ADDMO is committed to protecting and respecting your privacy. This Privacy Policy (the “Policy”) explains how ADDMO and its affiliates (“ADDMO”, the “Association”, “we”, “us” or “our”) collects, uses, and shares data in connection with the Morpho web app (app.morpho.org) and website (www.morpho.org) (the “Sites”) and all of our other properties, products, and services (the “Services”). Your use of the Services is subject to this Policy as well as our Terms of Use.

The data we may collect when you use our Services includes:

• Publicly-available blockchain data when you connect your non-custodial wallet to the Services. When you connect your non-custodial blockchain wallet to the Services, we collect and log your publicly-available blockchain address in order to learn more about your use of the Services and to screen your wallet for any prior illicit activity. We screen your wallet using intelligence provided by leading blockchain analytics providers. Note that blockchain addresses are publicly-available data that are not created or assigned by us or any central party, and by themselves are not personally identifying.
• Information from localStorage and other tracking technologies. We and our third-party services providers may access and collect information from localStorage, mobile deviceID, cookies, web beacons, and other similar technologies to provide and personalize the Services and features of the Services for you across sessions.
• Direct Communications that you send to us. Whenever you reach out to us through email, social media, or other support channels like Twitter, Discord, or Telegram, or engage in surveys or questionnaires, we will receive the information and communications you share. It’s important to note that we will not try to link any of this information to your wallet address, IP address, or any other personal details.
• Information from job applicants. When you apply for a position with us, we collect all information you provide through our Jobs form, including name, email phone, work and immigration status, and any other resume, cover letter, or free form text you include.

Notwithstanding the above-mentioned situations, given the nature of the Services, the Personal Information of users may be processed and stored within the blockchains used for the processing of digital asset transactions. Therefore, the user is informed that, in any event, such processing is not the responsibility of the Association, which does not manage nor control said blockchains, and as such does not have any power of determination nor control over the possible processing of Personal Information which may be implemented in connection with said blockchains.

The Personal Information we collect is used according to our Terms of Use, and to any legal requirements. We may use the information for the following purposes:

• Providing our Services. We use the information we collect to provide, maintain, customize and improve our Services and features of our Services. We may use this information in an aggregated form, to compile information across multiple users.
• User support. We may use the information we collect to provide you with support and to answer any requests you may have about the Services.
• Safety and security. We may use the information we collect to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users and Association.
• Legal compliance. We may use the information we collect as needed or requested by regulators, government entities, and law enforcement to comply with applicable laws and regulations.
• Job application processing. We may use the information we collect to process your application and contact you to inform you throughout the recruitment process.

We do not share your information with any third parties for any marketing purposes whatsoever. But w****e may share or disclose the data we collect in the following situations:

• With the staff or members of our Association.
• With regulators, government entities, and law enforcement to comply with our legal obligations.
• With Blockchain security analytics providers to ensure the safety and security of our Services and to screen your wallet for any prior illicit activity.
• With service providers and vendors who may assist us providing, delivering, and improving the Services (eg hosting provider, mailing provider, external recruitment website, etc).

In addition, if you give us your content to do so, we may share your information with other third parties.

You have the following rights regarding your personal data:

• Right to be informed: this is precisely why we have drafted this privacy policy as defined by articles 13 and 14 of the GDPR.
• Right of access: you have the right to access all your personal data at any time as defined by article 15 of the GDPR.
• Right to rectification: you have the right to rectify your inaccurate, incomplete or obsolete personal data at any time as defined by article 16 of the GDPR.
• Right to restriction of processing: you have the right to restrict the processing of your personal data in certain cases defined in article 18 of the GDPR.
• Right to erasure: (“right to be forgotten”): you have the right to request that your personal data be deleted and to prohibit any future collection as defined by article 17 of the GDPR.
• Right to file a complaint to a competent supervisory authority: (in France, the CNIL), under GDPR article 77, if you consider that the processing of your personal data constitutes a breach of applicable regulations.
• Right to define instructions related to the retention, deletion and communication of your personal data after your death (article 40-1 of French law “informatique et libertés”).
• Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
• Right to data portability: under specific conditions defined in article 20 of the GDPR, you have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.
• Right to object: You have the right to object to the processing of your personal data as defined by article 21 of the GDPR. Please note that we may continue to process your personal data despite this opposition for legitimate reasons or for the defense of legal claims.

You can exercise these rights by writing to us using the contact details below. For this matter we may ask you to provide us with additional information or documents to prove your identity.

We retain the personal data we collect only for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to resolve disputes, to enforce our agreements, and to comply with legal obligations. This period may vary depending on the nature of the data and the reasons for collecting it, having regard to the purposes described in this Privacy Policy and our own legal and regulatory requirements. In general, Personal Information relating to you shall be deleted after a period of five (5) years.

We take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure, including implementing appropriate security measures. The security measures in place will, from time to time, be reviewed in line with legal and technical developments. However, we give no guarantee that such misuse, loss, unauthorised access, modification or disclosure will not occur. You are responsible for all of your activity on the Services, including the security of your blockchain network addresses, cryptocurrency wallets, and their cryptographic keys.

There may be links from our Sites to other websites and resources provided by third parties. This Privacy Policy applies only to our Sites. Accessing those third-party websites or sources requires you to leave our Sites. We do not control those third-party sites or any of the content contained therein and you agree that we are in no circumstances responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

We may modify the Policy at any time, in particular in order to comply with any regulatory, jurisprudential, editorial or technical change. These modifications will apply on the date of entry into force of the modified version.

If we change this Privacy Policy, we will take steps to notify all users by a notice on our Site and will post the amended Privacy Policy on the Site. Please regularly consult the latest version of this Privacy Policy.

If you have any questions, comments, or concerns regarding our Privacy Policy, please contact us at contact@morpho.org.