This privacy notice (“Privacy Notice”) explains the basis for our collection of personal datain connection with our websites https://haven1.org/, https://portal.haven1.org/, https://docs.haven1.org/, https://haven1-ambassadors.notion.site/ and https://haven1.atlassian.net/servicedesk/customer/portals (together “Websites”), when you use our services, when you communicate with us or when you otherwise deal with us, and sets out how we use your personal data, the conditions under which we disclose it to others and the measures we take to keep it secure. In addition, we may inform you about the processing of your personal data separately, for example in consent forms, terms and conditions, additional privacy notices, forms, and other notices. We use the word “data” here interchangeably with “personal data”.
If you provide information to us about you or any person other than yourself, you must ensure that the data is accurate and that these other people understand how their data will be used, that they have given their permission for you to disclose it to us and for you to allow us, and our service providers, to use it. You are welcome to provide them with a copy of this Privacy Notice.
This Privacy Notice is aligned with the Federal Data Protection Act (“FDPA”) and the EU General Data Protection Regulation (“GDPR”). However, the application of these laws depends on each individual case.
1. Controller
The responsible person for processing your data under this Privacy Notice (“Controller”) unless we tell you otherwise in an individual case is:
Haven1
c/o MJP Partners AG
Bahnhofstrasse 20
6300 Zug, Switzerland
CHE-170.6.000.560-1
Email: [email protected]
You may contact us regarding data protection matters and to exercise your rights at [email protected].
2. Data Collection and Purpose of Data Processing
We process the following data about you for the purposes outlined below:
2.1 Websites
When you visit our Websites, we collect data that is necessary for the functionality and security of our Websites.
The data collected includes: IP address; information about the operating system of your end device; cookies; referrer URL; amount of data transferred; date, region, and time of the server request; websites accessed or from which access is made; browser type and version; name of your Internet provider; protocols; etc.
2.2 hPassport
Some of our services can only be used with an hPassport. To obtain an hPassport, you must carry out a KYC (Know Your Customer) or KYB (Know Your Business) check. We collect the information or data for the purpose of determining your eligibility to access or use the services for legal and regulatory purposes as well as compliance with any applicable law. To comply with legal requirements and prevent fraud attempts, we collaborate with a third-party service provider specializing in KYC/KYB checks. The third-party service provider acts on our behalf to verify your identification and information as part of the registration process.
The data collected includes: name; first name; date of birth; identification documents; photographs of your face; legally required information regarding anti-money laundering and combating the financing of terrorism; etc.
We are legally obliged to collect and store the information and data collected in this context.
2.3 Services
We process your data in order to conclude, execute and manage a contract with you and to provide our services (e.g. application for grants, applications for validators, becoming an ambassador, customer support, refer & earn program, etc.) to you.
The data collected includes: contact details, role in company and other information provide by you; information about projects (project name, project description, project milestones and deliverables, project application, project stage, project documentation, etc.); information provided within forms and applications (age, language, social media profiles, duration and areas of activity, contributions, community, etc.); information provided to our help desk (e.g. information connected with airdrop claims, bug reports, improvement suggestions, KYC/KYB/2FA issues and developer related issues); Information provided during the refer & earn program (e.g. used referral code, information about the person to whom the referral code was passed on, etc.); information when using our services; information regarding a possible contract conclusion and about the contract conclusion (e.g. services used and provided to you etc.); information about the execution and administration of the contracts; information on complaints; etc.
2.4 Marketing and Innovation
We process your data for marketing and business activities in relation to Haven1, in particular to further develop the Websites and other platforms on which we operate. In addition, we and selected third parties may use your data to show you personalised content or advertising if and to the extent that you give us your consent, provided this is required by applicable law. You can object to such marketing activities or withdraw your consent at any time (see also Section 11 below).
All of the above data may be used for this purpose.
2.5 Communication
When you contact us by email, telephone, letter, or other means of communication, we collect the data exchanged between you and us for the purposes of communicating with you and providing our services to you, in particular to respond to your enquiries. By providing us with this data, you acknowledge that we use your data in accordance with this Privacy Notice.
The data collected includes: contact details; type, manner, place and time of communication; content of communication; etc.
2.6 Safety or Security Reasons
We process your data to protect our IT and other infrastructure. For example, we process data for monitoring, analysis and testing of our networks and IT infrastructures including access controls.
