PRIVACY POLICY

Last updated: 16, October 2024

General Information

The information in this section is relevant to all categories of data subject.

This includes:

• Members of the DAO
• Contractors/Partners
• Website Users
• Suppliers and Potential Suppliers
• Customers/Clients and Potential Customers/Clients

Who controls your personal data?

The Kiboko DAO Global Limited herein after referred to as ‘Kiboko DAO’, a duly registered Private Limited company (including our subsidiaries, affiliates, and as governed by the Kiboko DAO token holders, “we”, “us” or “our”) is responsible for your personal data.

You can contact a representative by sending an email to the following email address:info@kibokodao.org.

Your rights

You have the following rights:

• The right to be informed. You have the right to be informed about how the Kiboko DAO processes your personal data. Typically, the Kiboko DAO communicates this information through privacy notices such as this one.

• The right to data access. You have a right to obtain a copy of the personal data we hold about you, subject to certain exceptions.

• The right of data rectification. You always have a right to ask for immediate correction of inaccurate or incomplete personal data which we hold about you.

• The right of data erasure. You have the right to request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful. You may also ask us to erase personal data where you have withdrawn your consent or objected to the data processing. However, this is not a general right to data erasure – there are exceptions.

• The right to restrict data processing. You have the right to restrict the processing of your personal data in specific circumstances. Where that is the case, we may still store your information, but not use it further.

• The right to data portability. You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party.

• The right to object to data processing. You have the right to object to our processing of your personal data based on legitimate interests, where your data privacy rights outweigh our reasoning for legitimate interests.

• The right to be forgotten. You have the right to withdraw consent, where data is no longer necessary or data is unlawfully processed.

• Rights in relation to automated decision-making and profiling. You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Currently, the Kiboko DAO does not perform any automated decision-making or profiling.

You may request to enforce your data privacy rights by emailing info@kibokodao.org.

In certain circumstances, we may need to restrict the above rights to safeguard the public interest (i.e., the prevention or detection of crime) or our business interests (i.e., the maintenance of legal privilege).

Consent as a legal basis for processing

For some data processing, the Kiboko DAO uses consent as a legal basis. If you have consented to processing by Kiboko DAO, please be aware that you have the right to withdraw this consent.

If you would like to withdraw consent for a particular type of data processing that the Kiboko DAO performs, please email the following address: info@kibokodao.org.

How we share your data

We will not share your information with any third parties for the purposes of direct marketing. In some circumstances, we are legally obliged to share information, for example, under a court order. In any scenario, we will ensure we have a lawful basis to share the information, document our decision-making process, and confirm the legal basis for sharing the information.

How we protect your information

We implement appropriate technical and organizational measures to protect personal data from unauthorized disclosure, alteration, or destruction. Where appropriate, we use encryption and other technologies that assist in securing the data you provide. We also require our service providers to comply with strict data privacy requirements when processing your personal data.

How long we keep your personal data

We only keep your personal data for as long as necessary for the purposes described in this privacy notice, or until you notify us that you no longer wish us to process your data. After this time, we will securely delete your personal data, unless we are required to keep it to meet legal or regulatory obligations, or to resolve potential legal disputes.

Contact and further information

If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact the Kiboko DAO at: info@kibokodao.org.

Members of the DAO and Contractors with the Kiboko DAO

Why we use your personal data?

We may use your personal data as listed above for the following purposes, to the extent applicable:

