Last updated October 27, 2023
1. Navigating this Policy
If you are viewing this policy online, you can use control+ f to find the section you're looking for:
1. Navigating this Policy
2. Summary
2.1. Definitions
3. Your information and the Blockchain
4. How We Use Personal Data
4.1. Through our website
4.1.1. Job Applicants
4.1.2. Users requesting early access to our service
4.1.3 Aggregated Credential Proof Service
4.2. Data retention
4.3. Use of Third Party Applications
4.3.1. Discord Connection
4.3.2. Services related to our Identity Hub
Blockchain
a. Polkadot
b. Kusama
c. Ethereum
d. Polygon
e. Binance Smart Chain
4.3.3 Credential verification
4.3.4 Cloud Provider
4.3.5. Google Fonts
5. Cookies
6. Privacy policies of other websites
7. Your rights
8. Technical and Organisational Measures
9. International data transfers
9.1. Blockchain Networks
9.2. Children’s personal data
9.3. Changes
At Trust Computing GmbH, we care about your right to privacy and are committed to protecting your personal data. To make this possible, we adopt Privacy by Design and by Default in all our processes and products as they relate to you by integrating privacy upfront and building privacy into our services and our website.
The terms “we”, “us”, “our”, “TrustComputing” refer to “Trust Computing GmbH”. This privacy statement aims to help you understand your rights, our obligations and outline how we handle your personal data when you interact with our website. Please read the following carefully to understand our views and practices regarding your personal data. We may update our privacy notice from time to time; we encourage you to visit this page for updates.
We’d like to summarise our approach to privacy in a few commitments to you:
1. Clearly inform you of our privacy practices and keep it up to date
2. Make sure to implement practices, procedures and systems to comply with applicable data protection laws.
3. Explain the category of personal data we collect and the legal basis for processing personal data. 4. Inform you of the purpose for which your personal data is collected, stored, used, and disclosed.
5. Inform you about your rights to information, access, rectification, deletion, portability, objection. If you have any questions regarding our privacy practices, please contact us at info@trustcomputing.de
“Personal data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” means any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Blockchain” means a mathematically secured consensus ledger such as the Ethereum Virtual Machine, an Ethereum Virtual Machine compatible validation mechanism, or other decentralised validation mechanisms.
“Credentials” refer to a set of information, typically comprising identification and authentication data, used to verify a user's identity or grant them access to a system or service. For example, when accessing Twitter, a user's credentials might include their email address or username, along with a password or two-factor authentication method. In the context of this document however, when we talk about verifying your credentials, we are not provided with your password or two-factor authentication, but rather the proof that you have verified that your credentials have been entered correctly.
A “canary network” is a separate but parallel blockchain network used for testing and experimentation of new features, upgrades, and changes before they are implemented on the main network. Canary networks provide developers with a real-world environment to identify potential issues, optimise
performance, and gather user feedback without compromising the stability or security of the primary blockchain.
Responsible entity:
Trust Computing Gmbh
Eichhornstraße 3
10785 Berlin, Germany
Trust Computing Gmbh is the data controller for the processing activities being conducted on and through our website and the underlying technical infrastructure.
You can contact us via email at info@trustcomputing.de
Blockchains, also known as distributed ledger technology (or simply ‘DLT’), are made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralised place where it is located either.
Accordingly, by design, a blockchain's records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object or restrict processing of your personal data. Considering the nature of blockchain, data on the blockchain cannot be erased and changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.
In certain circumstances, in order to comply with our contractual obligations to you it will be necessary to write certain personal data, such as your wallet address, onto the blockchain, this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.
In most cases ultimate decisions to (i) transact on the blockchain using your wallet address, as well as (ii) share the public key relating to your wallet address with anyone (including us) rests with you.
Please note that if you want to ensure your privacy rights are not affected in any way, you should not transact on blockchains as certain rights may not be fully exercisable by you or fulfilled by us due to the technological infrastructure of the blockchain. In particular, the blockchain is available to the public and any personal data shared on the blockchain will become publicly available.
When you apply for a job at Trust Computing GmbH through email, LinkedIn or a different job platform we process the following personal data which may include:
I. your first name
II. your last name
III. your email
IV. your LinkedIn profile
V. your phone number (optional) and your location (optional)
VI. your salary expectation (optional)
VII. your resume that includes your previous work experience and education VIII. Any other information you provide us with.
