LISA Foundation Privacy Policy
- Introduction
We encourage you to carefully read this Privacy Policy as it provides you with information about your personal data being processed in connection with:
- your access to and use of the Platform and our Communications Channels; and
- discussions for evaluating or pursuing a Business Relationship.
In this Privacy Policy we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.
In this Privacy Policy, personal data and personal information are used as synonyms and mean any information that directly or indirectly identifies you as an individual, as well as any information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
- Definitions
Unless otherwise provided in this Privacy Policy, capitalized terms used in this Privacy Policy have the meaning determined in the LISA Terms & Conditions (the “Terms”). We encourage you to read the Terms carefully as they affect your obligations and legal rights. The terms provided below have the following meanings:
“Business Relationship” means certain business relationships and transactions with us.
“Social Media” means social media, such as Instagram, X (Twitter), Telegram, Discord, Farcaster, or LinkedIn.
“we”, “us”, or “our”, means LISA Foundation, a Cayman Islands foundation company.
- Contact Details
With respect to personal data collected in connection with your access to and use of the Platform, we act as a controller (business), meaning that we determine what data is collected as well as the purposes and means of processing of your data.
We process your personal data in accordance with this Privacy Policy, and we endeavor to comply with the applicable legislation. If you have any questions regarding this Privacy Policy or the processing of your personal data, do not hesitate to contact us at support@lisafoundation.com.
- Principles
While processing your personal data, we stick to the following principles:
Lawfulness. We endeavor to process personal data in accordance with the applicable legislation and only on the basis of the appropriate legal grounds.
Transparency. We endeavor to make the processing activities transparent and understandable for you, including by providing you with all reasonably necessary information regarding the processing.
Purpose Limitation. We process your data only for the purposes it was collected. If we establish any other purpose, we will inform you reasonably in advance.
Control. We try to give you as much control over your data as reasonably feasible, taking into account the available functionality.
CIA Triad. We try to comply with the best practices applicable to the development and maintenance of our security systems to ensure ongoing confidentiality, integrity and availability of your personal data.
Disclosure Accountability. If we disclose personal data to any person, we will do our best to ensure that such person will comply with the terms of the applicable legislation and this Privacy Policy.
- Type of Data
We collect and process the following types of personal data as outlined below. Please note that we may also collect certain other information, which may be required under the applicable laws.
Category of Data |
||
Examples |
Description |
Comments |
Account Data |
||
Full name |
This may include your first name and last name. |
You may use a Third-Party Account (such as Google Account or Apple ID) to create your Account. In this case, we will receive the respective information from the operator of the respective Third-Party Account. You may deactivate the connection between your Account and Third-Party Account by contacting us or using the functionality of the respective Third-Party Account. In the latter case, as soon as we become aware of such deactivation, we will delete the respective information stored on our servers, except for the personal data that becomes a part of your Account, if any. The operators of the Third-Party Accounts are independent controllers (businesses) and we are not responsible for them. |
Email address |
Email address may be considered personal data. |
|
Wallet Data |
||
Wallet Addresses |
This means a public address on the respective blockchain network associated with the relevant Wallet. It constitutes a random set of symbols assigned by the respective blockchain network. |
The Wallet Address itself does not identify you as an individual. However, if such data is combined with certain other data (such as a name, email address, username, etc.) it may become possible to identify you as an individual and thus, such a set of data may be deemed personal information. |
Wallet balance |
As the Wallet Address is publicly available, any person, including us, may see the amount of Digital Assets stored in the respective Wallet. |
|
Information about transactions associated with the Wallet Address |
This may include information about transaction amount, time and date, transaction ID and status, Wallet Addresses of sender and recipient, etc. |
|
Technical Data |
||
Internet protocol (IP) address |
This means a unique address of a device, which allows us to identify your approximate location (country, city, region, ZIP code). For better understanding, IP addresses are expressed as a set of numbers, for instance: 194.150.2.33. |
|
Browser details |
This includes information about the browser type and its version. |
|
Device details |
This includes information about the type of the device (e.g., computer, tablet, or smartphone), its model, and its screen size. |
|
Operating system |
This means the information about the type and version of the operating system on your device (e.g., Windows 10, macOS version 12.4, etc.). |
|
Marketing Data |
||
Email address |
Email addresses may be considered personal data. |
|
