Privacy Policy

1. General

Below you find information about how Chromaway AB (”Chromaway”, ”we”, ”our”, ”us”) processes your personal data under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) when you visit our website, communicate with us and use our services.

If you have any questions related to the notice or our processing of personal data, please use the contact details at the end of this document.

Summary

We process your personal data mainly for the purposes to:

- Create and administer your account with us.
- Facilitate the Chromia blockchain.
- Provide newsletters and marketing materials about our services.
- Process technical information when visiting this website; and.
- Safeguard your rights under the GDPR.

2. Responsibility

Chromaway AB as the data controller

Chromaway is the sole data controller in relation to processing your personal data for the purposes described below in section 3. For other services within the Chromaway eco-system, please refer to the applicable privacy notice for each service.

In order to facilitate and make the Chromia blockchain platform work as intended, Chromaway as a system provider, together with other node providers, also processes personal data as joint controller under art. 26 of the GDPR. System providers and node providers jointly decides the purpose and means of the processing on an infrastructure layer of the blockchain. Each system provider and node provider are reliable on all of the providers in the network, making it a joint controllership.

Information on how Chromaway processes personal data for recruitment purposes, please see our privacy notice for recruitment here.

Chromaway AB as the data processor

Chromaway is the data processor in relation to processing personal data from decentralized applications (dApps) run on the Chromia blockchain platform. Please refer to the applicable privacy notice for each dApp for a complete list of the personal data processed. Chromaway will only act upon the instructions provided by the dApp developers. Chromaway and the dApp developers have entered into a data processing agreement under article 28 of the GDPR.

3. For what purpose do we process your personal data and with which legal basis?

Purpose

Categories of personal data and source

Legal basis

Transfer and access

Retention period

Purpose: Create and administer your account with us and to allow you to use our services

Categories of personal data and source: Private key

Legal basis: Legitimate interest of Chromaway to set up and administer accounts upon your request

Transfer and access: No transfer

Retention period: Processed until the service is no longer used and active by the user

Purpose: Anonymise your personal data in order to improve our services

Categories of personal data and source: Any personal data related to improving our service

Legal basis: Legitimate interest of Chromaway to improve our service taking into account privacy by design

Transfer and access: External provider for business development

Retention period: Personal data is unidentifiable immediately after the information isanonymized

Purpose: Process data as a joint controller when Chromaway acts as a system provider together with other node providers in the Chromia blockchain platform

Categories of personal data and source: Vary depending on the personal data processed in the specific decentralized applications (dApps)

Legal basis: Legitimate interest of Chromaway to keep the Chromia blockchain network from working properly

Transfer and access: Node providers in the network

Retention period: See retention policy for each responsible dApp developer

Purpose: Respond to inquiries related to support or other requests

Categories of personal data and source: Name, email, other type of contact information you provide and any information you provide to us in your inquiry

Legal basis: Legitimate interest of Chromaway to respond to questions you voluntarily send to us

Transfer and access: External support provider.

Retention period: Stored for 90 days after the inquiry is solved

Purpose: Provide marketing materials and offers to you about other products and services

Categories of personal data and source: Name, email

Legal basis: Legitimate interest of Chromaway to market our business and to provide you with offers

Transfer and access: External marketing provider

Retention period: Personal data is stored for 3 years

Purpose: Send out newsletters and invitations to events

Categories of personal data and source: Email

Legal basis: Consent

Transfer and access: External marketing provider

Retention period: Your consent is stored for 3 years. If you do not wish to receive any more newsletters or invitations to events, you can always revoke your consent

Purpose: Protect against legal claims and safeguard legal rights

Categories of personal data and source: Any relevant personal data that is part of the legal dispute

Legal basis: Legitimate interest of Chromaway to defend against legal claims should we be involved in any legal disputes

Transfer and access: Authorities and law firms

Retention period: Your personal data is stored for 10 years according to the limitations act

Purpose: To ensure network and information security in our services.

Categories of personal data and source: Any information related to network and information security

Legal basis: Legitimate interest of Chromaway to ensure that critical systems are not attacked by virus or other type of malware

Transfer and access: External providers of network and information services

Retention period: Personal data is stored until the issue is resolved

Purpose: Perform your rights under the GDPR, such as providing you with a register or complying with your right to be forgotten.

Categories of personal data and source: Name, email, address and other type of contact information you provide to us

Legal basis: Filfilment of legal obligation

Transfer and access: Transfer to authorities if legally obligated. Otherwise, no transfer

Retention period: Your personal data is stored for up to 3 years

4. What are my rights under the GDPR?

As a data subject, you have certain rights in relation to our processing of your personal data. If you would like to exercise any of your rights, please contact us at info@chromaway.com.

- Right of access: You have the right to get informed about the personal data we process about you, including the purpose of and legal basis for the processing.
- Right to rectification: If you believe that we are processing inaccurate personal data about you, you can ask us to correct it.
- Right to restrict processing: You can request that we restrict the processing of your personal data. As an example, this can be relevant if we have incorrect data about you and you do not want the processing to continue until we have corrected the data.
- Right to erasure/right to be forgotten: You can request that we delete your personal data. Although we will comply with such a request to the extent required by applicable law, please note that we, despite your request, may continue to process certain data (such as data that we need to retain in order to protect our legal interests or that we are required to retain pursuant to legal obligations).
- Right to object: In connection with the processing of personal data based on our legitimate interest, you have the right to object to the processing of your personal data. If your privacy interests outweigh our interests in processing certain data, we will stop processing such data.
- Right to data portability: You may have the right to receive personal data that you have provided to us in a structured, generally accepted and machine-readable format, and you may also have a right to transfer this data to another data controller.

5. Contact details

chromaway.com's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You may find a complete list of these Privacy Policies and their links here: Privacy Policy Links.

Children's Information

If you have questions about the information provided in this Privacy Notice or otherwise how we process your personal data, please contact us at info@chromaway.com. You may also contact the Swedish Authority for Privacy Protection (sw. Integritetsskyddsmyndigheten, www.imy.se, imy@imy.se) if you have any compliants about how we handle your personal data.

This Privacy Notice applies from May 2023.