Privacy Policy

1. Overview

What does this policy represent?

This policy describes the processing of personal data with reference to users consulting the website www.mintlayer.org, its extension launch.mintlayer.org and its related applications and services owned by RBB S.r.l. This information does not concern other websites, pages or online services that can be reached through hypertext links that may be published on the site but refer to external resources.

Why do we provide this information?

Your privacy is very important to RBB S.r.l. and in order to best protect you, we provide you this policy in which you will find information about the type of personal we collect online and the various options you have to act on the collection and use of your personal data on the website.

What are the normative references?

  • General Data Protection Regulation EU 2016/679 (GDPR).
  • Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 and ss.mm.ii (Italian Privacy Code).
  • Directive 2002/58/EC (so-called e-Privacy).
  • Law No. 171 of December 21, 2018 of the Republic of San Marino.

2. Data Controller

The Data Controller is RBB S.r.l. in the person of its legal representative. The Data Controller is based in Piazza Tini 2 - Republic of San Marino and can be contacted at the e-mail address info@rbblab.com or at the telephone number +(378) 0549 990284 for any question concerning the processing of personal data carried out through this website.

3. Types of personal data

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website only at the request of the supervisory bodies in charge.

Data collected by cookies

A "cookie" is a small text file transferred from the Web server to the user's computer, the purpose of which is to inform the server about the user's access to that particular website, and any other news that it obtains from the system's readable parameters through functions contained in the website.

Cookies can be "temporary" (or session cookie, they are deleted when the connection is terminated) or "permanent" (they remain stored on the user's hard drive unless the user deletes them.

Persistent cookies can retain personal identification data only if the user has registered or consented to the retention of the personal identification data entered on the site itself. This data may be disclosed to third parties that own the services provided through cookies. The user has the option, depending on the browser in use, to disable or selectively accept the use of cookies.

To learn about all the cookies used and to change your consents, please refer to the cookies settings page.

Data voluntarily provided by the user

The optional, explicit and voluntary sending of messages to the e-mail addresses on the site or through the contact forms involves the subsequent processing of the data necessary to process the user's request for information. Users are encouraged not to send names or other personal data of third parties that are not strictly necessary, resorting instead, when possible, to fantasy names.

Information and personal data processed through social media platforms

Regarding the processing of personal data carried out by the managers of the Social Media platforms used, please refer to the information rendered by them through their respective privacy policies. RBB S.r.l. processes the personal data provided by the user through the pages of the Social Media platforms exclusively to manage the interactions with the user (comments, public posts, request for assistance etc.) and in compliance with current regulations.

4. Purposes of personal data processing and legal basis

Personal data collected with reference to the user are processed for the following purposes and in accordance with the following legal basis:

Personal data Purposes Legal basis
Contact information
Any other information included in the message.
Fulfilment and response to requests for information and/or contact and/or assistance towards Users who request it. The Data Controller processes personal data for these purposes in accordance with its legitimate interest, which is to respond to requests for information from users interested in the services offered.
Identifying and contact information
Project information
Job information and earning prospects
Evaluate the involvement of third parties such as partners or investors. Prior pre-contractual measures aimed at evaluating the partnership and investment proposal.
Identifying and contact information
Any other information included in the message.
Information included in CV
Evaluating an application for a job position. Prior pre-contractual measures aimed at evaluating the job application.
E-mail address. Sending periodic newsletters regarding project progress, marketing, and related services. User Consent
Users can freely unsubscribe from the newsletter at any time.
Contact information Receive periodic communications including telephone communications about new services offered and related business proposals User Consent
Contact information Account Registration The Data Controller processes personal data for these purposes in accordance with its legitimate interest, which is to enable the user interested in the services to register their account.
Identifying and contact information
Asset, financial, and income information
Copy of ID card and photograph depicting the user's face.
Identification of the user who intends to proceed with a token purchase. The Data Controller processes personal data for these purposes in the function of its legitimate interest, which is to assess the identity of the user interested in purchasing a token with the aim of preventing and fighting possible fraud.
Identifying information Transaction to purchase a token Fulfilment of legal and contractual obligations.
Browsing data Defence against abuse in the use of the website
Regular maintenance of the website and monitoring of its operation
The Data Controller processes personal data for these purposes in accordance with its legitimate interests, such as prevention of information crimes and proper website maintenance.
Data collected by strictly necessary and functionality cookies Proper functioning of the website The Data Controller processes personal data for these purposes in accordance with its legitimate interests, such as the proper website maintenance and function.
Data collected by analytics and advertising cookies Marketing, remarketing and user profiling aimed at delivering commercial content tailored to user preferences and to manage, deliver and track advertisements.
Personalization and optimization of website navigation
Statistical analysis for marketing purposes
Explicit, free and specific consent expressed through the cookie option tool on the website. The user may freely and at any time choose not to participate in such advertising methods by opting out.

5. Transfers of personal data and processing tools

Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.

Processing related to the services of this website is carried out at the headquarters of the Company that owns the servers in the name and on behalf of the Data Controller Company and is handled only by employees, authorised collaborators, as well as any persons in charge of occasional maintenance operations. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Website or external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) may have access to the Data.

The updated list of these subjects can always be requested from the Data Controller.

As part of some processing operations carried out through the website, the Data Controller relies on providers to supply certain services that involve the transfer of personal data to the United States.

In particular, the following cases can be referred to:

  • Tracking services for marketing purposes and user profiling carried out through the tools offered by Google, Youtube, Yahoo, and Typeform (...)
  • Identity verification service for users who intend to make a token purchase. This service is provided by Passbase.

The transfer of personal data to the United States is no longer permitted following the application of the principles dictated in the CJEU's Schrems II ruling. Such transfers are considered illegitimate and insecure because the United States does not provide adequate protection and safeguards for citizens' personal data with risks of access to personal data by third parties such as government agencies and intelligence services without adequate legal basis.

In accordance with the principle of transparency and fairness, the Data Controller uses such tools as necessary for the performance of its activities and informs users of the potential risks associated with the processing of personal data.

In any case, such transfers are made only following the explicit and free consent given by the user, who is informed of the risks associated with such transfers.

6. Personal data retention periods

Data are processed for the period strictly necessary to achieve the purposes for which they were collected:

  • Personal data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed.
  • Personal data collected for the purpose of fulfilling legal obligations will be retained within the time limits specified by applicable regulations.
  • Personal data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied.
  • Personal data collected on the basis of the user's consent shall be retained until such consent is revoked.

The Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the personal data will be deleted. Therefore, at the expiration of this period the right of access, deletion, rectification and the right to data portability can no longer be exercised.

7. Rights of data subjects

The subjects to whom the personal data refer (user) may exercise the following rights towards the Data Controller:

  • Obtain confirmation of the existence or otherwise of personal data processing, to know its content and origin.
  • Verify the accuracy of the data or request their integration, updating or rectification.
  • Request the cancellation or transformation into anonymous form of personal data
  • Oppose or request the limitation of the processing of personal data processed in violation of the law.
  • Revoke the consent given at any time without prejudice to the processing that took place previously.

It is also guaranteed the right to propose reports or complaints to the relevant supervisory authority if processing is found to be in violation of the relevant regulations.

Anyone who should have any doubts regarding the compliance with the privacy policy adopted by RBB S.r.l. its application, the accuracy of their personal data or the use of the collected information may contact the Data Controller through written communication to the addresses indicated above.

8. Update

This policy is updated as of October 12, 2022. RBB S.r.l. reserves the right to make changes in relation to regulatory developments or in the event that the methods and purposes of personal data processing change.