1
0
mirror of https://github.com/oceanprotocol/market.git synced 2024-12-02 05:57:29 +01:00
market/content/pages/privacy/en.md

252 lines
16 KiB
Markdown
Raw Permalink Normal View History

GDPR Compliance (#796) * add cookie utils * add gdpr metadata for ppc * add graphql typeDefs for GDPR metadata * add ppc variable to app config * add ppc user preference * add switch component * add ppc components * add cookie consent provider * add consent provider to wrapRootElement * add ppc to app component * add cookie button to footer component * add ppc to site metadata query * add styles for buttons in footer * add switch component unit tests * renewed siteMetadata json for testing * add gdpr metadata for testing * add cookie module unit test * add cookie module tests * add customizable format to time component * add english privacy policy * add privacy policy slugs to user preferences and appConfig * add privacy policy components * add autolink for policy md navigation * only show language select for multiple policies * add gatsby policy page creation * use new privacy slug user preference * add to top button styling for markdown pages * add policies for de, es & fr * add pointer events to toTop buttons css * add privacy policy basic unit test * outsource scroll button component * import cleanup * add customizable delay for debounce * add scroll button unit tests * add disclaimer component * add disclaimer fields as optional fields in PublishJsonData * add acces type disclaimer * adjusted help for desc and author fields * add disclaimer unit tests * minor adjustment to test * add print button to history page * naming changes for better readability * add cookies hash to policies * ppc disabled per default * fix react unknown prop for disclaimer * minor adjustments to cookie utils * add gdpr example file * change exposed gdpr metadata scope by useConsent * update README * readme fixes * emoji fix * added imprint * adjustments to gdpr.json structure and related graphql type * add default values for ppc * Update app.config.js Fixed typo. * change variable name for consistency, remove console logs * readability * adjust css selector order to be consistent * Update fr.md updated policy * Update es.md updated policy * Update en.md updated policy * Update de.md * fix type issue * replace language select input with links * remove scroll button from codebase * change privacy policy route to /privacy * remove Do Not Track detection * add size to checkbox / radio inputs * replace switch component with checkbox inputs * fix plain text links * remove console log * refactor privacy policy pages to use PageMarkdown template * setup useUserPreferences mock for unit tests * unit tests forprivacy policy components * setup discalimer to use alert component * Apply .env suggestions from code review Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com> * move gdpr example to gdpr.json * adjustments to address .env approach for appConfig.privacyPreferenceCenter * update readme * add small styling option to ppc * update README * add ppc unit tests * update comments * Update README.md Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com> * Merge print into profile history * add inifiniteApproval to UserPreference fixture * changed default styling of PPC to small Co-authored-by: Frederic Schwill <41265505+fr-3deric@users.noreply.github.com> Co-authored-by: MeikeMolitor <88214332+MeikeMolitor@users.noreply.github.com> Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com>
2021-10-12 10:00:57 +02:00
---
title: Privacy Policy
description: This privacy policy informs you about how Ocean Protocol Foundation Ltd. (OPF) processes your personal data when you visit Ocean Market and when you use one of our market functionalities. Moreover, this privacy policy informs you about your rights.
---
# 1. Controller
The controller of the processing of your personal data is:
Ocean Protocol Foundation Ltd.<br/>
The Commerze @ Irving<br/>
1 Irving Place, #08-11<br/>
369546 Singapore
E-mail: [gdpr@oceanprotocol.com](mailto:gdpr@oceanprotocol.com)
# 2. What&#39;s personal data?
Personal data is any information that can be (directly or indirectly) related to you. OPF processes a minimal amount of personal data, as we believe your personal data belongs to you. We process the following personal data.
**IP address** : Your IP address is processed when visiting Ocean Market.
If you are using one of our market functionalities, OPF also processes the following personal data.
- **Your wallet address**: Your wallet address is processed if you are publishing, consuming, or staking on a data asset.
- **Author name:** Your name is processed if you decide to publish a data asset. Adding your real name is not required. You are welcome to publish a data asset using a pseudonym.
If you contact OPF via e-mail, we process your e-mail address and any personal data you decide to provide in your message (such as your name).
For detailed information about the processing operations, lawfulness, purposes, and how your personal data serves to reach these purposes, please take a look at the chapter &quot; Processing operations according to Article 13 GDPR&quot;.
# 3. Recipients and cross-border data transfer
**Visiting Ocean Market**
When you visit Ocean Market, your IP address is processed by Netlify, a service provider that hosts our market. Netlify serves our market using a Content Delivery Network (a geographically distributed network) with servers located out of and within the European Economic Area. We use Standard Contractual Clauses (SCC) to provide appropriate safeguards to the processing of your personal data. You have the right to receive a copy of these SCC.
