the tax legislation),
- for the period necessary for the fulfillment of the contract, which includes guarantee periods and deadlines in which it is possible to enforce any claims on the basis of a concluded contract (e.g. 5 years after the fulfillment of contractual obligations).
When personal data is obtained on the basis of your consent, we keep it permanently or until you revoke this consent (see how to revoke the consent in Chapter 8 of this Policy). We will delete the information collected on the basis of your consent before your revocation, in case the purpose for which the data was collected has been achieved.
When the retention period for certain personal data expires, we will delete these personal data or anonymize them so that the reconstruction of personal data will no longer be possible.
The retention periods for each category of personal data are defined in Annex 1.
For any additional information, please contact us at any of the contact details defined in Chapter 2 of this Policy.
6. PROTECTION OF YOUR PERSONAL DATA
At CITIZEN.chat we protect your personal data against illegal or unauthorized processing and/ or access, and against unintentional loss, destruction or damage. We undertake all measures according to our technological capabilities and the impact assessment on your privacy.
For this reason we consider that the sole data owner should be the creator himself. For this reason, no personal data is needed to use CITIZEN.chat. All personal data are facultative. But if you want to share some personal data with other CITIZEN.chat users or to associate some personal data with a Data set or a Subscription, you can do it. In this case, when you create your profile and fill in personal data like your name, bio, company, and so on, you write it publicly on a Ceramic node. If you fill in your eMail, we always encrypt it before writing it on Ceramic. An encryption key is shared with CITIZEN.chat and associated with your anon member ID. It’s for this reason we can say that CITIZEN.chat doesn’t have nor store any personal data. The only owner is you, the creator of the data.
Nevertheless, there are particular cases mentioned in Chapter 5.4 of this policy for which CITIZEN.chat uses your eMail and sends it to an external partner (MailJet: https://www.mailjet.com/).
In order to ensure that your personal data is safe, we have undertaken the appropriate technical and organizational measures at CITIZEN.chat, in particular:
- ensuring the regular updating and maintenance of the hardware, software and application equipment that we use for the processing of personal data,
- establishing a restriction on access to personal data,
- data encryption
- careful selection of processors that we trust for the processing of personal data;
- establishing protocols for preventing or limiting damage in case of potential security incidents.
In the event of a violation of the protection of personal data, we will notify without delay about any such violation to the competent supervisory authority.
In the event that there is a suspicion of a criminal offense regarding the violation of personal data, CITIZEN.chat will also report such violations to the competent authority.
In the event of a violation of data protection that may cause a high risk to the rights and freedoms of individuals, we will inform you of such an event without undue delay.
7. TRANSMITTING OF PERSONAL DATA
Your personal data may be, exclusively in order to achieve the purpose for which it was collected, transmitted, or we may just allow access to them to certain third parties defined below. Such third parties may only process your personal data for the purposes for which they were collected.
Accordingly, any third party to whom we transmit personal data is bound to comply with the applicable law as well as to the provisions of this personal data protection policy. With external processors, however, the protection of personal data is further defined by the contract.
Your personal data may be transmitted to:
1. Our external processors who take care of the needs of CITIZEN.chat: accounting services, law firms, eMail provider (MailJet)
2. When this is required by the law (e.g. tax authorities, courts, etc.).
3. Third party Service providers enabling registration, storage and transfer of funds (Wyre, Metamask, Rainbow, Coinbase, WalletConnect)
8. ACCESS TO SOCIAL NETWORKS
On our website we offer you the ability to use the following social networks: Twitter / X, Discord, Telegram.
The mentioned social networks operate in accordance with their terms of use and privacy policy, where the usage of personal data for each social network is also defined.
Privacy policies are available at the links provided below:
- Twitter: https://twitter.com/en/privacy
- Discord: https://discord.com/privacy
- Telegram: https://telegram.org/privacy
We would like to remind you that any use of social networks that is enabled on our website is in the sole responsibility of the individual. In the event of any questions and/or requests, an individual is required to contact a particular social network.
CITIZEN.chat does not assume any responsibility for the use of social networks.