• Human resources management including organization and personal administration, working hours management, improving and maintaining effective staff administration, internal workforce analysis, reporting, and planning.
• Staff succession planning.
• Compensation and benefits management and performance reviews.
• Talent management and acquisition including recruitment, assessing suitability and working capacity, background checks, and verification of qualifications, obtaining and providing references.
• Learning and development management including certifications, training staff, performing assessments, and conducting employee satisfaction surveys.
• Processes related to joining and leaving, including internal moves and terminations.
• Sickness and other leave and vacation management.
• Reporting and managing process quality.
• Travel and expenses management and organization of business trips.
• Carrying out the obligations and exercising specific rights in the field of employment or a collective agreement.
• Internal and external communication of Kiboko DAO organization and representation of the Kiboko DAO, including the commercial register and assigning powers of attorney.
• Organizing Kiboko DAO events and documenting such events, including managing and organizing internal non-marketing related campaigns, events, and meetings.
• Managing Kiboko DAO assets, including pictures and videos depicting employees or other individuals available for download on the Kiboko DAO website.
• Finance and shared accounting services providing record-to-report, order-to-cash, and purchase-to-pay services.
• Business reporting, statistics, and analytics.
• Monitoring and auditing compliance of contractors' and employees' activities in the workplace with Kiboko DAO policies, contractual obligations, and legal requirements, including disciplinary actions.
• Carrying out audits, reviews, and regulatory checks to meet obligations to regulators.
• Governance, risk, and compliance, including compliance with laws, law enforcement, court and regulatory bodies’ requirements (such as verifying the identity of customers through Know Your Customer / Anti Money Laundering monitoring purposes), customs and global trade compliance, conflict of interest and security obligations, prevention, detection, investigation, and remediation of crime and fraud, or to protect legal rights and establish, exercise, or defend legal claims.
• Managing the customer relationship, processing customer orders, providing customer support, evaluating and responding to requests and inquiries, managing suppliers, contractors, advisers, and other professional experts, including contact interaction, processing, fulfilling purchases and invoices, and contract lifecycle management.
• Utilizing work performance and products for references on documents such as drawings, purchase orders, sales orders, invoices, and reports.
• Maintaining and protecting the security of products, facilities, services, systems, networks, computers, and information; preventing and detecting security threats, fraud, or other criminal or malicious activities, and ensuring business continuity.
• Managing IT resources, including infrastructure management, data back-up, information systems support, service operations for application management, end-user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), master data management, and workplace services, including user account management, software license assignment, security and performance testing, and business continuity.
• We collect only the personal data needed for the purposes described above. Certain personal data collected from you may also relate to your next of kin and emergency contacts. In such cases, you are requested to inform these individuals about this privacy notice.

What happens if you do not provide us with the information we have requested?

Where it concerns processing operations related to your relationship with Kiboko DAO as a member, partner, or contractor (as described above), the Kiboko DAO may not be able to adequately contract with or employ you without certain personal data, and you may not be able to exercise your contractor or employee rights if the requested personal data is not provided. Although we cannot mandate you to share your personal data, this may have consequences on your contractual relationship or employment, including potentially not being able to exercise statutory rights or continue the contract or employment. We will always indicate which personal data is required and which may be provided voluntarily.

The legal basis we rely on

For the use of your personal data for the purposes described above, we rely on the following legal bases, as applicable:

• We process your personal data for the fulfillment of obligations in your contractor or employment contract with us, and similar collective contractor or employment agreements, or as part of pre-contractual measures to establish contractor-related or employment-related contracts.
• In some cases, we rely on our legitimate interests to process your personal data insofar as these are not overridden by your privacy interests. These interests may include: monitoring (e.g., through IT systems), investigating, and ensuring compliance with legal, regulatory, standard, and Kiboko DAO internal requirements and policies.
• Prevention of fraud and criminal activity, including investigations of such activity, misuse of Kiboko DAO assets, products, and services, and as strictly necessary and proportionate for ensuring network and information security.
• Transmitting personal data within the Kiboko DAO group for internal administrative purposes, as necessary, for example, to provide centralized services.
• You may obtain a copy of our assessment regarding our legitimate interest to process your personal data by submitting a request to info@kibokodao.org.
• In some cases, we process your personal data on the basis of statutory requirements, for example, on the basis of labor law, allowances, tax, or reporting obligationsobligations, cooperation obligations with authorities or statutory retention periods in order to carry out our contractual responsibilities as a contracting entity or employer, as applicable;
• In exceptional circumstances, we may ask your consent at the time of collecting the personal data, for example photos, communications materials, and events. If we ask you for consent in order to use your personal data for a particular purpose, we will remind you that you are free to withdraw your consent at any time and we will tell you how you can do this.

Website Users

Unsolicited Personal Information

If you send the Kiboko DAO unsolicited personal information, for example, a CV, the Kiboko DAO reserves the right to immediately delete that information without informing you, or to decide which category of data subject that you appear to be and manage your personal data within the remit of that category as described elsewhere in this Privacy Notice. We do not knowingly collect or solicit personal information from anyone under 18 years of age. If you are under 18, please do not send any personal information about yourself to us.

Users of Our Website That Do Not Fall Under the Specifically Stated Data Subject Types

We collect the following categories of personal data:

• The business contact information you share with us: name, title, job title, email address, business address, telephone number, mobile telephone number, etc.
• Information your browser makes available when you visit the Kiboko DAO website: IP address, the source of your site visit, time spent on the website or a particular page, links clicked, comments shared, browser type, date and time of visit, etc.

