Privacy Policy

The protection of natural person's rights with regard to the processing of personal data

Introduction

Why is this privacy notice made?

During its operation, the Data Controller handles personal data for several purposes, while respecting the rights of the data subjects and fulfilling legal obligations. The Data Controller also considers it important to present to the data subject the handling and the most important characteristics of the personal data that came to the controller’s knowledge during the data processing activities.

What is the legal basis of processing the data subjects’ personal data? Personal data is only processed for a specific purpose and on an appropriate legal basis. These purposes and legal bases are presented individually, in relation to specific data processing.

What external assistance is used to process your personal data? Personal data is mostly processed by the Data Controller at own premises. However, there are operations for which a data processor’s external help is necessary. The data processor may change according to the characteristics of each data processing.

Who is processing your personal data? The data subject may receive information about the data processors employed by the Data Controller and their contact details in section II of this privacy notice.

Section I.

Name of the data controller

The issuer of this privacy notice and the Data Controller:
COMPANY NAME: Z Gen Kibernetika Korlátolt Felelősségű Társaság
REGISTERED SEAT: 6720 SZEGED, KELEMEN LÁSZLÓ UTCA 11.
COMPANY REGISTRATION NUMBER: 06-09-025397
TAX NUMBER: 26787015-2-06
EUID IDENTIFIER: HUOCCSZ.06-09-025397
REPRESENTS: Brúnó Márton Zawiasa
EMAIL: help@guild.xyz
CONTACT: guild.xyz
(hereinafter: Company)

Section II.

Name of the data processors

Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Regulation 2016/679 Article 4 8.)

To use a data processor, prior consent from the data subject is not required, but he or she must be notified. Accordingly, the following information is provided:

Hosting Provider:

COMPANY NAME: Google LLC
REGISTERED SEAT: Mountain View, California, USA
CONTACT: mail.google.com

Recipients:

COMPANY NAME: Google LLC
REGISTERED SEAT: Mountain View, California, USA
CONTACT: mail.google.com

Where the Privacy Notice generally refers to transfers to the Company's data processors, in those cases it should also be understood to refer to transfers to the above recipients.

Section III.

Lawfullness of processing

1. Minors

1.1. Our service is not available for minors who are under the age of 18. Minors may use our services only with the consent of their legal guardian, which they acknowledge by accepting this Privacy policy. The Company does not knowingly collect personal information from children under the age of 18. If you believe that a minor under the age of 18 provided personal information to the Company, please contact us and we will delete that information.

2. Data processing based on the data subject’s consent

2.1. Where the Company intends to carry out data processing based on consent, the data subject's consent to the processing of his or her personal data shall be obtained by means of the data request form and information as set out in the Data Processing Policy.

2.2. Consent shall also be deemed to be given if the data subject ticks a box when viewing the Company's website, makes the relevant technical settings when using information society services, or makes any other statement or takes any other action which clearly indicates the data subject's consent to the intended processing of his or her personal data in the relevant context. Silence, ticking a box or inaction therefore does not constitute consent. The continuation of a telephone call after having been duly informed shall constitute consent.

2.3. Consent covers all processing activities carried out for the same purpose or purposes. Where processing is carried out for more than one purpose, consent shall be given for all the purposes for which the processing is carried out.

2.4. Where the data subject gives his or her consent in the context of a written statement which also relates to other matters, such as the conclusion of a sales or service contract, the request for consent must be presented in a manner clearly distinguishable from those other matters, in a clear and easily accessible form, in clear and plain language. Any part of such a statement containing the consent of the data subject which is in breach of the Regulation shall not be binding.

2.5. The Company shall not make the conclusion or performance of a contract conditional on the giving of consent to the processing of personal data which are not necessary for the performance of the contract.

2.6. The data subject may withdraw his/her consent at any time by sending an e-mail to the e-mail address indicated in Chapter I.

2.7. If the data subject withdraws his/her consent, the controller may no longer process his/her data. Where consent is withdrawn, the controller must ensure that the data are erased, unless another legal basis allows for the processing of those data (e.g. storage requirements or the need to perform a contract). Where processing has been carried out for more than one purpose, the controller may not use the personal data for the purpose for which the data subject has withdrawn consent.

