At Everstake Validation Services LLC, one of our main priorities is the privacy of the users of our applications and technology. This privacy notice outlines the information that is collected, processed, and used by Everstake Validation Services LLC, a limited liability company registered in the Cayman Islands, and its affiliates (collectively - “Everstake”, “Company”, “We”, “Us”, or “Our”) regarding the collection, usage, storage and sharing of personal data from users utilising our products and services (the “Services”) and in connection with the Everstake website (the “Site”). This privacy notice should be read together with our Cookie Policy, which provides further details on our use of cookies on the Site.
Navigate this privacy notice to understand:
- Who we are and how to contact us
- The scope of this privacy notice
- What data we process
- Third-party services relied on and intended international transfers of your data
- Presence on Social Media
- Exercising your rights
If you do not agree with our policies and practices, your choice is not to use the Site and Services. By accessing or using the Site and Services, you acknowledge this privacy notice.
1. Who we are and how to contact us
Responsible for your personal data is:
Everstake Validation Services LLC
Fifth Floor, Zephyr House 122 Mary Street, George Town,
Grand Cayman KY1-1206 Cayman Islands
If you have additional questions or require more information about our privacy policy, do not hesitate to contact us directly at [email protected].
As an entity established outside of the European Union, contact details of our European and UK Representative are as follows:
EU Representative
TechGDPR DPC GmbH
Willy-Brandt-Platz 2
12529 Berlin-Schönefeld
Our European Representative can be contacted at:
[email protected].
UK Representative
Legal Nodes Ltd
Office 2, Bennet’s House, 21 Leyton Road, Harpenden
England, AL5 2HU
Our UK Representative can be contacted at:
[email protected].
2. Scope of this privacy notice
This privacy policy APPLIES to the following categories of people:
- Visitors to our Site and users of our Services.
- Company representatives who reach out to us to request information about our Services or with whom we communicate for the provision of our Services to the company they represent (our lead and clients).
- Vendor contact personnel whom we communicate with in the course of their service provision to us (our prospecting and active suppliers).
- Partners with whom we have commercial relationships.
Our Site and Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information, please contact us. We will delete such information from our files as soon as reasonably practicable. By requesting any Services from us, you agree and acknowledge that you are not under the age of 18.
We may update this privacy notice based upon evolving laws, regulations and industry standards, or as we may make changes to our Site or Services. We will post changes to our privacy notice on this page and encourage you to review our privacy notice when you use our Site to stay informed. If we make changes that materially alter your privacy rights, we will take appropriate measures to inform you, consistent with the significance of the changes. If you disagree with the changes to this privacy notice, you should discontinue your use of the Site and Services.
3. What data we process
3.1 Data processed from the Site and users
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Visiting and interacting with the Site | Allows Everstake to provide information via the Site, carry out maintenance and improvements based on user interaction and analytics. |
IP addresses; Browser information (device type, operating system, language, timezone, type, version); Location information. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 day to 2 years, depending on the cookie (See our Cookie Policy). | All except right to data portability (see Section 7 below) |
| Marketing and promotion activities | Allows Everstake to target and engage customers and interested parties and analyze campaign effectiveness. | Name, surname, contact information, browsing behavior, marketing preferences, data from social media (see section 5 below). | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
3.2 Data processed from users
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Drafting, agreeing and performing the service contract upon request (outside the standard Terms of Use) | Allows Everstake to establish clear and enforceable agreements between parties when requested by users. | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Services through the Site | Allows Everstake to provide its Services through its Site and carry out improvements and maintenance of the Services. | IP address | Performance of a contract (Art.6.1(b)) | 1 day to 2 years, depending on the cookie (See Cookie Policy). | All except right to opt-out from automated decision making (see Section 7 below) |
| Customer Support | Allows Everstake to handle customer inquiries, resolve issues related to Services, and maintain communication records to ensure a seamless and responsive user experience. | Email address, customer queries, communication records, transaction history. | Performance of a contract (Art.6.1(b)) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to opt-out from automated decision making (see Section 7 below) |
| System Monitoring | Allows Everstake to carry out ongoing monitoring and management of IT systems and infrastructure to detect, prevent, and respond to security threats and vulnerabilities, ensuring the integrity, availability, and confidentiality of data. |
User Data: IP addresses, system access logs (for security purposes). Operational Data: System performance metrics, security incident reports, vulnerability assessments. | Legitimate Interest (Art. 6.1(f) GDPR) | 6 months to one year | All except right to data portability (see Section 7 below) |
| System improvement | Allows Everstake to enhance user experience by providing personalized Services to increase customer satisfaction and engagement, and to drive product development and marketing strategies based on user behavior. |
Customer Data: Preferences, feedback, usage patterns, contact information. Operational Data: Process performance metrics, service usage data. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year, and any data no longer required for operational, legal, or regulatory purposes will be securely deleted until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
3.3 Data processed from Vendors and Partners
