Back to Home

GDPR Compliance

Last updated: December 1, 2024

πŸ‡ͺπŸ‡Ί GDPR Commitment

OnChain Media Labs is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines our commitment to protecting the personal data of individuals in the European Economic Area (EEA) and the United Kingdom.

1
Our Role Under GDPR

Depending on the context, OnChain Media Labs may act as either a Data Controller or Data Processor:

Controller

Data Controller

When we determine the purposes and means of processing personal data (e.g., for our own marketing or customer relationship management)

Processor

Data Processor

When we process personal data on behalf of our clients according to their instructions

2
Lawful Basis for Processing

We process personal data based on the following lawful bases:

βœ… Consent

When you have given explicit consent for specific processing

πŸ“„ Contract

When processing is necessary to fulfill a contract with you

βš–οΈ Legal Obligation

When we are required by law to process your data

🎯 Legitimate Interests

When we have a legitimate business interest that does not override your rights

3
Your GDPR Rights

If you are in the EEA or UK, you have the following rights:

πŸ‘οΈ Right of Access: Request a copy of your personal data
✏️ Right to Rectification: Request correction of inaccurate data
πŸ—‘οΈ Right to Erasure: Request deletion of your personal data
⏸️ Right to Restrict Processing: Request limitation of data processing
πŸ“¦ Right to Data Portability: Request transfer of your data
🚫 Right to Object: Object to processing based on legitimate interests
↩️ Right to Withdraw Consent: Withdraw consent at any time

4
Data Protection Measures

We implement appropriate technical and organizational measures including:

Encryption of personal data in transit and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Staff training on data protection
Data Protection Impact Assessments for high-risk processing

5
International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

πŸ“‹ Standard Contractual Clauses (SCCs) approved by the European Commission
🏒 Binding Corporate Rules where applicable
βœ… Adequacy decisions for countries with adequate data protection

6
Data Protection Officer

Data Protection Officer

[email protected]

7
Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

8
Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, you may contact the supervisory authority in your member state.

If you have any questions about this policy, please contact us at [email protected]