Privacy Notice

1. This Privacy Notice

Please carefully read this Privacy Notice as it provides you with information about your personal data being processed in connection with your access to and use of the Website and Communication Channels. This Privacy Notice explains which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.

2. Interpretation

Unless otherwise provided in this Privacy Notice, capitalised terms used in this Privacy Notice have the meaning determined in the XMAQUINA Terms & Conditions (the “Terms”). You should read the Terms carefully as they affect your obligations and legal rights. In this Privacy Notice, “personal data” and “personal information” are synonyms. They refer to any information that identifies or can reasonably identify you, either directly or indirectly.

3. Contact Details

We, XMAQUINA Foundation established under the laws of the Cayman Islands, are the data controller for the data collected under this Privacy Notice, meaning we determine how and why your data is processed. If you have any questions about this Privacy Notice or your data processing, please contact us at: hello@xmaquina.io.

4. Type of Data

The categories of personal data collected depend on how you interact with us, use the Website, and the requirements of the applicable laws. We collect and process the following types of personal data:

a. Application Data

This includes your name, email address, links to social media accounts, resume or cover letter, and other information you choose to provide us with.

b. Wallet Data

This includes Wallet addresses, which are public blockchain addresses associated with your Wallet. While a Wallet address alone does not identify a specific individual, when combined with other data (such as a nickname or email address), it may enable identification. As a result, such combined data could be considered personal information.

c. Marketing Data

This includes your email address.

d. Technical Data

This includes information collected by log files, including internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and the number of clicks. 

e. Community Data

This may include your nickname, name, photos, messages, comments, and other information you share in our Communication Channels. Under the law, we may be a data controller or joint data controller with the provider of each Communication Channel. If we are joint controllers, you can exercise your data protection rights regarding the Community Data with either us or the provider of the respective Communication Channel. However, we can only help with processing operations explicitly described in this Privacy Notice. For any other data processing, the provider acts as an independent data controller.

f. Contact Data

This may include name, contact details, social media account handles, and other data, depending on what information you provide to us. Please do not provide personal data unless it is reasonably necessary or requested by us. Note that we may also collect certain other information, which may be required under the applicable laws.

g. Cookies Data

This may include data about views of embedded videos, visitor inputs, interactions, and related actions on the Website. This data is collected through cookies — small files placed on your device (e.g., computer, smartphone, tablet) that help recognise it during interactions with the Website (the “Cookies”). Cookies use unique identifiers and, in some cases, may qualify as personal data as they can uniquely identify a device’s user without revealing their real identity. We use advertisement (YSC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA) and analytical (vuid) Cookies.

5. Data Use

The personal data is processed as follows:

a. Application Data

To enable you to apply a Project for funding or otherwise contribute to the MachineDAO. The lawful basis for such data processing is to take steps at your request prior to entering into a contract, and, further, to perform a contract with you. 

b. Wallet Data

To enable your participation in the MachineDAO governance vote and related activities. The lawful basis for such data processing is the performance of a contract with you. 

c. Marketing Data

To provide you with marketing and newsletter emails concerning the latest developments, news, and insights related to the MachineDAO and Website. The lawful basis for such data processing is your consent provided by subscribing to receiving our newsletter.

d. Technical Data

To enhance the user experience by improving the Website functionality, usability, user flow, and interface. The lawful basis for such data processing is our legitimate interest to improve the Website operation. 

e. Community Data

To enable community communication and interaction, handle community requests made via Communication Channels, as well as facilitate discussions on MachineDAO proposals, surveys, marketing campaigns, and other activities. The lawful basis for such data processing is our legitimate interest in achieving these purposes. Since processing details may vary across the Communication Channels, please refer to privacy policies of the respective providers for more information, including X (Twitter), Discord, and LinkedIn.

f. Contact Data

To respond to your inquiry. The lawful basis for such data processing is our legitimate interest to respond to your inquiry.

g. Cookies Data

To analyse Website usage, understand your needs, and enhance your browsing experience. The lawful basis for such data processing is your consent. When you first access the Website, you can choose whether to accept or reject non-essential and non-functional Cookies. Please note that essential and functional Cookies are necessary for the proper operation of the Website and ensure basic functionalities and security features anonymously. You may disable non-essential and non-functional Cookies at any time through the Cookies preference centre (if available) or your browser settings. How you can do this will depend on the browser you use.

6. Processing Period

As a general rule, your personal data is kept as long as it is necessary for the purposes it was collected. It may be retained longer if required to meet our legal obligations, in relation to legal proceedings, or to protect our rights and legitimate interests or those of third parties. The storage periods are as follows:

a. Application Data

If your application is approved, as long as our relationship with you continues and for one (1) year after its termination or expiration, regardless of reason. If your application is rejected, the Application Data will be retained for one (1) year thereafter. We set this retention period due to the statutes of limitations established in the Terms. 

b. Wallet Data

We do not set a retention period for Wallet Data that is not personal data, and we are not able to identify any particular individual with such Wallet Data. If Wallet Data becomes identifiable, it will be retained while the Wallet is connected to the Website and for one (1) year thereafter. We set this retention period due to the statutes of limitations established in the Terms. Note that due to the nature of a blockchain, the Wallet Data may be stored permanently on the applicable blockchain, not by us, and may be accessed and viewed by any person at any time. Please consider the features of the blockchain data processing outlined in this Privacy Notice below.

c. Marketing Data

As long as you remain a subscriber. You can unsubscribe from marketing emails at any time by (i) contacting us, or (ii) clicking the unsubscribe button at the bottom of each marketing email. Then your email address will be removed from our marketing database. Please note that administrative or service-related communications (like email verifications or maintenance notifications) are not considered marketing and may not include an unsubscribe option.

