DeFi for Good Foundation
Privacy Policy
In force from 21 May 2025 · Version 2.0
This privacy policy (this ‘Policy’) describes the manner in which DeFi for Good Foundation (the ‘Foundation’, ‘DFG’, ‘we’, ‘us’ or ‘our’) collects, uses, discloses, retains and otherwise processes personal data relating to natural persons (‘you’) in connection with the website located at defiforgood.org together with the content, tools and services made available through it (collectively, the ‘Platform’).
This Policy forms part of, and should be read together with, our Terms of Service and our Cookies Policy. By accessing or using the Platform, you acknowledge that you have read and understood this Policy. Where the processing of your personal data is founded upon consent, that processing will be undertaken only to the extent that you have given such consent.
Identity of the Controller
- For the purposes of applicable data protection law, the Foundation is the controller responsible for determining the purposes and means of the processing of your personal data described in this Policy.
- The Foundation has not appointed a data protection officer. All enquiries concerning this Policy or the exercise of your rights should be addressed to the Foundation using the contact details set out in clause 13.
Scope and Application
- This Policy applies to all personal data which we collect or process when you visit the Platform, complete a contact form, subscribe to communications from us, correspond with us or interact with donation tools linked from the Platform.
- This Policy does not apply to, and we accept no responsibility for, the data-processing practices of any third-party website, decentralised application, protocol or distributed ledger which you access independently of the Platform, even where a link to such a destination appears on the Platform. The processing of your data by any such third party is governed exclusively by its own privacy policy.
Categories of Personal Data We Process
We process the following categories of personal data, collected by the means and in the circumstances described below.
- Personal data which you provide to us directly:
Information provided directly by you Category Examples Source or occasion of collection Contact details Name and electronic mail address Contact form and newsletter subscription Correspondence The content of your messages and any attachments When you write to us Donation information Public wallet address, transaction hash and amount When you donate through a linked third-party platform such as Giveth - Personal data which we collect automatically when you use the Platform:
Information collected automatically Category Examples Purpose Device and connection data Internet protocol address (anonymised), browser type, operating system and screen resolution Platform security and compatibility Usage data Pages visited, duration of visit and referring source Aggregated analytics Cookies and similar technologies Essential and analytics cookies As described in our Cookies Policy
Blockchain Data
Purposes of Processing and Lawful Bases
We process your personal data only where we have a lawful basis for doing so. The purposes for which we process your personal data, and the corresponding lawful bases on which we rely, are set out below.
| Purpose of processing | Lawful basis |
|---|---|
| Responding to your enquiries and correspondence | The performance of a request made by you and our legitimate interest in operating the Platform |
| Sending newsletters and updates | Your consent, which you may withdraw at any time |
| Maintaining, improving and securing the functionality and content of the Platform | Our legitimate interest |
| Producing aggregated and anonymised analytics | Our legitimate interest, the data being anonymised |
| Preventing misuse of the Platform and ensuring its security and integrity | Our legitimate interest and, where applicable, compliance with a legal obligation |
| Complying with applicable law and responding to lawful requests | Compliance with a legal obligation |
We do not sell, rent, trade or otherwise make available your personal data to any third party for that third party’s own commercial purposes.
Third-Party Services
The Platform may link to, embed or redirect you to services operated by third parties, including the following:
- Giveth — donation processing by means of a distributed ledger;
- Google Analytics (Google LLC) — aggregated analysis of Platform usage, where enabled;
- YouTube (Google LLC) — embedded audiovisual content;
- Webflow — hosting and content delivery for the Platform; and
- social media platforms, including LinkedIn, X (formerly Twitter) and Instagram.
Each such third party processes personal data under its own privacy policy and terms, over which the Foundation has no control and for which the Foundation accepts no responsibility. We encourage you to review the relevant policies before interacting with any third-party service.
