Data Privacy Notice

Last Updated: October 18, 2019

Why are you seeing this notice?

This Data Privacy Notice details important information regarding the collection, use and disclosure of personal information collected on the OpenZeppelin websites located at https://openzeppelin.com, https://docs.openzeppelin.com, http://forum.openzeppelin.com and https://blog.openzeppelin.com (the “Websites”), and any other applications, tools, products, services, blogs, forums and/or materials (collectively, “Services”) offered from time to time by OpenZeppelin. OpenZeppelin provides this Data Privacy Notice to help you understand how your personal information is used by us and your choices regarding our use of it. By using the Websites or the Services, you agree that we can collect, use, disclose, and process your information as described in this Data Privacy Notice. This Data Privacy Notice only applies to the OpenZeppelin Websites and Services, and not to any other websites, products or services you may be able to access or link to via the Websites. We encourage you to read the privacy policies of any other websites you visit before providing your information to them.

While our values will not shift, the Websites will evolve over time, and this Data Privacy Notice will change to reflect that evolution. If we make changes, we will notify you by revising the date at the top of this Data Privacy Notice. In some cases, if we make significant changes, we may give you additional notice by adding a statement to our homepage. We encourage you to review this Data Privacy Notice periodically to stay informed about our practices.

This Privacy Policy should be read in conjunction with our Terms of Use. By accessing any Services, you are consenting to the information collection and use practices described in this Data Privacy Notice.

Your use of any Services and any personal information you provide to use Services remains subject to the terms of this Privacy Policy Notice and our Terms of Use, each as may be updated from time to time.

Any questions, comments or complaints that you might have should be emailed to legal@openzeppelin.com.

Personal Data” has the meaning given in the European Union (“EU”) data protection legislation and any other applicable data laws in any other relevant jurisdiction, and includes any information relating to an identifiable individual (such as name, address, email address, date of birth, passport details or other national identifier, driving licence, national insurance or social security number, income, employment information, tax identifier and residence, account numbers and electronic information).

Who is providing this notice?

The relevant OpenZeppelin entity responsible for the processing of your personal data is zOS Global Limited, a company registered under the laws of the Cayman Islands (the “Curator”). Where we use the term “we”, “us” and “our” in this Data Privacy Notice, we are referring to the Curator. The Curator and OpenZeppelin are committed to protecting and respecting your privacy.

This notice and any other documents referred to in it sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. When you provide us with your Personal Data, we act as a "data controller". In simple terms, this means that:

  • we control the Personal Data that you provide - including making sure that it is kept secure; and
  • we make certain decisions on how to use and protect your Personal Data - but only to the extent that we have informed you about the use or are otherwise permitted by law.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

By visiting the Websites, you are accepting and consenting to the practices described in this privacy notice.

Personal data we collect about you

The Personal Data collected about you will help us to provide you with a better service and facilitate our business relationship. We may combine Personal Data that you provide us with Personal Data that we collected from, or about you, in some circumstances. This will include Personal Data collected in an online and offline context.

Where do we obtain your personal data

We will collect and process Personal Data about you from a number of sources, including:

Personal Data you give us. This is information about you that you give us by filling in forms on the Websites, or by corresponding with us by phone, e-mail, social media, forum, blog or otherwise. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description, personal documentation and photographs or other information you choose to share with us.

Personal Data you agree we may collect. You may agree to give us information relating to your use of the Services, which may include technical information like frequency of use of subcommands or other features utilized within the Services.

Personal Data we collect about you. With regard to each of your visits to our Websites we will automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Websites (including date and time), products you viewed, used, downloaded or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

Personal Data we receive from other sources. We work with third parties (including, for example, software providers, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) who may provide us information about you. We will combine this Personal Data with information you give to us and information we collect about you.

Cookies

Our Websites uses cookies to distinguish you from other users of our Websites. This helps us to provide you with a good experience when you browse our Websites and allows us to improve our Websites. Most web browsers are set to accept cookies by default, but you can usually set your browser to remove or reject browser cookies. If you do choose to remove or reject cookies, however, your ability to use the Websites or the Services might be affected.

Uses made of the information

We process your Personal Data for the following purposes:

It is necessary to perform our contract with you to:

  • carry out our obligations arising from any contracts entered between you and us and to provide you with the information, products, and services that you request from us; 
  • notify you about changes to our products or services;
  • facilitate the continuation or termination of the contractual relationship; and
  • administering and facilitating any other transaction between you and us.

It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:

  • comply with requests from regulatory, governmental, tax, and law enforcement authorities;
  • surveillance and investigation;
  • carry out audit checks;
  • prevent and detect fraud; and
  • sanctions.

