LAST UPDATED: 22ND MAY 2023
Who are we?
cheqd is a software company with a mission to create the go-to incentivised decentralised identity network for digital credentials, which reward all parties in the ecosystem, whether institutional or individual.
cheqd is a trading name for the Cheqd Foundation.
cheqd is a Data Controller for personal data and personally identifiable information collected and processed by cheqd’s services. This means that cheqd stores and manages personal data on behalf of individuals, Data subjects.
cheqd can be found at:
Cheqd Foundation Limited
1 Irving Place #08-11
The Commerze @ Irving
General questions: [email protected]
What data do we collect?
We collect your personal information in order to provide and continually improve our products and services.
Here are the types of personal information we collect:
- Information you give us: We receive and store any information you provide in relation to cheqd’s services. This information may comprise of:
- Your name,
- Your email address,
- Your IP address,
- Relevant metadata relating to your time on cheqd’s website,
- Conversation history with cheqd.
- Information provided to us by a third party: In the course of business with cheqd, it is reasonably foreseeable that we may receive personal data from an external source or third party.
How will we use your data?
Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to cheqd, and as such, it is important to lay out exactly how we use your data.
- To carry out business activities: cheqd processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;
- To facilitate effective use of our identity services: cheqd may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;
- To communicate effectively with you: cheqd collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with cheqd in the past;
- To conduct analytics: cheqd uses analytics on aggregated anonymized data so we can continually improve our website and keep it secure;
- To market our services: If consented to, cheqd will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have opted in, you can always choose to opt-out later;
- To act on a business change: If cheqd become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, re-organisation, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;
- To act on a request for necessary disclosure: cheqd may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or cheqd from unlawful abuse or attacks.
Third party service providers:
The third parties cheqd uses to process personal data are as follows:
To process and respond to messages, demo requests, newsletter, mail, and feedback from existing and prospective partners / customers as quickly as possible, we use the CRM system, Pipedrive, which assumes the role of a data processor.
During use, the following data in particular is processed via Pipedrive servers: name, address, communication data (such as telephone number, mobile phone number), customer number and e-mail address of the contact persons.
We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).
As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
This service allows us to see the number of visitors to the site, where visitors have come to the site from and the pages they visited. You can learn more about Plausible Analytics here.
Plausible may be found at Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia. Registration number 14709274.
We have chosen Kinsta as our trusted data processor to host our website. Kinsta specialises in website hosting and infrastructure solutions and operates in accordance with a data processing agreement that ensures compliance with data protection laws.
Kinsta collects and processes limited personal information, such as IP addresses and browsing details, solely for the purpose of hosting and maintaining our website, while implementing rigorous security measures to protect this data. Kinsta may transfer and process personal information internationally with appropriate safeguards in place.
We use Kinsta’s hosting facilities via their London data centre, meaning there is no cross-border data transfer outside of the UK/EU.
Our sign-up service allows visitors to learn more about our company, schedule a product demo, receive newsletters and provide their contact information.
Mailchimp and its affiliates own and operate servers in world-class data centers located in the United States. In addition, they leverage third-party vendors who process personal information on our behalf. Their processing facilities are located in the United States and in other international locations to provide services to Mailchimp.
You can view the full list of sub-processors they use to process their members’ data, along with details of their location.
As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
We may use Typeform, a service provided by TYPEFORM S.L., c/ Pallars 108 (Aticco – Typeform), 08018 – Barcelona, Spain (“Typeform”) for our contact forms or for surveys.
Typeform processes the data you provide via the contact form on our behalf. In addition, information about your terminal device (IP address, device information, operating system, browser settings) as well as usage data such as date and time when you used the contact form are collected with the help of cookies. Typeform needs this data to ensure the presentation of the contact form and its functionality. You can find more information on data processing by Typeform at: https://www.typeform.com/help/a/what-is-gdpr-360029580771/
We use GitBook, Inc. (“GitBook”) to host our technical, product and governance documentation. When you access our docs at docs.cheqd.io, docs.cheqd.io/node, product.cheqd.io or docs.cheqd.io/governance GitBook may collect information about how you use its services and your actions on the services, including your IP address.
You can find GitBook at GitBook INC. 440 N Barranca Ave #7171, Covina, CA 91723, USA. EIN: 320502699.
Legal basis for processing personal data
The GDPR requires a legal basis for our use of personal data. Our legal basis varies depending on the specific purpose for which we use personal information. We may potentially use:
- Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.
- Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;
- Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.
- Compliance with a legal obligation when we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.
Given our commitment to compliance as a company, it is unlikely that cheqd will rely on the grounds of legitimate interests, owing to loopholes and grey areas arising out of this ground which do not lend well to the protection of personal data for a data subject.
Third-country transfers of personal data
What are your data rights?
If you have personal data processed by cheqd, you are a ‘data subject’. As a data subject, you have a number of rights which we, cheqd, as the data controller for your data, must uphold.
Right to information (Art. 15 GDPR)
Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes, at no added cost.
Right to rectification (Article 16 of the GDPR)
The data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure (Art. 17 GDPR)
The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.
Right to restriction of processing (Art. 18 GDPR)
The data subject has the right to request the controller to restrict the processing of his/her data.
Right to data portability (Art. 20 GDPR)
The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
Right to object (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.
If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at:
Contact email: [email protected]
How long do we keep your data for?
cheqd will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
For further information, visit: allaboutcookies.org
cheqd does not use any third-party cookies. This was a conscious decision to best up-hold the privacy of our customers and visitors. You can check this for yourself by searching for our website here.
cheqd’s services are not directed to children and/or persons under the age of majority in their respective jurisdictions. cheqd do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.
How to contact us
General questions: [email protected]
Cheqd Foundation Limited
1 Irving Place #08-11
The Commerze @ Irving
Competent supervisory authority
Should you wish to report a complaint or if you feel like cheqd has not addressed your concern in a satisfactory or timely manner, you may contact the relevant competent supervisory authority.
The supervisory authority responsible for our company is:
The Personal Data Protection Commission (PDPC)
10 Pasir Panjang Road,
#03-01 Mapletree Business City
Get in touch
Partner with cheqd
If your an SSI Vendor, Consultancy, Enterprise, Government agency, or web3 company please contact us for a discovery call so we can learn about your use-case, problem statements, and get you set up with cheqd.