IOTA promotes science and research in the field of information technology as well as public and professional education, in particular in relation to digitization and the application of modern software. IOTA procures and transfers funds, including cryptocurrencies, to accomplish these purposes. We are focused on the development of so-called “open source” software in the field of distributed ledger technology, in particular in connection with the IOTA Tangle and its associated technologies and uses.

We are committed to the highest level of integrity in dealing with our customers, investors, employees, collaborators, and other business partners. When you are using IOTA’s website or technology or purchasing or requesting information from us, we may collect, process and/or use your Personal Data, as defined below, in accordance with this privacy policy (“Policy”). Further, we may either receive your Personal Data directly from you when you send us e-mails or otherwise provide your Personal Data in the course of other interactions with us, or indirectly from third parties who legally provide your Personal Data to us.

This Policy is meant to inform you about which Personal Data we collect, store, process, use and/or disclose, for which purposes, and on which legal basis. We further inform you about your rights to protect your Personal Data.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy. Your continued use of our Services or website constitutes your agreement to be bound by this Policy, as amended or updated from time to time.

Please note that IOTA Foundation collects your Personal Data directly from the country where you are based and may store it on servers outside EU/EEA in USA, Taiwan, and Singapore, where the standards of data protection may be lower than in the EU/EEA.

1. Which Personal Data we process

The categories of Personal Data about you that we may process depend upon the nature of your business relationship with us and may include:

  • Personal details: name, gender, date of birth / age, nationality, passport or national ID
    number, social security number, tax identification number;

  • Contact details: address, e-mail address, telephone number, social media account
    details;

  • Corporate details: name, place of registration, registration number, transparency register
    number, details with respect to articles of association and other similar documents /
    certificates, details with respect to shareholders and/or beneficial owners (including
    their personal and contact details);

  • Technical information of your devices (e.g. IP address) which you use for
    communications, or transactions (cell phone, tablet, notebook, personal computer, etc.; and

  • Details concerning your transfers of cryptocurrency tokens, including IOTA tokens,
    insofar as these are publicly viewable on the cryptocurrency platform concerned.

2. How we collect your Personal Data

We may collect Personal Data about you from the following sources:

  • When you contact us via e-mail, our contact form, telephone or by any other means;

  • In the ordinary course of our relationship with you (e.g., Personal Data we obtain in the course of our business communication, negotiation proceedings etc.);

  • Where you have manifestly chosen to make such Personal Data public, including via
    social media profiles;

  • When we receive your Personal Data from third parties who legally provide it to us, such as credit reference agencies or law enforcement agencies;

  • When you visit any of our websites or use any features or resources available on or
    through our websites. When you visit our website, your device and browser may automatically disclose certain information (such as device type, operating system,
    browser type, browser settings, IP address, language settings, dates and times of
    connecting to a website and other technical communications information), some of
    which may constitute Personal Data;

  • When you submit your resume/CV to us for a job application;

  • When you subscribe to our newsletters, circulars, social media, or other information
    services.

3. Creation of Personal Data

In the course of your interaction with the IOTA Foundation, we may also create Personal Data about you, such as records of your interactions with us and details of your transaction history.

4. For which purposes we use your Personal Data

We use your Personal Data to provide, maintain and improve our Services, in particular, but not exclusively with regard to our further development and improvement of the IOTA Tangle protocol and its associated technologies. We may also use your Personal Data to communicate with you about upcoming events, inform you about news, developments, and research related to IOTA, respond to inquiries you have made, evaluate job applications, contracting quotes, partnership proposals, or funding requests you have submitted (including requests made to the Ecosystem Development Fund), or to carry out other ordinary business activities in accordance with our non-profit foundation charter.

5. Lawful basis for Processing Personal Data

In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

  • we have obtained your explicit prior consent to the Processing (this legal basis is only
    used in relation to Processing that is entirely voluntary – it is not used for Processing
    that is necessary or obligatory in any way), cf. Art. 6 (1) lit. a) GDPR;

  • the Processing is necessary in connection with any contractual relationship that you
    may enter into with us, cf. Art. 6 (1) lit. b) GDPR;

  • the Processing is required by applicable law, , cf. Art. 6 (1) lit. c) GDPR;

  • the Processing is necessary to protect the vital interests of any individual, cf. Art. 6 (1)
    lit. d) GDPR; or

  • we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms, , cf. Art. 6 (1) lit. f) GDPR.

  • When we are involving third party Processors into the performance of our services and contractual obligations and such involvement requires the sharing of Personal Data, we have entered with our third party Processors into data processing agreements according to Art. 28 of the European General Data Protection Regulation (“GDPR”) and, as far as required, further appropriate safeguards according to Art. 46 – 49 GDPR. The list of third party Processors to which we disclose your Personal Data can be requested by e-mail to privacy@iota.org​.

