NOMIC FOUNDATION PRIVACY POLICIES
This document contains two separate and independent privacy policies:
Please review the relevant policy depending on your situation with Nomic Foundation.
NOMIC FOUNDATION PRIVACY POLICY
Nomic Foundation (the “Nomic Foundation,” “we,” or “us”), a Swiss Foundation, located at c/o Kaiser Odermatt & Partner AG, Baarerstrasse 12, 6300 Zug, is a software development foundation building open-source software to unlock developer productivity in the Ethereum ecosystem. Nomic Foundation is the controller and processor of your personal data.
This Privacy Policy applies to: (i) the Nomic Foundation website (https://nomic.foundation), the Hardhat website (https://hardhat.org/), and any other website published by us (“website”), (ii) the Hardhat software (“Hardhat”) and its associated tools, plugins, and features (the “Tools”) and (iii) any other software, features, tools and/or materials, domains and subdomains, projects, made available from time to time by the Nomic Foundation (the “Software”, and jointly with Hardhat and the Tools, the “services”). Users of the websites and the services are referred to collectively as “Clients.”
This Privacy Policy describes what information Nomic Foundation collects, how we use that information, and how we protect it. Nomic Foundation collects limited personal data in order to run our organization and offer our services to Clients. We do not share Client information with third parties except for the limited purposes described in this Privacy Policy.
By using our services, Clients understand and agree that we will collect, process and use their information as described in this Privacy Policy, and in compliance with the Swiss Federal Act on Data Protection (“FADP”), the Swiss Ordinance to the Federal Act on Data Protection (“OFADP”), and the General European Data Protection Regulation (“GDPR”). We recommend that Clients read this Privacy Policy in full to ensure they are fully informed.
If you have any questions about this Privacy Policy or how we handle personal data, please contact us at privacy@nomic.foundation or use the contact information set out at bottom of this Privacy Policy.
What Personal Data Does Nomic Foundation Collect, and Why?
The information that Nomic Foundation gathers from Clients allows us to deliver and improve our services. For example, it allows us to communicate with Clients, provide support, and (with Clients’ permission) monitor deployments of the services for performance-improvement and error-correction purposes.
A. Information Our Clients Provide
We receive and store the information our Clients supply to us when they communicate with us by email, GitHub, and social media (such as Discord). This information may include the Client’s name, company, email address, username, postal address, and telephone number but it is not processed or stored in any data base.
Personal data processed through Github and social media is subject to their privacy policies. You should check Github’s and each social media privacy policies. The Nomic Foundation is not responsible for the data collected by these platforms.
B. Information Automatically Collected from Clients
We also collect certain anonymized information automatically, and scrub any identifiable data, including:
For Hardhat 3.0.0-next.4 and earlier versions; the Hardhat for Visual Studio Code extension; and Hardhat 2, including all of its minor, patch, and pre-release versions, as well as any earlier versions:
Hardhat collects automated error and performance monitoring data to help Nomic Foundation fix bugs and improve the performance of our software. This data is only collected and processed if the Client opts into this feature.
The information collected includes: 1) a unique cryptographic identifier to identify data from a single user; 2) the Hardhat version number; 3) whether Hardhat is running on a server or desktop; 4) the Client’s operating system (e.g. Windows, Mac, or Linux); 5) whether the Hardhat task running is a build-in or user-defined task; 6) the versions of Node.js and Sentry running on the Client’s computer; 7) error message text; 8) stack trace data; and 9) timestamps.
For Hardhat 3.0.0-next.5, including all of its minor, patch, and later versions:
The services may collect automated error and performance monitoring data to help Nomic Foundation fix bugs and improve the performance of our services. You can choose at any time that this data is not collected and processed in your case.
The information collected may include without limitation: 1) a privacy-preserving unique cryptographic identifier to cluster data from a single user; 2) the version number of the services; 3) whether the services are running on a server or desktop; 4) the Client’s operating system (e.g. Windows, Mac, or Linux); 5) functionalities being run (including APIs and third-party plugins); 6) the versions of Node.js and Sentry running on the Client’s computer; 7) error message texts; 8) stack trace data; 9) timestamps; 10) use of resources by the services (e.g., RAM, CPU); and 11) any other performance metric or information that might be necessary to improve the services.
