This privacy policy (“Privacy Policy”) is effective as of the date shown above, and describes how VeChain Foundation San Marino S.r.l. (“VeChain,” “we,” “our,” or “us,”) collects, uses, shares and otherwise processes information collected about you in connection with the website at STARGATE (herein referred to as “STARGATE”), and your rights and choices regarding such information. These terms apply to the Interface and any other online location that links to this Privacy Policy (collectively, the “Services”).

If you are a data subject in the United Kingdom (“UK”) or any part of the European Economic Area (“EEA”) and/or in any case Regulation (EU) 2016/679 applies (“GDPR”), please also see paragraph 10 below entitled Additional Disclosures for People in Europe.

PRODUCT OVERVIEW

STARGATE is a Web3 application that connects to the VeChainThor Blockchain or other authorized blockchains by VeChain (the “Blockchain”) and is provided under the STARGATE Terms of Use (“Terms”). 

STARGATE is VeChain’s next-generation staking platform, designed to transform how users participate in the VeChainThor network. It introduces a novel approach by using NFTs as staking collateral, creating a dynamic and transparent framework for delegation, reward distribution, and governance.

THE INFORMATION WE COLLECT ABOUT YOU

We do not collect, store, or track any personal data through the STARGATE Services by default. We do not use cookies, analytics tools, or third-party services that monitor user behavior. However, when you interact with the STARGATE Services, certain technical information is publicly and immutably recorded on the blockchain. This includes, but is not limited to:

• Wallet addresses involved in transactions

• Transaction metadata, such as date, time, and amounts transferred

This information is not collected or stored by us, but is inherent to the operation of public blockchain networks. While this data may be considered personal data under certain legal frameworks, we do not process, aggregate, or attempt to associate it with any individual.

We access blockchain data only as needed to provide core functionality, such as validating transactions and ensuring service availability.

In cases where you voluntarily contact us, we may collect and retain:

• Your email address

• The subject and content of your inquiry

• Any attachments or other information you choose to provide

This information is used solely to respond to your inquiry and is never shared with third parties.

We are committed to maintaining a minimal data footprint and respecting your privacy at all times.

HOW WE USE THE INFORMATION WE COLLECT ABOUT YOU

We use the information we collect from and about you for the following business purposes:

(a) To provide, maintain, improve, and enhance our Services;

(b) To find and prevent fraud, and respond to trust and safety issues that may arise; and

(c) For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

(d) We do not use your personal data for targeted marketing or sell your data to third parties for advertising purposes. However, we may use aggregated, anonymized data for internal analytics to improve STARGATE’s performance. Any future marketing-related data usage will require explicit user consent.

For information on your rights and choices regarding how we use personal data about you, please see the paragraph 5 below entitled Your Rights and Choices.

SHARING OF PERSONAL AND NON-PERSONAL DATA

We do not collect personal data in the course of providing the STARGATE Services. However, due to the nature of blockchain technology, some technical information related to transactions may be publicly accessible. We describe below the limited circumstances under which data may be visible or shared: 

(a) Cookies and Third-Party Services. We do not use cookies, tracking pixels, analytics tools, or any third-party services that collect or process user data. All interactions with the STARGATE Services occur directly between your device and the blockchain. No personal data is collected, stored, or transmitted by us or any external provider.

(b) Blockchain Platform. When you engage in a transaction that is recorded on the Blockchain, certain information that may be considered personal data related to that transaction will be published on the blockchain and may be accessible to third parties not controlled by VeChain, and will be recorded on the Blockchain permanently across a wide network of computer systems and be incapable of deletion. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal data, especially when blockchain data is combined with other data;

(c) Business Transfers. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition, business combination of all or any portion of our business or assets, change of control, or a transfer of all or a portion of our business or assets to another third party (including in the case of any bankruptcy proceeding);

(d) Legal Disclosure. Under certain circumstances, we may be required to cooperate with legal investigations and/or we may be subject to legal requirements to disclose information collected through the Services, such as a by court or a governmental agency. We may also disclose personal data to investigate any violation or potential violation of the law, this Privacy Policy, or applicable STARGATE Terms of Use or to protect or defend the rights and property of VeChain; and if GDPR applies to you, you can also contact us to receive additional information on subjects for we share your personal data.