Analytical Data |
||
Rudderstack (rl_anonymous_id, rl_page_init_referrer, rl_session, rl_trait, rl_user_id) |
RudderStack collects statistical data of your behavior on the Platform, which can be used for our analytics. Rudderstack sets this cookie, which is used to store performed actions on the Platform. |
More information on RudderStack is available here.With respect to the collected data, RudderStack acts as our data processor. If RudderStack uses such personal data for any of its own purposes, it will act as an independent data controller. |
Datadog (_dd_s) |
Collects statistics and analytics about the Platform use. |
More information on Datadog is available here. With respect to the collected data, Datadog acts as our data processor. If Datadog uses such personal data for any of its own purposes, it will act as an independent data controller. |
Business Relationship Data |
||
Full name |
This may include your first name, last name and middle name, if any. |
Do not provide it unless it is reasonably necessary or requested by us. |
Contact details |
This may include your email address or Social Media contact. |
– |
Position within the entity you represent |
For instance, a director, manager, CEO, etc. |
We may request certain additional documents confirming your position or title. |
Other information requested by us, or data that you choose to provide us with |
This may include information about the name of the entity you represent, information and documents revealing your identity, etc. |
Please do not provide personal data unless it is reasonably necessary or requested by us. |
Social Media Data |
||
Username |
This does not have to be personal data. |
When you access or otherwise participate in our Communication Channels, you will need to use respective Social Media. In general, Social Media makes available the respective statistical information to us in an anonymised form. It is impossible to make any conclusions about any individual User, as well as access to any individual User profiles relying solely on such information. |
Photo |
– |
|
Messages, comments, and other communications |
||
Other data that you choose to provide us with |
||
Information provided by the respective Social Media |
This may include:
|
Instagram Data |
Our Instagram account is operated by Meta Platforms, Inc. and its affiliates, including Meta Platforms Ireland Ltd. Meta collects and processes your personal data to the extent described in its privacy policy. We and Meta have entered into a so-called joint controller agreement, available here, to comply with the requirements of applicable legislation. |
||
X (Twitter) Data |
||
Our X (Twitter) account is operated by X Corp. or Twitter International Unlimited Company depending on where you are located. X collects and processes personal data to the extent described in its privacy policy. |
||
LinkedIn Data |
||
Our LinkedIn page is operated by LinkedIn Ireland Unlimited Company. LinkedIn collects and processes personal data to the extent described in its privacy policy. We and LinkedIn have entered into a so-called joint controller agreement, available here, to comply with the requirements of applicable legislation. |
||
Telegram Data |
||
Our Telegram channels are operated by Telegram Messenger Inc. Telegram collects and processes personal data to the extent described in its privacy policy. |
||
Discord Data |
||
Our Discord server is operated by Discord Inc. or Discord Netherlands BV depending on where you are located. Discord collects and processes personal data to the extent described in its privacy policy. |
||
Farcaster Data |
||
Farcaster is operated by Merkle Manufactory Inc. Discord collects and processes personal data to the extent described in its privacy policy. |
||
Contact Data |
||
Full name |
Do not provide it unless it is reasonably necessary or requested by us. |
|
Contact details |
This may include your email address or Social Media nickname. |
|
Any other data requested by us or data that you choose to provide us with |
Please do not provide personal data unless it is reasonably necessary or requested by us. |
|
- Data Use
Description |
Lawful Basis for Processing |
||
Account Data |
|||
To enable you to access and use the App functionality. |
To perform a contract with you. If you act on behalf of an entity, our legitimate interest to ensure the access and use of the App by the legal entity you represent. |
||
Wallet Data |
|||
To enable you to access and use the App functionality, including by verifying the Wallet balance and transaction status. |
To perform a contract with you. If you act on behalf of an entity, our legitimate interest to ensure that you have access to the functionality of the App on behalf of the entity you represent. |
||
To prevent and detect fraud and abuse, and protect the security of our Users. |
Our legitimate interest as well as the interests of other Users to achieve this purpose. |
||
Technical Data |
|||
To ensure the operation of the Platform. |
To perform a contract with you. If you act on behalf of an entity 一 our legitimate interest to ensure the access and use of the App by the legal entity you represent. |
||
To ensure the Platform security. |
Our legitimate interest to achieve these goals. |
||
To provide a better user experience by improving functionality, usability, user flow and interface of the Platform. |
|||
To conduct Platform analysis. |
|||
Marketing Data |
|||
To provide you with marketing and newsletter emails concerning the Platform, Artwork releases, as well as general updates. |
If you have subscribed to receiving our newsletter, your consent. If you have not subscribed to our newsletter, our legitimate interest to provide you, as our former or current User, with information regarding the Platform. |