For our legitimate interests or those of a third party:

  • to comply with an applicable legal or regulatory obligation (other than one laid down by EU or European Economic Area (“EEA”) member state law) to which we or the relevant third party is subject for the reasons above);
  • to provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about;
  • to improve our Websites and to ensure that content from our Websites is presented in the most effective manner for you and for your computer;
  • to improve our Services for users;
  • to administer our Websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to allow you to participate in interactive features of our products and services, when you choose to do so;
  • as part of our efforts to keep our Websites safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and/or
  • to make suggestions and recommendations to you and other users of our Websites about goods or services that may interest you or them.

We only rely on these interests where we have considered that, on balance, our legitimate interests are not overridden by your interests, fundamental rights or freedoms.

We monitor communications where the law requires us to do so. We will also monitor where we are required to do so to comply with our regulatory rules and practices and, where we are permitted to do so, to protect our business and the security of our systems.

Disclosure of your personal data

We share your Personal Data, for the purposes of:

  • managing the relationship with you;
  • the purposes set out in this privacy notice;
  • delivering the products and services you require;
  • complying with applicable interest laws and regulations;
  • delivering and facilitating the services needed to support our relationship with you; and
  • fraud protection and credit risk reduction,

with:

  • any member of our group, which means respective past, present and future employees, officers, directors, contractors, consultants, equity holders, suppliers, vendors, service providers, parent companies, subsidiaries, affiliates, agents, representatives, predecessors, successors, and assigns;
  • selected third parties including business partners, suppliers, and sub-contractors;
  • if we sell or buy any business or assets, the prospective seller or buyer of such business or assets; or
  • if Curator or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.

We share your Personal Data with tax authorities:

  • to comply with applicable laws and regulations;
  • where required by EEA tax authorities (who, in turn, may share your Personal Data with foreign tax authorities); and
  • where required by foreign tax authorities, including outside of the EEA.

We share your Personal Data with our lawyers, auditors and other professional advisors for purposes of:

  • providing you with our products and services; and
  • to comply with applicable legal and regulatory requirements.

In exceptional circumstances, we will share your Personal Data with competent regulatory, prosecuting and other governmental agencies or litigation counterparties, in any country or territory.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Do you have to provide us with personal data?

Unless otherwise indicated, you should assume that we require the Personal Data for business and/or compliance purposes.

Some of the Personal Data we request is necessary for us to provide our product or perform our services with you and if you do not wish to provide us with this Personal Data, it will affect our ability to provide our products or services to you.

Sending your personal data overseas

We will transfer your Personal Data to other members in our group and related parties and to third party service providers, including outside of the EU and EEA, which do not have similarly strict data protection privacy laws.

Where we transfer Personal Data to our associates or service providers, we have put in place data transfer agreements and safeguards based on European Commission approved terms.

Please contact us if you would like to know more about these agreements or receive a copy of them. Please see below for our contact details.

We do not generally rely on obtaining your consent to process your Personal Data.

If we do, for example in respect of processing your data in respect of marketing purposes, you have the right to ask us not to process your Personal Data at any time. You can also exercise the right at any time by contacting us at legal@openzeppelin.com.

Retention and deletion of your personal data

We keep your Personal Data for as long as it is required by us for our legitimate business purposes, to perform our services and/or contractual obligations, or where longer, such longer period as is required by law or regulatory obligations which apply to us. Some Personal Data will be retained after your relationship with us ends. As a general principle, we do not retain your Personal Data for longer than we need it. We will usually delete your Personal Data (at the latest) when there is no longer any legal or regulatory requirement or business purpose for retaining your Personal Data.

Automated decision-making

We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of Personal Data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of EU data protection legislation and other applicable laws.

Your rights

You have certain data protection rights, including:

  • the right to access your Personal Data;
  • the right to restrict the use of your Personal Data;
  • the right to have incomplete or inaccurate Personal Data corrected;
  • the right to ask us to stop processing your Personal Data; and
  • the right to require us to delete your Personal Data in some limited circumstances.

You also have the right in some circumstances to request for us to "port" your Personal Data in a portable, re-usable format to other organisations (where this is possible).

Our Websites may, from time to time, contain links to and from the websites of our partner networks, third-party services, social networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Concerns or queries

We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your Personal Data.

This privacy notice was drafted with simplicity and clarity in mind. We are, of course, happy to provide any further information or explanation needed. Our contact details are below.

If you want to make a complaint, you can also contact the body regulating data protection in your country, where you live or work, or the location where the data protection issue arose. A list of the EU data protection authorities is available by clicking this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Contact

Please contact us if you have any questions about this privacy notice or the Personal Data we hold about you.

Questions, comments and requests are welcomed and should be addressed to legal@openzeppelin.com.