Privacy Policy

Privacy Policy Lightcurve Website

 

We take the protection of your personal data seriously. Lightcurve GmbH (hereinafter referred to as “Lightcurve”, “we”, “our”, “us” or for the purpose of the EU General Data Protection Regulation (“GDPR”), and if not specified otherwise in this Privacy Policy, we are the “Data Controller”) is committed to data avoidance and data minimization. We treat your personal data as confidential and in accordance with the legal data protection regulations and this Privacy Policy. Please read this Privacy Policy carefully to better understand your rights in relation to your personal data, and how we collect and use it.

 

For the terms used (e.g. "personal data", "processing", "person responsible" and "processor") we refer to the definitions of the GDPR in Art. 4 GDPR.

 

I. Name and contact details of the Data Controller and our Data Protection Officer

The person responsible for the processing of your personal data in the context of this website (Data Controller), if not specified otherwise, is: Lightcurve GmbH, represented by Maximilian Kordek & Oliver Beddows, Köpenicker Straße 126, 10179 Berlin, Email: business@lightcurve.io

Our Data Protection Officer is Frederic Hannesen, Köpenicker Straße 126, 10179 Berlin Email: dpo@lightcurve.io
 

II. Representation of the Lisk Foundation and Joint Controllership with Lisk Foundation

We are representing the Lisk Foundation (Dammstrasse 16, 6300 Zug, Switzerland) in the European Economic Area (“EEA”) for the purpose of all issues related to data processing in regard to Lisk products and services which fall under the scope of the GDPR and additionally support and safeguard compliance in this context. Therefore, regarding any issues related to the processing of your personal data in regard to Lisk products and services (see: Lisk Privacy Policy) or the execution of your rights (see: Rights of Data Subjects (your rights)), feel free to contact either Lisk or Lightcurve.

The relationship between Lightcurve and the Lisk Foundation is governed by a Joint Controllership Agreement. Joint Controllers are defined in Art. 26 of the GDPR. In regard to processing, purpose, legal basis, and storage period of personal data in regard to Lisk products and services as described in the Lisk Privacy Policy, Lightcurve is identified as Data Controller or Joint Controller, if not stated differently. When the user starts using the Lisk products and services he/she first comes in contact with the Lisk Privacy Policy. Therefore, we have decided to not repeat everything in regard to Lisk products and services here, but refer to the comprehensive Lisk Privacy Policy

If you have any questions in this regard please feel free to reach out to our data protection officer at dpo@lightcurve.io or our legal counsel at legal@lightcurve.io or to the Lisk Foundation at legal@lisk.foundation.de


III. Personal data we are processing, the purpose and legal basis for that processing and storage periods for the data

1. Website 

When you visit our website (https://lightcurve.io/), the following data is processed: 

Personal and additional data

The provider of the pages collects and stores information in so-called server log-files, which your browser automatically transmits. The following data is temporarily stored by the web server when you visit the provider's website:

  • Browser type/ browser version.
  • Used operating system.
  • IP address.
  • Date and time of access.
  • Referrer URL.
  • Transferred amount of data.
  • Message as to whether the call was successful.
  • Website from which access is gained.
     

Cookies

When entering our websites for the first time you will be provided with a cookie notice. It will explain what types of cookies we use and will allow you to grant us consent on using them. Cookies are text files placed on your device to collect standard Internet log information and visitor behavior information. Detailed information on the cookies we are using and change of settings can be found here

Types of cookies we use:

  • Necessary cookies or “session cookies”

These cookies are used for activities that are strictly necessary to operate our website in a reliable manner, therefore, do not require you to consent. 

  • Analytics cookies

These cookies help us to measure traffic and analyze your behavior with the goal of improving our service. They will be used only if you provide us with consent.

  • Marketing cookies 

These cookies are used to track visitors across Websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

 

Purposes of processing:

  • Operating the website.
  • Evaluating technical malfunctions.
  • Website security measures.
  • Improving your user experience.
  • Marketing.


Legal basis:


Storage period:

  • Log-files are automatically deleted after the default settings of 52 days.
  • For cookies, you can find the information here

 

2. Contact form 

The entry of personal or business data in our contact form is entirely voluntary. When you use our contact form (https://lightcurve.io/contact), you consent to the processing of the following data: 

Personal data:

  • Your name.
  • Your company name (if provided or applicable). 
  • Your email address.
  • In regard to the message you can send us via the contact form please take the following into account: 
    • We do not advise you to send us any data that is considered to be sensitive personal data in the meaning of Art. 9 GDPR (“special categories of personal data”), i.e. information on your racial or ethnic origin, sexual orientation, marital status, political affiliation, religion or any other beliefs, health, criminal records or a trade union membership.
    • If you disclose personal information about others in your message, you declare and warrant that you are authorized to do so and that you permit us to use such information in accordance with this Privacy Policy.


