Privacy Policy
LAST UPDATED: 24TH MAY 2023
Who are we?
Creds is a product powered by cheqd, a software company with a mission to create the go-to incentivised decentralised identity network for digital credentials, which rewards all parties in the ecosystem, whether institutional or individual.
Cheqd Limited is the Data Controller for the product Creds, overseeing personal data and personally identifiable information collected and processed by the Creds website, products and services. This means that Cheqd Limited stores and manages personal data on behalf of individuals, Data subjects.
Hereafter, Creds and Cheqd Limited will be described using terminology such as “we”, “us”, “our”.
Cheqd Limited can be found at:
Cheqd Limited
Craigmuir Chambers,
Road Town,
Tortola,
VG 1110,
British Virgin Islands
General questions: contact@cheqd.io
Legal questions, or questions relating to this Privacy Policy: legal@cheqd.io
What data do we collect?
We collect your personal information in order to provide and continually improve our products and services.
Here are the types of personal information we collect:
- Information you give us: We receive and store any information you provide in relation to cheqd’s services. This information may comprise of:
- Your name,
- Your email address,
- Your IP address,
- Relevant metadata relating to your time on cheqd’s website,
- Conversation history with cheqd.
- Automatic information: We automatically collect and store certain types of information about your use of cheqd’s website, including your interaction with content hosted on our website. However, we do not use cookies; instead, we collect data in a privacy preserving way using Plausible as described below in the section on Third Party processors.
- Information provided to us by a third party: In the course of business with cheqd, it is reasonably foreseeable that we may receive personal data from an external source or third party.
How will we use your data?
Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to cheqd, and as such, it is important to lay out exactly how we use your data.
- To carry out business activities: Creds processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;
- To facilitate effective use of our identity services: Creds may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;
- To communicate effectively with you: Creds collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with Creds in the past;
- To conduct analytics: Creds uses analytics on aggregated anonymized data so we can continually improve our website and keep it secure;
- To market our services: If consented to, Creds will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have opted in, you can always choose to opt-out later;
- To act on a business change: If Creds become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, re-organisation, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;
- To act on a request for necessary disclosure: Creds may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or Creds from unlawful abuse or attacks.
Third party service providers:
We use some third parties to perform functions on our behalf. Examples include analysing data, providing marketing assistance, transmitting content, storing personal data in secure ways. These third-party service providers have access to personal information needed to perform their functions, but may not use it for other purposes.
Further, they must process the personal information in accordance with this Privacy Policy and as permitted by applicable data protection laws. If processors in a third country (not within the EU) perform the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seq. GDPR).
The third parties we use to process personal data are as follows:
- Pipedrive
Pipedrive is a private limited company established under the laws of the Republic of Estonia, with the address Paldiski mnt 80, Tallinn, 10617, Estonia. The company is registered in the Estonian Commercial Register under reference number 11958539, and a subsidiary of Pipedrive US. For this purpose, we have entered into a contract with Pipedrive using so-called standard contractual clauses, in which Pipedrive undertakes to process User Data only following our instructions and to comply with the EU level of data protection.
You can access Pipedrive’s privacy policy here: https://www.pipedrive.com/en/privacy.
Your data will be deleted from the Pipedrive CRM tool once we have processed your request and the purpose for storing it has ceased to exist, and there are no other legal exceptions to the contrary. You can get information about the data stored concerning your person upon request.
During use, the following data in particular is processed via Pipedrive servers: name, address, communication data (such as telephone number, mobile phone number), customer number and e-mail address of the contact persons.
Other information:
Customer terms of service | Legal | Pipedrive
Privacy notice | Legal | Pipedrive
- Cloudflare
We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).
Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyse data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).
As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Other information:
Privacy Policy | Legal | Cloudflare
Plausible
We use Plausible analytics to collect information about how visitors use our website, which we use to help improve it – while respecting the privacy of our visitors. Plausible records information in aggregate in a privacy-friendly manner without the use of cookies. No personal data or personally identifiable information (PII) is stored.
This service allows us to see the number of visitors to the site, where visitors have come to the site from and the pages they visited. You can learn more about Plausible Analytics here.
Plausible may be found at Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia. Registration number 14709274.
Other information:
Data Policy | Legal | Plausible
Kinsta
We have chosen Kinsta as our trusted data processor to host our website. Kinsta specialises in website hosting and infrastructure solutions and operates in accordance with a data processing agreement that ensures compliance with data protection laws.
Kinsta collects and processes limited personal information, such as IP addresses and browsing details, solely for the purpose of hosting and maintaining our website, while implementing rigorous security measures to protect this data. Kinsta may transfer and process personal information internationally with appropriate safeguards in place.
We use Kinsta’s hosting facilities via their London data centre, meaning there is no cross-border data transfer outside of the UK/EU.
Other information:
Privacy Policy | Legal | Kinsta
Mailchimp
Our sign-up service allows visitors to learn more about our company, schedule a product demo, receive newsletters and provide their contact information.
