00 /
Privacy Policy

Privacy Policy Golem Factory GmbH

We, Golem Factory GmbH, are delighted that you have shown interest in the Golem Network (the "Company", "we", "us" or "our").

Data protection is of a particularly high priority for us. We process your Personal Data in compliance with applicable data protection law, in particular, the Swiss Federal Act on Data Protection ("FADP") and, to the extent applicable, the EU General Data Protection Regulation ("GDPR") (together "Applicable Data Protection Law").

Please use the contact details below to get in touch whenever you have questions regarding your Personal Data; we will respond to every enquiry as soon as possible.

I. Controller

The Controller who is responsible for processing your Personal Data under Applicable Data Protection Law is:

Golem Factory GmbH
Dammstrasse 16
6300 Zug Switzerland
Email address: privacy@golem.network

II. EU and UK Representative

The Company has appointed an EU Representative and a UK Representative, who may be contacted as followed:

Lawarton Corporate Services Sp. z o. o., Email: gdpr.golem@lawarton.com

III. Overview

The use of the website of the Company is possible without any indication of Personal Data; however, if a Data Subject wants to use services via our website, we may need to Process your Personal Data. If we need to Process your Personal Data and there is no statutory or contractual basis for such Processing, we will generally obtain your prior consent. If you are a service provider, supplier or business partner of us, we Process your Personal Data for the purposes of the agreement with you as well a related purposes such as business development and accounting purposes.

The Processing of your Personal Data, such as the name, address, email address, or telephone number will always be in line with the GDPR, the FADP and in accordance with the country-specific data protection regulations to the extent applicable to the Company.

With this Privacy Policy, the Company would like to inform you of the nature, scope, and purpose of the Personal Data we collect, use and process. Furthermore, our Privacy Policy informs you of the rights to which you are entitled when we Process your Personal Data.

IV. Legal Basis for the Processing

Under the GDPR, we need a legal basis to Process your Personal Data. The legal bases described in the following are listed in the GDPR:

  • Art. 6(1) lit. a GDPR serves as the legal basis for Processing operations for which we obtain consent form you for a specific Processing purpose.
  • If the Processing of Personal Data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on art. 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
  • If our Company is subject to a legal obligation that requires us to Process Personal Data, such as for the fulfilment of tax obligations, the processing is based on art. 6(1) lit. c GDPR.
  • In rare cases, the Processing of Personal Data may be necessary to protect the vital interests of you or of another individual. This would be the case, for example, if a visitor were injured in our Company and her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. In such cases, the Processing would be based on art. 6(1) lit. d GDPR.
  • Finally, Processing operations can be based on art. 6(1) lit. f GDPR. This legal basis is used for Processing operations which are not covered by any of the abovementioned legal grounds and the processing is necessary for the legitimate interests pursued by our Company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms require protection of Personal Data. Where the Processing of Personal Data is based on art. 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

V. Processing of Personal Data

We collect and process your Personal Data as described in the following.

1. Collection of General Data and Information When Visiting our Website

When you access our website, we collect a series of general data and information. These general data and information are stored in the server log files.

The following data is collected:

  • the browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website (so-called referrers),
  • the sub-websites,
  • the date and time of access to our website,
  • an Internet protocol address (IP address),
  • the Internet service provider of the accessing system, and
  • any other similar data and information that may be used in the event of attacks on our information technology systems.

We do not use this information to draw any conclusions about you. Rather, this information is needed to (1) provide our products and services, including our Apps and this Site, and improve them over time, (2) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, (4) personalize and manage our relationship with you, including introducing you to products or services that may be of interest to your or to provide customer support, (5) investigate, respond to, and manage inquiries or events, and (6) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the Personal Data we process.

The anonymous data of the server log files are stored separately from all Personal Data provided by a Data Subject.

The general data and information collected will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The processing of the information by collecting general data and information is based on the legitimate interests of the Company pursuant to art. 6(1) lit. f GDPR.

2. Cookies

We use cookies on our website. For further information regarding our use of cookies, please refer to our cookie policy under this link: Cookie Policy.