Purpose of processing:

  • Answering your contact requests.


Legal basis:

Depending on the content of your message and the reasoning behind your contact request, the following legal basis applies: 


Storage period:

After completion of the data processing, your data will be generally deleted at the latest 3 years after the end of the year in which the data processing was completed. In exceptional cases, however, the data may be stored for longer. This depends on the individual case of your inquiry and the content of your message. The data will be deleted after 10 years at the latest. In the meantime, the data will be pseudonymized as feasibly possible.

 

3. Contact via email 

When you send us an email to one of our provided emails (e.g. business@lightcurve.io) the following data is processed: 

Personal data: 

  • Your name.
  • Your email address. 
  • In regard to your message in your email you send us, please take the following into account: 
    • We do not advise you to send us any data that is considered to be sensitive personal data in the meaning of Art. 9 GDPR (“special categories of personal data”), i.e. information on your racial or ethnic origin, sexual orientation, marital status, political affiliation, religion or any other beliefs, health, criminal records or a trade union membership.
    • If you disclose personal information about others in your message, you declare and warrant that you are authorized to do so and that you permit us to use such information in accordance with this Privacy Policy.


Purpose of processing:

      • Answering your email. 


Legal basis:


Storage period:

After completion of the data processing, your data is generally deleted at the latest 3 years after the end of the year in which the data processing was completed. In exceptional cases, however, the data may be stored for longer. This depends on the individual case of your inquiry and the content of your message. The data will be deleted after 10 years at the latest. In the meantime, the data will be pseudonymized as far as possible.

 

4. Applications 

With regard to data processing in connection with job applications, we refer you to our Privacy Policy - Applicants

IV. Recipients of your personal data and where it is stored 

Insofar as we disclose data to other persons and companies (Data Processors) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this only takes place on the following legal basis: consent Art. 6 para. 1 letter a GDPR, performance of a contract Art. 6 para. 1 letter b GDPR, a legal obligation Art. 6 para. 1 letter c GDPR, our legitimate interests Art. 6 para. 1 letter f GDPR.

1. Data processors 

The following categories of third-party providers (Data Processors) are used to enable the work of our website and to communicate with you:

  • Email notification provider.
  • CRM software provider.
  • Cloud storage providers.
  • Analytic tools. 

If you wish to receive a complete and exhaustive list of all companies to which your personal data is transferred to, please contact our Data Protection Officer at dpo@lightcurve.io or our legal counsel at legal@lightcurve.io

2. Data storage location

The information that we collect from you is transferred, stored, and processed within the EEA, Switzerland, the United States, and in other countries where our Data Processors are located. We will take all reasonable steps to ensure that your personal data is treated securely, with a level of protection adequate to GDPR and in accordance with this Privacy Policy. We have provided further details below regarding the steps taken to ensure adequate processing of your personal data.

Whitelisted countries

Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.

Model clauses

If we transfer data to a third party located outside of the EEA which is not in a White Listed Country, as data exporters, we enter into the European Commission’s model contracts (“SCCs”) for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer. Prior to entering into SCCs we assess, on a case-by-case basis, as outlined in the CJEU decision in Case C‑311/18 [also known as Schrems II] on 16.07.2020, whether an adequate level of data protection, comparably to the level of data protection within the EU is given in the country where the data will be transferred to. If the appropriate level of protection is not given, additional protection provisions and measures will be contractually agreed and/or implemented by us to ensure the protection of personal data.

V. Rights of data subjects (your rights) 

You have the following rights under the statutory provisions:  

  • Right to withdraw consent (Art. 7 (3) GDPR). 
  • Right of access to information (Art. 15 GDPR).
  • Right to have incorrect personal data concerning you corrected (“Right to rectification”)  (Art. 16 GDPR).
  • Right to erasure ("Right to be forgotten") (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object against the processing of personal data concerning yourself (Art. 21 GDPR).
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found here (site in German). 

 

To exercise any of your rights, please email either our Data Protection Officer at dpo@lightcurve.io or directly our legal counsel at legal@lightcurve.io

Please note that for each of the rights above, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

VI. Disclaimer

This Privacy Policy contains links to other websites. Please note that by clicking on a link you will be redirected to another website or document. These websites can be beyond Lightcurve's sphere of influence. Liability is excluded. The operators of the linked websites are solely responsible for their content. We refer you to their privacy policy. 

VII. Changes and updates to this Privacy Policy 

This Privacy Policy is reviewed and revised from time to time. Further developments of our website and the implementation of new technologies to improve user experience may also require changes to this Privacy Policy. We, therefore, recommend that you re-read this Privacy Policy from time to time.

 

Last update of this Privacy Policy: 24.11.2020