All of the above data may be used for this purpose.
2.7 Compliance with Law and Legal Procedures
We process your data to comply with legal requirements (e.g. to combat money laundering and terrorist financing (KYC/KYB), to fulfill tax obligations, etc.), and we might have to request further information from you to comply with such requirements or as otherwise required by law and legal authorities. Furthermore, we may process your data for the enforcement of legal claims and for the defence in legal disputes and official proceedings.
All of the above data may be used for this purpose.
2.8 Risk Management, Corporate Governance and Business Development
We process your data as part of our risk management and corporate government in order to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses or companies to others or acquire them from others or enter into partnerships and this might result in the exchange and processing of data based on your consent, if necessary.
All of the above data may be used for this purpose.
2.9 Cookies
Our Websites use cookies, and we may also allow certain third parties to do so (see also Section 2.10 below). Cookies are text files that are stored on your device (computer, laptop, smartphone, etc.) and that are necessary for the use of the Websites as such or certain functions or that enable the analysis of the use of our Websites.
Depending on the purpose of these cookies, we may ask for your express prior consent before cookies are used. You can access your current settings by clicking on the “[Change Your Cookies]” button at our Websites and withdraw your consent under the same link at any time.
Depending on the puWhen you use our Websites, you can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword “Privacy”) or on the websites of the third parties set out in our consent management tool. rpose of these cookies, we may ask for your express prior consent before cookies are used. You can access your current settings by clicking on the “[Change Your Cookies]” button at our Websites and withdraw your consent under the same link at any time.
2.10 Tools
We use the following tool(s) to ensure a tailored design and the continuous optimization of our Websites:
Google Analytics:
Google Ireland (based in Ireland) is our provider of Google Analytics and acts as our processor. Google Ireland relies on Google LLC (based in the US) as a processor for its services (both “Google”). Google uses performance cookies to track the behaviour of visitors to our Websites (duration, frequency of pages viewed, geographic origin of access, etc.) and compiles reports for us on the use of our Websites on this basis. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the US and thus cannot be traced. We have turned off the "Data Forwarding" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these persons. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the US and other countries not offering adequate data protection from a Swiss/EU perspective. Information on the data protection of Google Analytics can be found here: Privacy Disclosures Policy - Analytics Help.
2.11 Third-Party Offerings
Our Websites may contain third-party offerings. Please note that when you use such link, your data such as IP address, personal browser settings, etc., are transmitted to these third parties. We have no control over, do not review and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Notice do not apply to these third-party websites or their content, or to any collection of your data after you click on links to such third-party websites. We encourage you to read the privacy notices of every website you visit. Any links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.
2.12 Plug-Ins
We do not use plug-ins on our Websites. If our Websites contains icons from other third-party providers (e.g. Twitter/X, Discord, Telegram, LinkedIn, YouTube), we only use these for passive linking to the pages of the respective providers.
2.13 Third-Party Platforms
We operate accounts on third-party platforms (e.g. Twitter/X, Discord, Telegram, LinkedIn, YouTube). If you communicate with us via our accounts or otherwise interact with our accounts on these third-party platforms, your data will also be processed according to the privacy notices of the respective platform. Please find further information on the purpose and scope of data collection and processing by the third-party providers in their respective privacy notices.
3. Legal Basis for Data Processing
Insofar as we have asked for your consent, we process your data on the basis of this consent. You can withdraw your consent at any time with effect for the future by sending us a written notification (email to: [email protected]). The withdrawal of your consent affects neither the legality of the processing that we carried out before your withdrawal nor the processing of your data on the basis of other processing grounds.
If we do not need your consent, we will not obtain it and we will process your data for other reasons, such as the initiation/execution of a contract or a business relationship with you, a legal obligation, a vital interest of the data subject or another natural person, or to perform a public task. We may also process your personal data if we have a legitimate interest in doing so, which includes, for example, complying with applicable law and marketing our products and services, the interest in better understanding our markets and in safely and efficiently managing and developing our company, including its activities.
