PRIVACY POLICY – Keom Protocol Website

Version Dated: 23.08.2023


The Association may at times collect Personal Data from anyone visiting the Website. It places paramount importance on the security and protection of collected data. Committed to safeguarding such data, whether it constitutes personal data or not, the Association ensures that it is stored securely and processed with the utmost care and in compliance with Data Protection Laws.


Association shall mean KEOM Protocol Association, a non-profit entity established in Geneva, Switzerland. 

Consent shall mean any freely given, specific, informed, and unambiguous indication of which the Data Subject, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to the Data Subject.

Cookie(s) shall mean a piece of information that is placed automatically on your electronic device’s hard drive when you access the Website. The Cookie uniquely identifies your browser to the server. Cookies allow the Association to store information on the server (for example language preferences, technical information, click or path information, etc.) to help make the Visitor’s experience of the Website better, and to conduct Website analysis and Website performance review.

Data Controller(s) shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who is in charge of this Processing. For the purpose of this Policy, the Data Controller is the Association.

Data Protection Laws shall mean the Federal Data Protection Act (RS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11) and, where applicable due to its extraterritorial scope, the European General Data Protection Regulation.

Data Portability shall mean the right of the Data Subject to receive its Personal Data in a structured, commonly used, and machine-readable format and the right to transmit those Personal Data to another controller without hindrance from the Data Controller.

Data Processor shall mean a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.

Data Subject(s) shall mean the natural or legal persons whose data is Processed, i.e. in the context of this Policy, the Data Subject is the Visitor.

Disclosure shall mean making Personal Data accessible, for example by permitting access, transmission, or publication.

EEA shall mean the European Economic Area. 

Logs shall mean the log files that record events that occur in connection with any Visitors’ use of the Website. Log files are created when a Visitor views content or otherwise interacts with the Website.

Newsletter shall mean the Newsletter of the Association that may be sent to you from time to time with your Consent.

Personal Data shall mean any type of data and information relating to a person who is either identified or identifiable.

Processing shall mean any operation with Personal Data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of Personal Data.

Standard Contractual Clauses shall mean the Standard Contractual Clauses as attached to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. 

Third-party(-ies) shall mean any natural and/or legal person who is not the Association or a Visitor. 

Visitor(s) shall mean any natural or legal person browsing the Website and using its Functionalities.

Website shall mean the website available at the following URLs and, including the Interface accessible therethrough. 


The Association provides this Policy to describe its policies and procedures regarding the Processing and Disclosure of Personal Data collected by the Association through the Website.

It details the conditions at which the Association may collect, keep, use, and save information that relates to you, as well as the choices that you have made in relation to the collection, utilization, and Disclosure of your Personal data.

This Policy shall apply to any use of the Website, whatever the method or medium used.


By browsing the Website, Visitors acknowledge that: 

1. the Association may collect and process a certain number of Personal Data that relate to them,

2. the Association is free to use such Personal Data within the limits provided by law, especially Data Protection Laws and this Policy,

3. that they have read and understood this Policy, 

4. that they agree to be bound by this Policy, and  

5. that they agree to comply with all applicable laws and regulations in respect to matters covered by this Policy.

If you do not agree with the terms of Policy, please refrain from using the Website.


This Policy applies to all Personal Data which is received during your visit to or use of the Website.

The main reason why the Association collects Personal Data is to enable you to enjoy and easily navigate the Website. Therefore, most of the Personal Data is collected through Logs and Cookies. 

When you browse the Website, even if you do not subscribe to our newsletter and do not contact us, the Association therefore automatically:

collects your cookies in accordance with the Cookie Policy; 

collects Logs; 

uses Google Analytics; and 

uses Facebook pixel.

The Association additionally collects the IP address of Visitors for statistical purposes and if necessary,  to enforce any access restrictions in accordance with its Terms of Use. 

The Association does not automatically collect any further information relating to your use of the Website, especially of the Interface. 

It's crucial to understand that due to the inherent characteristics of blockchain technology, all details regarding your usage of the KEOM protocol via the Interface will be publicly accessible. This information can be viewed using tools like Polygonscan. While the information is pseudonymous and primarily linked to your public address, there are methods that might potentially associate this address with a Visitor's real identity.

When you subscribe to our newsletter, the Association collects your email address for the sole purpose of sending you such a newsletter. Please note that you are entitled to unsubscribe from our newsletter whenever you want and at your sole discretion by contacting us in accordance with this Policy.

When you contact the Association by email or through the “partner with us!” button, the Association collects any submitted data for the purpose of answering your request. 


The Data Controller of the file is the Association. 


In accordance with applicable laws, the Association will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected,  unless you request its deletion or unless otherwise required by law.