We assess this information against the job requirements for our recruitment purposes only. The legal basis for these activities is our legitimate interests (GDPR Art. 6.1.f and § 26 BDSG).
We will store CVs and related job data for a period of 6 months. Notwithstanding the foregoing, if a need arises to store such information for a longer period of time, we will first ask for your consent to do so.
Both partners and website users can request early access to our identity hub services through our contact form here. When you request early access, and to fulfill your request, we collect personal data which may include:
I. your email address
II. your substrate address
III. your full name or a pseudonym
IV. whether you are a web3 entrepreneur or a web3 user
V. the Blockchain through which you interact with our service
VI. any information you provide us with in the “Tell us a bit about yourself” textfield
In addition, if you select the option “web3 entrepreneur” we also collect:
I. The name of the company you work for
II. The size of your audience or community
We also request this information to assess your community against our business interests for lead generation purposes:
I. If you consider yourself to be an influencer and in which community.
We will retain this data for 6 months after the open access program ends.
In addition to this information, we also collect publicly available personal data directly from the third party providers, depending on the medium for which you need to prove your identity. Information from third parties may include:
I. your Twitter account name
II. your Github account name
III. your Discord account name
IV. your Discourse account name
V. your Reddit account name
VI. your public wallet addresses, which may include the following blockchains
A. Polkadot
B. Kusama
C. Ethereum
D. Polygon
E. Binance Smartchain
We cover the use of third party providers in details in section 4.3, Use of Third Party Applications
When your personal data has been added to the aggregated credential proof, this signifies the end of the processing for that purpose. We do not store your personal data beyond the duration of the processing.
We generally do not store your personal data. However, we will retain documents containing personal data in the following cases:
● to the extent that we are required to do so by law;
● To establish, exercise or defend ourselves in potential legal proceedings;
Through the website, you have the option to join our Discord channel using the following link: https://discord.com/invite/M7T4y4skVD. When you join our Discord channel we may collect personal data. This data may include:
I. your username,
II. additional information you give us access to related to your Discord account.
For information on the privacy practices of Discord, please refer to their privacy policy: https://discord.com/privacy.
TDFLabs and Etherscan
TDFLabs and Etherscan are used to collect on-chain data about your account necessary to provide you with our Identity Hub Service. When you use our Service we may request personal data from TDFLabs. This data may include:
I. Your wallet address
II. Your transactions stored on the blockchain
For information on the privacy practices of TDFLab, please refer to their privacy policy: https://substack.com/privacy
For information on the privacy practices of Etherscan, please refer to their privacy policy: https://etherscan.io/privacyPolicy
Sendgrid
We use Sendgrid for marketing campaigns. When you sign up for our “Early Access Program” we may transmit personal data to Sendgrid.
This data may include:
I. Your email address
For information on the privacy practices of Sendgrid, please refer to their privacy policy: https://www.twilio.com/en-us/legal/privacy
Fleek, Pinata - IPFS Gateways
We use Fleek and Pinata as IPFS Gateways. IPFS stands for interplanetary filesystem and is a decentralised web3-based storage service. We may store personal data on IPFS. This data may include:
I. You social media account
II. The timestamp the transaction on the blockchain is created
III. Additional technical information required to run the Identity Hub The Type of Social account IV. A link to the message we used to verify your account.
For information on the privacy practices of Fleek, please refer to their privacy policy: https://fleek.co/privacy-policy/
For information on the privacy practices of Pinata, please refer to their privacy policy: https://www.pinata.cloud/privacy-policy
When you visit our page, we use Plausible to track web traffic without tracking individual visitors. We treat the data collected through Plausible as personal data and take all necessary measures to protect your rights and freedoms as a data subject.
Through Plausible, we collect the following data points:
I. page URL
II. HTTP referrer
III. browser
IV. operating system
V. device type
VI. country
VII. region
VIII. city
For information on the privacy practices of Plausible, please read their data policy here: https://plausible.io/data-policy.