9. RIGHTS OF INDIVIDUALS
At CITIZEN.chat the only personal data we store are encrypted eMail and encrypted member ID. All the other data like digital wallet information, name, biography, organisation, title, country, city, encrypted eMail are written on Ceramic Network. The sole owner is the creator of the data (the CITIZEN.chat member). When a processing is needed, the data owner gives the right to CITIZEN.chat to operate a processing, but the data is not stored neither owned by CITIZEN.chat. The only exception to this rule concerns the encrypted eMail, especially to be able to keep the user informed about CITIZEN.chat activities. In this case the encrypted hash of the eMail is stored by CITIZEN.chat, only if the user subscribe or proceed to one or several following cases:
Data Set’s updates subscription
Data Set’s recommendations subscription
Newsletter subscription
Support contact
You have the following rights regarding the personal data processing for the hashed data we store.
9.1. Access to personal data: You may request information from CITIZEN.chat whether we are processing your personal data, and if we do, you can request access to your personal data and information about the processing (which data is processed and from where this data originated).
9.2. Correction of personal data: you may request from CITIZEN.chat to correct or complete your incomplete or inaccurate data being processed.
9.3. Restriction of the personal data processing: you may request from CITIZEN.chat a restriction of the processing of your personal data (when, for example, checking accuracy or the completeness of your personal data).
9.4. Deletion of personal data: you may request from CITIZEN.chat to delete your personal data (we cannot delete those personal data that we keep on the basis of legal requests or contractual relation).
9.5. Printout of personal data: you may request from CITIZEN.chat to provide you with the personal data that you have provided us with in a structured, widely used and machine-readable form.
9.6. Revocation of consent: you have the right to withdraw consent as to the use of your personal data, which we collect and process on the basis of consent, at any time. The consent may be revoked in any manner specified in Chapter 2 of this Policy. The revocation of the consent has no negative consequences, but it is possible that CITIZEN.chat will no longer be able to provide you with certain services.
9.7. Objection to the processing of personal data: You have the right to object to the processing of your personal data when processing is for direct marketing purposes or in the event of transmitting your personal information to third parties for the purposes of direct marketing. You can also object processing when your data is used for direct marketing purposes using customized or individual offers ("profiling"). You can make an objection in any manner defined in Chapter 2 of this Policy.
9.8. The right to data transmission: you have the right to request the printout of personal data that you have provided us with. We will provide you with information in a structured, widely used and machine-readable form. You are entitled to provide this data to another controller of your choice. Where technically feasible, you may request that your personal data be transmitted directly to another controller.
Contacts for the exercise of rights:
If you have any questions regarding the use of this Policy or with regards to the exercise of your rights arising from this Policy, please contact us at any of the following contacts:
- privacy@CITIZEN.chat
You have the right to file a complaint against us with the competent authority for the protection of personal data.
The integrity of personal data processed and regular updating is a priority for CITIZEN.chat. Please kindly inform us of any change of your personal data to the above contacts. We will take care of the correction or supplementing your personal data in the shortest possible time.
In case of exercising any of the rights, we may require additional personal data (such as digital wallet public key, name, surname, e-mail address) for identification purposes. We will only need additional information when the information you provide is not sufficient for reliable identification (in this way, we want to prevent your personal data from being transmitted to a third party due to unreliable identification).
10. FINAL PROVISIONS
At CITIZEN.chat, we can change this Policy at any time. We shall notify you of the change of the Policy on our web site. We shall consider that you agree with the new version of this Policy if, after the new version enters into force, you continue to use our website and other services defined by this Policy.
The current version of this Policy will be available on our website: https://CITIZEN.chat/privacy-policy
Annex 1: Definition of retention periods
Processing purpose
Retention period
Registration of an account – become a member buy using eMail
5 years after the deletion of account
Sending Data Set’s updates
Until revoked
Sending Data Set’s recommendation
Until revoked
Communicating with members in regard with requests (customer support)
30 days after the conclusion of communication
Providing updates on the platform (maintenance, etc)
Until the user account has been deleted
Executing user satisfaction surveys
Data is anonymized immediately after execution of the survey
Sending newsletter
Until revoked
Last updated