cardano foundation logo

Privacy Policy

1. Who we are

Cardano Foundation (Cardano Stiftung) is a not-for-profit organisation based in Zug, Switzerland, tasked with advancing the Cardano blockchain as a public infrastructure across a wide range of industries. Our registered address is: Cardano Stiftung, Dammstrasse 16, 6300 Zug, Switzerland.

2. Scope of this Privacy Policy

This privacy policy (“Policy”) explains and sets out the basis for why and when we collect personal information about the people who visit our websites www.cardanofoundation.org and www.cardano.org and associated subdomains (the “Websites”), and/or interact with us in any other way. It also applies to login-based services directly accessible via the Websites, such as Cardano Academy (available at https://learn.academy.cardanofoundation.org) (“Cardano Academy”) and, where specified, to certain Foundation-operated websites and login-based services accessible through separate domains, such as Reeve (“Reeve”) (together, the “Services”). This Policy explains and sets out how we use personal data, the conditions under which we may disclose it to others and the measures we take to keep it secure.

If you transmit or disclose data about other persons such as family members, employees, work colleagues, etc., we assume that you are authorized to do so, that this data is correct and that we may process it as described here. By transmitting such data, you confirm this. Please also ensure that these third parties have been informed of this Policy.

We may amend this Policy from time to time so please check it occasionally to ensure that you are aware of any changes.

3. How you can contact us

Please use the following contact information to report any concerns related to data protection:
FAO: Cardano Stiftung, Rykestraße 26, 10405 Berlin, Germany
privacy@cardanofoundation.org

4. How we collect information about you

We obtain information about you when you use our Websites, when you contact us by e-mail, web form, live chat or other means of communication, or if you register to receive one of our newsletters, attend an event or use any other of our services.
You are not obliged to disclose your personal data to us. However, we may need certain information in order to interact with each other. For example, we may not be able to provide certain contractual services or respond to inquiries if we do not receive the necessary information.

We may collect and process the following types of information about you:

4.1 Information you provide us

You may provide us with personal information by filling in forms on our Websites, register for and log into our Services, or by corresponding with us by e-mail, web form, live chat, phone, letter or other means of communication. We collect the data exchanged between you and us, including your contact details and the marginal data of the communication. The personal information you provide may include, in particular, your name, email, messages, address, phone number, IP address, language preference and information regarding the pages you access.

4.2. Information we collect about you

When you visit our Websites we may collect information about your IP address, information about your visit, your browsing activity, and how you use our Websites, including log files, date and time at the time of access, URL, amount of data sent in bytes, source/reference from which you reached the page, browser used, operating system used. This information may be combined with other information you provide.

We may collect and process the following categories of personal data when you use our Services:

  • Account Data: Full name, gender, date of birth, age or age range, photo/ avatar, email address, phone number, and user credentials;
  • Payment and Transaction Information: such as data about your billing address and method of payment, like bank details, credit, debit, wallet or other payment card information or data about purchases and services or transactions facilitated by Us;
  • Usage Data: Information on how you use Reeve, including login times, feature usage, and interactions;
  • Technical Data: IP address, browser type, device information, and cookies;
  • Uploaded Data: Content you provide by uploading files (e.g., CSVs) or through ERP system integration. This may include structured records such as invoices or financial entries, which could contain personal data of individuals. You are responsible for ensuring that any such data is lawfully shared with us and does not violate data protection obligations;
  • Support Data: Information you provide when contacting us for support;
  • Inference Data: Data such as your preferences for receiving marketing communications and details about how you engage with them, as well as information relating to your demographics and interests;

4.3 Information we receive from other sources

We may receive information about you if you use any other websites we, or our partners, operate. We also work with third parties (including, contractors, project partners, service providers, analytics providers) and may receive information about you from them. This may be combined with other information you provide to us.

5. Use of Services and Special User Considerations

Some of our Services such as Reeve include features that allow users to publish selected Uploaded Data to the blockchain.

5.1 Blockchain publishing responsibilities

When using these features, you are responsible for ensuring that any data you submit for publication complies with applicable data protection laws. We strongly encourage you to implement appropriate internal controls and data governance practices to support this responsibility. Please note:

  • Data published to a blockchain is immutable and may become permanently and publicly accessible. Once data is written to the blockchain, it cannot be modified or deleted.Data published to a blockchain is immutable and may become permanently and publicly accessible. Once data is written to the blockchain, it cannot be modified or deleted.
  • Services are not intended for the publication of personal data to the blockchain. Users are responsible for ensuring that no personally identifiable information (PII) is included in Uploaded Data submitted for publication.
  • The Cardano Foundation does not control the blockchain environment and disclaims any responsibility or liability for content users choose to publish.
  • The Cardano Foundation does not control the blockchain environment and disclaims any responsibility or liability for content users choose to publish.

