top of page

Privacy Statement

ARC ASSOCIATION PRIVACY STATEMENT

This privacy statement describes how the ARC Association (“ARCA,” the “Association” or “we”) collects, uses and shares your personal data when you use our website, Home | ARC Association , or any of our applications for mobile devices or any web-based application (“Apps”), or any time you register for an event or service on the website, including signing up to become a members. The term “personal data” refers to information relating to an identified or identifiable person.  

We created the Association for many reasons, including empowering individuals with the means to own and control their digital identity.  Genuine ownership and control means that any use of an individual’s content must be with that person’s express and specific consent. For these reasons, we do not sell, market or otherwise exploit your data. We also require that any company or service that wishes to use the Registry for their own commercial purposes comply with these principles, which we call our “ethical licensing principles.” 

This privacy statement is periodically reviewed to ensure that any new obligations and changes to our business model as we build out the Registry and ARCA operations are taken into consideration. We may amend this statement at any time by posting an amended version on our website.

1. Data Controller and Contact Address

Our Services are offered through the Association and the Registry, which is a private blockchain through and by which Association Members own and control their unique digital identifier, the ARCid.  The Association is the data controller for the activities described in this privacy statement unless a specific person is identified for some express purpose. ARCA may be contacted at this address:
Rue de Cornavin 11
1201 Genève, Switzerland 

Alternatively, you may receive a response more quickly if you contact us at info@arcassociation.org and include “DATA PRIVACY” or similar wording in the subject line.

2. Collection of Personal Data: Types and Sources

Connecting your physical identity to your ARCid is part of the process by which you become a member and, ultimately, have the Registry issue you an ARCid.  We rely on third party resources to perform the identity validation.  That identity validation process will require you to upload certain documentation, such as a passport, to confirm your physical identity.  We use various vendors for this process.  Currently our vendors include ID.me (Privacy Policy | ID.me ), Clear (Privacy Policy - Your Privacy Matters | CLEAR ), and Auth0 (Okta Privacy Policy ).  We do not receive or retain any of the information you provide to those vendors.  All we retain is a record that you completed their process. Please review their privacy policies, which we include above, to learn what happens to your personal data in their systems.

  

We do collect certain personal data when you choose to go through the registration process to become a member, when you otherwise use our website and apps, sign up for any newsletters, or register for or attend any events, either online or otherwise.  We collect data concerning your interest in our newsletter or any other publications, and your interactions with those publications, including which links any subscribers click and whether they have opened the e-mail.  If we include in our publications links to other sites, those other sites have their own privacy policies, and your visiting any other site is not governed by this privacy statement.  

Please note that part of our Services may include your decision to have some of your personal information be public, such as in a profile.  Some of that information you choose to disclose, such as an image, may reveal information that is not expressly stated as part of your disclosure in your profile, such as gender.   

In particular, we may collect and process the following categories of personal data, but only when we request it of you for some legitimate purpose:

  • Personal data and contact information, such as name, address, telephone number, e-mail address

  • Data pertaining to membership details such as your membership agreement, whether you have opted in or out to subscribe to newsletters, payment information, billing address in the event our vendor requires it, information connected to questions, complaints and disagreements relating to your membership;

  • Data concerning the use of our website and apps, such as email addresses you wish to connect to your ARCid

3. Legal Bases and Purposes for any Data Processing:

We process personal data for the following purposes, to the extent permitted by applicable law:

  • Commencing, concluding, performing, and processing memberships and other contracts with us, organizing events, sending invitations or reminders about member-related activities including Association governance matters;

  • Maintaining, managing, and developing our member relationships, communicating with members, providing service and support to members, sending newsletters;

  • Offering, enhancing, and improving our services and ensuring the security of our services, offerings and infrastructure, including but not limited to the Registry;

  • Complying with legal and regulatory obligations and internal rules, law enforcement, civil, administrative, and criminal proceedings, complaints, fighting abuse, investigations and answering inquiries from government agencies and official bodies.

 

In addition, we can also process personal data for additional purposes insofar as a legal obligation requires the processing or we provide information about the processing elsewhere or the processing was obvious from the circumstances at the time the data was collected.