3. External Network Monitor

The Company maintains an external network monitor that shows various network statistics of the Golem Network and displays them to the public, including individuals and legal entities that do not use the Golem Network. The external network monitor allows the Company to gather data regarding functioning of the network and nodes in order to constantly improve and upgrade the network protocol and the Golem application. When the user downloads and installs the Golem application, he or she will be asked during the installation procedure whether he or she wishes to contribute certain information about his or her node and the usage of the application to the external network monitor. If the user decides to opt-in to contribute network statistics to the Company, the following information relating to the user's use of the application ("External Statistics") will be transferred to the Company and published on https://stats.golem.network/ (anyone can access this site):

  • Node ID
  • Node Name
  • Node Version
  • Last Time Seen
  • Operating System
  • Network IP
  • Start Port
  • End Port
  • Performance Indexes
  • Allowed Resource Size
  • Allowed Resource Memory
  • CPU Cores
  • Minimum Price
  • Maximum Price
  • Subtasks Completed with Success
  • Subtasks with Error
  • Subtasks with Timeout
  • P2P Protocol Version
  • Task Protocol Version
  • Number of Tasks Requested
  • Number of Known Tasks
  • Number of Supported Tasks
  • Requestor Statistics, including tasks, finished tasks, requested subtasks, collected results, verified results, subtasks with timeout, downloadable tasks, failed subtasks, work offers
  • Provider Statistics, including requested subtasks, received subtasks, total time between subtask request and assignmentOS versionOS release dateOS edition

The storing and publishing of the External Statistics is required in order to display it on the external network monitor. The External Statistics transferred to the Company will be updated on a regular basis and therefore continuously replaced with more current information. This means that the external monitor represents a real time reflection of the Golem Network and that all the data displayed in the external monitor is being overwritten in real time.

The processing of the information by storing and publishing the External Statistics on the external network monitor is based on the user's consent pursuant to art. 6(1) lit. a GDPR. You have the right to withdraw your consent at any time. If you wish to end your contribution of External Statistics to the external network monitor, you can opt-out by using the command line interface of the Golem application. In this case, the information will be immediately excluded from being displayed on the network monitor.

4. Internal Network Monitor

The Company maintains an internal network monitor that collects various network statistics of the Golem Network. The internal network monitor allows the Company to gather data regarding functioning of the network and nodes in order to constantly improve and upgrade the network protocol and the Golem application. The network statistics stored in the internal network monitor are also used to improve the performance of the Golem Networks but are more informative and accurate than the External Statistics.

When the user downloads and installs the Golem application, he or she will be asked during the installation procedure whether he or she wishes to contribute certain information about his or her node and the usage of the application to the internal network monitor. If the user decides to opt-in to contribute network statistics to the Company, the following information relating to the user's use of the application ("Internal Statistics") will be transferred to the Company and stored on our internal servers:

  • Node ID
  • Node Name
  • Node Version
  • Last Time Seen
  • Operating System
  • Network IP
  • Start Port
  • End Port
  • Performance Indexes
  • Allowed Resource Size
  • Allowed Resource Memory
  • CPU Cores
  • Minimum Price
  • Maximum Price
  • Subtasks Completed with Success
  • Subtasks with Error
  • Subtasks with Timeout
  • P2P Protocol Version
  • Task Protocol Version
  • Number of Tasks Requested
  • Number of Known Tasks
  • Number of Supported Tasks
  • Requestor Statistics, including tasks, finished tasks, requested subtasks, collected results, verified results, subtasks with timeout, downloadable tasks, failed subtasks, work offers)
  • Provider Statistics, including requested subtasks, received subtasks, total time between subtask request and assignmentOS versionOS release dateOS edition
  • Public key
  • Provider incomes statistics
  • Requestor payments statistics
  • Marketplace statistics

The storing of the Internal Statistics on the servers of the Company is required to display it on the internal monitor and to analyze it in order to improve the performance of the Golem Network. In contrast to the External Statistics, the Internal Statistics are not replaced with but rather continuously enhanced by more current information. The internal monitor is therefore a historical reflection of the Golem Network, providing the Company with an overview of everything that has happened on the Golem Network in the past. The Internal Statistics are not available to the public and are not being shared with third parties.