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Contracting and negotiation with Partners | Allows Everstake to establish clear and enforceable agreements between parties (with its Partners). | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Financial accounting | Allows Everstake to maintain accurate financial records and ensure proper accounting, to comply with tax and financial reporting regulations, to manage and track transactions and operational costs, to prepare financial statements and reports for stakeholders. |
Customer Data: Invoices, payment details, transaction records. Vendor Data: Payment information, contract details. | Legal Obligation (Art.6.1(c)) | Up to 6 years pursuant to legal obligations | All except right to erasure and data portability (see Section 7 below) |
| Technical support for Partners | Allows Everstake to communicate with Partners and the technical team regarding contractual terms, technical issues, and improvement to the Services. | Name and/or username, email address, company name, communication, profile picture (optional), phone number (optional). | Performance of a contract (Art.6.1(b)) | Up to 6 years | All except right to opt-out from automated decision making (see Section 7 below) |
| Development and provision of blockchain software solutions and providing relevant consultancy upon contract | Allows Everstake to develop and enhance blockchain software solutions, ensure secure and efficient operation, and provide consultancy services. |
Client Information: Name, surname, contact details, signature, project
specifications. Project Data: Source code, technical documentation, blockchain addresses, smart contract data. User Analytics: User behavior data, performance metrics, feedback. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
4. Third-party services and intended international transfers
4.1 Categories of providers we share data processed from Site users
| a. third parties / categories of 3rd parties | b. Purpose served | c. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. |
United Kingdom (adequate country) United States (DPA with Standard Contractual Clauses) |
4.2 Categories of providers we share data processed from users of the Services
| d. third parties / categories of 3rd parties | e. Purpose served | f. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. |
United Kingdom (adequate country) United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| Software Development Platform | Code Repository, Version Control | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
4.3 Categories of providers we share data processed from vendors and partners
| g. third parties / categories of 3rd parties | h. Purpose served | i. International transfers of data |
|---|---|---|
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
Only data relevant to the functionality of these Services is shared with these partners. Everstake Validation Services LLC only transfers data to the above third-party service providers if this is necessary for the aforementioned purposes and permitted by law.
In addition to the categories of providers listed above, Everstake Validations Services LLC shares data within its organization to its two other entities: Everstake UK Ltd (considered a processor in accordance with GDPR Art.28) and Everstake Inc (considered a controller). Transfers of data within the organisations are covered by an intracompany data processing agreement (DPA) and data sharing agreement (DSA) respectively. Everstake Validations Services LLC also engages independent contractors for the provision of its services. When these contractors are located outside of the European Union and/or United Kingdom, a relevant Data Processing Agreement is concluded with each contractor to ensure the safe transfer of personal data.
5. How we protect your data
We are committed to protecting the security and confidentiality of your personal information through comprehensive measures designed to prevent unauthorized access, disclosure, or misuse. Our security protocols adhere to industry standards and are continuously evaluated to ensure their effectiveness. For a detailed overview of the security measures, policies and procedures we have implemented, please visit https://security.everstake.one/.
6. Online presence on social media
We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to manage and analyze user interactions for improving engagement and marketing strategies, and monitor brand presence and respond to feedback or mentions. The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users.
As part of the operation of our online presences, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, data on interaction with our online presences (e.g. likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. Please see the list below for details of the social media platforms that we, as operators of the online presences, can access. The collection and use of these statistics are generally subject to joint responsibility.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest to, amongst others and depending on the specific platform, provide customer support and respond to inquiries through direct message, analyze engagement data to improve user experience, respond to comments, feedback or questions and monitor brand presence on social media.
Where you have an account with the social network, it is possible that we may see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This may be, for example, via direct messages or via posted articles. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network as a messenger and platform service.
For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network.
We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.
Below is a list of the social networks on which we operate online presences:
7. Links to Third Party Sites
The Site may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your Personal Data. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
8. Exercising your data subject rights
Depending on where you reside, you may be entitled to specific rights under data protection laws such as the General Data Protection Regulation (GDPR), the UK GDPR, PIPEDA (Canada), or various U.S. state privacy laws. These rights are designed to give you greater control over how your personal data is collected, used, and shared.
The tables below provide an overview of the rights available to residents of the European Union, United Kingdom, Canada, and applicable U.S. states. If you are a resident of a country whose laws are not covered by this notice, please refer to the section on Data Subject Rights for the European EEA and UK residents.
If you wish to make a request or have questions about your privacy rights, please reach out to us at [email protected].
You are not required to pay any fee to exercise your data protection rights.
