Privacy Policy
Last updated on 6 March 2026
Welcome to gnosis.io and thank you for choosing to visit our website. We take our data protection responsibilities very seriously and we understand that confidentiality and security of the Personal Data that you share with us is important. That is why we have developed specific policies and practices designed to protect the privacy of your Personal Data.
In this Policy, “we”, “us” and “our” refers to Gnosis Limited a company incorporated in Gibraltar with registration number 115571 and with its registered address at World Trade Center, 6 Bayside Road, Gibraltar.
This Policy explains what Personal Data we collect and process through your use of our website and how long we retain it. This includes any data you may provide when you browse our ecosystem or follow links to third-party services. This Policy applies to all of our processing activities where we act as a data controller.
In this Policy, “Personal Data” means any information relating to an identified or identifiable natural person, as defined in the GDPR. “Processing” means any operation performed on Personal Data, whether or not by automated means.
1. Third-Party Links and Applications
Our website provides information about a Web3 ecosystem and may contain links to third-party websites, applications and services. Clicking on those links may allow third parties to collect or process data about you under the terms of their own privacy statements. We do not control these third-party services and are not responsible for their privacy statements. When you leave our website, we strongly encourage you to read the privacy policy of each service you interact with.
2. Navigating This Policy
If you are viewing this policy online, you can click on the below links to jump to the relevant section:
What Personal Data we collect and how we use it
Other uses of your Personal Data
Use of Third-Party Applications
Existence of Automated Decision-making
Updates to this Privacy Policy
3. What Personal Data we collect and how we use it
We do not require you to create an account or provide a name to browse our ecosystem. However, we may collect and process certain Personal Data to understand how our website is used. This data may include:
Technical Data: browser types and versions, operating system and platform, Internet protocol address (“IP address”), Internet service provider, referral websites, data and information that may be used in the event of attacks on our information technology systems.
Usage Data: the date and time of access to our website, behaviour, subpage, duration and revisit.
We may also collect data from and about you if you reach out to us for information/support or sign up for a newsletter.
Strictly necessary technical data is processed on the basis of our legitimate interests in improving and ensuring the security, stability and proper functioning of our website and information systems.
Where we use cookies or similar technologies that are not strictly necessary, including analytics or performance cookies, such data will only be processed on the basis of your consent. You may withdraw your consent at any time via our cookie banner or by adjusting your browser settings. For further information on the cookies we use and how to manage your preferences, please see our Cookie Policy.
4. Other uses of your Personal Data
We may process your Personal Data where necessary for the establishment, exercise or defence of legal claims, including in connection with legal proceedings, regulatory investigations, or disputes. The lawful basis for this processing is our legitimate interests in protecting and asserting our legal rights.
In addition, we may process your Personal Data where such processing is necessary to comply with a legal obligation to which we are subject.
5. Use of Third-Party Applications
We use third-party service providers to support the operation of our website and to provide certain services to us. Where such third parties process Personal Data on our behalf, they do so as data processors and are subject to contractual obligations that require them to process Personal Data only on our documented instructions and to implement appropriate technical and organisational security measures, in accordance with applicable rules.
Google Forms: We use Google Forms, a service provided by Google LLC, to collect feedback submitted by users. When you submit feedback using Google Forms, we may collect your email address and any information you choose to include in your submission. Google LLC acts as a data processor in respect of such Personal Data.
Google LLC may process Personal Data outside of the EEA, the United Kingdom or Gibraltar. Where this occurs, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws. For further information about Google’s data processing practices please visit https://policies.google.com/privacy.
6. Sharing Your Personal Data
We may pass your information to our business partners, administration centres, third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing our services to you. In addition, when we use any other third-party service providers, we will disclose only the Personal Data that is necessary to deliver the service required and will take the required steps to maintain the same level of protection of your Personal Data. In addition, we may transfer your Personal Data to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose your Personal Data in order to comply with any legal obligation. However, we will take the necessary steps to ensure that your privacy rights continue to be protected.
7. Transferring your Personal Data outside of the European Economic Area (“EEA”), the United Kingdom or Gibraltar
For Personal Data subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”) or the Data Protection Act 2004 (as amended) (“DPA”) we may transfer your Personal Data outside of the UK, EEA or Gibraltar for the purposes described above. This may include countries that do not provide the same level of protection as the laws of your home country. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by GDPR, UK GDPR, DPA or other relevant laws such as Standard Contractual Clauses. You may contact us at any time using the contact details below if you would like further information on such safeguards.
8. Automated Decision-making
We do not use automatic decision-making or profiling when processing Personal Data.
9. Data Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed, altered or disclosed in an unauthorised way. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected or actual Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Your Rights as a Data Subject
You have a number of legal rights under applicable legislation in relation to the Personal Data that we hold about you. These rights include:
Right to request access
You have a right to obtain information regarding the processing of your Personal Data and access to information we hold about you. We are happy to provide you with details of your Personal Data that we hold or process. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of Personal Data (in particular, information that is subject to legal professional privilege). We may request that you prove your identity in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Data you request from us.
Right to erasure (right to be ‘forgotten’)
You have the right to request the erasure of your Personal Data in the following circumstances: the Personal Data is no longer necessary for the purpose for which it was collected; you withdraw your consent to consent based processing and no other legal justification for processing applies; you object to processing for direct marketing purposes; we unlawfully processed your Personal Data; and erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for: exercising the right of freedom of expression and information; Complying with a legal obligation under EU or other applicable law; the performance of a task carried out in the public interest; archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or the establishment, exercise, or defence of legal claims.
Right to rectification
You have the right to have any Personal Data that is inaccurate or incomplete, corrected. The accuracy of your information is important to us. If you need to advise us of any changes to your Personal Data please contact us using the contact details below.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your Personal Data, such as where you contest the accuracy of the Personal Data; where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed Personal Data; we no longer need to process your Personal Data but need to retain your information for the establishment, exercise, or defence of legal claims.
Right to data portability
You have the right to obtain computerised Personal Data collected from you in a structured, commonly used and technological format (right to data portability).
Right to object to direct marketing (‘opting out’)
Where legally required, with regard to marketing-related communication, we will only provide you with such information after you have opted in or had an opportunity to object and we will also provide you with the opportunity to opt out at any time if you do not wish to receive further marketing-related communication from us. We like to keep our clients, personnel and other interested parties informed of company developments, including news relating to us that we believe is of interest to you. If you do not wish to receive publications or details of events or seminars that we consider may be of interest to you, please let us know by contacting us at the details provided below.
Right to withdraw consent
Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time by contacting us using the details provided below. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
Right to lodge a complaint
If you wish to raise a complaint on how we have handled your Personal Data, you can contact us using the contact details below and we will then investigate the matter. If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act, which is currently the Gibraltar Regulatory Authority (GRA). You may contact the GRA on the below details:
Gibraltar Data Protection Commissioner, Gibraltar Regulatory Authority, 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar. Email: info@gra.gi. Phone: (+350) 200 74636. Fax: (+350) 200 72166.
You may also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of your rights has taken place.
11. Retaining Personal Data
We retain your Personal Data in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Data. Personal Data is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Data in connection with litigation, investigations and proceedings.
12. Updates to this Privacy Policy
This Privacy Policy was last updated on the date stated above. We reserve the right to update this Privacy Policy from time to time, for example, in order to reflect any changes to the way in which we process your Personal Data or changing legal requirements. In case of any such changes we will post the updated Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on our website.
13. Contact us
If you have any questions about this Policy, please contact dataprotection@gnosis.io.