- Here you can find Netlify&#39;s [**SCC** &#8599;](https://www.netlify.com/v3/static/pdf/netlify-dpa.pdf).
- Here you can find Netlify&#39;s [**privacy policy** &#8599;](https://www.netlify.com/gdpr-ccpa).
**Using Ocean Market functionalities**
If you use Ocean Market functionalities, we disclose your wallet address and author name (if applicable) by transmitting it to a smart contract. This smart contract is stored in machine-readable format on a public blockchain that is redundantly stored on nodes worldwide. Given the globally distributed storage, your wallet address and author name (if applicable) are processed in countries without an adequacy decision pursuant to Art. 45 GDPR. The blockchain&#39;s underlying technology ensures the security (integrity, availability, authenticity, and non-repudiation) of your personal data by design and by default. Also, your rights described in chapter seven stay enforceable. For instance, if you rectify your author&#39;s name on Ocean Market, the changes will also be automatically adopted on nodes that hold a copy of the smart contract.
**Contact via e-mail**
If you contact us per e-mail, our (mail) service provider Google Workspace, supports us in communicating with you. During this process, personal data about you are processed, such as your e-mail address and any other information you decide to provide in your message, like your name. Google Workspace is located in the US, so your data is transferred by us to a country without an adequacy decision pursuant to Art. 45 GDPR. We use Standard Contractual Clauses (SCC) to provide appropriate safeguards to the processing of your personal data. You have the right to receive a copy of these SCC.
- Here you can find the [**SCC** &#8599;](https://workspace.google.com/terms/mcc_terms.html) of Google Workspace.
- Here you can find the [**privacy policy** &#8599;](https://policies.google.com/) of Google Workspace.
# 4. Processing operations according to Article 13 GDPR
We process your personal data for the following purposes.
## 4.1 Providing Ocean Market and creating log files
We collect and use your IP address for providing Ocean Market hosted at Netlify. Moreover, OPF uses Netlify Analytics to collect and store your IP address. Your personal data will never leave our service, and we will not track you across sites.
**Purposes:**
Collecting and using your IP address is necessary for providing Ocean Market because it is a technical requirement for ensuring communication between your device and our market.
OPF uses Netlify Analytics to distinguish unique visitors based on IP addresses. This process helps us understand better how many users visit Ocean Market and in which countries the users are located. We use that information to measure traffic and popularity trends to improve our service.
**Legal basis:**
The legal basis for this processing is our legitimate interest, according to Art. 6(1)(f) GDPR.
**Legitimate interests:**
Our legitimate interest is to provide Ocean Market and its functionalities to you and to improve them.
**Retention period:**
We store your IP address for 30 days.
## 4.2 Consume and stake functionality
When consuming or staking on a data asset, we collect your wallet address and disclose it by transmitting it to a smart contract stored on the blockchain.
**Purpose:**
Ocean Market processes your wallet address to enable you to sign blockchain transactions. The transaction containing your wallet address will be stored permanently on-chain so that you and the asset provider can prove asset acquisition and consumption.
**Legal basis:**
The legal basis for this processing is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract with you.
**Retention period:**
OPF discloses your wallet address by transmitting it to a smart contract stored in machine-readable format permanently on-chain to enable an immutable audit trail.
## 4.3 Publish functionality
When you publish a data asset, we collect your wallet address and author name and disclose it by transmitting it to a smart contract stored on the blockchain. Please note that your wallet address will be linked to your given name. Please also note that you can use a pseudonym as the author&#39;s name.
**Purpose:**
We need to process your wallet address to link your publication to your wallet address. We process your name to enable search and filtering functionality on Ocean Market. The transaction containing your wallet address and author name will be stored permanently on-chain so that you can prove asset ownership and asset sales.
**Legal basis:**
The legal basis for this processing is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract with you.
**Retention period:**
OPF discloses your wallet address and author name by transmitting it to a smart contract stored in machine-readable format permanently on-chain to enable an audit trail.
## 4.4 Showing data assets
When you published a data asset, we retrieve, organize, and store your wallet address and author name on a metadata cache operated by OPF. Moreover, we show your asset on Ocean Market.
**Purposes:**
Retrieving data from the blockchain is time-consuming. Hence, we retrieve, organize, and store your personal data on a cache to improve the performance of Ocean Market. We show your data asset on Ocean Market, so visitors can find, consume and stake in it.