5.2 Reeve

To mitigate the risks associated with publishing sensitive or personal data:

  • Reeve includes built-in safeguards, including features designed to support Uploaded Data anonymisation before publication;
  • Reeve requires that Uploaded Data be reviewed and approved by authorised users within your organization before it is submitted to the blockchain;

Reeve is not intended to be used for storing or processing personal data beyond what is necessary for its operational purpose. While Reeve may process personal data that is imported from ERP or accounting systems (for example, personal identifiers in invoice records), you are responsible for ensuring that any personal data included in imported records complies with applicable data protection laws, and that such personal data is not published to the blockchain via Reeve.

6. How your information is used

We may use personal information about you for the following purposes:

  • to process orders, manage relationships with customers and suppliers and fulfil contractual obligations (Article 6 para 1 letters a and b GDPR if applicable);
  • to operate and maintain our Website and Services, including account creation and administration, communicating with users about service updates, providing technical support, and responding to inquiries. We may also use your data to monitor, improve, and enhance these Services/Website over time (Article 6 para 1 letters b and f GDPR if applicable);
  • to send you personalised communications which you have requested and that may be of interest to you, which may be based on your activity on our Websites or the website of our partners. These may include information, suggestions and recommendations about new offers, campaigns, activities and events (Article 6 para 1 letters a and b GDPR if applicable);
  • to understand and measure the effectiveness of how we serve you and others (Article 6 para 1 letters b and f GDPR if applicable);
  • to process employment contracts, and for recruitment activities (e.g. names, addresses and other contact details, IDs, CVs, certificates, references; Article 6 para 1 letters b, c and f GDPR if applicable);
  • to ensure compliance with legal obligations and official orders, including communication with authorities and courts; enforcement of and defence against legal claim (Article 6 para 1 letter f GDPR if applicable).

7. Newsletters

The provisions of this Policy also apply to the request for and sending of our newsletter.

The newsletter will only be sent after prior request by the user in the so-called “double opt-in procedure” (request on our Websites and confirmation of a corresponding request e-mail).

Users of the newsletter are also assigned a UserID, which allows Cardano Foundation to determine when the relevant newsletter was opened and which links or functions from the relevant newsletter were activated. This tracking is done for internal optimization of the newsletter. The legal basis for processing is Art. 6 para. 1 a GDPR (if applicable), whereby Cardano Foundation’s authorization arises from the fact that, on the one hand, a concerned person can reasonably foresee at the time when the personal data is collected and in view of the circumstances under which it is carried out that it will possibly be processed for this purpose. The user has the right to withdraw his or her consent at any time. If the user of the newsletter does not wish to receive this tracking, he/she can unsubscribe from the newsletter. To do so, simply unsubscribe via the link in the newsletter or send an e-mail to privacy@cardanofoundation.org. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Use of cookies

Our Websites use cookies to distinguish you from other visitors of our website. Cookies are small text files that may be stored on your computer (or other internet enabled devices, such as a smartphone or tablet). They are sent by a server to your computer and stored on your hard drive to allow a website to recognise you when you visit.

Cookies can be used by our Websites to optimize the user's experience. Our Websites use different types of cookies. We use both first-party and third-party cookies on our website. First-party cookies are set by or on behalf of us to operate and improve the site. Third-party cookies are set by external service providers whose content or tools appear on our website (e.g., analytics, social sharing tools). These third parties may also place cookies if you interact with their content or follow links from our site. We use cookies to personalize content, to provide social media features and to analyse our traffic. This improves your experience when you browse our Websites and allows us to improve the service we provide.

We also use cookies to create statistical evaluations of the use of our Websites. For this purpose, we use third-party services (such as Matomo analytics, Google Analytics or similar services) that measure and evaluate the use of the Websites. Aggregated information is used that does not allow the individual user to be identified. However, the third-party provider (e.g. Google) may track your use of the Websites, combine this data with data from other websites that are also tracked by this third-party provider, and use this information for its own purposes and, if necessary, assign it to you. This third-party provider is responsible for the processing of your personal data by this third-party provider and its data protection provisions apply.

