This is the privacy policy (“Privacy Policy”) in connection with the participation of the user in the “Rootling – Guardian of the Collective” (the “Campaign” and/or the “RootstockCollective”) sponsored by RootstockCollective Foundation (“our”, “we”, or the “Company”). We are the controller of your personal data collected for the Campaign and we are committed to protecting and respecting your privacy.

By participating in the Campaign, you accept the terms of this Privacy Policy, our General Terms, the Campaign Terms and Conditions (the “Terms”) and consent to our collection, use, disclosure, and retention of your information as described in this Privacy Policy. If you have not done so already, please also review our Terms. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

We have written and organized this Privacy Policy in a simple and accessible way precisely so that you can understand how we use your personal data. Below we share some of the most important terms that we use here and you should know:

• PERSONAL DATA: Any information related to an identified or identifiable natural person (for example, name and surname, address, email, identity, location data, IP address, cookie data, telephone, etc.).
• CONSENT: The free, informed and unequivocal statement with which you accept the treatment of your personal data for a specific purpose.
• TREATMENT: Any operation carried out with personal data. For example collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, modification, communication, transfer, dissemination or extraction.

WHAT INFORMATION WE COLLECT

We collect the following data in connection with the Campaign: 

• Data collected: wallet address, X handle, telegram ID, and email address. We may also collect user metadata produced during navigation (browser, operating system, IP, among others).
• Purpose: the development of the Campaign and future campaigns organized by the Company.
• Legitimation: provision of the consent of the interested party to us to participate in the Campaign.
• Conservation periods: the data will be kept for one year after the Campaign finalizes or until the moment in which the interested party requests the cancellation or deletion of their data and once deleted, it will be kept for a maximum period of 6 years at the disposal of the public administration, judges and courts, for the attention and defense of the possible responsibilities arising from the treatment.

Updating your information

If you want to update the information you have previously given to us, you can contact us at compliance@rootstockcollective.xyz. 

Communication with users

In the event that we use your personal information, we might use it to communicate about the Campaign, upcoming events, and other news about products and services offered by us and our selected partners.

For compliance, fraud prevention, and safety

We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

Sharing your information

Depending on how and why you provide us with your personal data, we may share it in the following ways:

• we may share your personal information with any member of our group where there is a valid and lawful reason to do so, which means our subsidiaries, our ultimate holding company and its subsidiaries;
• with selected third parties including business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you (see “Selected Parties” below); or
• with analytics that assist us in the improvement and optimisation of the Campaign.

We may also disclose your personal information to third parties in the following events:

• if we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets;
• if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; or
• if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply the Terms ; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Selected Parties

The Selected Parties provide us with a variety of administrative, financial, statistical, and technical services. In the event we collect any personal data needed to access such services, we will only provide Selected Parties with the minimum amount of personal data they need to fulfill the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. 

HOW LONG WE KEEP YOUR INFORMATION

In the event we collect any personal data, we will keep it as long as it’s necessary to achieve the purposes for which they were collected, to comply with regulatory or legal requirements, or during the statute of limitation period regarding legal or contractual responsibilities.

To determine the appropriate retention period for each category of personal data, we consider the amount, nature, and sensitivity of the data, as well as the potential risk (arising from unauthorized use and/or unlawful disclosure), the purposes of the treatment and if it is possible to fulfill said purposes by other means in accordance with the current law.

SECURITY

We take the protection of your information very seriously. In the event we collect any data considered personal, we will put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data both in transit and at rest.

Where we have given you a password that enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

In addition, in case personal data is collected, we will limit the access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

INTERNATIONAL DATA TRANSFERS

Please note that some of the Selected Parties may be based outside of Gibraltar or the European Economic Area (the “EEA”). These Selected Parties may work for us or for one of our suppliers and may be engaged in, among other things, the fulfillment of your request for information, products and services, the processing of your payment details and the provision of support services.

If applicable, when we transfer your data to a Selected Party that is outside of Gibraltar or the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Transfers of personal data are either made:

• to a country recognised by Gibraltar or the European Commission as providing an adequate level of protection; or
• to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the applicable law or by implementing other appropriate cross-border transfer solutions to provide adequate protection.

By submitting your personal information, you agree to this transfer, storing or processing. If you would like more information about the mechanism via which your personal data is transferred please contact compliance@rootstockcollective.xyz.

Your Rights

As a data subject you have a number of rights in relation to your personal data. Below, you will be able to find a non-taxative list of the various rights that you have as well as how you can exercise them. 

• Access: You will have the right to request access to your personal data, as well as to know any information related to the conditions of your treatment.
• Rectification: You will have the right to request the rectification of your personal data when it’s inaccurate, incomplete or not updated.
• Erasure: You will have the right to request the erasure of your personal data, so that it is not processed by us, although your request may not always be possible, since we might have the obligation to keep certain personal data due to the technical impossibility to delete it or in order to fulfill with legal requirements.
• Object Processing: You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim. 

To exercise any of the rights listed above and/or any other right stated by the applicable law, you can contact us to compliance@rootstockcollective.xyz. We will immediately process your request and inform you the results within the term established by the applicable law. 

Withdrawal of consent

You may withdraw consent previously given by you to us at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

CONTACT DETAILS

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please find below our contact details: 

• Company name: RootstockCollective Foundation.
  • Postal address: c/o International Corporation Services Ltd., Harbour Place, 2nd Floor, 103 South Church Street, P.O. Box 472, George Town, Grand Cayman KY1-1106, the Cayman Islands.

Email: compliance@rootstockcollective.xyz