2.8. In all the data processing cases indicated below, the data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data.

3. Data processing based on performing legal obligations

3.1. In the case of data processing based on performing legal obligations, the scope of the data that can be processed, the purpose of the data processing, the duration of data storage and the recipients are governed by the provisions of the underlying legislation.

3.2. The processing of personal data for compliance with a legal obligation is based on the regulation, regardless of the consent of the data subject. In this case, prior to the processing of the data, the data subject shall be informed that the data processing is obligatory and shall be clearly and in detail informed of all facts concerning the processing, in particular the purpose and legal basis of the data processing, the person authorized to handle and process the data, the duration of the data processing, whether the personal data of the data subject are processed by the Data Controller on the basis of the legal obligation applicable to him or her, and who can get access to the data. The information shall include the rights and remedies available to the data subject. In the case of mandatory data processing, the information may also take place with the publication of a reference to the legislative provisions which contain the foregoing information.

4. Data processing based on legitimate interests

4.1. The legitimate interests of the Company or a third party may provide a legal basis for the processing, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. The reasonable expectations of the data subject based on his or her relationship with the controller should be taken into account, so that the processing of personal data for contact purposes, even for direct marketing purposes, may be considered to be based on legitimate interests.

4.2. The processing based on legitimate interests requires a balancing of interest test, in which the Company will always take into account the current circumstances and the situation of the controller and the data subjects. In the case of processing in the interest of the Company, the balancing of interests tests carried out separately have led to the following result: in the balancing of interests test, the Company has concluded, taking into account the conditions described for the processing in question, that the processing is justified subject to the appropriate safeguards, as set out in this Policy, without which the Company would not be able to operate competitively. In this light, the emotional impact on data subjects and the harm to their right to privacy can be considered proportionate.

5. Data processing for the protection of the vital interests of the data subject or other natural person

5.1. The protection of the vital interests of the data subject or of another natural person may also provide a legal basis for processing, given that the right to data protection is fundamental but not exclusive, and that the right to the protection of personal data is naturally overridden by the right to life in a life and death context.

6. Data processing based on contractual interests

6.1. Data processing may also be based on a contractual interest if it is necessary for the performance of a contract in which the data subject is a party or if it is requested by the data subject in order to prepare the contract.

7. Promoting the rights of the data subject

7.1. The Company is obliged to ensure the exercise of the rights of the data subject during all data processing.

Section IV.

Information about data processing by the company

Data management in relation of connecting wallets

(1) The Company provides an open access control system for communities based on blockchain. Roles are defined by blockchain assets (tokens, NFTs). Rewards (e.g. accessing special chat rooms, or GitHub repositories) are provided the same way.

(2) Connecting your wallet(s) is essential to participate in our services. The natural person using the website (you, the user) can give his/her consent to the processing of his/her personal data by ticking the relevant box.

(3) Using the website and participating in our services related to the creation and management of decentralized autonomous organizations ("DAO") we use smart contracts that necessarily collect information such as your cryptocurrency wallet public address (which some jurisdictions may consider personal information) and store that information on a public blockchain, which is not controlled by us. In addition, knowing your wallet public address means that the transaction history is visible due to the nature of the technology used. A smart contract is computer code that automatically processes events when certain conditions are met; for example, when a proposal is submitted to a member's DAO, and after that DAO member casts all the necessary votes, the smart contract executes the proposed action if the proposal passes. In these situations, your personal information is stored on the respective blockchain through the execution of the smart contract and cannot necessarily be modified or deleted due to the immutable nature of the blockchain. Our services shall be only used with express acknowledgement of such features of the blockchain and smart contracts.

(4) We might use cookies to preserve your identification data – please check out the “COOKIE POLICY ON THE WEBSITE OF THE COMPANY” section of this Privacy Policy too.

(5) The scope of personal data processed: public key of the wallet – EVM address, cookies according to the relevant section of the Privacy Policy

(6) Purpose of the processing of personal data: to identify the user to be able to provide services

(7) The legal basis for the processing is the consent of the data subject.

(8) Recipients of the personal data: employees performing customer service, administration and development tasks if required.

(9) Duration of storage of personal data: 5 years from ceasing the last membership of a guild or until the data subject's consent is withdrawn (request for erasure).