DATA SECURITY

VeChain utilizes end-to-end encryption for both data transmission and storage to protect sensitive user information. While we implement industry-standard security measures to safeguard the Services and prevent unauthorized access, alteration, or misuse of personal data, we encourage users to follow best security practices. However, as internet transmissions are not entirely secure, we cannot guarantee the absolute security of information collected, transmitted, or submitted through the Services. We will not be responsible for loss, corruption or unauthorized acquisition or misuse of information that you provide or that we collect through the Services that is stored by us or our Services providers, or for any damages resulting from such loss, corruption or unauthorized acquisition or misuse.

Please note that any transactions made on the Blockchain while using your STARGATE are permanently recorded on the Blockchain, and using the Services will have no effect on the Blockchain ledger or any digital assets still associated with your STARGATE.

CHILDREN’S PRIVACY

STARGATE is not directed towards, nor was it designed to attract the attention of any children, and we do not knowingly collect or maintain personal data from any person under the age of thirteen.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Services indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address, by informing you about such changes through our website and/or via other channels we may use to communicate with you.

CONTACT US

Please contact us at support@stargate.vechain.org if you have any questions or concerns about this Privacy Policy.

ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN EUROPE

(a) Roles

GDPR and data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). VeChain acts as a controller with respect to personal data collected as you interact with our Services;

(b) Lawful Basis for Processing

GDPR and data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include the following:

(i) To fulfill our obligation in the contract between you and VeChain. To use STARGATE, you and VeChain entered into an agreement under the STARGATE Terms of Use, and in order for VeChain to fulfill its obligations with respect to providing the Services under such agreement, we may  reference publicly available transaction information on the blockchain, such as wallet addresses and transaction events. We do not collect, store, or retain this data—rather, we access it only as necessary to enable core features of the Services. 

(ii) To comply with law. In limited circumstances, we may process information in order to comply with legal obligations. To the extent we have received such information from third parties where we have agreed to contractual requirements such as standard contractual clauses, we will use our reasonable efforts to dispute making such disclosures unless legally required to do so;

(c) Retention of Information

Once the purpose of processing is fulfilled, we retain personal data for up to 12 months after account inactivity. 

Note that blockchains (including our Blockchain) are designed by default to permanently record information across a wide network of computer systems; therefore, while we commit not to store immediately identifiable personal data, some pseudonymized information such as transaction data will be stored across the Blockchain and therefore it will not be possible to delete such information, but users may create new wallets to dissociate past transaction history from future activity;

(d) Data Transfer

If GDPR applies and your data is transferred outside UK or the EEA to the United States or any other country, we will transfer your personal data subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of article 45 the GDPR, or Standard Contractual Clauses as provided from time to time by the European Commission. You can receive additional information on where your data is transferred, and which are the appropriate safeguards by contacting us;

(e) Your Data Subject Rights

(i) Your Rights to Your Information.

If you are a data subject according to the GDPR, subject to certain conditions you have the right to:

access, rectify, or erase any personal data we process about you;

data portability, asking us to transfer to any third party at your choice

restrict or object to our processing of personal data we process about you; and

where applicable, withdraw your consent at any time for any data processing; and

(ii) How to Exercise Your Rights.

You may exercise your rights by submitting a written request to us at the email address set out in paragraph 9 above entitled Contact Us. We will respond to your request within thirty (30) days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions;

(iii) When Information May Be Retained.

Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes including to perform under the contract, as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements;

(f) Complaints

If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the Data Protection Supervisory Authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.