The processing of the information by storing the Internal Statistics on the internal network monitor is based on the user's consent pursuant to art. 6(1) lit. a GDPR. You have the right to withdraw your consent at any time. If you wish to end your contribution of information to the network monitor, you can opt-out by using the command line interface of the Golem application. To delete Personal Data that has already been submitted to the Company, you can contact us.

5. Sentry Service for Error Tracking

The Company uses an open-source error tracking service called Sentry that is offered by Functional Software, Inc. domiciled in San Francisco and provides real-time error tracking for web applications Sentry ("Sentry Service"). The information collected by the Sentry Service and provided to the Company gives the Company the insight needed to reproduce and fix crashes that happen in the Golem Network. When a user downloads and installs the Golem application, you will be asked during the installation procedure whether you wish to contribute information about errors happening in your node to the Sentry Service, including the node name. If you decide to opt-in to contribute such error information, all errors that happen in the user's nodes as well as the name of the node are automatically sent to the Company ("Error Information"). All other data related to the error is filtered and encrypted so that the Company is not able to access it.

The Error Information sent to the Company is subsequently stored on the Company's servers in the form of logs. The storing of the Error Information on the servers of the Company is required for the Company to be able to prioritize the most common errors that happen in the Golem Network and fix them in the proper order. The Company will delete the Error Information as soon as it is no longer required for the purpose for which it was collected. The Error Information is not available to the public and is not being shared with third parties.

The processing of the information by storing the Error Information on the servers of the Company is based on the user’s consent pursuant to art. 6(1) lit. a GDPR. You have the right to withdraw your consent at any time. If you wish to end your contribution of information to the network monitor, you can opt-out by using the command line interface of the Golem application.

6. Contact Possibility via the Website

Our website enables you to quickly contact us through our online form, as well as direct communication with us, which also includes email. If you contact us by email or via a contact form, your Personal Data such as name, contact details and request are automatically stored.

Such Personal Data transmitted on a voluntary basis by you are stored for the purpose of processing, contacting or answering you. The Processing of your Personal Data when contacting us is based on our legitimate pursuant to art. 6(1) lit. f GDPR to respond to your queries and requests.

7. Subscription to Our Newsletters

On our website, you are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what Personal Data are transmitted, as well as when the newsletter is ordered from us. The Company informs the customers and business partners regularly by means of a newsletter about enterprise offers.

The enterprise's newsletter is only sent to you if (1) you have a valid email address and (2) you register for the newsletter. Upon registration, a confirmation email will be sent to the email address registered by you in the double opt-in procedure. This confirmation email is used to check whether the owner of the email address is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by you at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the email address at a later date, and it therefore serves the aim of our legal protection.

The Personal Data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may receive additional information from us by email, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances.

You can terminate your subscription to our newsletter at any time. The consent to the storage of Personal Data, which you have given to receive our newsletter, can also be revoked at any time. You can find a corresponding link to unsubscribe or withdraw your consent in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website, or to inform us in a different way, for example, by email.

The Processing of your Personal Data in connection to your newsletter subscription is based on your consent pursuant to art. 6(1) lit. a GDPR. If you revoke your consent by terminating your subscription, you will not receive any further newsletters and all information relating to the newsletter subscription will be deleted within 60 days.

8. Competitions and Hackathons

The Company may invite the community to join so called Bug Bounty competitions or other competitions and Hackathons ("Competitions") during which community members ("Participants") can report software bugs and other technical issues in connection with the Golem Project and improve the Golem Project. To participate in a Competition, the Participants are required to submit an application to the Company.

The Personal Data (your name, contact details) sent to the Company as part of an application will be automatically stored by us and used to determine the distribution of the prize, e.g., Bug Bounty among the various Participants. In addition, Participants may be contacted by email in case such contact is necessary for the execution of the respective Competition or the distribution of a prize to the Participant.