Data management in relation of joining guilds and connecting Social Accounts

(1) Once your wallet is connected, you can join gulids, DAOs due to our services. You will be able to connect several social accounts (“Social accounts”) while joining including but not limited to

  1. Discord
  2. Telegram
  3. GitHub
  4. Google
  5. Twitter

(2) Connecting Social accounts is based on OAuth authorization protocol, which means that you will have to authorize your Social account in a pop-up window to provide the Company the requested data and access. In the authorization pop-up window, you will see what data the Company will get and what actions the Company will be able to do.

(3) By Connecting your Social accounts, you consent to the fact that they will be linked together with your wallet private key and as a result of that your blockchain transaction history.

(4) The scope of personal data processed: public key of the wallet (EVM - Ethereum address), personal data indicated during the authorization of the Social accounts (e.g.: content of accounts followed, e-mail addresses, content of posts, Social account IDs e.g.: Discord ID, Telegram ID, GitHub ID etc.)

(5) Purpose of the processing of personal data: to provide services, since Company provides an open access control system for communities based on blockchain

(6) The legal basis for the processing is the performance of a contract since the Company provides a service to the users

(7) Recipients of the personal data: guild administrators will only access to EVM (Ethereum) addresses of users. Data from Social accounts shall be only accessed by employees performing customer service, administration and development tasks if required

(8) Duration of storage of personal data: 5 years from ceasing the last membership of a guild

Data management in relation to social media (Twitter)

(1) Our Company has only limited influence on the data processing of social media platform operators. In those places where we can influence and parameterize it, we will facilitate its data processing in a manner that is appropriate from a data protection point of view within the range of possibilities available to us. In most cases, however, we have no control over the operator's activities, so we have no information about exactly what data is processed.
Twitter's privacy policy can be found at: twitter.com/en/privacy

(2) The Controller manages its own page on Twitter. The data subject can subscribe to the news feeds published on the Twitter page's message board by clicking on the "like" or "like" link on the pages. To be able to contact the Data Controller via Twitter, you must be logged in. For this purpose, Twitter also requests, stores and processes personal data. The Controller has no control over the type, scope and processing of these data and does not receive personal data from the Twitter operator. On Twitter pages, the Data Controller processes the personal data of followers on the basis of the voluntary consent of the followers, which is deemed to have been given by the fact that the person concerned likes, follows or comments on the page or posts. The data subject declares that he/she is over 16 years of age when requesting services on the Twitter page of the Controller. A person under the age of 16 requires the consent of his or her legal representative in order for his or her declaration of consent to the processing to be valid pursuant to Article 8(1) of the GDPR. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.

(3) Purpose of processing: to provide information on current information, news concerning the Data Controller, advertising on social media, presentation and promotion of services. The Twitter page is used by the Data Controller for marketing purposes in order to inform interested parties about its services and to enable them to contact the Data Controller.

(4) Legal basis for processing: voluntary consent of the data subject (in accordance with Twitter policies)

(5) Data subject: name of the data subject; data subjects: users of the social media platform

(6) Duration of data processing: the data subject can unsubscribe from the Twitter page of the Data Controller by clicking on the "dislike" or "do not like" button or delete unwanted content by using the settings on the message board. The active status of the service

(7) Recipients: the employees of the data controller performing tasks related to customer service and marketing, the Company's data processors as data processors, in particular the Company's IT service provider.

(8) The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data. The possible consequence of not providing the data is the failure to inform the Data Controller about current news and services concerning the Data Controller.

Management of recruitment data, applications, CVs

(1) The personal data that may be processed include: the name, date and place of birth, mother's name, address, photograph, telephone number, e-mail address, details of professional history, experience, training, qualifications of the natural person. If, following the application of the data subject, a personal interview of the data subject takes place, the Data Controller shall make a record of it, the content of which shall also be considered personal data.

(2) Purpose of the processing of personal data:

  • identification of the data subject,
  • the processing by the Controller of the data subject's job application to the Controller,
  • assessment of the applicant's application,
  • the participation of the data subject in the selection procedure,
  • selecting the data subject with the appropriate skills and professional experience for the position advertised by the Data Controller,
  • contacting and maintaining contact with the data subject during the selection process,
  • offering the data subject a subsequent job offer if the data subject is not selected by the Data Controller for the advertised position.