6. Processing of special categories of personal data

We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:

  • the Processing is required or permitted by applicable law;

  • the Processing is necessary for the establishment, exercise or defence of legal rights; or

  • we have, in accordance with applicable law, obtained your explicit consent prior to
    Processing your Sensitive Personal Data (as above, this legal basis is only used in
    relation to Processing that is entirely voluntary – it is not used for Processing that is
    necessary or obligatory in any way).

7. Consequences if we may not collect your Personal Data

We need your Personal Data to provide our Services to you and/or perform our contractual obligations towards you. Without providing such Personal Data, we may not be able to provide you the services you are intending to receive.

Any consent is provided freely. If you give your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of Processing based on consent before its withdrawal. After your withdrawal we will stop to Process your Personal Data, including storage. This paragraph is only relevant for Processing that is entirely voluntary – it does not apply for Processing that is necessary or obligatory in any way.

To withdraw your consent, please send us an e-mail to ​privacy@iota.org​ or a letter to: IOTA Foundation c/o Nextland Strassburgerstrasse 55 10405 Berlin Germany

9. When we erase your Personal Data

We erase your Personal Data automatically when they are no longer required for the purposes listed above and if further storage is neither required nor permitted by applicable laws. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.

10. Cookies

We are using Cookies on our websites. "Cookies" are small amounts of information that are distributed from some websites to your web browser to recall information about past browsing activities. We may use Cookies to identify the browser you are using so that our website displays properly. We also use cookies in various places on our website in order to document your visit to our website and allow for a more efficient website design.

You may reject the setting of Cookies by adjusting the relevant settings of your browser at any time. If you do not want to allow us to use Cookies, you can disable Cookie installation via your browser setting or refuse the installation of Cookies when prompted to this effect. You also have the option of deleting Cookies from your computer’s hard disk at any time. The Cookies are set to expire no later than one year after initial transmission.

11. Use of third party tools

To improve our website and evaluate user behaviour, we have integrated different tools from other companies into our website. Furthermore in certain cases we have implemented content from other websites. This subsection gives a conclusive overview over tools and websites we’re using.

  • Google Analytics

This Website uses the tool Google Analytics by the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics is a web analytics service. Web analysis is the gathering, collection and
analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Google might transfer the personal information collected via this technical procedure to third parties.

As IP anonymization is activated on our website, your IP address will be shortened by Google within Member States of the European Union or other states in agreement with the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by a Google server in the USA. On behalf of the operator of the website, Google will use this information to evaluate your use of the website, compile reports on website activity and to provide further services related to ​ website​ and internet use to us. The IP address transferred through your browser to Google Analytics will not be combined with other data held by Google.

In addition, this website uses the Analytics feature UserID to track interaction data. This User ID will be additionally anonymized and encrypted and will not be linked with other data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics.

In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Further information and Google‘s applicable privacy regulations can be found at https://policies.google.com/privacy?hl=en​.

  • Hotjar

This website uses the tool Hotjar by the company Hotjar Ltd, Level 2, St Julian’s Business 5Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

Hotjar captures information about the user's device, their IP ​ address​ , geographic location, language settings and user interactions such as mouse movements, clicks and keyboard input. In addition, Hotjar uses cookies to recognize visitors. You can find Hotjar’s privacy policy by following this link: https://www.hotjar.com/privac​y​. You can refuse the usage of Hotjar byopting out. Details as well as the opt-out link can be found at https://www.hotjar.com/legal/compliance/opt-out​.

  • YouTube

This website is using the services of the company YouTube, LLC (​https://www.youtube.com/​), a subsidiary of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to integrate and display videos. YouTube allows users to upload, view, rate, share, add to playlists, report, and comment on videos, and subscribe to other users. You can find Google’s privacy policy, which also applies to services of YouTube, LLC, as well as information about what kind of data is processed by following this link: ​https://policies.google.com/privacy?hl=en​.

  • Medium

This website is using the services of the company A Medium Corporation (​https://medium.com/​), 760 Medium Street, San Francisco, CA 94102, USA. to integrate and display texts and blog posts. Medium allows users to upload, share, rate and comment texts and blog posts. You can find Medium’s privacy policy, as well as information about what kind of data is processed by following this link: https://policy.medium.com/medium-privacy-policy-f03bf92035c9

You have the right to request access to and rectification or erasure of your Personal Data, or restriction of their Processing. Furthermore, you have the right to object to Processing as well as to request data portability. You have the right to file a complaint to the Berlin Data Protection Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

You have the right to obtain from us the information as to whether or not personal data concerning you are being processed, the purpose of the processing and the categories of personal data concerned.

A copy of the personal data undergoing process can be requested.

13. Our contact information, Data Controller

For any requests you can contact us as follows:

privacy@iota.org

or

IOTA Foundation c/o Nextland
Strassburgerstrasse 55
10405 Berlin
Germany