Governance PortalFiscal Reports

Introduction

Foundation data protection policy for all membership activity.

Data Management: Transparency and control

Transparency in the processing and control of our member space data is paramount to us.

Beyond the following actions of voluntary members of the subscribed membership activity of the Foundation, this policy lays down the fundamental principles of safe processing and control of member's data, when collected and processed on the Open Constitution AI network.

Membership is an 'invite only'

The following data is received by the Foundation to create a Trust account and activate Open-BankID with a human nominee:

  1. Email account

  2. Name, Phone no.

  3. Social media accounts of members

  4. Bank Account or Credit Card/Debit Card Information

  5. Address

  6. Business identification number

The following types of data are classified for all membership activity:

  1. Data attributable to the Foundation's public-facing records on its public forums.

  2. Data attributable to the Foundation's ongoing project discussion and thus attributable to the Foundation's public-facing records in a documentation release.

  3. Private and non-public personal information(NPPI).

  4. Explicit Personal Expression of a Member of the Foundation's community.

  5. Third-party data.

For all subscribed membership activity on the above communications system of Foundation:

a. The subscribed membership activity on any of the above communication platforms & member's privacy is protected and governed foremost by privacy laws of EU's GDPR & subsequently Internet privacy laws of Denmark.

b. The Internet-based communication platforms, and forums, that the Foundation uses, maintains and are licensed to Foundation, Denmark, either through a grant, strategic partnership or a purchase agreement, ratified by the Independent Boards.

Foundation also complies with relevant third-party vendor license terms, as accorded by the service provider of the specific communications platform.

Data Management: Transparency and control

​​In accordance with Article 5 of GDPR,

a Foundation is responsible for processing personal data in a lawful, fair and transparent way.

b. Foundation shall only process personal data for a limited and specific purpose.

c. Foundation shall only process the personal data that is necessary for its purposes.

d. Foundation shall ensure that the personal data it is processing is accurate and up-to-date.

e. Foundation shall store personal data only for as long as is necessary.

f. Foundation shall keep personal data safe and confidential.

g. Foundation shall be accountable for how it processes personal data.

For the purposes of this policy; What does “processing” mean?

“collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”

Foundation uses the following criteria(s) as the lawful bases for processing its member’s data:

a. Consent - the member has freely permitted the Foundation to process their data. The consent is digitally recorded e.g. when a member joins Foundation Slack or discord server or signs up on a web URL which takes the member to the Foundation’s communication systems.

b. Contract - member has voluntarily signed up and joined the membership space, and Foundation needs to process their data to carry out and maintain subscribed membership activities, within the Foundation’s guidelines.

c. Legal obligation - the law requires the Foundation to process the member's data in a particular way: i.e. for records, audit, moderation of hatred, and free speech on its public forums and community space.

d. Legitimate interest - The Foundation is processing a member's data to protect the Foundation's statutory compliance with the laws governing the Foundation’s statutory existence in accordance with the business laws of Denmark.

Data Protection Officer(s): Voluntarily organised Foundation members appoint moderators from the community who uphold the community’s Code of Conduct.

Data Processor: Finscale ApS is appointed by the Foundation as the processor of the data controller - Foundation and its constituent fiscal host.

List of Other Third Party Data Processors and link to their data processing agreements, whose compliance is binding on the Foundation, when the Foundation members consume these third-party services:

  1. Slack, Slack Inc.

  2. Hubspot, Hubspot Inc.

  3. Google Workspace, Google, Inc.

  4. IBM, Inc.

  5. Atlassian, Inc.

  6. Zoho Corporation Pvt Ltd, India

  7. Cloudflare, Inc.

  8. Microsoft Inc.

  9. Github Inc.

  10. AWS Inc.

  11. Civilized Discourse Construction Kit, Inc.

  12. Docusign Inc.

  13. Salesforce Inc.

  14. Stripe Inc.

It is important to note that when members from your organisation sign up independently on the Foundation’s member space, their data protection is governed exclusively by this data protection policy.

Current Data Residency of the Foundation: Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), US East (N. Virginia), US West (Oregon)

Relevant Resources for better understanding:

EU: Legal Text of EU's GDPR:

DENMARK: Danish Data Protection Act(in English)

INDIA: PROPOSED LEGISLATION: THE DIGITAL PERSONAL DATA PROTECTION BILL, 2022, India

Grievance Panels or Data Protection Authorities:

(in jurisdictions where the network's collective sentience data is hosted)

INDIA: https://gac.gov.in

EU: List of Authorities in your local jurisdiction to contact and complain when any Foundation's members or global citizen's privacy rights are encroached upon.

PreviousPolicy CoverageNextNotice:Data Processing and Control

Last updated

Maintained by Open-Bank CVR 41008407