Back to Home

GDPR Compliance

Your rights under the General Data Protection Regulation

Our Commitment to GDPR

Datachain Foundation SAS is fully committed to GDPR compliance. As a company built on privacy principles, we go beyond minimum requirements to ensure your data rights are protected.

Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

You can request that we limit how we use your data.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing of your personal data.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfill orders and provide services you've requested.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services and preventing fraud.
  • Legal Obligation: Processing required to comply with legal requirements.
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications).

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO for any data protection inquiries:

Data Protection Officer

Datachain Foundation SAS

Email: dpo@databox.network

Address: 128 Rue La Boétie, 75008 Paris, France

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Email our DPO at dpo@databox.network
  • Use the data management features in your account settings
  • Submit a request through our contact form

We will respond to your request within 30 days. In complex cases, we may extend this by up to 60 days, but we will inform you of any delay.

International Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries deemed to provide adequate protection
  • Binding Corporate Rules where applicable

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and remediation measures

Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

CNIL (Commission Nationale de l'Informatique et des Libertés)

3 Place de Fontenoy, TSA 80715

75334 Paris Cedex 07, France

Website: www.cnil.fr

Privacy by Design

DatabØx products are built with privacy by design principles:

  • End-to-end encryption with user-controlled keys
  • Minimal data collection by default
  • Local processing wherever possible
  • No backdoors or surveillance capabilities
  • Regular security audits and penetration testing