This information is stored on servers operated by Mailchimp, acting as a data processor. We may use it to contact visitors to our website and determine which services or offers are of interest. All information we collect is subject to this privacy policy. We use all information collected solely to optimise our marketing.
Mailchimp and its affiliates own and operate servers in world-class data centres located in the United States. In addition, they leverage third-party vendors who process personal information on our behalf. Their processing facilities are located in the United States and in other international locations to provide services to Mailchimp.
You can view the full list of sub-processors they use to process their members’ data, along with details of their location.
As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Other information:
Standard Terms of Use | Legal | Mailchimp
Typeform
We may use Typeform, a service provided by TYPEFORM S.L., c/ Pallars 108 (Aticco – Typeform), 08018 – Barcelona, Spain (“Typeform”) for our contact forms or for surveys.
Typeform processes the data you provide via the contact form on our behalf. In addition, information about your terminal device (IP address, device information, operating system, browser settings) as well as usage data such as date and time when you used the contact form are collected with the help of cookies. Typeform needs this data to ensure the presentation of the contact form and its functionality. You can find more information on data processing by Typeform at: https://www.typeform.com/help/a/what-is-gdpr-360029580771/
Other information:
Intercom
We may use Intercom, a service provided by Intercom Inc., located at 55 2nd Street, 4th Floor, San Francisco, CA 94105, United States (“Intercom”), for various purposes. Intercom provides a range of services including live chat, customer support, user engagement, and marketing communications. When you interact with Intercom on our website, Intercom collects and processes the data you provide, such as your name, email address, and messages, on our behalf. Additionally, Intercom may collect information about your device (such as IP address, device information, operating system, and browser settings) and usage data (such as the date and time of interactions). This data is necessary for Intercom to deliver its services, enhance user experience, and ensure the proper functioning of its features. For more information about Intercom’s data processing practices.
Other information:
Storj
We may use Storj, a decentralised cloud storage service provided by Storj Labs Inc., 1450 W Peachtree St NW #200 PMB 75268, Atlanta, GA 30309, United States, for our storage needs. Storj operates a distributed network where data is securely stored across multiple nodes owned by individuals or organisations. When you upload data to Storj for storage, Storj processes and encrypts the data on our behalf. Storj also collects certain technical information related to your usage, such as file size and access timestamps, for the purpose of optimising the storage and retrieval process. This information is stored securely and is used solely for internal analytics and operational purposes. Storj maintains strict confidentiality and does not access or disclose your data without your explicit permission.
Other information:
Walt.id
We may use Walt.ID, a digital identity management service provided by walt.id GmbH, for managing verifiable credentials and enabling self-sovereign identity (SSI) solutions. We may utilise their SSI Kit software development kit (SDK) to issue and manage verifiable credentials securely. When you interact with Walt.ID for identity verification or credential issuance, Walt.ID processes the necessary data on our behalf. This may include personal information such as your name, contact details, and other relevant data required for identity verification and credential management. Walt.ID takes appropriate measures to ensure the security and confidentiality of the data provided. They do not use or disclose the data for any purposes other than facilitating the issuance and management of Verifiable Credentials.
You can find Walt ID at walt.id GmbH. Address: Liechtensteinstraße 111-115, Vienna (1090), Austria.
Other information:
Legal basis for processing personal data
The GDPR requires a legal basis for our use of personal data. Our legal basis varies depending on the specific purpose for which we use personal information. We may potentially use:
- Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.
- Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;
- Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.
- Compliance with a legal obligation when we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.
Third-country transfers of personal data
These consist of transfers out of the European Economic Area. Whenever we transfer personal information to countries outside of the European Economic Area, we ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection. We rely on European Commission adequacy decisions or use contracts with standard safeguards published by the European Commission.
What are your data rights?
If you have personal data processed by cheqd, you are a ‘data subject’. As a data subject, you have a number of rights which we, cheqd, as the data controller for your data, must uphold.
Right to information (Art. 15 GDPR)
Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes, at no added cost.
Right to rectification (Article 16 of the GDPR)
The data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure (Art. 17 GDPR)
The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.
Right to restriction of processing (Art. 18 GDPR)
The data subject has the right to request the controller to restrict the processing of his/her data.
Right to data portability (Art. 20 GDPR)
The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
Right to object (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.
If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at:
Contact email: legal@creds.xyz
How long do we keep your data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
For further information, visit: allaboutcookies.org
How do we use cookies?
Creds does not use any third-party cookies. This was a conscious decision to best up-hold the privacy of our customers and visitors. You can check this for yourself by searching for our website here.
Children
Creds’s services are not directed to children and/or persons under the age of majority in their respective jurisdictions. Creds do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.
Changes to our privacy policy
We keep our privacy policy under regular review and place any updates on this web page.
How to contact us
If you have any questions about our Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at:
General questions: contact@cheqd.io
Legal questions, or questions relating to this Privacy Policy: legal@cheqd.io
Mail address:
Cheqd Limited
Craigmuir Chambers,
Road Town,
Tortola,
VG 1110,
British Virgin Islands