What We Use Your Personal Data For

We use your personal data to:

• Respond to your specific request that you make, for example, request a demonstration, whitepapers, newsletters, or other information.
• Provide customer support and process, evaluate, and respond to requests and inquiries.
• Conduct and facilitate customer satisfaction surveys.
• Conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns, and managing our brand).
• Send you marketing communications (such as alerts, promotional materials, newsletters, etc.).
• Perform data analytics (such as market research, trend analysis, financial analysis, and customer segmentation).

We only collect the personal data from you that we need for the above purposes. We may also anonymize your personal data, so it no longer identifies you, and use it for various purposes, including the improvement of our services and testing our IT systems.

The Legal Basis on Which We Use Your Personal Data

We use your personal data for the purposes described in this notice based on one of the following legal bases, as applicable:

• Legitimate Interest: By using our website, it is understood that there is potential for you to be a potential customer, contractor, employee, or supplier.
• Copyright Violations: We reserve the right to restrict access to or remove material that we believe in good faith to be copyrighted material and/or illegally copied and/or distributed, and restrict and discontinue service to offenders. If you believe that material or content residing on or accessible through the Services infringes your copyright (or the copyright of someone on behalf of whom you are authorized to act), please send a notice of copyright infringement containing the following information to info@kibokodao.org:

  • A physical or electronic signature of a person authorized to act on behalf of the owner of the copyright that has been allegedly infringed.
  • Identification of works or materials being infringed.

Suppliers or Potential Suppliers

The personal data we collect about you and how we use it:

• Identification data and business contact information you share with us such as first name, last name, job/position/title, nationality, business email address, business address, telephone number, mobile telephone number.
• Additional information you provide to us in the course of our business relations such as data concerning the fulfillment of our contractual obligations and pre-contractual measures including correspondence data, offers, tenders, resume/CV, conditions, contract and order data, invoices, payments, business partner history, records relating to queries/questions/complaints/orders.
• Electronic identification data and information collected by the communications systems, IT applications, and website browser (where supplier has access or is affected by such systems or applications and in accordance with the applicable law) such as information technology usage (system access, IT and internet usage), device identifier (mobile device ID, PC ID), registration and login credentials, IP address, login data and log files, Analytics ID, time and URL, searches, website registration and cookie data, sound recordings (e.g. voice mail/phone recordings, Skype recordings).

What We Use Your Personal Data For

We may use your personal data as described above for the following purposes:

• Supplier and service provider management throughout the supply chain including contact interaction, tendering, engagement, processing orders, process and fulfillment of purchases, and management of suppliers, vendors, contractors, advisers, and other professional experts.
• Paying debts, supplier invoice and payment management, purchasing direct and indirect services.
• Reporting and analytics including market intelligence and the development and improvement of services or products through assessment and analysis of the information.
• Management of process quality.
• References on documents, such as tenders, purchase orders, invoices, reports.
• Contract lifecycle management.
• Payment collection and insolvency processes; training suppliers.
• Finance and shared accounting services, providing record-to-report and purchase-to-pay services.
• Reorganization, acquisition, and sale of activities, business units, and companies.
• Monitoring and auditing compliance with Kiboko DAO policies, contractual obligations, and legal requirements.
• Carrying out audits, reviews, and regulatory checks to meet obligations to regulators.
• Governance, risk and compliance, including due diligence and anti-money laundering obligations, customs and global trade compliance, and sanctioned party list screening, security, including prevention and detection of crime and fraud.
• Maintain and protect the security of products, facilities, services, systems, networks, computers, and information, preventing and detecting security threats, and fraud or other criminal or malicious activities.
• Manage IT resources, including infrastructure management, such as data back-up, information systems’ support and service operations, application management, end-user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), user accounts management, software license assignment, security and performance testing, and business continuity.

We collect only the personal data from you that we need for the purposes described above. For statistical purposes, improvement of our services, and testing of our IT systems, we use anonymized data as much as reasonably possible. This means that these data can no longer (in) directly identify you or single you out as an individual.

What Happens If You Do Not Provide Us With the Information We Had Asked You For or If You Ask Us to Stop Processing Your Information?

Where it concerns processing operations related to the agreements with our suppliers (as described above), the Kiboko DAO will not be able to adequately establish, conduct, or terminate a business relationship with you or your company and generally perform the purposes described above without certain personal data. Although we cannot obligate you to share your personal data with us, please note that this may have consequences which could affect the business relationship in a negative manner, such as not being able to take requested pre-contractual measures to enter into a contract with you or to establish and continue the business relationship you have asked for.