d. Technical Data

Until the browsing session from your respective device expires. Generally, anonymised data is stored permanently to analyse the Website use.

e. Community Data

As long as necessary for the purposes outlined in this Privacy Notice, unless otherwise specified (e.g., in a consent form or privacy statement). We do not set a retention period for statistical or analytical information obtained via the Communication Channels, as this data does not identify any individual. Please note that we may not be able to delete personal data you share with us via the Communication Channels. Therefore, such data are processed until either you or the operator of the respective Communication Channel deletes it.

f. Contact Data

For one (1) year from the last date when you contacted us regarding the same matter. We set this retention period due to the statutes of limitations established in the Terms.

g. Cookies Data

Up to two (2) years. The Cookies are provided by third-party solutions, such as Vimeo (more information about Cookies and their timelines is available here), Google (youtube.com) (more information about Cookies and their timelines is available here) and Webflow (more information about Cookies is available here). With respect to personal data collected via third-party solutions, they act as our data processors. However, if they use this personal data for any of their own purposes, such as profiling and cross-platform tracking, they act as independent data controllers.

7. Data Sharing

a. General

We do not sell or rent out your data. We may share it in line with this Privacy Notice, applicable laws, the Terms, or with your consent. Appropriate measures will be taken to protect your data during such transfers. 

b. Recipients

Given the purposes outlined above, your personal information is shared with the following categories of recipients: (i) Affiliates; (ii) marketing, support, and technical teams; (iii) email delivery service providers; (iv) analytical solution providers; (v) hosting service providers; (vi) government authorities, upon their request or if necessary to comply with our legal obligations; (vii) another entity if we sell or otherwise transfer the Website or its parts; and (viii) other third-party solutions, which may be from time to time integrated in relation to the Website, such as Typeform, when you fill in a form to reach us via the application functionality that may be available on the Website.

8. Features of Blockchain Data Processing

Wallet Data may interact with public and decentralised blockchains, as well as related infrastructure and software, including smart-contracts, that work autonomously. “Decentralised” means no one controls or operates the blockchain. “Public” means anyone can access blockchain data, and this access cannot be restricted. By design, blockchain records are permanent and cannot be changed or deleted. Transactions are also irreversible, which may limit your ability to exercise certain data protection rights. Since information that was entered in a blockchain becomes publicly available, we cannot control or manage access to it. The decision to use blockchain or carry out any transactions is entirely up to you.

9. Automated Decision-Making

Automated decision-making is the process of making a decision by automated means without any human influence on the outcomes. We do not make any automated decisions based on your personal data. If we intend to process your personal data by any automated means, we will do our best to inform you about the same prior to such processing.

10. Data Subject Rights

a. Verification

In case you wish to exercise your data subject rights, we may request certain information from you to verify your identity and confirm that you are entitled to exercise such rights.

b. Blockchain Data Processing

Please note that when interacting with blockchain networks, you may not be able to fully exercise certain rights under applicable data protection laws regarding your Wallet Data. For example, we may be unable to delete, correct, or restrict your Wallet Data. For more details, refer to the Features of Blockchain Data Processing section of this Privacy Notice.

c. Data Subject Rights

‍According to the applicable legislation, you may have the following rights:

i. Right to Access 
You can request to see if we process your personal data. If we do, you can ask for details about the processing and a copy of the data to verify its accuracy and legality.

ii. Right to Correction 
You can request to correct or complete any incomplete or inaccurate data. We may need to verify the accuracy of the new information you provide.

iii. Right to Deletion
You can request the deletion of your personal data if we no longer need it, you have successfully objected to processing, we processed it unlawfully, or we must erase it to comply with the law. We may not always be able to fulfil your request due to legal or technical reasons, which will be explained in our response.

iv. Right to Objection
You can object to the processing of your data if it does not comply with applicable laws. We may, however, show that we have compelling legitimate grounds for processing that override your rights.

v. Right to Restrict Processing 

You can ask us to suspend processing your data if: (i) you need to verify its accuracy, (ii) it is used unlawfully, but you do not want it deleted, (iii) you need it to establish, exercise, or defend legal claims, or (iv) you have objected to its use, and we need to verify if we have overriding grounds.

vi. Right to Data Portability 

You can request your personal data be transferred to you or a third party in a structured, commonly used, machine-readable format. This right applies only to automated data processed based on your consent or performance of contract.

vii. Right to Withdraw Consent You can withdraw your consent at any time if we are processing your data based on your consent.

viii. Right to Human ReviewYou can request a human review of decisions made solely based on automated processing, including profiling, if such decisions impact your rights.

ix. Right to File a ComplaintYou can file a complaint with a supervisory authority if we violate your rights or legal obligations. The competent authority may depend on your location.

11. Third-Party Links

The Website may include links and social media plugins to third-party websites and applications. Clicking on them may allow third parties to collect or share your data. We do not control or endorse these third parties and are not responsible for their privacy practices. You should review the privacy policies of any external websites or apps you visit.

12. Personal Data of Children

The Website is not intended for children under 18 years (or older if local laws set a higher age). We do not knowingly collect or use personal data from children. If we learn that a child has provided us with personal information, it will be promptly deleted. Parents or guardians who believe their child’s data has been collected should contact us.

13. Modifications and Updates of this Privacy Notice

This Privacy Notice is under regular review, and may be updated at any time. If any changes to this document are made, we will change the “Last Updated” date and version number at the top of this Privacy Notice. Please review this Privacy Notice to check for the updates.