**Legal basis:**
The legal basis for this processing is our legitimate interest, according to Art. 6(1)(f) GDPR.
**Legitimate interests:**
Our legitimate interest is to enhance the user experience by improving the performance of Ocean Market.
**Retention period:**
Your wallet address and name are stored permanently on our metadata cache.
## 4.5 History table
Ocean Market&#39;s history table is a transparency tool that you can use to overview your transactions relating to Ocean Market. When you use the history table, we collect your wallet address. Then we retrieve the respective and relevant transactions stored on the blockchain (more precisely, from the metadata cache) and organize them in a table.
**Purpose:**
We need to collect your wallet address to retrieve every transaction you made on Ocean Market. We retrieve and organize your public transaction data so you can quickly overview all the actions you made on Ocean Market.
**Legal basis:**
The legal basis for this processing is our legitimate interest, according to Art. 6(1)(f) GDPR.
**Legitimate interests:**
Our legitimate interest in providing the history table is to offer you the possibility to overview your transactions made on Ocean Market.
**Retention period:**
As soon as you disconnect your wallet, we will remove the history table entries from your browser.
## 4.6 Contact via e-mail
If you contact us via e-mail, OPF will collect, use and store your e-mail address, and any other information you provide us is your message, such as your name.
**Purposes:**
We collect, use and store this personal data to respond to your inquiries.
**Legal basis:**
The legal basis for this processing is our legitimate interest, according to Art. 6(1)(f) GDPR.
**Legitimate interests:**
Our legitimate interest is to answer your inquiries.
**Retention period:**
OPF deletes your personal data as soon as we no longer require them for processing your inquiry, except OPF is obliged to comply with legal retention periods or in case of legal disputes.
<br/><i id="cookies"></i>
# 5. Cookies and web storage
A cookie is a small file that stores Internet settings. Your web browser downloads it on the first visit to a website. The next time you open this website with the same device, the cookie and the information stored in it are either sent back to the website that created it (first-party cookie) or sent to another website it belongs to (third-party cookie). This enables the website to detect that you have opened it previously with this browser and, in some cases, to vary the displayed content.
Ocean Market does not use cookies for analytics or marketing purposes. Instead, we use a functional first-party cookie that does not transmit personal data about you. This cookie is used to enhance your user experience and will be removed once you close your browser.
Ocean Market also uses local storage and session storage, which have similar functionality to cookies. We use your web storage to remember your page preferences and to enhance your user experience. We also do not store personal data in the local storage and session storage. Your browser will remove the session storage once you close your browser.
You have the option of disabling cookies and deleting cookies and web storage from your computer&#39;s hard disk at any time in your browser settings.
# 6. External links
Ocean Market contains links to external websites that are beyond the control and responsibility of OPF. We mark external links using this arrow: &#8599;.
# 7. Your rights
If you want to make use of your rights described below, do not hesitate to contact us.
## 7.1 Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether OPF processes personal data about you. If we are processing personal data about you, you have the right to access these personal data and to gain the information defined in Art. 15 GDPR.
## 7.2 Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data about you. Additionally, you have the right that incomplete personal data about you are completed.
If you published a data asset, please note that you can modify your provided metadata (like the author&#39;s name) at any time by conducting the following steps.
- Visit your published asset on Ocean Market ([market.oceanprotocol.com](https://market.oceanprotocol.com)).
- Validate your identity with your private key.
- Click &quot;EDIT METADATA&quot; and make your changes.
- Save your changes by clicking &quot;SUBMIT&quot;.
- Confirm the changes with your private key.
Please note that you have to pay gas fees for the confirmation of the changes (as a new transaction is issued). After alteration, the previous version of your data asset metadata will no longer be visible on Ocean Market. Also, you can change the content of your data asset at any time.
## 7.3 Right to erasure (Art. 17 GDPR)
You have the right to obtain without undue delay the erasure of personal data about you, where the defined legal grounds in Art. 17 GDPR apply.
If you published a data asset, you could overwrite your provided author name with a placeholder by conducting the steps listed in chapter 7.2. If you want to disable displaying your data asset on Ocean Market, please read chapter 7.4.
Note that it is not possible to erase the blockchain&#39;s transaction history due to technical reasons. But the current network state will no longer hold the former metadata.
Moreover, due to technical reasons, you cannot erase your provided wallet address. The permanent storage of the wallet address protects you as an asset publisher as well as an asset consumer. Data publishers can prove asset ownership and asset sales, while data consumers can prove asset acquisition and consumption.