Disclosure of Personal Data
We disclose personal data only in the limited circumstances described below:
- to service providers whom we engage to operate the Platform, including hosting and analytics providers, in each case bound by appropriate obligations of confidentiality and data protection and permitted to process personal data only on our instructions;
- where disclosure is required in order to comply with any applicable law, regulation, legal process or enforceable governmental or regulatory request; and
- where we consider, acting reasonably, that disclosure is necessary to establish, exercise or defend our legal rights, or to protect the rights, property or safety of the Foundation, the Users of the Platform or the public.
Retention of Personal Data
We retain personal data only for so long as is necessary for the purposes for which it was collected, or for such longer period as may be required in order to comply with a legal obligation or to establish, exercise or defend a legal claim. Our retention periods are as follows:
- contact form submissions are retained for a period of up to twenty-four (24) months following your most recent interaction with us, after which they are deleted;
- newsletter subscription data is retained until you withdraw your consent or unsubscribe;
- analytics data is aggregated and anonymised, and the underlying raw logs are deleted within fourteen (14) months in accordance with the default configuration of Google Analytics; and
- data recorded on a distributed ledger is retained permanently on that ledger and cannot be deleted by the Foundation.
International Transfers of Personal Data
- The Foundation operates on a global basis, and your personal data may accordingly be processed in jurisdictions other than the jurisdiction in which you reside, including the Republic of Panama, being our principal place of processing, and the United States of America, where certain of our service providers are established.
- Where personal data is transferred to a jurisdiction which does not afford a level of protection equivalent to that of your jurisdiction of residence, we rely upon appropriate safeguards, including contractual commitments obtained from the relevant service providers, in order to protect your personal data. By using the Platform you acknowledge that such transfers may take place.
Security of Personal Data
We implement and maintain technical and organisational measures which are appropriate to the nature of the personal data we process and the risks to which it is exposed, including the use of encrypted connections, access controls and secure hosting infrastructure. You acknowledge, however, that no method of transmission or storage is entirely secure, and that we are accordingly unable to guarantee the absolute security of your personal data.
Children’s Data
The Platform is not directed at, nor intended for use by, any person under the age of eighteen (18) years. We do not knowingly collect personal data relating to children. If we become aware that we have inadvertently collected personal data relating to a child, we shall take reasonable steps to delete that data without undue delay. If you believe that a child has provided us with personal data, please contact us using the details in clause 13.
Your Rights
Subject to and in accordance with the data protection law applicable to you, you may have the following rights in respect of your personal data:
- the right of access to the personal data we hold about you and to obtain a copy of it;
- the right to rectification of inaccurate or incomplete personal data;
- the right to erasure of your personal data, subject to any applicable retention obligation and to the inherent immutability of data recorded on a distributed ledger;
- the right to restrict the processing of your personal data in certain circumstances;
- the right to data portability, namely to receive your personal data in a structured, commonly used and machine-readable format;
- the right to object to processing founded upon our legitimate interest; and
- the right to withdraw consent at any time where processing is founded upon consent, without affecting the lawfulness of processing carried out before such withdrawal.
To exercise any of these rights, please contact us using the details set out in clause 13. We shall respond within thirty (30) days, or within such other period as may be prescribed by applicable law.
Do-Not-Track Signals
Certain web browsers transmit ‘do not track’ signals. As there is at present no uniform industry standard governing the manner in which a website should respond to such signals, the Platform does not respond to them. We nevertheless limit our tracking activities to the analytics described in this Policy and in our Cookies Policy.
Governing Law
This Policy, and any dispute or claim (whether contractual or non-contractual) arising out of or in connection with it or its subject matter, shall be governed by and construed in accordance with the laws of the Republic of Panama, consistent with our Terms of Service.
Amendment of this Policy
We may amend this Policy from time to time. Where we make a material amendment, we shall revise the date of effect stated in the title block above. We encourage you to review this Policy periodically. Your continued use of the Platform following the posting of any amended Policy constitutes your acknowledgement of the amended Policy.
Contact
Any enquiry concerning this Policy or the exercise of your rights should be addressed to the Foundation at the contact details set out below.
Electronic mail: contact@defiforgood.org
Website: defiforgood.org