We use Sentry as a processor for monitoring and troubleshooting our software. It provides real-time error tracking that gives developers insight into production deployments, allowing them to find, triage, and prioritise errors in real-time. Here are some of the key uses of Sentry as a processor:
1. Error Tracking: Sentry provides real-time error tracking, allowing developers to monitor and fix bugs as they happen. It captures code-level context for exceptions and crashes, allowing developers to understand what's causing an issue without having to reproduce it.
2. Performance Monitoring: Sentry helps developers understand how their code performs in production. It can identify slow-loading pages, API calls, and other bottlenecks that impact user experience.
3. Release Health: With Sentry, developers can monitor the health of releases by seeing which ones introduce new errors and which ones resolve existing ones. This helps teams understand the impact of their code changes and manage their release cycles more effectively.
4. Issue Management: Sentry automatically groups similar errors together, helping developers reduce noise and focus on the most significant issues. It also allows developers to assign issues to team members, track their status, and link them to related issues in project management tools.
5. Alerts and Notifications: Sentry sends real-time notifications when new issues are detected, allowing developers to respond quickly to problems. It can send alerts through various channels, including email, SMS, and popular team communication tools.
For information on the privacy practices of Sentry, please read their data policy here: https://sentry.io/privacy/
To provide our service to you, we engage only third-party applications who provide adequate safeguards for data processing. We use various blockchains in order to provide decentralised identity aggregation on our verification platform to securely verify users' credentials and aggregate their personal data from various blockchains and platforms. By integrating multiple blockchains, we collect your personal data as mentioned in Section 4.1.2. for the purpose of providing our service for cross-chain identity management, allowing users to maintain a single, unified digital identity across different networks.
When users provide their credentials, we verify the information by checking cryptographic proofs stored on the respective blockchains. This process ensures that the provided data is accurate and up-to-date, without compromising user privacy or security.
We also provide granular access control to decentralised applications (dApps). Users can manage their digital identities, deciding which pieces of personal data they wish to share with dApps on a case-by-case basis. This approach empowers users to maintain control over their own data, enhancing privacy and
security while streamlining the process of interacting with various dApps across different blockchain networks.
THE INFORMATION WILL BE PUBLIC AND DISPLAYED PERMANENTLY, THIS IS PART OF THE NATURE OF THE BLOCKCHAIN. IF YOU ARE NEW TO THIS FIELD, WE HIGHLY RECOMMEND INFORMING YOURSELF ABOUT THE BLOCKCHAIN TECHNOLOGY BEFORE USING OUR SERVICES.
We use the following Blockchain networks for the purposes described in the subsections below.
Polkadot is a blockchain platform that enables interoperability and scalability among multiple blockchains. We use it as infrastructure to run our service by storing cryptographic proofs that validate the credentials you provide, ensuring secure and seamless data exchange.
We use Polkadot for 2 different purposes as described in Section 4.1.2:
1. We use Polkadot to provide decentralised identity aggregation on our verification platform to securely verify users' credentials and aggregate their personal data from various blockchains and platforms.
2. We use the Polkadot public wallet address to verify the credentials of the user and aggregate the result into the cryptographic proof.
For information on the privacy practices of Polkadot, please refer to their privacy policy: https://polkadot.network/privacy/
Kusama is a scalable, interoperable blockchain platform and serves as a canary network for Polkadot. We use Kusama to run our service by storing cryptographic proofs that validate the credentials you provide, ensuring secure and seamless data exchange, while simultaneously testing new features and upgrades in a real-world environment before deploying them to Polkadot.
We use Kusama for 2 different purposes as described in Section 4.1.2:
1. We use Kusama as a canary network to provide decentralised identity aggregation on our verification platform to securely verify users' credentials and aggregate their personal data from various blockchains and platforms.
2. We use the Kusama public wallet address to verify the credentials of the user and aggregate the result into the cryptographic proof.
Ethereum is an open-source, decentralised blockchain platform known for introducing smart contracts. These self-executing agreements, written in code, automatically enforce their terms when predefined conditions are met, enabling developers to build and deploy decentralised applications.
We use the Ethereum public wallet address to verify the credentials of the user and aggregate the result into the cryptographic proof as described in Section 4.1.2.
For information on the privacy practices of Ethereum, please refer to their privacy policy https://ethereum.org/en/privacy-policy/.
