BerChain Privacy Policy

When does this Privacy Policy apply?

This Privacy Policy applies to Personal Data you voluntarily provide to BerChain, or is being collected by BerChain.

Data Controller

The Data Controller is BerChain e.V., Rheinsbergerstr. 76/77, 10115 Berlin, Germany (“BerChain”, “we”, “us”).

What does BerChain do with my Personal Data?

BerChain will process the Personal Data provided hereunder only as set out hereafter:

1. Process your application for joining our Slack group, and granting you access.

Upon receiving a request from you to join our Slack group, we collect your Name, Email, and Social Media profile for the purpose of screening your request. We also ask you about a few details about your background and intentions. These details are essential for us to (manually) determine your suitability to join our group. We regard the collection of these details the provision of a (free) contract, under which we allow you to access the Berchain.com Slack group. The legal base for this processing is the performance of a contract (Art. 6.1b GDPR). We therefor only ask you to accept our privacy policy in the sign up procedure, and don’t ask you for consent (as we don’t require it under this base).

2. Ensuring compliance

BerChain will have to comply with all applicable laws and regulations, including, but not limited to those of the European Union and Germany. For this reason we may have to collect, process and retain your details for an extended period of time as a legal obligation (Art 6c, GDPR).

3. Server administration

Your IP address and your page requests are stored in log files for a duration of maximum 14 days on our servers for the reason of preventing fraud, abuse, and security incidents, as well as monitoring the performance of our servers. After 14 days, these log files will be automatically deleted. This constitutes a legitimate interest (Art 6f) under the GDPR.

4. Contact by e-mail

If you contact us by e-mail, the data you give us will be stored so that we can take care of your request and respond to you if necessary. This is your e-mail address and usually your name, if you have told us, but also any other contact information you give us, as well as your request to contact us. Of course, this applies to all contacts, not only those in connection with data protection. Once we no longer need this information to help you, we will delete it within a few days. There is only one exception: we have to store some information because the law requires us to do so (e.g. because of commercial storage obligations). In these cases, however, we limit the processing and access to your data as far as possible. For the sake of completeness, we would like to point out that unencrypted e-mails are not completely protected from unauthorized access by third parties.

5. Website Analysis

We also use the web analysis tool Google Analytics. Google evaluates the user behaviour on this website on our behalf. This allows us to track how long a visitor stays on our website and exactly which pages he has visited. This way we can see which of our sites are the most popular and which we can make even better. Pseudonymous user profiles can also be created. For these purposes, Google uses cookies to transmit usage information to Google servers in the USA. Before that, however, your IP address is shortened on our website via a special script (the last digits are deleted). This shortened IP address will be transmitted to Google servers in the USA, but can then no longer be associated with your person there. The IP address is also shortened via Google, but only in exceptional cases in the USA. As a rule, the reduction takes place on servers within the EU or other signatory states to the Agreement on the European Economic Area. According to Google, the complete IP address transmitted will not be merged with any other data that Google holds about you.

Please refer to the Privacy Policy and other policies from Google.

You can prevent Google Analytics from saving cookies by disabling cookies in your browser settings. This can also be done in modern browsers exclusively for Berchain.com. For the exact settings, please consult the help and support area of your browser provider. There are also two other ways you can tell Google Analytics not to store cookies on your computer. First, you can download a free browser plugin here and install it. However, this only works if you visit this page via a desktop browser. If you visit us mobile, you can also have an Opt-out-Cookie set, which also prevents tracking. However, remember that you must do this again on every device you use to visit us, and also every time you have deleted your cookies in the meantime.

6. Event Registration

If you register for an event with us, we ask you te register through Meetup of Typeform (see Data Processors) so we can plan our events accordingly and make your visit to our events the best possible experience. We may also contact you leading up to the event to remind you or to update you on the latest details, and once after the event to share relevent information. This data is considered to be processed under the legal base or Article 6b, performance of a contract. We will delete this data within 60 days after conclusion of the event. At our events, we may also take photos for promotional purposes. You can at all times object to this. If you don’t object, we will process these under Article 6f, legitimate interest. Our legitimate interest is the promotion of our events and activities.

Where we organise events in collaboration with other organisations, we may share your contact details with them if required for organisational purposes, for example for security or registration.

7. Signing Contracts

We use DocuSign for the signing contracts. DocuSign has approval for Binding Corporate Rules (BCRs) – both as a data processor and as a data controller – from the EU Data Protection Authorities (DPA). DocuSign is also committed to delivering world-class security that meets or exceeds US and international requirements, including the US ESIGN act, European Union Directive 1999/93/EC, and European Regulation 910/2014 (also known as eIDAS). DocuSign’s Security and Trust Assurance Packet (STAP) includes reports from third-party auditors and provides detail on DocuSign’s external certifications and compliance with industry standards. You can find more info about how DocuSign protects privacy under GDPR here.

In addition we process the company or individual name and sometimes the contact name mentioned on the invoice for a period of 10 years. The legal bases for this processing is the performance of a contract (Art. 6(1)(b)) and the legal requirement of complying to financial regulations (Art. 6(1)(c)).

Data Processors

For the provision of our service, we make use of the following external service providers with whom we have concluded a Data Protection Agreement:

• Vultr Holdings Corporation, New Jersey, USA. Used as virtual hosting provider for our website, data stored in Europe.
• Slack Technologies Inc, California, USA. For the provision of the Slack group. Data is exported to the USA under the EU-US Privacy Shield. More information on the EU-US privacy shield can be found here on the website of the EU-US Privacy Shield and here on the website of the European Commission .
• TYPEFORM, S.L., Bac de Roda 163, 08018 Barcelona, Spain. Used to collect RSVP information for events and for the initial application to become a member of BerChain. Typeform is based in Spain and processes data in the European Union.
• DocuSign Inc. 2019, 221 Main St., Suite 1550, San Francisco, CA 94105, USA
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the provision of web analytics (“Google Analytics”) and for internal use of the Google gSuite/Google Docs. Data may be exported to the US under the EU-US privacy shield. Further information about Google’s registration and certification can be found here on the website of the EU-US Privacy Shield.

Data subjects’ rights

You can request from BerChain at any time information about which Personal Data BerChain processes about you and the correction or deletion of such Personal Data. Please note, however, that BerChain can delete your Personal Data only if there is no statutory obligation or prevailing right of BerChain to retain it.

If BerChain uses your Personal Data based on your consent or to perform a contract with you, you may also request a copy of the Personal Data that you have provided to BerChain, and you may request us to transfer this data in a common machine readable format to another provider as well. In this case, please contact us at privacy@berchain.com and specify the information or processing activities to which your request relates. BerChain will carefully consider your request and discuss with you how it can best fulfil it.

Furthermore, you can request that we restrict your Personal Data from any further processing if:

• You are contesting the accuracy of the Personal Data we hold about your, for as long as we need to verify this claim.
• If you believe the processing of the data is unlawful, but you oppose the erasure of the data and request restriction of processing instead.
• If we no longer need your Personal Data for the original purpose, but you need them for the establishment, exercise or defense of legal claims.
• If you have objected to the use of your data according to Art. 21 GDPR, while we verify if our legitimate grounds for processing your data override yours.

Please direct any such request to privacy@berchain.com

Right to lodge a complaint

If you believe that BerChain is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country in which you live or with the data protection authority of the country or state in which BerChain has its registered seat.

Use of this website by children

This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.

Links to other websites

This website may contain links to foreign (meaning non-BerChain companies and organisation) websites. BerChain is not responsible for the privacy practices or the content of websites other than BerChain’s. Therefore, we recommend that you carefully read the privacy statements of such foreign sites.