Privacy Notice
Last updated April 14, 2023
This Privacy Notice explains how information about you is collected, used, and disclosed by the dYdX Operations Trust, a Guernsey non-charitable purpose trust (the “Operations Trust,” “we,” “our,” “ours,” and “us”). This Privacy Notice applies to all information we collect (a) the website operated by us and located at https://dydx.forum/ (b) all associated websites linked to https://dydx.forum/ by us; and (c) any materials, content, or services available therein (collectively, the “Site”).
1. General.
1.1 Definitions. The following definitions apply for purposes of this Privacy Policy: “Data Subject” means an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data” means any information relating a Data Subject
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Personal Data” means a subset of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.
1.2 If you provide information to us about any person other than yourself, you must ensure that the data is accurate and that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it in accordance with this Privacy Notice.
1.3 This Privacy Notice is aligned with the EU General Data Protection Regulation (the “GDPR”). However, the application of these laws may depend on each individual case.
2. Name and Address of the Responsible Person.
2.1 Unless we tell you otherwise in an individual case, the responsible person for processing your data under this Privacy Notice (the “Controller”) is: dYdX Operations Trust, a Guernsey Purpose Trust entity.
3. Categories of Data We Process.
3.1 The processing of Personal Data is limited to data that is required to operate a functional website and for the provision of content and services. The processing of Personal Data of our users is based on the purposes agreed or on a legal basis and in accordance with the applicable terms in the Terms of Use available at https://dydxopsdao.com/legal/terms-of use. We only collect Personal Data that is necessary to implement and process our tasks and services or if you provide data voluntarily. Depending on the reason and purpose of the processing, we process different data about you.
3.2 Technical Data. When you use our websites, webpages, features, or content or other online offerings we own or operate, we collect the anonymized IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems which do not enable assignment to a specific user. We generally keep Technical Data until it is no longer necessary for the purpose for which it was collected. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your device. Technical data as such does not permit drawing conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation with access controls or the performance of a contract. Technical data includes:
Anonymized IP address
Page view information and session information such as date of visit, length of visit, first visit, and user engagement
3.3 Communication Data. When you get in contact with us via contact form, e-mail, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we have to confirm your identity, for example in relation to a request for information, a request for press access, etc., we collect data to identify you (for example a copy of an ID document). We generally keep Communication Data until it is no longer necessary for the purpose for which it was collected. Communication data includes:
Correspondence, such as your queries, feedback, questionnaire and other survey responses, and information you provide to our support teams.
3.4 Master Data. Master data is the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, for invitations to events, for vouchers, newsletters, etc.). We receive master data from you (for example when you buy something on our websites), from parties you work for, or from third parties such as contractual partners, associations, and address brokers, and from public sources such as public registers or the internet (websites, social media, etc.). We generally keep Master Data until it is no longer necessary for the purpose for which it was collected. Master data is not comprehensively collected for all contacts. Rather, the collection of master data depends on the individual case and purpose of the processing. In general, it may include:
your full name address
anonymised IP address e-mail address
telephone number and other contact details
gender
date of birth nationality
data about related persons social media profiles photos and videos
copies of ID cards
details of your relationship with us (e.g., customer, supplier, visitor, service provider or service recipient, etc.)
details of your status, allocations, classifications, and mailing lists Ethereum wallet address
details of interactions with you and your Ethereum wallet address official documents (e.g., excerpts from the commercial register, permits)
payment information (e.g., bank details, account number and credit card data) declarations of consent and opt-out information
3.5 Other Data. We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) is processed in connection with administrative or judicial proceedings. We do not access the webcams or microphones of our visitors without explicit consent. However, if you visit us at our premises or participate in any of our events we may obtain or create photos, videos and sound recordings in which you may be identifiable. We may also collect data about who enters certain buildings, and when or who has access rights (including in relation with access controls, based on registration data or lists of visitors, etc.), who participates in events or campaigns (e.g., competitions), and who uses our infrastructure and systems and when. We generally keep such data until it is no longer necessary for the purpose for which it was collected.
4. Purposes of the Processing.
4.1 We process your data for the purposes explained below. Further information is set out in Sections XIII et seq for online services. These purposes and their objectives represent interests of us and potentially of third parties. You can find further information on the legal basis of our processing in Section V.
4.2 Communication. We process your data for communication purposes, in order to communicate with you, in particular, when you contact us, in order to respond to your queries or when you exercise your rights. For this purpose, we use in particular communication data, master data and registration data to enable us to communicate with you and provide our services or respond to requests. We keep this data to document our communication with you, for training purposes and quality assurance.
4.3 Safety or Security Reasons. We process your data to protect our IT and other infrastructure (e.g., employees, buildings). For example, we process data for monitoring, analysis and testing of our networks and IT infrastructures, including access controls.