(3) Legal basis for the processing: By submitting a job application, the data subject gives his/her consent (Article 6(1)(a) GDPR) to the processing of his/her personal data (deemed to have been provided when the application is sent).

(4) Recipients or categories of recipients of personal data: employees with managerial, labour relations responsibilities who are entitled to exercise employer rights in the Company.

(5) The Data Controller shall delete the personal data of the data subject by 31 December of each year following the submission of the job application or until the withdrawal of the data subject's consent.
The Controller shall delete the documents sent by the data subject without delay at the request of the data subject. If the data subject requests the deletion of his or her personal data before the end of the selection process, the data subject shall not be able to participate in the selection process.

Data processing for tax and accounting obligations

(1) The Company shall process the data of natural persons who have come into contact with it for the purposes of fulfilling a legal obligation, tax and accounting obligations (bookkeeping, taxation) as provided for by law. §-of the Act of 2000 on Accounting: name, address, designation of the person or organisation ordering the transaction, signature of the person ordering the transaction and the person certifying the execution of the order, and, depending on the organisation, the signature of the controller; on stock movement vouchers and cash management vouchers: signature of the recipient and on counterfoils: signature of the payer, and under Act CXVII of 1995 on Personal Income Tax: tax identification number.

(2) Data processing related to the keeping of the driver's logbook and the driver's logbook (in relation to vehicles used by more than one holder): the Company processes the data specified by law (name of the driver, type of vehicle, registration number, date and purpose of the journey, route taken, name of the business partner visited) for the purposes of legal obligations, cost accounting, supporting documents, tax assessment and fuel saving. The relevant legislation is Act No. CXVII of 1995 (Tax Act), § 27/2/, Annex 3, item 6 and Annex 5, item 7.

(3) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.

Processing of documents of lasting value under the Archives Act

(1) The Company shall, in the performance of its legal obligation, process documents of permanent value pursuant to Act LXVI of 1995 on public records, public archives and the protection of private archival material (Archives Act), in order to ensure that the permanent value of the Company's archival material is preserved intact and in a usable condition for future generations. Duration of storage: until the transfer to the public archives.

(2) Recipients of the personal data: the head of the Company, employees of the Company who are responsible for the management and archiving of the records, employees of the public archives.

Section V.

Cookie policy on the website of the company

(1) Cookies are text files with small pieces of data, that are stored in the user’s computer or phone (HDD, SSD) until their expiration date, and if a user returns to that site in the future, the web browser returns that data to the web server. Their purpose is to store data regarding visiting the website, and personal adjustments, but these are not personal data of the user. Cookies help to create a user friendly website and to improve the user’s experience. If the user does not agree to use cookies, the use of the website will be intermitted. We might use cookies to preserve your identification data called session cookies. We ourselves do not store anything in cookies, but third-party entities store cookies on the website:

(2) Purpose of personal data processing: improvement in user’s internet experience, storage of personal adjustments

(3) Legal basis of data processing: the data subject’s freely given consent

(4) Categories of processed personal data: the Data Controller stores every analytical information without name or any other personal data

(5) Period for which the personal data are stored: The data subject can delete the cookies anytime on his or her computer or phone

Section VI.

Information about the rights of data subject

You can find further information about the rights of the data subject in General Data Protection Regulation (eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN)

  • Information and access to personal data (Article 13 and 14),
  • Right of access by the data subject (Article 15),
  • Right to rectification (Article 16),
  • Right to erasure (‘right to be forgotten’ – Article 17),
  • Right to restriction of processing (Article 18),
  • Right to data portability (Article 20),
  • Right to object (Article 21),
  • Right to not be subject to automated individual decision-making, including profiling (Article 22),
  • Right for remedies (Article 77-82).

Right to lodge a complaint with a supervisory authority:

(1) Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes General Data Protection Regulation. You can find further information about remedies under Article 77.

(2) Contact of the supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Székhely: 1055 Budapest, Falk Miksa utca 9-11
Postacím:1363 Budapest, Pf.: 9.
Tel. +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Place and date: Szeged, 3rd February 2023

Z Gen Kibernetika Kft.

This website is open-source, and built on the Guild SDK