Introduction

This global policy explains what we do with your personal data as a (current or former) service provider, contractor, or employee at UTXO Alliance, or as a user interfacing with UTXO Alliance with regard to UTXO Alliance’s offerings. Overall responsibility for ensuring compliance rests with UTXO Alliance. However, all employees, service providers, and contractors of UTXO Alliance who collect, control, or process the content and use of personal data are individually responsible for compliance.

Aim

This General Data Protection Regulation (GDPR) policy describes how we collect, use, and process your personal data, and how, in doing so, we comply with our legal obligations. Your privacy is important to UTXO Alliance, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

• What information we may collect about you.
• How we use and share information we collect.
• How we secure information we collect.
• How to access and control your information.
• How we transfer information we collect internationally.
• Other important privacy information.

What Information We May Collect About You

We collect information about you when you provide it to us, either directly (e.g., by email or social media channels officially operated by UTXO Alliance), or through a third party, as well as information gathered during your tenure with UTXO Alliance. When collecting such data, it’s always important to ask ourselves: why is the data needed?

We collect and use information for the following reasons:

• To provide you with feedback on incidents (including, but not limited to, questions, bugs, or complaints) you raise when using one of our testnets.
• To provide you with updates on changes to a testnet (including bug fixes, new features, and revised content) where you have already engaged with us by raising an incident.
• To inform you when we launch new testnets that address the same capability as previous testnets where you have engaged with us in the past. For example, we have at least three testnets (#1, #2, #3) that relate to smart contracts; if you engage with us on testnet #1, we will send you a notification when testnets #2 and 3 are launched.
• For job candidates, we seek specific consent on the application page in Recruiterbox to assess candidate suitability for an open role and to verify information provided during the recruitment process.
• To perform accounting and other record-keeping functions.
• To provide personnel, payroll, and other administration services.
• To record your employment history with UTXO Alliance.
• To record any training, professional development, and performance metrics.
• To exhibit your profile (name, picture, role) on our website team page.

How We Use and Share Information We Collect

Data processing means performing any operation or set of operations on data, including:

• obtaining, recording, or keeping data.
• collecting, organising, storing, altering, or adapting data.
• retrieving, consulting, or using data.
• disclosing the information or data by transmitting, disseminating, or otherwise making it available.
• aligning, combining, blocking, erasing, or destroying the data.

Some of the business justifications for processing data include:

• Processing is necessary for the performance of a contract to which the data subject is a party.
• Processing is necessary for compliance with a legal obligation to which the data controller is subject.
• Processing is necessary for the legitimate interests of the data controller unless such interests are overridden by the interests or rights of the data subject.
• In more unusual circumstances, we may use your personal data to help us to establish, exercise, or defend legal claims.

Breaches in Data Security

UTXO Alliance will notify the European Data Protection Commissioner of any material data security breach within 72 hours of becoming aware of the breach, unless a risk to the rights and freedoms of data subjects is unlikely. The notification will contain the following information:

• The nature of the data breach, including, where possible, the categories and approximate number of individuals and personal data records concerned.
• The name and contact details of the data protection officer or other contact within UTXO Alliance.
• The likely consequences of the breach.
• The measures taken or proposed to address the breach, including measures to mitigate possible adverse effects.

How to Access and Control Your Information

UTXO Alliance’s data protection team ([email protected]) is responsible for assisting the company in monitoring and maintaining compliance with data protection legislation and is available to answer queries or deal with your concerns about data protection.

Data that is regarded as the opinion of another person will be provided unless it was given on the understanding that it would be treated confidentially. Individuals who express opinions about other people in UTXO Alliance should bear in mind that their opinions may be disclosed in an access request, e.g., performance appraisals. In some circumstances where relevant exemptions apply, certain personal data may not be provided to an individual. UTXO Alliance will make every effort to alleviate any distress caused, and any person who is dissatisfied with the outcome of an access request has the option of using UTXO Alliance’s grievance procedure.

Personal Data Related to Alliance members

Personal data kept by UTXO Alliance shall normally be stored in a UTXO Alliance mem bers file within our database. UTXO Alliance will ensure that only authorised personnel have access to a person’s personal data withing such file.

The UTXO Alliance collects limited personal data from individuals associated to a UTXO Alliance member organization. The UTXO Alliance may collect: full legal names, contact information such as email, phone number, Discord handle and social links such as X, LinkedIn.

How We Transfer Information We Collect Internationally

UTXO Alliance operates internationally, so it may be necessary in the course of business to transfer a person’s personal data within the organisation and to other group companies in countries outside the European Economic Area that do not have comparable data protection laws to Europe. The transfer of such data is necessary for the management and administration of your data within the group. When this is necessary, the organisation will take steps to ensure that the data has the same level of protection as it does inside the EEA. UTXO Alliance will only transmit data to companies that agree to guarantee this level of protection. For more information, please contact the data protection officer.

Other Important Privacy Information

All internal data protection audits will be documented and any subsequent action will enable UTXO Alliance to:

• Identify any gaps in its compliance with data protection rules.
• Put in place processes to ensure all gaps or errors are rectified.
• Spread awareness of best practices and corrective actions within UTXO Alliance.
• Review our data protection notices, policies, and retention schedule.
• Review our data security procedures.
• Consider whether re-training is needed.

Except in relation to certain specific features of our website, you do not have to provide us with any personal information (or personal data) to use our website. However, where you elect to give us your personal data through our website via online feedback forms or web email, then we will treat your personal information in accordance with this policy.

• The logical address (or IP address) of the server you used to access this website.
• The top-level domain name from which you access the internet (for example, .ie, .com, .org, .net).
• The previous website address from which you reached us.
• The type of web browser you used.
• Web traffic data.

The technical data may be used for administrative and statistical purposes and may be shared with our internet service provider. We may use this information to help us to improve our website. This technical data does not provide us with the personal data of visitors to our website.