Services Used by Nomic Foundation:
The Nomic Foundation uses third-party services for analytics, Sentry and Google analytics (or similar services to be added in the future), to collect and process this data: i) Google analytics: extension version, machine Id, operating system, user agent; and ii) Sentry: extension name + version, environment, machine id as mentioned above, tags that provide context.
In the case of Sentry, the data is anonymized before being sent to Sentry’s servers. Any piece of data resembling a path or a private key is removed on a best-effort basis. The data sent to Sentry is subject to a data processing agreement limiting Sentry’s use of the data and requiring Sentry to take appropriate security measures to protect the data.
Like many websites, the Nomic Foundation websites use cookies to obtain certain types of information when your web browser accesses our site. Cookies are used most commonly to do things like tracking page views, identifying repeat users and utilizing login tokens for a session.
|
Type of Cookie |
Served By |
How to Control These |
|
Session cookies: these are used to anonymously track a user’s session on our websites to deliver a better experience. |
Nomic Foundation |
You can block or delete these by changing your browser settings. |
|
Performance and Targeting cookies: These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website for you. Such cookies may record site and display-related activity for a session so that a client does not see displays that are irrelevant or have already been dismissed. |
|
Google offers a Google Analytics Opt-Out Browser Add-on for most browsers. |
|
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information. |
||
Other information we collect and analyze includes the Internet Protocol (IP) address used to connect your computer to the Internet, computer and connection information such as browser type, version, language, and time zone setting, browser plug-in type and version, screen resolution, and operating system and platform. This information is stored in log files and is collected automatically. We collect this technical information to better understand user needs and provide Clients with an optimal online experience.
We also collect aggregate usage data for our websites, which may include browsing patterns and broad demographic information, to enable us to understand how our websites are being used and to develop and refine them to better serve our Clients.
Our Legal Bases for Processing Personal Information
For personal data under Nomic Foundation’s control, we rely on two bases to lawfully obtain and process personal information. First, where Clients have given us valid consent to use their data in certain ways, we rely on that consent. Second, as described in more detail below, in certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants, and/or to further our legitimate interests, so long as any such legitimate interests are not overridden by your rights or interests.
How and When Do We Share Information?
Nomic Foundation does not sell your information. As set out below, we only share information on a limited basis in order to enable us to offer our services. We do not otherwise make Client data available to third parties.
Service Providers
We employ other organizations and service providers to perform certain functions on our behalf. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to Nomic Foundation not to disclose or use your information for other purposes.
All Service Providers warrant to be in compliance with the GDPR and provide sufficient security to the information they access to.
Our use of Service Providers includes:
We might add or replace Service Providers in the future, if you have any questions about the specific Service Providers we currently use, please contact us at privacy@nomic.foundation or by using the contact information set out at the bottom of this Privacy Policy.
Legal Compliance / Protection of the Public and Our Business / Legitimate Interests
We will release personal and account information: to comply with a subpoena, court order, legal process, or other legal requirement when we believe in good faith that such disclosure is necessary to comply with the law; to protect, establish, or exercise our legal rights or defend against legal claims; when we believe doing so is reasonably necessary to prevent harm to an individual; or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our legal terms.
We may also share your information during an organizational transaction like a merger or distribution of our assets to a successor organization. If such a transaction occurs, we will provide notification of any changes to control of your information, as well as choices you may have.
Children’s Privacy
The services are not intended for children under the age of 16. We do not knowingly collect personal information from anyone under the age of sixteen. If you are under the age of sixteen, your parent or guardian must provide their consent for you to use the services.
Data Transfers
Nomic Foundation provides a voluntary service and Clients can choose whether or not they wish to use it. Consequently, when you decide to use our Services you entitle Nomic Foundation to transfer your personal data to the Services Providers for the purposes of the data processing described in this Privacy Policy.
When your data is moved from its home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you reside. Because we offer our services to people in different countries and use technical infrastructure based in different jurisdictions, we may need to transfer your personal information across borders in order to deliver our services.