The participation in a Competition may be terminated by the Participant at any time. The consent to the storage of Personal Data, which the Participant has given by participating in a Competition, may be revoked at any time by contacting the Controller. The Processing of the Personal Data sent to the Company in connection to a Competition is based on the Participant’s consent pursuant to art. 6(1) lit. a GDPR. The Participant has the right to withdraw his or her consent at any time.

9. Job Applications

We use a cloud-based recruitment software program which offers a complete set of features that allow the Company to acquire candidates, manage its candidate base, publish new job advertisements, set up application forms, manage applications, communicate with candidates, and generate detailed reports. When a candidate applies for a job on our website, he or she will be forwarded to the Golem recruitment form where the candidate will be asked to provide the following information: Name and surname, contact details, job he or she is applying for, CV, current location, starting date and financial expectations. If a candidate voluntarily provides additional information to us, we also process that in the course of the application process, unless it is not relevant to the job application.

The Golem recruitment form as well as the Personal Data that is entered by the user when applying for a job are kept on servers that are provided by Amazon Web Services and located in Ireland and Germany.

The Personal Data provided by the candidate will be deleted from these servers after three months, unless you have agreed to us keeping it for two years for potential other positions in the future. The processing of the Personal Data sent to the Company as part of a job application is based on the user’s consent pursuant to Article 6(1) lit. a GDPR. To delete Personal Data that has already been submitted to the Company as part of a job application, the user can contact the Controller.

10. Use of Golem Network

In certain cases, and, in particular, to issue Golem Tokens or for you to access the Golem Network, we may check the identity of our users (Know-Your-Customer ("KYC")-Process). For the KYC-process, we process Personal Data about you such as name, contact details, date of birth, nationality, bank data, passport / ID and, if legally required, health data, biometric data, ethnic data and data on social security measures.

The collection of this Personal Data is based on our legitimate interest according to art. 6(1) lit. f GDPR.

This Personal Data is only used to comply with our legitimate interest to keep the Golem Network secure and only shared with third parties, such as government authorities, banks, insurance providers or alike, if it is necessary in order to comply with our legitimate interest or if we have an obligation to do so. We do not share this data with other third parties.

The Personal Data collected in connection to our KYC-Process is kept for as long as we have a statutory retention obligation.

11. Other Processing Activities

We may also Process your Personal Data to the extent that we have a legal obligation (art. 6(1) lit. c GDPR) to do so or to defend, exercise or establish a legal claim which is in our legitimate interest (art. 6(1) lit. f GDPR).Furthermore, we Process your Personal Data to analyze, develop and improve the Golem Network and our business in general (art. 6(1) lit. f GDPR). For this purpose, we may also contact you to ask you for feedback on a voluntary basis.

Finally, we may Process your Personal Data if this is necessary in connection with a Company sale, merger, restructuring, dissolution or similar events, as well as in the event of bankruptcy, insolvency or similar event.

VI. Is the Provision of Personal Data a Statutory or Contractual Requirement?

Please note that the provision of Personal Data is partly required by law (e.g., tax laws) or can also result from contractual provisions (e.g., information on the contractual partner). You are, for example, obliged to provide us with Personal Data when our Company signs a contract with you. The non-provision of the Personal Data when we have a statutory or contractual obligation to collect it may have the consequence that the contract with you cannot be concluded or we cannot fulfill our statutory obligations. In such cases, we may not be permitted to work with you or provide our services to you.

If you have any questions, as to whether it is mandatory to provide the Personal Data for the Processing activities described in this Privacy Policy, please contact us directly.

VII. Disclosure of Personal Data

Where necessary or useful for the provision of our services or for other purposes defined in this Privacy Policy, we may share your Personal Data collected with third parties in the course of our business.

1. With Third Parties

In general, we have indicated with whom we share your Personal Data under Section V of this Privacy Policy.

