Privacy Policy
1. General
Below you find information about how Chromaway AB (”Chromaway”, ”we”, ”our”, ”us”) processes your personal data under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) when you visit our website, communicate with us and use our services.
If you have any questions related to the notice or our processing of personal data, please use the contact details at the end of this document.
SUMMARY
We process your personal data mainly for the purposes to:
Create and administer your account with us.
Facilitate the Chromia blockchain.
Provide newsletters and marketing materials about our services.
Process technical information when visiting this website; and.
Safeguard your rights under the GDPR.
2. Responsibility
Chromaway AB as the data controller
Chromaway is the sole data controller in relation to processing your personal data for the purposes described below in section 3. For other services within the Chromaway eco-system, please refer to the applicable privacy notice for each service.
In order to facilitate and make the Chromia blockchain platform work as intended, Chromaway as a system provider, together with other node providers, also processes personal data as joint controller under art. 26 of the GDPR. System providers and node providers jointly decides the purpose and means of the processing on an infrastructure layer of the blockchain. Each system provider and node provider are reliable on all of the providers in the network, making it a joint controllership.
Information on how Chromaway processes personal data for recruitment purposes, please see our privacy notice for recruitment here.
Chromaway AB as the data processor
Chromaway is the data processor in relation to processing personal data from decentralized applications (dApps) run on the Chromia blockchain platform. Please refer to the applicable privacy notice for each dApp for a complete list of the personal data processed. Chromaway will only act upon the instructions provided by the dApp developers. Chromaway and the dApp developers have entered into a data processing agreement under article 28 of the GDPR.
3. For what purpose do we process your personal data and with which legal basis?
| Purpose | Categories of personal data and source | Legal basis | Transfer and access | Retention period |
|---|---|---|---|---|
| Create and administer your account with us and to allow you to use our services | Private key | Legitimate interest of Chromaway to set up and administer accounts upon your request | No transfer | Processed until the service is no longer used and active by the user |
| Anonymise your personal data in order to improve our services | Any personal data related to improving our service | Legitimate interest of Chromaway to improve our service taking into account privacy by design | External provider for business development | Personal data is unidentifiable immediately after the information isanonymized |
| Process data as a joint controller when Chromaway acts as a system provider together with other node providers in the Chromia blockchain platform | Vary depending on the personal data processed in the specific decentralized applications (dApps) | Legitimate interest of Chromaway to keep the Chromia blockchain network from working properly | Node providers in the network | See retention policy for each responsible dApp developer |
| Respond to inquiries related to support or other requests | Name, email, other type of contact information you provide and any information you provide to us in your inquiry | Legitimate interest of Chromaway to respond to questions you voluntarily send to us | External support provider. | Stored for 90 days after the inquiry is solved |
| Provide marketing materials and offers to you about other products and services | Name, email | Legitimate interest of Chromaway to market our business and to provide you with offers | External marketing provider | Personal data is stored for 3 years |
| Send out newsletters and invitations to events | Consent | External marketing provider | Your consent is stored for 3 years. If you do not wish to receive any more newsletters or invitations to events, you can always revoke your consent | |
| Protect against legal claims and safeguard legal rights | Any relevant personal data that is part of the legal dispute | Legitimate interest of Chromaway to defend against legal claims should we be involved in any legal disputes | Authorities and law firms | Your personal data is stored for 10 years according to the limitations act |
| To ensure network and information security in our services. | Any information related to network and information security | Legitimate interest of Chromaway to ensure that critical systems are not attacked by virus or other type of malware | External providers of network and information services | Personal data is stored until the issue is resolved |
| Perform your rights under the GDPR, such as providing you with a register or complying with your right to be forgotten. | Name, email, address and other type of contact information you provide to us | Filfilment of legal obligation | Transfer to authorities if legally obligated. Otherwise, no transfer | Your personal data is stored for up to 3 years |
4. What are my rights under the GDPR?
As a data subject, you have certain rights in relation to our processing of your personal data. If you would like to exercise any of your rights, please contact us at info@chromaway.com.
Right of access: You have the right to get informed about the personal data we process about you, including the purpose of and legal basis for the processing.
Right to rectification: If you believe that we are processing inaccurate personal data about you, you can ask us to correct it.
Right to restrict processing: You can request that we restrict the processing of your personal data. As an example, this can be relevant if we have incorrect data about you and you do not want the processing to continue until we have corrected the data.
Right to erasure/right to be forgotten: You can request that we delete your personal data. Although we will comply with such a request to the extent required by applicable law, please note that we, despite your request, may continue to process certain data (such as data that we need to retain in order to protect our legal interests or that we are required to retain pursuant to legal obligations).
Right to object: In connection with the processing of personal data based on our legitimate interest, you have the right to object to the processing of your personal data. If your privacy interests outweigh our interests in processing certain data, we will stop processing such data.
Right to data portability: You may have the right to receive personal data that you have provided to us in a structured, generally accepted and machine-readable format, and you may also have a right to transfer this data to another data controller.
5. Contact details
chromaway.com's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You may find a complete list of these Privacy Policies and their links here: Privacy Policy Links.
Children's Information
If you have questions about the information provided in this Privacy Notice or otherwise how we process your personal data, please contact us at info@chromaway.com. You may also contact the Swedish Authority for Privacy Protection (sw. Integritetsskyddsmyndigheten, www.imy.se,imy@imy.se) if you have any compliants about how we handle your personal data.
This Privacy Notice applies from May 2023.