Our Services Providers are obliged to protect data privacy at least to the same extent as ourselves. We contractually ensure that the protection of your personal data corresponds to the applicable laws by using the standard contractual clauses to comply with the GDPR.
How Secure Is Your Information?
We maintain administrative, technical, and physical safeguards designed to protect the privacy and security of the information we maintain about you. The connection between your computer and our website server is encrypted using Secure Sockets Layer (SSL) software that encrypts that information.
We use a Digital Certificate and secure pages will be identified by a padlock sign and “https://” in the address bar. Likewise, all services error and performance monitoring data is transmitted over HTTPS transport layer security (TLS)-secured connections.
However, no method of transmission or storage is 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.
What Are Your Rights?
Upon request, Nomic Foundation will provide Clients with information about whether we hold any of their personal information (“Right to confirmation”). In certain cases, subject to relevant legal rights, Clients have the right to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format (“Right to access”, “Right to object”, “Right to rectification”).
In order to do this, Clients can contact us using the contact information set out at the bottom of this Privacy Policy. We will respond to every request within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding.
You can also withdraw your consent to our processing of your information and the use of our services, and/or delete your Client account at any time, by using the contact information below to request that your personal information be deleted (“right to be forgotten”).
If you are an EU resident and believe that our processing of your personal data is contrary to the EU General Data Protection Regulation, you have the right to lodge a complaint with the appropriate supervisory authority.
If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this policy, we may not be able to provide you with our services. Please note that in certain cases we may continue to process your information after you have withdrawn consent and requested that we delete your information if we have a legal basis/need to do so.
Data Retention
For personal data under its control, Nomic Foundation will retain such data only for as long as is necessary for the purposes set out in this policy, or as needed to provide Clients with our services.
If a Client no longer wishes to use our services then it may request deletion of its data at any time.
Notwithstanding the above, Nomic Foundation will retain and use Client information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements.
We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.
Contact Us
If you have any questions, comments or suggestions about how we handle personal information you can contact Nomic Foundation at privacy@nomic.foundation
NOMIC FOUNDATION RECRUITMENT PRIVACY POLICY
Nomic is a Swiss Foundation, located at c/o Kaiser Odermatt & Partner AG, Baarerstrasse 12, 6300 Zug (“Nomic” or the “Company”). As part of Nomic recruitment process, the Company collects and processes personal information or personal data relating to job applicants.
For the purpose of this privacy policy, personal data or personal information means any information relating to an identified or identifiable person. Examples of personal data include: full name, address, identity document or passport number, personal profile, and internet protocol (IP) address, among others.
Nomic is committed on being transparent about how it handles candidates’ personal information, protecting the privacy and security of the candidates and complying with the European Union (“EU”) General Data Protection Regulation (“GDPR”), the Swiss Federal Act on Data Protection, the Swiss Ordinance to the Federal Act on Data Protection, and any other regulation concerning personal data protection in the different jurisdictions where Nomic works. The reason for this privacy notice is to make candidates aware of how and why Nomic collects and uses personal information during the recruitment process.
This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency, and it has non-contractual terms.
As part of the recruitment process, Nomic collects the following personal information of the candidates:
Nomic collects the majority of information directly from the candidates when they complete the online application forms in Nomic web page (https://nomic.foundation/jobs). Nomic may also gather information during the interviews conducted with candidates as part of the recruitment process.
In cases where the Company obtains information from social networks or public sources such as LinkedIn, GitHub, or SeekOut, such information is only the one published by the candidates themselves on their profiles. The scope of information collected is limited to contact details, skills, work experience, and information contained in the public profile.
In the specific case of code platforms (like GitHub), Nomic may review public activity, such as commits or contributions, to assess technical skills and suitability for the role applied for.
If the candidate fails to provide information when requested, which is necessary for Nomic to consider the application, Nomic will not be able to fully process the application.
As a third method of collecting information, when necessary, Nomic collects data through external recruiters, who manage potential candidates and upload their information to the Ashby platform, as described in section No. 5 below.
As a final method of collecting information, Nomic employees may refer candidates whom they consider suitable for potential hiring by the Company. In such cases, Nomic employees upload all information provided to the Ashby platform, as described in section No. 5 below.