However, as a generally, rules, we share your personal data with third parties (such as our payment service provider, CRM providers, operational service providers, our suppliers, vendors and distributors, our business partners, our advisors and lawyers and courts) in the EU, in Switzerland or in another country for the provision of our services, to meet our contractual obligations and in our legitimate interest. In addition, we may share your Personal Data with third parties if:

  • You have consented to us doing so (where necessary);
  • We are under a legal, regulatory, or professional obligation to do so;
  • It is necessary in connection with a company sale, merger, restructuring, dissolution or similar events, as well as in the event of bankruptcy, insolvency or similar even; or
  • It is necessary in connection with legal proceedings or to exercise or defend legal rights.

We also use third parties who provide products and services on our behalf and may share your Personal Data with them, for example, banks, insurance companies, marketing experts or IT suppliers who may have access to your Personal Data when providing software support.

2. Transfer of Personal Data to Third Parties in Foreign Countries

During our business activities and for the purposes described in this Privacy Policy, the third parties mentioned above may be located outside of the country where we obtained your Personal Data. We only share your Personal Data abroad to the extent permitted and required by law. Personal Data is only transferred to third parties or our affiliates in foreign countries if the relevant legal requirements are met. Third parties or our affiliates in foreign countries are required to maintain the same level of data protection as we do. The recipients are located in the following countries EU member states, in particular, Poland, Spain, Hungary, Denmark, and the Netherlands, the United Kingdom (UK) and the US and we ensure the protection of your Personal Data is guaranteed with the appropriate safeguards relating to the transfer, indicated as follows:

  • For the transfer of Personal Data from Switzerland, the UK or an EU Member State to another EU Member State, Switzerland or the UK, there are no safeguards required, as these countries provide an adequate level of data protection.
  • For the transfer of Personal Data to the US, we use EU standard contractual clauses and any additional addendums or requirements under local data protection law.

You may request a copy of these contractual guarantees, whereby in individual cases we may need to redact parts that are relevant to the privacy of others or confidentiality obligations.

In exceptional cases, we may rely on your explicit consent or transfer your Personal Data abroad if it is necessary for the performance of contract, establishment, exercise, or enforcement of legal claims or overriding public interests.

VIII.Data Security

The Company has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed under this Privacy Policy. We make sure, to hold your Personal Data securely in electronic and physical form, to protect it from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss.

Our employees and third-party service providers or other data processors who have access to confidential information (including Personal Data) are subject to strict confidentiality obligations and have signed any necessary data protection agreements.

However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are always free to transfer Personal Data to us via alternative means, e.g., by telephone, to the extent that the purposes described in this Privacy Policy can still be met.

IX. Storage of Personal Data

Unless otherwise indicated in this Privacy Policy, we will retain your Personal Data for as long as is necessary for the purpose for which it was collected.

Therefore:

  • Personal Data that are collected for the purpose of fulfilling a contract agreed between the Company and you will, generally, be stored until this contract has been fulfilled.
  • Personal Data that are collected for the purpose of maintaining the Company's legitimate interests, including data security, will, generally, be stored until this purpose has been fulfilled.
  • In addition, the Company is permitted to store Personal Data for a longer period if you have consented to this and have not revoked your consent or if this is required to fulfil legal or regulatory requirements (for example accounting rules or tax law) and for as long as claims could be brought against us.

If the Processing purpose is not applicable, or if a storage period prescribed by the competent legislator of the Applicable Data Protection Law expires, the Personal Data are routinely blocked or erased in accordance with legal requirements.

X. Rights of the Data Subject

1. General Information Regarding Your Rights

If you would like to exercise your data protection rights, please contact us in writing by email or letter in accordance with section I of this Privacy Policy.

Please note, that we may refuse or limit to grant these rights for legal reasons or based on the Applicable Data Protection Law, in which case we will provide the reasons for our decision as required by law.

In general, you will not have to pay a fee to exercise any of your individual rights. However, we may charge a fee for access to your Personal Data if the relevant data protection legislation allows us to do so, in which case we will inform you as required by law.

2. Right of Confirmation

You have the right to ask us to confirm whether or not Personal Data concerning you is being processed.