||
Analytical Data |
|||
RudderStack is used to collect statistics about the Platform use, by analyzing your behavior of the Platform use. |
Your consent to the use of the cookies. |
||
Datadog is used to group all events generated from your session across multiple pages. It contains the current session ID, whether the session is excluded due to sampling, and the expiration date of the session. |
|||
Business Relationship Data |
|||
To establish a Business Relationship with you or the entity you represent. |
To take steps at your request prior to entering into a contract (i.e., to establish a Business Relationship with you or the entity you represent), if you reach us for a Business Relationship. To perform a contact with you, if we enter into a Business Relationship with you. If you act on behalf of an entity, our legitimate interest to enter and perform the Business Relationship with such entity. |
||
To execute the relevant agreements in connection with the Business Relationship, if any. |
|||
To verify your identity and, if applicable, make sure that you are duly authorized to act on behalf of the entity we wish to establish the Business Relationship with. |
|||
To maintain information about you as a representative of the entity you represent, if any. |
|||
Social Media Data |
|||
To communicate with the visitors, participants, or subscribers of our Communication Channels. |
Our legitimate interest to achieve these purposes. |
||
To handle requests from visitors via the Communication Channels. |
|||
To obtain statistical information about the reach of our Communication Channels. |
|||
To conduct customer surveys, marketing campaigns, market analyses, or other promotions and events. |
|||
Contact Data |
|||
To respond to your inquiry. |
Our legitimate interest to respond to your inquiry. |
||
- Storage Period
As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary:
- to meet our legal obligations under the applicable law;
- in relation to anticipated or pending legal proceedings; or
- to protect our rights and legitimate interests or those of third parties.
Storage Period |
Rationale |
||||
Account Data |
|||||
As long as you keep your Account with the App and for one (1) year thereafter. |
The Account Data is strictly necessary to use the App. The Account Data is processed following termination in order to be able to respond to requests regarding such data during the period of the statutes of limitations. |
||||
Wallet Data |
|||||
As long as you keep your Account with the App and for one (1) year thereafter. Please note that due to the nature of a blockchain, the Wallet Data may be stored permanently on the applicable blockchain (not by us). |
The Wallet Data is strictly necessary to use the App. The Wallet Data is processed following termination in order to be able to respond to requests regarding such data during the period of the statutes of limitations. |
||||
Technical Data |
|||||
Until the browsing session from your respective device expires. |
We need such data only as long as you have an active browsing session. Generally, anonymized data is stored permanently to analyze the Platform use. |
||||
Marketing Data |
|||||
As long as you remain a subscriber. |
You may unsubscribe from receiving marketing emails from us at any time by (i) contacting us; or (ii) clicking the unsubscribe button available at the bottom of each marketing email. In this case, we will delete your email address from the respective marketing database.
Please note that administrative or service-related communications (email verifications, maintenance notifications, etc.) are not considered marketing and such communications may not offer an option to unsubscribe. |
||||
Analytical Data |
|||||
Rudderstack: seven (7) days.
Datadog: during the browsing session and for extra 15 minutes every time you interact with the Platform, up to the maximum browsing session duration of 4 hours. |
We need the collected data for the purposes outlined in this Privacy Policy above. |
||||
Business Relationship Data |
|||||
Pending discussions of and as long as we maintain our Business Relationship and for five (5) years after any expiration or termination of the Business Relationship. |
We set these retention periods to:
|
||||
For one (1) year after you last contacted us regarding the Business Relationship, if we have not commenced any Business Relationship. |
|||||
Social Media Data |
|||||
Until deleted by you or the respective Social Media, unless otherwise is expressly provided in a specific consent form, privacy notice or statement. |
We process such data for the purposes outlined above. We may not be able to erase personal data you provided us via the Communication Channels. |
||||
No retention period for statistical and analytical Social Media Data that is anonymous, aggregated and does not allow us to identify any particular person. |
If and to the extent we become able to identify any particular person, we will promptly update this Privacy Policy and establish a certain limitation period for processing such data. |
||||
Contact Data |
|||||
For one (1) year from the last date when you contacted us regarding the same matter. |
We set this retention period due to the statutes of limitations established in the Terms. |
||||
Data Sharing
General. We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Policy, applicable legislation, or with your consent, in each case for the purposes of and if it is reasonably necessary:
- to provide you with access to the Platform and performance of our undertakings with you;
- for compliance with the applicable laws and regulations; or
- for our legitimate interest to maintain, improve and develop the Platform.