Polygon, formerly known as Matic Network, is a layer-2 scaling solution for Ethereum that aims to improve its scalability and reduce transaction costs. It provides a framework for building and connecting multiple blockchain networks while maintaining the security and decentralisation of the Ethereum network, enabling developers to create efficient and cost-effective decentralised applications.
We use the Polygon public wallet address to verify the credentials of the user and aggregate the result into the cryptographic proof as described in Section 4.1.2.
For information on the privacy practices of Polygon, please refer to their privacy policy: https://polygon.technology/privacy-policy.
Binance Smart Chain (BSC) is a blockchain platform developed by Binance, which runs parallel to the Binance Chain. It offers smart contract functionality and compatibility with the Ethereum Virtual Machine (EVM), enabling developers to build and deploy decentralised applications. BSC aims to provide faster and cheaper transactions compared to Ethereum, while maintaining a high level of decentralisation and security.
We use the Binance Smart Chain public wallet address to verify the credentials of the user and aggregate the result into the cryptographic proof as described in Section 4.1.2.
For information on the privacy practices of Binance, please refer to their privacy policy: https://www.binance.com/en/privacy.
We use the following third party tools to verify the credentials of the user and aggregate the result into cryptographic proof for the purposes mentioned in section 4.1.2:
a. Twitter - For information about the privacy practice of Twitter, please refer to their privacy policy: https://twitter.com/en/privacy.
b. Github - For information about the privacy practices of Github, please refer to their privacy policy: https://docs.github.com/en/site-policy/privacy-policies.
c. Reddit - For information about the privacy practices of Reddit, please refer to their privacy policy: https://www.reddit.com/policies/privacy-policy.
d. Discord - For information about the privacy practices of Discord, please refer to their privacy policy: https://discord.com/privacy
e. Discourse - For information about the privacy practices of Discourse, please refer to their privacy policy: https://www.discourse.org/privacy
4.3.4 Cloud Provider
We use the following cloud providers:
1. AWS Cloud
2. OVHCloud
3. Hetzner Cloud
4. Vercel
To process your personal data which may include:
a. User-provided data: This includes any data that the customer intentionally sends to the cloud for storage or processing, which includes anything from text files to photos and databases of customer information.
b. Automatically collected data: This includes data like IP addresses, device information, and usage data (e.g., when and how long a user is logged in), which are typically collected automatically by the cloud provider for purposes such as improving the service, debugging issues, or detecting fraudulent activity.
c. Metadata: This includes data about other data, such as when a file was uploaded or who has access to it. This is usually generated and stored automatically by the cloud provider. d. Derived data: This includes data that the cloud provider generates based on the user's data or activity, such as analysis of usage patterns or machine learning models trained on user data.
For the following purposes:
1. Data Storage and Management: The primary role of these providers is to store and manage data on behalf of the controller. This includes website content, user data, and other information necessary for the functioning of the website.
2. Security: Cloud providers provide various security measures to protect the stored data from unauthorised access, data breaches, and other cyber threats. They implement firewalls, encryption, and other security measures to ensure data protection.
3. Backup and Recovery: They offer backup services to protect data from accidental deletion, system crashes, or other data loss incidents. In the case of a data loss event, recovery services can restore the data.
4. Data Processing and technical monitoring: Some cloud providers offer tools for data processing and technical monitoring. This could include traffic analysis, user behaviour analysis for bug tracking, and other data-driven insights that can help optimise the website's performance and user experience.
5. Compliance and Audit: Cloud providers often offer tools and services to assist with regulatory compliance, including GDPR.
For information on the privacy practices of AWS Cloud, please refer to their privacy policy: https://aws.amazon.com/privacy/
For information on the privacy practices of OVHCloud, please refer to their privacy policy: https://www.ovhcloud.com/en/terms-and-conditions/privacy-policy/
For information on the privacy practices of Hetzner Cloud, please refer to their privacy policy: https://www.hetzner.com/legal/privacy-policy
For information on the privacy practices of Vercel, please refer to their privacy policy: https://vercel.com/legal/privacy-policy
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows us or a third party to recognise you, personalise and make your next visit easier, recognise your device and store some information about your preferences or past actions. Cookies can either be "persistent" or "session" cookies. Session cookies are deleted at the end of the session, whereas persistent cookies remain stored in the device until they expire or are deleted from the device of the website visitor.