Nomic processes the applicant’s information for several purposes arising from the employment application, including assessing the candidate’s skills and suitability for the relevant role, communicating with the candidate about the recruitment process, carrying out background and reference checks, and keeping records related to the recruitment process.
It is necessary for Nomic to process this data to meet its legitimate interests relating to recruitment administration, to take steps at the request of the applicant prior to entering into a contract, or to comply with legal obligations, such as those relating to the monitoring of equal opportunities.
On those bases, Nomic legitimate interests include: pursuing business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.
Nomic has assessed that these legitimate interests are not overridden by the rights and freedoms of the applicants, taking into account the nature of the data processed and the reasonable expectations of individuals in the context of a recruitment process. Applicants may object to the processing of their personal data based on legitimate interests at any time by contacting Nomic’s team (See No. 10 below).
In some cases, Nomic may use different artificial intelligence platforms to support and streamline the evaluation process, using the information provided by applicants and other relevant data. The final hiring decision will always remain under the responsibility of Nomic’s employees.
The access to applicants’ personal records is limited to Nomic employees who participate in the recruitment process, such as the human resources department, interviewers and directors.
Nomic will disclose personal information only in the following circumstances: to comply with a subpoena, court order, legal process, or other legal requirement, when Nomic believes in good faith that such disclosure is necessary to comply with the law; to protect, establish, or exercise Nomic’s legal rights, or to defend against legal claims; when Nomic believes that such disclosure is reasonably necessary to prevent harm to an individual; or to take action regarding illegal activities, suspected fraud, threats to Nomic’s property, or violations of Nomic’s legal terms.
Nomic stores candidate information across several recruitment and assessment platforms, manually or electronically, as follows:
Nomic will only retain data for as long as needed to fulfil Nomic purposes, including any relating to legal, accounting, or reporting requirements. When a candidate submits an application directly to a position through Nomic’s recruitment platform, they acknowledge and accept that their personal data may be retained for up to two (2) years for the purpose of being considered for future employment opportunities. This period is considered reasonable and consistent with applicable data protection standards.
For profiles collected from public professional sources (such as LinkedIn or GitHub), Nomic retains personal data for a period of up to one (1) year, based on its legitimate interest in identifying and evaluating potential candidates. After this period, the data will be securely deleted or anonymized, unless otherwise required by applicable law.
Notwithstanding the above, Nomic Foundation will retain and use personal information to the extent necessary to comply with legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce agreements.
Under certain circumstances, and in accordance with applicable data protection laws, individuals have the following rights regarding their personal information processed by Nomic:
If the applicant wishes to exercise any of the rights described above, they may contact Nomic’s team (See No. 10 below). Nomic may need to request specific information from the applicant to verify their identity and confirm their right to access personal information or to exercise any of the other rights. This verification process is a security measure designed to ensure that personal information is not disclosed to any individual who does not have the legal right to receive it.
Nomics primarily operates in the Americas and Europe. When processing personal information of candidates located in other jurisdictions, Nomic ensures that appropriate data protection safeguards are applied in accordance with applicable privacy laws.
As it was stated, Nomic may store personal information collected either manually or electronically. Electronic data may be transferred to, and stored at, destinations outside the European Economic Area (“EEA”), for example, when an applicant has provided contact details for a referee located overseas or when a member of the recruitment team is based outside the EEA.
Such transfers will only occur when one of the following conditions applies:
Nomic reserves the right to update or amend this privacy notice at any time. Any changes will be published on Nomic’s website and on the recruitment platforms it uses, ensuring that applicants can easily access the most current version. Nomic may also inform applicants about the processing of their personal information through other appropriate means.
If you have any questions about this privacy notice, about how we handle your personal information, or if you wish to exercise any of the rights described in this policy, please contact legal@nomic.foundation.
If you believe that Nomic has not handled your personal information in accordance with applicable data protection laws, you may present a complaint to the data protection authority of the country in which you live, work, or where the alleged infringement has taken place.
Concerning the European Economic Area, a list of the European data protection authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.