3. Right of Access

You have the right to receive information about the Personal Data Processed by us at any time (such as the type of data that is processed, with whom your data is shared, whether it is transferred abroad, where we collected it from or how long we store it) and, in certain cases, a copy of this information.

4. Right to Rectification

You have the right to ask us to correct inaccurate Personal Data concerning you without delay. Taking into account the purposes of the Processing, you can also have incomplete Personal Data completed, including by means of providing a supplementary statement.

5. Right to Erasure (Right to be forgotten)

In certain cases (e.g., if we no longer need the data, if the data was collected unlawfully, if the data is false etc.), you have the right to ask as to erase Personal Data concerning you without undue delay.

6. Right of Restriction of Processing

You have the right to ask us to restrict the Processing your Personal Data in certain cases (e.g., if we no longer need certain data, if we collected the data unlawfully or you are contesting some of the data etc.).

7. Right of Confirmation

You have the right, to receive the Personal Data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, as long as the Processing is based on consent, or on a contract, and the Processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8. Right of Confirmation

You have the right to object to us Processing your Personal Data. We will no longer Process the Personal Data in the event of such objection, unless we can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If the Company Processes Personal Data for direct marketing purposes, you have the right to object at any time to such marketing. This applies to profiling to the extent that it is related to such direct marketing. In these cases, the Company will no longer Process the Personal Data for these purposes.

9. Right of Confirmation

You have the right to withdraw your consent to Processing your Personal Data at any time. Once we have received notification that you have withdrawn your consent, we will no longer Process your Personal Data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

10. Right of Confirmation

If you feel we have not handled your query or concern to your satisfaction, you may lodge a complaint with the competent data protection authority according to the Applicable Data Protection Law. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch) and in Poland this is the President of the Personal Data Protection Office (https://uodo.gov.pl/489/id_art/2246).

XI. Definitions

According to Applicable Data Protection Laws, our Privacy Policy should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used. In this Privacy Policy, we use the following terms:

1. Personal Data

Personal Data means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data Subject

A Data Subject is any identified or identifiable natural person, whose Personal Data is processed by the Controller responsible for the processing.

3. Data Protection Officer

The Data Protection Officer is an employee, third-party individual or third-party entity designated by the Company to ensure compliance with Applicable Data Protection Law. The Company will only appoint a Data Protection Officer if such assignment is required by Applicable Data Protection Law.

4. EU / UK Representative

An EU or UK Representative is a third-party individual or third-party entity established in the EU or UK designated by the Company in writing as a point of contact for Data Subjects or competent supervisory authorities in the EU or UK in accordance with Applicable Data Protection Law. Its role is to represent the Company with regard to its obligations under Applicable Data Protection Law.

5. Processing

Processing is any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

6. Restriction of Processing

Restriction of processing is the marking of stored Personal Data with the aim of limiting their Processing in the future.

7. Profiling

Profiling means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

8. Pseudonymization

Pseudonymization is the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.

9. Controller

A Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by the Applicable Data Protection Law of the country concerned, the Controller or the specific criteria for its nomination may be provided for by the Applicable Data Protection Law of the country concerned.

10. Processor

A Processor is a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.

11. Recipient

A Recipient is a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with the Applicable Data Protection Law shall not be regarded as recipients; the Processing of that data by those public authorities shall be in compliance with the Applicable Data Protection Law according to the purposes of the Processing.

12. Third Party

A Third Party is a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorized to Process Personal Data.

13. Consent

Consent of the Data Subject is any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data Relating to him or her.

XII. Changes to this Privacy Policy

This Privacy Policy will be updated from time to time to reflect legal changes, customer feedback, and changes related to the Golem Project and our services. When we make changes to this Privacy Policy, we will revise the "Effective Date" at the bottom of the Privacy Policy. If there are any material changes to this Privacy Policy regarding the way we Process your Personal Data, we will notify you either by sending you a notification or posting a notice of such changes on our website and/or in the Golem application before they take effect.

We encourage you to periodically review this Privacy Policy to learn how we process your Personal Data.

back to top