The Legal Basis on Which We Use Your Personal Data

We use your personal data for the purposes described in this notice based on one of the following legal bases, as applicable:

• We may process your personal data for the fulfillment of contractual obligations resulting from contracts with you or your company, or as part of pre-contractual measures we take.
• In some cases, we rely on our legitimate interests to process your personal data insofar as this is not overridden by your own privacy interests. Such interests may include:

  • Conduct, management, development, and furtherance of our business in the broadest sense possible including supply of products and services, performance of agreements and order management with suppliers, process and fulfillment of purchases, process quality management, and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes, and reorganization, acquisition, and sale of activities, business divisions, and companies.
  • Monitor, investigate, and ensure compliance with legal, regulatory, standard, and Kiboko DAO internal requirements and policies.
  • Prevent fraud and criminal activity, including investigations of such activity, misuse of Kiboko DAO assets, products, and services, and as strictly necessary and proportionate for ensuring network and information security.
  • Transmitting personal data within the Kiboko DAO group for internal administrative purposes, as necessary, for example, to provide centralized services.
• In some cases, we process your personal data on the basis of legal obligations and statutory requirements, for example, based on tax or reporting obligations, cooperation obligations with authorities, statutory retention periods, or the disclosure of personal data within the scope of official or judicial measures for purposes such as evidence collection, prosecution, or enforcement of civil law claims.
• Regarding personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.

Customers/Clients or Potential Customers/Clients

We collect the following categories of personal data:

• Identification data and business contact information you share with us, such as first name, last name, job/position/title, nationality, business email address, business address, telephone number, and mobile telephone number.
• Additional information you provide to us in the course of our business relations, such as interests in the Kiboko DAO’s services or products, marketing preferences, registration information provided at events or fairs, contract or order data, invoices, payments, and business partner history.
• Information your browser makes available when you visit the Kiboko DAO website, such as IP address, the source of your site visit, time spent on the website or a particular page, links clicked, comments shared, browser type, date and time of visit, and so on.
• To the extent necessary to fulfill our obligations, data obtained from publicly accessible sources or which are legitimately transmitted by other third parties (e.g., a credit agency), such as commercial register data, association register data, and creditworthiness data.

What We Use Your Personal Data For

We use your personal data to:

• Process and fulfill orders and keep you informed about the status of your or your company’s order.
• Provide and administer our products and services.
• Provide customer support and process, evaluate, and respond to requests and inquiries.
• Conduct and facilitate customer satisfaction surveys.
• Conduct marketing and sales activities, including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns, and managing our brand.
• Send you marketing communications, such as alerts, promotional materials, and newsletters.
• Perform data analytics, including market research, trend analysis, financial analysis, and customer segmentation.

We only collect the personal data from you that we need for the above purposes. We may also anonymize your personal data so that it no longer identifies you and use it for various purposes, including the improvement of our services and testing our IT systems.

What Happens If You Do Not Provide Us with the Information We Had Asked You For, or If You Ask Us to Stop Processing Your Information?

Certain personal data is necessary to establish, conduct, or terminate a business relationship with you. We need you to provide us with the personal data required for the fulfillment of contractual obligations or which we are legally obliged to collect. Without such personal data, we will not be able to establish, execute, or terminate a contract with you. Additionally, we will be unable to take the requested pre-contractual measures to enter into a contract with you or to establish and continue the business relationship you have asked for.

The Legal Basis on Which We Use Your Personal Data

We use your personal data for the purposes described in this notice based on one of the following legal bases, as applicable:

• We may process your personal data for the fulfillment of contractual obligations resulting from contracts with you or your company, or as part of pre-contractual measures we have been asked to take.
• We may process your personal data on the basis of statutory requirements, for example, based on tax or reporting obligations, cooperation obligations with authorities, or statutory retention periods.
• We will ask for your consent for the activities described in this privacy notice when required by applicable law, for example, when we process your data for marketing purposes where we don’t have an existing business relationship with you or your company.
• We will rely on our legitimate interests to process your personal data within the scope of the business relationship with you or your company. Our legitimate interests to collect and use the personal data for this purpose are management and furtherance of our business. You may obtain a copy of our assessment of why we may process your personal data for these interests by submitting a request at info@kibokodao.org.