We also share information about your use of our Websites with our social media and analytics partners (such as Google Analytics, HotJar or similar services). Aggregated information is used that does not allow the individual user to be identified. However, the third-party provider (e.g. Google) may track your use of the Websites, combine this data with data from other websites that are also tracked by this third-party provider, and use this information for its own purposes and, if necessary, assign it to you. This third-party provider is responsible for the processing of your personal data by this third-party provider and its data protection provisions apply.

Cookies on our Websites may be either session or persistent cookies. Session cookies expire when you close your browser. Persistent cookies remain on your device after your session ends and are used to remember your preferences across visits. These cookies remain active for a set period, which does not exceed 13 months.

You can at any time change or withdraw your consent from the cookie declaration on our Websites. Your consent applies to the following domains: cardanofoundation.org, cardano.org. If you do not want us to use cookies during your visit, you can deactivate their use in your browser settings. In this case, certain parts of our Websites (e.g. language selection) may not function or may not function fully.

We use the following type of cookies:

8.1 Strictly necessary cookies

These cookies are necessary for the Website or Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. These cookies enable basic functions like page navigation and access to secure areas of the Websites or Services. The Websites or Services cannot function properly without these cookies.

8.2 Targeting cookies

These cookies may be set through our Websites or Services by our advertising partners. Marketing cookies are used to track visitors across websites. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

8.3 Performance cookies

These cookies are usually referred to as statistical cookies and allow us to count visits, traffic sources so we can measure and improve the performance of our Websites or Services. They help us to know which pages are the most and least popular and see how visitors move around the Websites. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.

9. Who has access to your information

We do not pass on personal data to third parties without the consent of the person concerned, unless this is necessary for the purposes described in this Policy and except to third parties such as service providers, agents, subcontractors and other associated organisations engaged by us for processing for the purposes of completing tasks and providing services to you on our behalf, or if we are legally obliged to do so or if it is necessary to protect our interests, e.g. to combat abuse or to protect the law, to authorities or other third parties and within the framework of tracking technologies as described in this Policy.

These providers may include, for example, IT and analytics service providers, certification bodies, and customer support tools. Some of the Services we offer may be operated on infrastructure provided by third-party service providers. For example, our Cardano Academy platform is hosted by a third-party provider acting on our behalf.
If we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure.

10. Where we store your personal information

The data that we collect from you may be transferred to, and stored in, a country outside the European Economic Area (EEA), i.e. worldwide, in particular Switzerland, the United Kingdom and the USA. The laws in some countries may not provide the same legal protection for your information as in the EEA. In these cases, we only transfer personal data after we have implemented the legally required measures, such as the conclusion of standard contractual clauses on data protection or obtaining the consent of the data subjects. If you are interested, the documentation on these measures can be obtained from the address mentioned above.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information; any transmission is at your own risk. Once we have received your information, we will use good procedures and strong security features to try to prevent unauthorised access.

11. How long will we keep your data

We will hold your personal information on our systems for as long as is necessary for the relevant activity. They are then either deleted or anonymized, unless we need them for longer in exceptional cases, e.g. due to statutory retention and documentation obligations or our legitimate interests, e.g. to protect rights to which we are entitled or to defend against claims.

12. Links to other websites

Our Websites may contain links to other websites run by other organisations. This Policy applies only to our Websites‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be made responsible for the privacy policies and practices of other websites even if you access them using links from our Websites.

If you linked to our Websites from a third party website, we cannot be made responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that website.

13. Security measures to protect your information

We take appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of personal data. We use strict procedures and security features, including encryption techniques, and take all steps reasonably necessary to ensure that personal data is processed securely and in accordance with this Policy.
Non-sensitive details such as your email address may be transmitted unencrypted over the Internet, and so may not be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

14. Your choices and your rights

You have the right to request a copy of your personal data as well as the right to have your personal data corrected or deleted.

Under certain circumstances, you have the right to request that we restrict processing or hand over the data to you and the right to object to processing by us in general.
If our processing is based on your consent, you have the right to withdraw this consent at any time with effect for the future.

You may also have the right to receive a copy of the personal data in a machine-readable format or to send the personal data to another controller.

You can exercise your rights by contacting us (see above).

You have the right to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner. Competent data protection authorities of EU countries can be accessed through this link.

15. Review of this Policy

We keep this Policy under regular review. In case of a revised version, we will inform you of the change in a suitable form (e.g. by posting it on our Websites or sending you an e-mail) and the new version will become binding upon publication on our Websites.

Last updated: 1 July 2025