We use the personal data for the purposes listed above based on the following legal grounds, if and insofar as any such is required under applicable data protection law:

  • To fulfill our contractual or legal obligations;

  • Where there are legitimate interests of us or of third parties or to protect legitimate public interests; or

  • If you have given us your consent for certain processing purposes, such consent will form the legal basis for the processing.

4. Member Lists and Member Registration Information

Swiss law requires that we maintain a list of member names and addresses in Switzerland and make that list accessible to those persons responsible under Swiss law for the Association’s operations.  We maintain that information, based on what we obtain from you in the registration process, through our member management system and software.

5. How Long We Keep Your Personal Data

We store personal data as long as this is necessary for the purpose for which we have collected such data. However, please keep in mind that our business of empowering digital identity independence relies on a private blockchain, where the data associated with your presence on the Registry, in the form of the ARCid, cannot be deleted  It may become inactive once your membership is terminated for any reason, but your presence in the Registry remains.  

We generally delete personal data that accrues in connection with the use of our website and apps (e.g., logs, analyses, etc.) and that are not subject to any such retention or limitation periods earlier, as soon as we no longer have any interest in the processing.

6. Disclosure of Personal Data

We may share some or all of the personal data collected through our websites or  apps with our contractors, who use this data in accordance with this privacy policy to achieve the purposes for which you shared your personal data. We never, ever sell your data.

The Association may work with providers who agree to our ethical licensing principles and who may empower you to decide to whom and to what extent you would like to sell certain data about yourself.  We require any party that wishes to use or integrate with the Registry to comply with our ethical licensing principles: there can be no sale, brokering, or marketing of any data that belongs to the ARCid owner, ARCA Member, without that owner’s express and specific consent.

There may be other circumstances in which we may share or transfer the personal data in our systems that manage members’ subscriptions and member agreements. For example:

  • We may have to disclose personal data to authorities in order to comply with legal requirements, to protect our legitimate interests, or for the administration of justice. 

  • We also may share personal data with third parties in the event of a reorganisation, dissolution, or similar event.

7. Export of Personal Data

If personal data that is not otherwise public is transferred to a country without adequate data protection provisions, we will ensure suitable data protection by deploying adequate contractual guarantees on the basis of EU standard contract clauses, binding corporate rules, or based on the exception of consent, of contract processing, of the determination, assertion or enforcement of legal claims, overriding public interests, or because the transfer is necessary to protect the physical integrity of a data subject. 

8. Anonymous Data Collected Through Our Website and Apps

In addition to the information you provide when you use our website and apps, we use cookies and similar technologies to collect anonymous information about the use of our website and apps. Cookies and similar technologies allow us to store information on your device or to access information stored on your device. This allows us to better understand user behavior just to make sure that we can provide as error-free as possible service for you that is easy to use.   

We obtain this information also to track how many visitors are visiting our website.

Cookies and similar technologies generally do not provide personal data, only anonymous traffic data related to your device (e.g. your IP address) and statistical data (e.g. number and type of website visits).   You can block or delete cookies and similar technologies via the privacy settings of your browser and e-mail program, although deletion may affect your use of our services.

9. Your Data Rights

You may, at any time, request to verify, access, correct, delete your data and object to, restrict or revoke your consent to, the processing of your data–subject to the above references to how the Registry works. In certain cases, you may request to transfer your data in a common electronic format that allows further use and transmission. You might also withdraw consent of our using your data by clicking the unsubscribe button located at the bottom of the e-mails we send or by contacting us. If you withdraw your consent from the processing of some data, it may impact the functionality of the ARCid, but any such loss of functionality shall not mean a loss of ownership rights to the ARCid.   

To exercise your data rights, send an email to the address indicated at the beginning of this privacy policy. We will then make every reasonable effort to take the necessary action as soon as possible.

If you feel that your privacy rights have been violated, you may have a right to lodge a complaint with the competent data protection authority, which is the Swiss Federal Data Protection and Information Commissioner (Welcome to the FDPIC).

10. Changes to this Policy

We are continually improving and adding new functionality and features to our website and apps as well as improving and adding to our existing products, services, and programs. Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices will change from time to time without prior notice. If and when our data practices change, we will post the changes on its website to notify you of the changes. We encourage you to check the website frequently.

bottom of page