At Everstake Validation Services LLC, one of our main priorities is the privacy of the users of our applications and technology. This privacy notice outlines the information that is collected, processed, and used by Everstake Validation Services LLC, a limited liability company registered in the Cayman Islands, and its affiliates (collectively - “Everstake”, “Company”, “We”, “Us”, or “Our”) regarding the collection, usage, storage and sharing of personal data from users utilising our products and services (the “Services”) and in connection with the Everstake website (the “Site”). This privacy notice should be read together with our Cookie Policy, which provides further details on our use of cookies on the Site.
Navigate this privacy notice to understand:
- Who we are and how to contact us
- The scope of this privacy notice
- What data we process
- Third-party services relied on and intended international transfers of your data
- Presence on Social Media
- Exercising your rights
If you do not agree with our policies and practices, your choice is not to use the Site and Services. By accessing or using the Site and Services, you acknowledge this privacy notice.
1. Who we are and how to contact us
Responsible for your personal data is:
Everstake Validation Services LLC
Fifth Floor, Zephyr House 122 Mary Street, George Town,
Grand Cayman KY1-1206 Cayman Islands
If you have additional questions or require more information about our privacy policy, do not hesitate to contact us directly at [email protected].
As an entity established outside of the European Union, contact details of our European and UK Representative are as follows:
EU Representative
TechGDPR DPC GmbH
Willy-Brandt-Platz 2
12529 Berlin-Schönefeld
Our European Representative can be contacted at:
[email protected].
UK Representative
Legal Nodes Ltd
Office 2, Bennet’s House, 21 Leyton Road, Harpenden
England, AL5 2HU
Our UK Representative can be contacted at:
[email protected].
2. Scope of this privacy notice
This privacy policy APPLIES to the following categories of people:
- Visitors to our Site and users of our Services.
- Company representatives who reach out to us to request information about our Services or with whom we communicate for the provision of our Services to the company they represent (our lead and clients).
- Vendor contact personnel whom we communicate with in the course of their service provision to us (our prospecting and active suppliers).
- Partners with whom we have commercial relationships.
Our Site and Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information, please contact us. We will delete such information from our files as soon as reasonably practicable. By requesting any Services from us, you agree and acknowledge that you are not under the age of 18.
We may update this privacy notice based upon evolving laws, regulations and industry standards, or as we may make changes to our Site or Services. We will post changes to our privacy notice on this page and encourage you to review our privacy notice when you use our Site to stay informed. If we make changes that materially alter your privacy rights, we will take appropriate measures to inform you, consistent with the significance of the changes. If you disagree with the changes to this privacy notice, you should discontinue your use of the Site and Services.
3. What data we process
3.1 Data processed from the Site and users
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Visiting and interacting with the Site | Allows Everstake to provide information via the Site, carry out maintenance and improvements based on user interaction and analytics. |
IP addresses; Browser information (device type, operating system, language, timezone, type, version); Location information. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 day to 2 years, depending on the cookie (See our Cookie Policy). | All except right to data portability (see Section 7 below) |
| Marketing and promotion activities | Allows Everstake to target and engage customers and interested parties and analyze campaign effectiveness. | Name, surname, contact information, browsing behavior, marketing preferences, data from social media (see section 5 below). | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
3.2 Data processed from users
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Drafting, agreeing and performing the service contract upon request (outside the standard Terms of Use) | Allows Everstake to establish clear and enforceable agreements between parties when requested by users. | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Services through the Site | Allows Everstake to provide its Services through its Site and carry out improvements and maintenance of the Services. | IP address | Performance of a contract (Art.6.1(b)) | 1 day to 2 years, depending on the cookie (See Cookie Policy). | All except right to opt-out from automated decision making (see Section 7 below) |
| Customer Support | Allows Everstake to handle customer inquiries, resolve issues related to Services, and maintain communication records to ensure a seamless and responsive user experience. | Email address, customer queries, communication records, transaction history. | Performance of a contract (Art.6.1(b)) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to opt-out from automated decision making (see Section 7 below) |
| System Monitoring | Allows Everstake to carry out ongoing monitoring and management of IT systems and infrastructure to detect, prevent, and respond to security threats and vulnerabilities, ensuring the integrity, availability, and confidentiality of data. |
User Data: IP addresses, system access logs (for security purposes). Operational Data: System performance metrics, security incident reports, vulnerability assessments. | Legitimate Interest (Art. 6.1(f) GDPR) | 6 months to one year | All except right to data portability (see Section 7 below) |
| System improvement | Allows Everstake to enhance user experience by providing personalized Services to increase customer satisfaction and engagement, and to drive product development and marketing strategies based on user behavior. |
Customer Data: Preferences, feedback, usage patterns, contact information. Operational Data: Process performance metrics, service usage data. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year, and any data no longer required for operational, legal, or regulatory purposes will be securely deleted until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
3.3 Data processed from Vendors and Partners
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Contracting and negotiation with Partners | Allows Everstake to establish clear and enforceable agreements between parties (with its Partners). | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Financial accounting | Allows Everstake to maintain accurate financial records and ensure proper accounting, to comply with tax and financial reporting regulations, to manage and track transactions and operational costs, to prepare financial statements and reports for stakeholders. |