If we share any portion of your personal data with third persons, we will endeavor to secure such transfer using appropriate legal, organizational, and technical measures.
Recipients. Your personal information is shared with the following categories of recipients:
- Affiliates;
- support and technical teams;
- marketing teams;
- analytical solution providers;
- email service providers;
- email delivery service providers;
- email verification service providers;
- Wallet service providers;
- hosting service providers;
- government authorities, upon their request or if necessary to comply with our legal obligations;
- another entity if we sell or otherwise transfer the Platform or their parts; and
- other third-party solutions, which may be from time to time integrated in relation to the Platform.
Blockchain and Personal Data
Please note that the Wallet Data interacts with blockchain networks, which are public and decentralized, as well as related infrastructure and software, including smart-contracts and modules, that work autonomously. The data entered in a public decentralized blockchain is distributed via the nodes that simultaneously store all records entered into the blockchain.
When we say “decentralized”, we mean that there is no identifiable person or group of persons who controls or operates the blockchain. When we say “public”, we mean that the data available on the blockchain may be accessed by anyone and the access cannot be restricted.
By design, blockchain records cannot be changed or deleted and are said to be “immutable”. Please be aware that blockchain transactions are irreversible and information entered into a blockchain cannot be deleted or changed. Therefore, your ability to exercise certain data protection rights or abilities may be limited.
In addition, due to the nature of blockchain, the information that was entered in a blockchain will be publicly available and we will neither control such information nor manage access to it. If you carry out transactions on blockchain networks, certain data, which may be considered personal, becomes publicly available on such blockchains. The ultimate decision whether to transact on a blockchain or carry out any transactions rests with you.
Rights
Verification. In case you wish to exercise your data subject rights, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.
Blockchain Data Processing. Please note that when you interact with blockchain networks, you may not be able to fully exercise certain rights that you may have pursuant to the applicable legislation with respect to your Wallet Data. For instance, we may not be able to ensure that your Wallet Data is deleted, corrected, or restricted. You may learn more above in the “Blockchain and Personal Data” section of this Privacy Policy.
Data Subject Rights. Depending on the applicable legislation, you may have the following rights:
Rights |
Description |
Right to access your personal data (commonly known as a “data subject access request”) |
You may ask us whether we process your personal data. If we process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you, and check that we are lawfully processing it. |
Right to correction (rectification) of the personal data |
You may have your incomplete or inaccurate data to be completed or rectified. We may need to verify the accuracy of the new data you provide to us. |
Right to delete of your personal data (commonly known as a “right to be forgotten”) |
You may ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also may ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, in our response to your request. |
Right to restriction or object to processing of your personal data |
You may object to processing of your personal data when the processing is not in compliance with the applicable legislation. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. |
Right to opt-out of sale or sharing of your personal data |
You may opt-out of the sale or sharing of your personal information at any time. “Sale” commonly means disclosing or making available personal information to a third party for valuable consideration, including money. “Sharing” means sharing, disclosing, making available or otherwise communicating your personal information for cross‐context behavioral advertising (targeted advertising). |
Right to manage your marketing preferences. |
If we send or intend to send marketing materials to you, you may ask us to stop processing your data for such purpose. |
Right not to be subject to discrimination |
This right protects you against any discrimination for exercising any of your rights under the applicable legislation. We cannot discriminate against you in any way based on your personal data. |
Right to restrict the processing of your personal data |
You may ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy, (ii) where our use of the data is unlawful but you do not want us to erase it, (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. |
Request the transfer of your personal data (commonly known as a “right to the data portability”) |
Following your request, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which is processed based on your consent or performance of a contract with you. |
Right to withdraw consent |
You may withdraw your consent at any time where we are relying on consent to process your personal data. |
Right to request the review by a human of decisions taken exclusively based on automated processing |
You have the right not to be subject to a decision based solely on automated processing of data, including profiling, if that could affect your rights. |
Right to file a complaint |
You may file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable legislation. The relevant supervisory authority will particularly depend on where you are located. |
Third-Party Links
The Platform may include links and social media plugins to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share certain data about you. We do not control these third-party websites and applications, and are not responsible for their privacy statements. When you leave the Platform, we encourage you to read the privacy policy/notice/statement of every website or application you visit.
Data of Children
The Platform is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, solicit, process, collect, or use personal data of children.
If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.
Modifications and Updates
We keep our Privacy Policy under regular review and we may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Policy regularly to check for updates. If we make substantial changes to the way we treat your personal information, we will (i) display a notice on the Platform, and/or (ii) notify you by email prior to the change becoming effective.