## 7.4 Right to restriction (Art. 18 GDPR)
Moreover, you have the right to obtain the restriction of processing your personal data where the defined legal grounds in Art. 18 GDPR apply.
If you published a data asset and have a GitHub account, you can use our Purgatory, a mechanism to hide any data asset from Ocean Market, by conducting the following steps.
- Visit [**Purgatory** &#8599;](https://github.com/oceanprotocol/list-purgatory/blob/main/list-assets.json).
- Sign in to your GitHub account.
- Propose a change by inserting the DID of the concerned asset and state a reason like &quot;Sensitive data&quot;.
- Commit your changes.
OPF will accept your changes as soon as possible. You can expect the changes to be processed within a week. For more information, please visit our [**Purgatory documentation** &#8599;](https://github.com/oceanprotocol/list-purgatory/blob/main/policies/README.md).
If you have questions about Purgatory or do not have a GitHub account and want us to disable displaying the data asset, do not hesitate to contact us.
## 7.5 Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit those data to another controller without hindrance, where the defined legal grounds in Art. 20 GDPR apply.
You can make use of your right to data portability by contacting us.
GDPR Compliance (#796) * add cookie utils * add gdpr metadata for ppc * add graphql typeDefs for GDPR metadata * add ppc variable to app config * add ppc user preference * add switch component * add ppc components * add cookie consent provider * add consent provider to wrapRootElement * add ppc to app component * add cookie button to footer component * add ppc to site metadata query * add styles for buttons in footer * add switch component unit tests * renewed siteMetadata json for testing * add gdpr metadata for testing * add cookie module unit test * add cookie module tests * add customizable format to time component * add english privacy policy * add privacy policy slugs to user preferences and appConfig * add privacy policy components * add autolink for policy md navigation * only show language select for multiple policies * add gatsby policy page creation * use new privacy slug user preference * add to top button styling for markdown pages * add policies for de, es & fr * add pointer events to toTop buttons css * add privacy policy basic unit test * outsource scroll button component * import cleanup * add customizable delay for debounce * add scroll button unit tests * add disclaimer component * add disclaimer fields as optional fields in PublishJsonData * add acces type disclaimer * adjusted help for desc and author fields * add disclaimer unit tests * minor adjustment to test * add print button to history page * naming changes for better readability * add cookies hash to policies * ppc disabled per default * fix react unknown prop for disclaimer * minor adjustments to cookie utils * add gdpr example file * change exposed gdpr metadata scope by useConsent * update README * readme fixes * emoji fix * added imprint * adjustments to gdpr.json structure and related graphql type * add default values for ppc * Update app.config.js Fixed typo. * change variable name for consistency, remove console logs * readability * adjust css selector order to be consistent * Update fr.md updated policy * Update es.md updated policy * Update en.md updated policy * Update de.md * fix type issue * replace language select input with links * remove scroll button from codebase * change privacy policy route to /privacy * remove Do Not Track detection * add size to checkbox / radio inputs * replace switch component with checkbox inputs * fix plain text links * remove console log * refactor privacy policy pages to use PageMarkdown template * setup useUserPreferences mock for unit tests * unit tests forprivacy policy components * setup discalimer to use alert component * Apply .env suggestions from code review Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com> * move gdpr example to gdpr.json * adjustments to address .env approach for appConfig.privacyPreferenceCenter * update readme * add small styling option to ppc * update README * add ppc unit tests * update comments * Update README.md Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com> * Merge print into profile history * add inifiniteApproval to UserPreference fixture * changed default styling of PPC to small Co-authored-by: Frederic Schwill <41265505+fr-3deric@users.noreply.github.com> Co-authored-by: MeikeMolitor <88214332+MeikeMolitor@users.noreply.github.com> Co-authored-by: Jamie Hewitt <jamie.hewitt15@gmail.com>
2021-10-12 10:00:57 +02:00
## 7.6 Right to object (Art. 21 GDPR)
On grounds relating to your particular situation, you have the right to object to the processing of your personal data where we based the processing on legitimate interests (Art. 6(1)(f) GDPR). If you object, OPF will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, overriding your rights, freedoms, and interests, or if the processing is required to establish, exercise, or defend legal claims.
## 7.7 Right to lodge a complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you consider the processing of your personal data by OPF to infringe the GDPR. You can lodge a complaint in particular
- in the Member State of your habitual residence,
- in the Member State of your place of work, and
- in the place of the alleged infringement.
# 8. Questions
For any requests regarding our privacy policy, please send us an e-mail to [gdpr@oceanprotocol.com](mailto:gdpr@oceanprotocol.com).