While Processing Personal Data, the Association will always respect the following general principles:


The Data subject shall be informed of how his/her Personal Data is Processed. 

When Personal Data is collected, the Data subject shall be informed of:

the existence of the present Policy;

the identity of the Data Controller;

the purpose of Personal Data Processing; and

third-parties to whom the data might be transmitted.

Restriction to a specific purpose

Personal Data processed by the Association shall be adequate and relevant to the purpose for which it was collected. This requires ensuring that the types of Personal Data collected are not excessive but proportionate to the purposes.

Fairness and lawfulness

When Processing Personal Data, the individual rights of the Data Subjects shall be protected. Personal Data shall be Processed lawfully, in a fair manner and in good faith.

Consent of the Data Subject

Personal Data shall be collected directly from the concerned Data Subject and the Consent of the said Data Subject shall be required before such collection and further Processing. The Consent shall be obtained in writing or electronically, for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data Subject was not obtained before collection and/or Processing, it shall be obtained in writing as soon as possible after the beginning of such Processing.

The Consent for the Processing of Personal Data is given or reiterated:

each time the Visitor clicks the button in a pop-up window that says, "ALLOW COOKIES"; and

when the Visitor freely submits Personal Data required to access a specific functionality of the Website


Personal Data kept on file shall be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data shall not be kept on file and deleted.


The Association does not disclose your Personal Data to any third parties. 

The Association could, however, further share your Personal Data with any relevant third parties, in particular, if the Association is requested to do so to comply with a court order or law enforcement request, or if the Association deems it necessary, as determined at the Association’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.

In any case where a cross-border transfer is done, the Association ensures that adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA by applying the Standard Contractual Clauses as made available by the European Commission and approved for use by the Swiss Data Protection Authority. These Standard Contractual Clauses will ensure an adequate level of protection abroad.

Unless otherwise stated, the third parties who receive data from the Association are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating in the Association’s activities.


Your Personal Data will be stored in Switzerland. You agree that the Association may alternatively store your Personal Data in any country of the EEA. Accordingly, your Personal Data may be stored at a destination outside of your country of residence. Where permitted by law, by accepting this Policy, you agree to such. 

You also agree that Processing may lead to your Personal Data being transferred and stored to countries offering a lower level of protection than your country of residence. In any such case, the Association ensures that adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA by applying the Standard Contractual Clauses as made available by the European Commission and approved for use by the Swiss Data Protection Authority. These Standard Contractual Clauses will ensure an adequate level of protection abroad.


The Association applies high industry standards and will always apply adequate technical and organizational measures, in accordance with applicable laws to ensure that your data is kept secure.

In the event of a Personal Data breach, the Association shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Association shall communicate this breach to you, if it is feasible, without undue delay.


You have the right to request access to or information about the Personal Data relating to you which are processed by the Association. 

Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal data; and (iv) revoke Consent to any of our data Processing activities, if the Association is relying on your Consent and does not have another legal basis to continue Processing your data.

You also have the right to receive your Personal Data, which you have provided to the Association, in a structured, commonly used, and machine-readable format as to allow you to transmit the data to another Controller without hindrance from the Association.

These rights can be exercised by writing to us at and attaching a copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Association may charge you a reasonable request fee according to applicable laws. 

The Association may refuse, restrict, or defer the provision of Personal Data where it has the right to do so, for example, if fulfilling the request will adversely affect the rights and freedoms of others.


The Association will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the Data Protection Laws and to protect your rights. 

The Association will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of your Personal Data we collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.


The Association hopes to be able to answer any questions or concerns you may have about your Personal Data. You can get in touch with the Association by email

You have the right to make a complaint if you feel your Personal Data has been mishandled or if the Association has failed to meet your expectations. You are encouraged to contact the Association about any complaints or concerns, but you are entitled to complain directly to the relevant supervisory authority.


The most current version of this Policy will be made available on the Website. 

The Association may modify this Policy from time to time. If a modification reduces your rights, a pop-up window will inform you immediately upon access to the Website, and you will have to accept such changes before further use.


The Website may contain links that direct you to third-party sites. The Association rejects any liability relating to the privacy policy in force on said third party sites, the collection and use of your Personal Data by the latter and relating to the contents of such sites (whether the links are hypertext links or deep-links).

Furthermore, the Data Subject acknowledges and agrees that using some functionalities on the Website could involve the download and use of other applications. Under no circumstances the Association shall be liable for the utilization of these other applications, especially regarding the data protection rules.


This Policy and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law.

Any dispute relating to this Policy shall exclusively be brought before the courts of Geneva, subject to an appeal to the Swiss Federal Court.