Customer Data: Invoices, payment details, transaction records. Vendor Data: Payment information, contract details. | Legal Obligation (Art.6.1(c)) | Up to 6 years pursuant to legal obligations | All except right to erasure and data portability (see Section 7 below) |
| Technical support for Partners | Allows Everstake to communicate with Partners and the technical team regarding contractual terms, technical issues, and improvement to the Services. | Name and/or username, email address, company name, communication, profile picture (optional), phone number (optional). | Performance of a contract (Art.6.1(b)) | Up to 6 years | All except right to opt-out from automated decision making (see Section 7 below) |
| Development and provision of blockchain software solutions and providing relevant consultancy upon contract | Allows Everstake to develop and enhance blockchain software solutions, ensure secure and efficient operation, and provide consultancy services. |
Client Information: Name, surname, contact details, signature,
project specifications. Project Data: Source code, technical documentation, blockchain addresses, smart contract data. User Analytics: User behavior data, performance metrics, feedback. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
4. Third-party services and intended international transfers
4.1 Categories of providers we share data processed from Site users
| a. third parties / categories of 3rd parties | b. Purpose served | c. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. |
United Kingdom (adequate country) United States (DPA with Standard Contractual Clauses) |
4.2 Categories of providers we share data processed from users of the Services
| d. third parties / categories of 3rd parties | e. Purpose served | f. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. |
United Kingdom (adequate country) United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| Software Development Platform | Code Repository, Version Control | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
4.3 Categories of providers we share data processed from vendors and partners
| g. third parties / categories of 3rd parties | h. Purpose served | i. International transfers of data |
|---|---|---|
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
Only data relevant to the functionality of these Services is shared with these partners. Everstake Validation Services LLC only transfers data to the above third-party service providers if this is necessary for the aforementioned purposes and permitted by law.
In addition to the categories of providers listed above, Everstake Validations Services LLC shares data within its organization to its two other entities: Everstake UK Ltd (considered a processor in accordance with GDPR Art.28) and Everstake Inc (considered a controller). Transfers of data within the organisations are covered by an intracompany data processing agreement (DPA) and data sharing agreement (DSA) respectively. Everstake Validations Services LLC also engages independent contractors for the provision of its services. When these contractors are located outside of the European Union and/or United Kingdom, a relevant Data Processing Agreement is concluded with each contractor to ensure the safe transfer of personal data.
5. How we protect your data
We are committed to protecting the security and confidentiality of your personal information through comprehensive measures designed to prevent unauthorized access, disclosure, or misuse. Our security protocols adhere to industry standards and are continuously evaluated to ensure their effectiveness. For a detailed overview of the security measures, policies and procedures we have implemented, please visit https://security.everstake.one/.
6. Online presence on social media
We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to manage and analyze user interactions for improving engagement and marketing strategies, and monitor brand presence and respond to feedback or mentions. The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users.
As part of the operation of our online presences, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, data on interaction with our online presences (e.g. likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. Please see the list below for details of the social media platforms that we, as operators of the online presences, can access. The collection and use of these statistics are generally subject to joint responsibility.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest to, amongst others and depending on the specific platform, provide customer support and respond to inquiries through direct message, analyze engagement data to improve user experience, respond to comments, feedback or questions and monitor brand presence on social media.
Where you have an account with the social network, it is possible that we may see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This may be, for example, via direct messages or via posted articles. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network as a messenger and platform service.
For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network.
We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.
Below is a list of the social networks on which we operate online presences:
7. Links to Third Party Sites
The Site may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your Personal Data. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
8. Exercising your data subject rights
You have the following rights with respect to us regarding the data relating to you:
- Right to information about your stored personal data, its origin and possible recipients and the purpose of the data processing (Art. 15 GDPR);
- Right to rectification of inaccurate data (Art. 16 GDPR);
- Right to erasure of processed personal data, unless processed to fulfill a legal obligation or public interest (Art.17 GDPR), or there are statutory retention periods;
- Right to restriction of processing (Art. 18 GDPR);
- Right to data portability but only in instances where data is processed on the basis of consent or performance of a contract (Art. 20 GDPR).
You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.
Please get in touch using the following email: [email protected].
When you submit your request through the email, you will receive a copy at the email address you indicate. We will strive to address your subject right request at the earliest but no later than within a month of receiving it.
If you are in the EU and have not received a response from us or are not satisfied with our response, you have the right to lodge a complaint with the data protection authority where you reside.
Contacting a data protection authority of your choosing
Should we fail to respond within thirty days or should you not find our response satisfactory,
you may place a complaint with the supervisory authority of your choice.