4. Transfer of Data to Third Parties
As part of our data processing, we may share your data with third parties, in particular to the following categories of recipients:
Service Providers:
We may share your information with service providers and business partners around the world with whom we collaborate to fulfill the above purposes (e.g. IT provider; advertising service provider; security companies; banks; telecommunication companies; credit information agencies; address verification provider; lawyers; etc.) or who we engage to process data for any of the purposes listed above on our behalf and in accordance with our instructions only.Contractual Partners:
If you connect your wallet to decentralized applications built on or interacting with the Protocol, your wallet address and other relevant data may be shared with those services. These services are independently operated and governed by their own privacy policies.Legal Authorities:
We may pass on data to offices, courts, and other authorities if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities are responsible for processing data about you that they receive from us.
5. Disclosure of Data Abroad
The data that we collect from you may be transferred to, processed, and stored in, a country outside the European Economic Area (EEA) or Switzerland. In view of the EEA or Switzerland the law in some of those countries may not offer an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework and/or the Standard Contractual Clauses approved by the European Commission (SCCs), adjusted according to Swiss law, all of the aforementioned if applicable and required.
6. Profiling and Automated Decision Taking
We might analyse aspects of your individual’s personality, behaviour, interest and habits make predictions or decisions about them for the purposes laid out in Section 2, e.g. to perform statistical analysis or to prevent misuse and security risks. This analysis identifies correlations between different behaviours and characteristics to create profiles for individuals. For example, we may use profiling to determine in which products or services you might be interested. We may also use profiling to assess your creditworthiness. We do not use profiling that can produce legal effects concerning you or similarly significantly affect you without human review.
In certain circumstances, automated decision taking might be necessary for reasons of efficiency and consistency. In such cases, we will inform you accordingly and take the measures required by applicable law.
7. On-Chain Data
When you use blockchains, you acknowledge that your wallet address and other data/information provided by your transactions, which are considered personal data if relating to an identified or identifiable natural person, are permanently and publicly stored on-chain, which means such data is publicly available to anyone. Neither we, nor any third party, has any power to delete such data published by its users to the blockchain. If you want to ensure that your privacy rights are not affected in any way, you should not transact on blockchains as certain rights may not be available or exercisable by you or us due to the technological infrastructure of the blockchain.
Please also note that we do not have access to the third-party wallet connected to our Websites.
You hereby release and indemnify us of any liability associated with data that you transferred to the blockchain.
8. Use by Minors
Our Websites and the services offered therein are not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that personal data has been collected from a minor without appropriate authorization, we will take reasonable steps to delete such information as soon as possible.
9. Retention and Storage of Data
We only process your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon expiry of the applicable retention period, we will securely destroy your data in accordance with applicable laws and regulations.
10. Data Security
We take appropriate organizational and technical security measures to prevent your data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. However, we and your data can still become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity including but not limited to viruses, forgeries, malfunctions, and interruptions which is out of our control and responsibility. We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Your Rights
In connection with our processing of your data, you have various rights under applicable data protection law: the right to information about how we process which personal data about you, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to withdrawal of a previously given consent, the right to file a complaint with the competent data protection authority if you believe that we are not processing your personal data in accordance with data protection requirements, and the right to object to a particular processing. However, we ask that you please contact us first if you believe that we are not processing your personal data in accordance with your wishes, so that we can address your concerns and implement appropriate changes.
Please note that we reserve the right to enforce legal restrictions, if necessary, e.g. if we are obliged to store or process certain data, have an overriding interest (insofar as we can invoke such interests) or need the data to assert claims. If the exercise of certain rights involves costs for you, we will inform you in advance. We have already referred to the possibility of withdrawing consent in Section 3 above. It is important to note that exercising these rights may conflict with your contractual obligations and could result in consequences such as early termination of the contract or associated costs. Should this occur, we will inform you in advance, unless this has already been contractually agreed.
If you wish to exercise the rights mentioned above, please contact us at [email protected] or at the contact details provided in Section 1, unless otherwise indicated or agreed. Please note that we may need to verify your identity in order to prevent misuse, e.g. by means of a copy of your ID card or passport, unless identification is otherwise possible.
In addition, every data subject has the opportunity to assert their rights in court or to file a complaint with the relevant data protection authority. In Switzerland, the relevant data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
12. Amendment of this Privacy Notice
Due to continuous development of our Websites and the contents thereof, changes in law or regulatory requirements, we might need to change this Privacy Notice from time to time. Our current Privacy Notice can be found on our Websites.
