pp.rst (11295B)
1 Privacy Policy 2 ============== 3 4 Last Updated: 22.09.2021 5 6 This Privacy Policy describes the policies and procedures of Anastasis 7 SARL (“we,” “our,” or “us”) pertaining to the collection, use, and 8 disclosure of your information on our sites and related mobile 9 applications and products we offer (the “Services”). This Privacy 10 Statement applies to your personal data when you use our Services, and 11 does not apply to online websites or services that we do not own or 12 control. 13 14 15 Overview 16 -------- 17 18 Your privacy is important to us. We follow a few fundamental 19 principles: We don’t ask you for personally identifiable information 20 (defined below). That being said, your contact information, such as 21 your phone number, social media handle, or email address (depending on 22 how you contact us), may be collected when you communicate with us, 23 for example to report a bug or other error related to Anastasis. We 24 don’t share your information with third parties except when strictly 25 required to deliver you our Services and products, or to comply with 26 the law. If you have any questions or concerns about this policy, 27 please reach out to us at privacy@anastasis.lu. 28 29 30 How you accept this policy 31 -------------------------- 32 33 By using our Services or visiting our sites, you agree to the use, disclosure, 34 and procedures outlined in this Privacy Policy. 35 36 37 What personal information do we collect from our users? 38 ------------------------------------------------------- 39 40 The information we collect from you falls into two categories: (i) personally 41 identifiable information (i.e., data that could potentially identify you as an 42 individual) (“Personal Information”), and (ii) non-personally identifiable 43 information (i.e., information that cannot be used to identify who you are) 44 (“Non-Personal Information”). This Privacy Policy covers both categories and 45 will tell you how we might collect and use each type. 46 47 We do our best to not collect any Personal Information from Anastasis 48 users. The detailed Personal Information Anastasis asks from you 49 during the regular backup and recovery process at the beginning is 50 never shared with us and only used to create a cryptographic account 51 identifier which does not allow us to recover any of your 52 details. This data will always remain on your own device without the 53 possibility of access from our side. 54 55 That being said, when using our Services to recover key material, we may 56 inherently receive the following information (depending on your choice of 57 authentication method): 58 59 * Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years according to legal retention periods. 60 61 * Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your phone number for SMS communication on our systems, except maybe in short-term logs to diagnose errors. 62 63 * Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors. 64 65 * Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors. 66 67 * When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. We strictly only use the information provided by you in these instances to answer your request or to deliver the services requested by you. 68 69 70 How we collect and process personal data 71 -------------------------------------- 72 73 We may process your personal data for the following reasons: 74 75 * to authenticate you during secret recovery 76 * to support you using Anastasis when you contact us 77 78 79 How we share and use the information we gather 80 ---------------------------------------------- 81 82 We may share your authentication data with other providers that assist 83 us in performing the authentication. We will try to use providers that 84 to the best of our knowledge respect your privacy and have good 85 privacy practices. We reserve the right to change authentication 86 providers at any time to ensure availability of our services. 87 88 We primarily use the limited information we receive directly from you to 89 enhance Anastasis. Some ways we may use your Personal Information are 90 to: Contact you when necessary to respond to your comments, answer your 91 questions, or obtain additional information on issues related to bugs or 92 errors with the Anastasis application that you reported. 93 94 95 Agents or third party partners 96 ------------------------------ 97 98 We may provide your Personal Information to our employees, contractors, 99 agents, service providers, and designees (“Agents”) to enable them to perform 100 certain services for us exclusively, including: improvement and maintenance of 101 our software and Services. 102 103 104 Protection of us and others 105 --------------------------- 106 107 We reserve the right to access, read, preserve, and disclose any information 108 that we reasonably believe is necessary to comply with the law or a court 109 order. 110 111 112 What personal information can I access or change? 