We rely on your consent (GDPR Art. 6.1.a) to place analytical and marketing cookies. Necessary cookies are essential for the operation and functionality of our website and do not require consent. In this case, we rely on our legitimate interests (GDPR Art. 6.1.f) or the necessity to perform the contract (GDPR Art. 6.1.b). In general, you can reject non-necessary cookies without consequences.
Our website www.trustcomputing.de does not collect any cookies.
Our career website does not contain any cookies but we do have links to other websites. Our privacy notice, including our use of cookies, apply only to our website and underlying service. Therefore, if you click on a link to another website, you should read their privacy notice for information on their privacy practices, including their use of cookies.
You may exercise the following rights regarding your personal data. In particular, you have the right to:
● Object against the processing of your information: If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. If there are no compelling interests for us to refuse your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you.
● Access your information: You have the right to know what personal data we process about you. You can obtain a copy of the personal data we collect and process about you. We will provide this information to you only after we have verified your identity to protect you and your personal data from impersonators.
● Rectification: If you find that we process inaccurate or out-of-date information, you can request that we update or correct it.
● Restrict the processing of your information: When you contest the accuracy of your information, or believe we process it unlawfully, or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we receive your consent to resume processing, we demonstrate compelling legitimate grounds for the processing. We may process restricted data in the exercise or defence of legal claims and to protect the rights of another natural or legal person or for reasons of important public interest.
● Delete your personal data: If we are not under a legal obligation to keep the data for a period of time and your data is not needed in the scope of an active contract or claim, we will erase your information upon your request.
● Data portability: You may request that we transfer your personal data to another organisation. Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your data available to you or to an organisation of your choosing.
● Lodge a complaint with a supervisory authority: If you believe that our use of personal data violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.
Available authorities in Europe can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
Trust Computing GmbH is registered with the Berliner Data Protection Authority, which can be contacted here:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219, 10969 Berlin, Germany
Telefon: +4930138890, mailbox@datenschutz-berlin.de
When you make a request to exercise your data subject rights, we are required to respond within 1 month. Taking into account the nature and scope of the request, we may extend it by two further months, but we will inform you accordingly. Please email us at info@trustcomputing.de to exercise any of your rights.
We use SSL encryption on a day to day basis to protect information online and ensure that user information is protected offline. We perform staff training on the value of personal data. We grant access permissions strictly on a need-to-know basis. All members of staff who handle personal data are committed to integrity and are bound by the duty of confidentiality.
Under the GDPR, sending personal data to, or making personal data accessible from outside the EEA amounts to international data transfers necessitating the implementation of appropriate transfer mechanisms. We take steps to ensure that where your information is transferred outside of the EEA or the UK by our service providers and hosting providers, appropriate measures and controls are in place to protect that information in accordance with applicable data protection laws and regulations such as signing data protection agreements and practising data minimisation. Where we transfer personal data to third parties in third countries, we rely on standard contractual clauses to provide appropriate safeguards and guarantee the exercise of your data subject rights. We make use of additional supplementary measures such as encryption to ensure an adequate level of personal data protection.
In accordance with the GDPR, we wish to inform you about the use of blockchain technology within our services and its implications for international data transfers. Blockchain is a decentralised, distributed ledger technology that stores and secures data across a network of nodes. As a result, the data stored on a blockchain may be processed and stored in multiple locations around the world. In permissionless networks, blockchain nodes are hosted worldwide, and we have no control over the locations in which those nodes are hosted.
While we implement strong encryption and access control measures to protect your personal data, it is essential to note that data transfers to countries outside the European Economic Area (EEA) may not provide the same level of data protection as within the EEA. To ensure compliance with GDPR requirements, we only engage with blockchain networks and partners that adhere to strict data protection standards and implement adequate safeguards, such as encryption and data anonymisation techniques, to protect your personal data during cross-border transfers.
This website is not intended for users below the age of 18. If you suspect that your account or this service is being used by minors, then write to us immediately at info@trustcomputing.de.
From time to time, we may affect changes or make updates to this privacy notice. We advise that you visit this privacy notice for the latest update on our privacy practices.