4.4 Compliance with Law. We process your data to comply with legal requirements, and we might have to request further information from you to comply with such requirements or as otherwise required by law and legal authorities from time to time.
4.5 Risk Management, Corporate Governance and Business Development. We process your data as part of our risk management and corporate government in order to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses or companies to others or acquire them from others or enter into partnerships or other arrangements and this might result in the exchange and processing of data based on your consent, if necessary.
5. Legal Basis for Processing Your Data.
5.1 Where we ask for your consent, we process your data based on such consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient); see our contact details in Section 2. If you would like to withdraw your consent for online tracking, please see Section XI. Withdrawal of your consent does not affect the lawfulness of the processing that we have carried out prior to such withdrawal, nor does it affect the processing of your data based on other processing grounds. Where we do not ask for your consent, we process your data on other legal grounds, such as:
a contractual obligation
a legal or regulatory obligation;
a vital interest of the data subject or of another natural person; to perform a public task; and/or legitimate interest, which includes compliance with applicable laws and regulations and the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.
6. Disclosure of Data to Third Parties and Social Plug-ins.
6.1 In order to perform our contracts, fulfill our legal, regulatory and contractual obligations, protect our legitimate interests and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:
Service Providers: We may share your information with service providers and business partners around the world with whom we collaborate to fulfill the above purposes (e.g. IT providers, shipping companies, advertising service providers, security companies, banks, insurance companies, telecommunication companies, credit information agencies, address verification providers, legal advisers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions.
Contractual Partners: In case required under the respective contract we share your data with other contractual partners. If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Legal Authorities: If legally obliged or entitled to make disclosures or if it appears necessary to protect our interests, we may disclose your data to courts, law enforcement authorities, regulators, government officials or other legal authorities, including in criminal investigations and legal proceedings (including alternative dispute resolution mechanisms).
Social Plug-ins: Our websites use social plug-ins to social media sites such as Twitter and Discord and integrate them as follows:
When you visit our websites, the social plugins are deactivated, i.e., no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network. If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug- in. A social network cannot associate a visit to our websites until you have activated an existing social plug- in.
When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network. The social plug-in remains active until you deactivate it.
If you click on the link to an offer or activate a social plug-in, personal data may reach providers in countries outside the European Economic Area that, from the point of view of the European Economic Area (EEA), may not guarantee an adequate level of protection for the processing of personal data in accordance with EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.
7. Transfer of Data Abroad
7.1 We may disclose data to other parties, not all of them located in the European Economic Area. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defense of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses.
8. How Long We Keep your Data
8.1 We only process your data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon expiry of the applicable retention period, we will securely destroy your data in accordance with applicable laws and regulations.
9. Security of your Data
9.1 We take appropriate organizational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. However, we and your personal data can still become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity of third parties, including but not limited to viruses, forgeries, malfunctions and interruptions, which are out of our control and responsibility.
9.2 We have also put in place procedures to deal with any suspected personal data breach and will notify you and/or any applicable regulator of a breach where we are legally required to do so. We further maintain safeguards designed to protect the personal information we maintain against unauthorized access or disclosure. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure.
10. Your Rights.
10.1 Right of Access. You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
10.2 Right to Rectification. We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
10.3 Right to Erasure. You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully processed.
10.4 Right to Restriction. You have the right to ask us to restrict the processing of your personal information in certain circumstances.
10.5 Right to Data Portability. You have the right to ask that we transfer the personal information you gave us to another controller or to you, in certain circumstances. 10.6 Right to Withdraw Consent. Where we process data based on your consent, you have the right to withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
10.7 Right to Object. You have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.
10.8 If you would like to exercise the above mentioned rights, please contact us at team@dydxopsdao.com using the contact details provided under Section II, unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, e.g., by means of a copy of your ID card or passport, unless identification is possible otherwise.
11. Tracking Tools.
11.1 Based on your consent we use tracking tools to ensure a tailored design and the continuous optimization of our websites. We also use the tracking tools to statistically record the use of our websites and evaluate it for the purpose of optimizing the content we show you.
11.2 Like many companies online, we use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies and web beacons to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt-out of having your online activity and device data collected through these services, which we have summarized below:
Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers.
12. Age Limitations.
12.1 To the extent prohibited by applicable law, we do not allow use of the Services and Sites by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please contact us at team@dydxopsdao.com and we will take steps to delete such information and, to the extent possible, prevent the user from continuing to use the affected services.
13. Updating and changing this Privacy Notice.
13.1 Due to continuous development of our websites and the content available thereon, changes in law or regulatory requirements, we might need to change this Privacy Notice from time to time. Our current privacy notice can be found at
https://dydxopsdao.com/legal/privacy-notice and can be saved and printed out by you.