113 ------------------------------------------------- 114 115 You can request access to the information we have collected from 116 you. You can do this by contacting us at privacy@anastasis.lu. We will 117 make sure to provide you with a copy of the data we process about 118 you. To comply with your request, we may ask you to verify your 119 identity. We will fulfill your request by sending your copy 120 electronically. For any subsequent access request, we may charge you 121 with an administrative fee. If you believe that the information we 122 have collected is incorrect, you are welcome to contact us so we can 123 update it and keep your data accurate. Any data that is no longer 124 needed for purposes specified in the “How We Use the Information We 125 Gather” section will be deleted after ninety (90) days. 126 127 128 What are your data protection rights? 129 ------------------------------------- 130 131 Anastasis would like to make sure you are fully aware of all of your 132 data protection rights. Every user is entitled to the following: 133 134 **The right to access**: You have the right to request Anastasis for 135 copies of your personal data. We may charge you a small fee for this 136 service. 137 138 **The right to rectification**: You have the right to request that 139 Anastasis correct any information you believe is inaccurate. You also 140 have the right to request Anastasis to complete information you 141 believe is incomplete. The right to erasure - You have the right to 142 request that Anastasis erase your personal data, under certain 143 conditions. 144 145 **The right to restrict processing**: You have the right to request 146 that Anastasis restrict the processing of your personal data, under 147 certain conditions. 148 149 **The right to object to processing**: You have the right to object to 150 Anastasis's processing of your personal data, under certain 151 conditions. 152 153 **The right to data portability**: You have the right to request that 154 Anastasis transfer the data that we have collected to another 155 organization, or directly to you, under certain conditions. 156 157 If you make a request, we have one month to respond to you. If you 158 would like to exercise any of these rights, please contact us at our 159 email: privacy@anastasis.lu 160 161 You can always contact your local data protection authority to enforce 162 your rights. 163 164 165 Data retention 166 -------------- 167 168 Information entered into our bug tracker will be retained indefinitely 169 and is typically made public. We will only use it to triage the 170 problem. Beyond that, we do not retain personally identifiable 171 information about our users for longer than one week. 172 173 174 Data security 175 ------------- 176 177 We are committed to making sure your information is protected. We employ 178 several physical and electronic safeguards to keep your information safe, 179 including encrypted user passwords, two factor verification and authentication 180 on passwords where possible, and securing connections with industry standard 181 transport layer security. You are also welcome to contact us using GnuPG 182 encrypted e-mail. Even with all these precautions, we cannot fully guarantee 183 against the access, disclosure, alteration, or deletion of data through 184 events, including but not limited to hardware or software failure or 185 unauthorized use. Any information that you provide to us is done so entirely 186 at your own risk. 187 188 189 Changes and updates to privacy policy 190 ------------------------------------- 191 192 We reserve the right to update and revise this privacy policy at any time. We 193 occasionally review this Privacy Policy to make sure it complies with 194 applicable laws and conforms to changes in our business. We may need to update 195 this Privacy Policy, and we reserve the right to do so at any time. If we do 196 revise this Privacy Policy, we will update the “Effective Date” at the top 197 of this page so that you can tell if it has changed since your last visit. As 198 we generally do not collect contact information and also do not track your 199 visits, we will not be able to notify you directly. However, Anastasis clients 200 may inform you about a change in the privacy policy once they detect that the 201 policy has changed. Please review this Privacy Policy regularly to ensure that 202 you are aware of its terms. Any use of our Services after an amendment to our 203 Privacy Policy constitutes your acceptance to the revised or amended 204 agreement. 205 206 207 International users and visitors 208 -------------------------------- 209 210 Our Services are (currently) hosted in Germany. If you are a user 211 accessing the Services from Switzerland, Asia, US, or any other 212 region with laws or regulations governing personal data collection, 213 use, and disclosure that differ from the laws of Germany, please be 214 advised that through your continued use of the Services, which is 215 governed by the law of the country hosting the service, you are 216 transferring your Personal Information to Germany and you consent to 217 that transfer. 218 219 220 Questions 221 --------- 222 223 Please contact us at privacy@anastasis.lu if you have questions about our 224 privacy practices that are not addressed in this Privacy Statement.