8.1. European Economic Area and United Kingdom Residents
You have the following rights with respect to us regarding the data relating to you:
| Your Right | Description |
|---|---|
| Right to Access | You have the right to request your stored personal data, its origin and possible recipients and the purpose of the data processing (Art. 15 GDPR). |
| Right to Rectification | You can ask us to correct any inaccurate Personal Data or complete data you believe is incomplete (Art. 16 GDPR). |
| Right to Erasure | You can request the deletion of all your Personal Data unless processed to fulfill a legal obligation or public interest (Art. 17 GDPR). |
| Right to Restrict Processing | You can ask us to limit the processing of your Personal Data in certain circumstances (Art.18 GDPR). |
| Right to Object to Processing | You can object to the processing of your Personal Data in certain situations. |
| Right to Data Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. |
| Right to Withdraw Consent | You can withdraw your consent at any time. |
| Right to File a Complaint | If your request was not satisfied, you may file a complaint to the regulatory body. |
You can also exercise your rights by contacting us at [email protected].
EEA Residents: If you are in the EU and have not received a response from us or are not satisfied with our response, you have the right to lodge a complaint with the data protection authority where you reside.
UK Residents: You may lodge a complaint with the ICO at 0303 123 1113 or via www.ico.org.uk/concerns.
You have the right to data portability, but only where your data is processed on the basis of your consent or for the performance of a contract (Article 20 GDPR). You also have the right to withdraw your consent at any time. This means we will no longer process your data on that basis going forward. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If we process your data based on our legitimate interests, you have the right to object to this processing at any time for reasons relating to your particular situation. If your objection concerns the processing of data for direct marketing purposes, you have a general right to object, which we will respect without requiring any justification.
To exercise your right to withdraw consent or object to processing, it is sufficient to send an informal message to the contact details provided above. You can also contact us by email. When you submit your request via email, you will receive a copy at the address you provide. We will aim to respond as quickly as possible, and no later than within one month of receiving your request.
8.2. United States Residents
If you are a resident of a U.S. state with active privacy legislation — including but not limited to California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia — you may be entitled to specific rights regarding the collection, use, and sharing of your personal information.
These rights vary by state but generally include the ability to access your personal data, request its deletion or correction, limit how it is used, or opt out of certain types of data processing.
| Your Right | Description | State |
|---|---|---|
| Right to Access | You may request information about how your personal data is being processed and obtain a copy of the personal data we hold about you. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to Rectification | You may request that we correct any inaccurate Personal Data we hold about you. | CA, CO, CT, DE, IN, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, VA |
| Right to Deletion | You can request that we delete the Personal Data we have collected about you. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. | CA, CO, CT, DE, IN, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to opt out of sales | You can request to opt out of the sale of your Personal Data to third parties. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to access information on automated decision-making | If automated decision-making is used, you may request details and, in certain states, opt out of such processing. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to appeal | If we deny your request, you may appeal by contacting [email protected]. We will review and respond to your appeal within 45 days. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
You can also exercise your rights by contacting us at [email protected].
Please note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law.
If, upon exercising your Right to Appeal, you remain dissatisfied with the outcome, you have the right to contact the privacy authority in your state, such as your State Attorney General’s Office, to file a formal complaint or inquiry.
Rights of California Residents
| Right | Description |
|---|---|
| Do Not Sell My Personal Information | Under the California Consumer Privacy Act, residents of California have the right to opt out of the “sale” of their personal information by businesses that are subject to the CCPA. |
| Right to Opt Out of the Processing of Sensitive Personal Information | You have the right to opt out of the processing of your sensitive personal information, which may include information such as your precise geolocation, racial or ethnic origin, health data, or biometric information, where applicable. |
| Do-not-track Request | California law also permits residents to request that companies do not track their online browsing activity over time and across different websites or online services. These requests are typically communicated through browser settings or other technologies that signal a preference not to be tracked. |
| Private Right to Action | California law provides a private right of action, allowing individuals to seek civil damages if certain statutory rights related to personal information are violated — particularly in the case of data breaches resulting from a company’s failure to implement reasonable security measures. |
8.3. Canada Residents
You have the following rights concerning the data we hold about you:
| Your Right | Description |
|---|---|
| Right to Access | You may request information about how your personal data is being processed and obtain a copy of the personal data we hold about you. |
| Right to Rectification | You may request that we correct any inaccurate Personal Data we hold about you. |
| Right to Deletion | You can request that we delete the Personal Data we have collected about you. |
| Right to Data Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. |
| Right to Object / Opt Out | You may object to or request that we limit the processing of your personal data in certain circumstances. |
| Right to Withdraw Consent | You may withdraw your consent to data processing at any time, without affecting the lawfulness of processing carried out before the withdrawal. |
| Right Not to Be Subject to Automated Decision-Making | You may object to being subject to decisions based solely on automated processing, including profiling, where such decisions produce legal or similarly significant effects. |
| Right to File a Complaint | If you are not satisfied with our response to your request, you may file a complaint with the Office of the Privacy Commissioner of Canada. |
You can also exercise your rights by contacting us at [email protected].
