Privacy Policy

Our commitment to privacy

The protection of your personal data is of the utmost importance for DEFX DISTRIBUTED VENTURES LDA. (‘DISTRIBUTED’), a company incorporated under Portuguese law. This Privacy Policy is meant to help you understand what information we collect, why we collect it, how we process it and for how long it is retained. We commit to comply with the applicable legal framework to the processing of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (General Data Protection Regulation or ‘GDPR’).

1. Who is the data controller?

DISTRIBUTED is an independent, community-driven technology company, committed to create a platform for online and remote teaching, providing a new approach to digital learning. We are based in Lisbon, Portugal.

The services provided by us, DISTRIBUTED acts as a data controller for the processing of personal data of the visitors and users of its website (‘Website’), including the personal data provided by the Artists and User Members who have registered and created an Artist / Membership Account. For further information, please read the Terms of Use of our Website.

DISTRIBUTED also acts as a data controller for the processing of all personal data which is provided by the Users and Instructors and which relates to the Content uploaded in the Website. “Content” has the meaning set forth in our Terms and Conditions.

If you have any question relating to the processing of your personal data by DISTRIBUTED, please contact us at:

Address: DEFX DISTRIBUTED VENTURES LDA., Calçada Eng. Miguel Pais 16 2DTO, Lisbon 1200-173, Portugal
E-mail: legal@distributed.ventures

2. What personal data is processed by DISTRIBUTED?

For the purposes of the GDPR, personal data means ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

Your personal data is provided to us directly by you when acceding and/or using our Website and related services (e.g.: when creating an account or contacting us for support or to clarify any query). We may also obtain personal data by recording how you interact with our Website. For example, we may use cookies for that purpose. For further information, please read our Cookies Policy.

In the event that special categories of special data (which are defined under the GDPR as ‘racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation’) are processed by DISTRIBUTED, we will ensure that the processing will only take place upon explicit consent from the data subject.

DISTRIBUTED processes the following data:

  • Identification and contact data, such as your name, e-mail or mail address, telephone number;
  • Information relating to your identity, such as your name or title/position;
  • Contact details, such as postal address, e-mail address and telephone number;
  • Financial information, such as your tax number or payment-related information;
  • Any other information you may provide us or which may have been transferred to us within the scope of our services.

DISTRIBUTED may also collect and use anonymous data. Anonymous data are data which cannot be used to, directly or indirectly, identify a particular individual. For example, DISTRIBUTED will collect statistical data, such as the numbers of visits to our Website. We collect this data to understand how visitors use our Website, so that we can improve our services and better satisfy your needs.

We will endeavour to isolate your personal data from anonymous data and ensure that the two types of data are used separately. If personal data is combined with anonymous data, DISTRIBUTED will still treat it as personal data during processing.

3. Why do we process your personal data?

DISTRIBUTED processes your personal data for several reasons. We use your information to:

  • Create a user account;
  • Fulfil your transaction request, including executing orders and concluding payments;
  • Enter into a Freelance Agreement with you;
  • Operate our Website, including auditing and monitoring its use;
  • Provide our services as described in the Terms and Conditions;
  • Promote our services, by sending our newsletter and occasional updates;
  • Guide and manage our relationship with you;
  • Conduct surveys and research about your opinion of our current services or of potential new services.

4. What justifies the processing of your personal data?

Under the GDPR, the processing of personal data must have a lawful basis. In this context, the processing of personal data carried out by DISTRIBUTED will always be based on one or more of the following grounds:

  • Consent of the data subject: consent shall be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication by means of a declaration (in writing or orally) or by an unequivocal positive act (by completing an option). Consent can be withdrawn at any time, without such withdrawal affecting the processing performed while such consent was in force;
  • Performance of a contract or pre-contractual procedures: whenever the processing of personal data is done for the purpose of maintaining the relationship between DISTRIBUTED and the data subjects above identified, or to carry out pre-contractual measures at their request;
  • Compliance with a legal obligation: whenever the processing is necessary to fulfil the legal obligations to which DISTRIBUTED is subject;
  • In the context of a legitimate interest: whenever it is necessary to process personal data to safeguard the legitimate interests of DISTRIBUTED or third parties. The legitimate interests of DISTRIBUTED include, but are not limited to, (i) the exercise of legal and defence rights in the event of legal disputes, (ii) the maintenance of DISTRIBUTED’s security, network, infrastructures and technological systems (including access controls), as well as its IT management, and video surveillance for security purposes.

5. To whom we disclose your personal data?

DISTRIBUTED shares your personal data with its employees who need them to comply with pre-contractual or contractual obligations.

In addition, DISTRIBUTED shares your personal data with its partners, when services are provided by partners authorised by DISTRIBUTED. For example, when you make an online purchase from our Website, we must share your personal data, namely your financial information, with our payment platform providers, STRIPE and PAYPAL.

All such third parties are prohibited from using your personal information, except to provide these services to DISTRIBUTED, and they are required to maintain the confidentiality of your information.

To comply with applicable laws or respond to valid procedures, DISTRIBUTED may also disclose your personal data to regulatory authorities, courts and official entities to comply with applicable laws or respond to valid requests in the context of administrative procedures or legal proceedings.

Finally, DISTRIBUTED may still disclose your data when appropriate, for example, to execute our Terms of Use, when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.

6. Cross-border transfers of your personal data?

As DISTRIBUTED is a global company, the personal data collected by us may be processed in a country/region outside the European Economic Area (EEA) not offering an adequate level of protection where our business partners have a presence.

In such circumstances, DISTRIBUTED will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes when transferring your personal data from outside the European Economic Area (EEA). In such cases, and in the absence of an adequacy decision by the European Commission, DISTRIBUTED will ensure that data transfers are carried out in strict compliance with applicable legal requirements, including, without limitation, by adopting EU’s standard contractual clauses or obtaining your consent to the international transfer.

7. For how long we will store your personal data?

Personal data processed by DISTRIBUTED are kept for no longer than necessary for the purposes for which they were collected, unless retention for a longer period is necessary to comply with legal and/or regulatory obligations.

There are situations in which the law requires minimum retention periods, in particular 10 years in case of data regarding accounting, tax purposes or information related to commercial bookkeeping, and 7 years for anti money laundering and counter terrorist financing purposes. Likewise, DISTRIBUTED will retain the data for the applicable prescription terms.

Once the maximum storing period has been reached, personal data will be irrevocably anonymised (anonymised data may be retained) or destroyed in a secure manner.

8. What are your rights?

When DISTRIBUTED acts as a data controller, it safeguards the exercise of data subjects’ rights regarding the processing of their personal data, according to the provisions laid down in the GDPR, namely:

  • Right of access: right to obtain confirmation as to whether or not your personal data are being processed, and, where applicable to access your personal data;
  • Right to rectification: right to obtain the rectification of your personal data which is inaccurate or incomplete (e.g. e-mail, telephone number);
  • Right to erasure (“right to be forgotten”): right to obtain the erasure of your personal data, unless there are valid grounds for storing your data. For example, DISTRIBUTED is required to keep the data for compliance with a legal obligation or for the establishment, exercise or defence of legal claims;
  • Right to restriction of processing: right to obtain restriction of the processing of your personal data, in the form of: (i) suspension of processing, or (ii) limitation of the scope of processing to certain categories of data or purposes of processing;
  • Right to data portability: right to receive the data you have provided to DISTRIBUTED in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another controller, if technically possible;
  • Right of object: right to object to the processing of your personal data, unless DISTRIBUTED demonstrates compelling legitimate grounds for the processing.

The exercise of these rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged in consideration of the costs.

The information must be provided in writing, but may be given orally if requested. In this case, DISTRIBUTED shall verify your identity by other means.

The response to the requests shall be provided, as a rule, within a maximum period of 30 days, unless it is a particular complex request or a multitude of requests, in which case it may be extended according to GDPR.

In order to exercise these rights, as well as to obtain any clarification to the processing of personal data by DISTRIBUTED, please contact us through any of the contacts set forth in this Privacy Policy.

In addition to these rights, you also have the right to lodge a complaint with the competent supervisory authority. For further information, please visit www.cnpd.pt.

9. How do we protect your personal data?

The security of your personal data is important to us. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, disclosure, alteration, loss or destruction in accordance with applicable data protection laws. For example, we use cryptographic technologies for data confidentiality, protection mechanisms to prevent attacks, and access control mechanisms to permit only authorised access to your personal data. We also provide training on security and privacy protection for employees to raise their awareness of personal data protection.

Although DISTRIBUTED is committed to protecting your personal data, please note that no security measure is perfect.

10. Changes to this Policy

DISTRIBUTED reserves the right to occasionally update or change this Privacy Policy to reflect company and customer feedback. We encourage you to periodically review this Policy to be informed of how we are protecting your information.

If major changes are made to this Privacy Policy, we may notify you through different channels, for example, posting a notice in our Website or sending you a direct notification.

We advise you to regularly read our Privacy Policy, in order to be informed of any updates.

Updated on 2020/04/05.

Made with ♥ in Lisbon
©️ 2020 - Distributed Ventures LDA