0x Protocol | Privacy Notice

Welcome! This Privacy Notice explains how ZeroEx Inc. (“ZeroEx”, “Company”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our websites, including https://www.0x.org ↗, https://matcha.xyz ↗ , https://0xProtocol.org ↗ and other websites we own and operate that link to this Privacy Notice (collectively, the “Sites”) and the related content, platform, services, products, and other functionality offered on or through our online services (collectively, the “Services”). It does not address our privacy practices relating to ZeroEx employees and other personnel.

Blockchain participants

Please note that by virtue of the public nature of the blockchain, the holdings and transactions associated with your cryptocurrency wallet address will be publicly available and accessible to third parties. This includes, but is not limited to, your public sending address (including, but not limited to, cryptographically secure non-fungible tokens, and other blockchain based tokens), the public address of the receiver, the amount sent or received, and any other data a user has chosen to include in a given transaction. Information stored on the blockchain may not be able to be modified or deleted due to the immutable nature of the blockchain. Transactions and addresses may reveal information about the user’s identity and information can potentially be correlated now or in the future by any party who chooses to do so. Please consider how privacy and transparency on the blockchain works.

1. OUR COLLECTION OF PERSONAL INFORMATION

We collect personal information in connection with your visits to and use of the Service. This collection includes information that you provide in connection with the Service, information from third parties, and information that is collected automatically such as through the use of cookies and other technologies.

Personal Information Collected from Individuals

We may collect the following personal information submitted to us by individuals through the Services:

Account Information. To use certain our developer platform or governance portal Services, you may be required to establish an account for the Services. This may involve collecting your email address, social media handle and when applicable, public blockchain address associated with your crypto wallet (see Crypto Wallets section below for more information). We may also collect your usernames and password for using our developer platform Services. We use this information to administer your account, provide you with the relevant services and information, communicate with you regarding your account, the Service, and for customer support purposes.

Token Information. If you choose to trade using our Services, we may receive certain token transaction and event-related information, including your public blockchain address associated with your self-hosted crypto wallet, crypto wallet types, amounts of digital assets and token balances, token ownership information, and other transaction and event-related information (e.g., transfers of digital tokens between wallets, the corresponding smart contracts, amounts paid, and metadata describing the transaction, and/or properties of a digital asset).

Communications. If you communicate with us through any paper or electronic form (i.e., a “contact us” form, email), we may collect your name, email address, phone number, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our business.

Marketing Emails. If you sign up for our newsletter, we collect your email address in order to send you regular updates about the Service, such as information about new bounties available. We use this information to manage our communications with you and send you information about products and services we think may be of interest to you. If you wish to stop receiving email messages from us, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Event and Webcast Information, including registration information, call-in details, attendee badge information, company information and contact information. We use this information to administer and facilitate the Services and improve and grow our business.

User Content. You may upload, or transmit audio, videos, images, data, or information through your communications with us, your posts in the forum, and when you otherwise use the Services (collectively, "User Content"). We may collect this information, and information about this content, such as the date and time you created this content, along with other information about you, including your social media handle and crypto wallet information. Please remember that ZeroEx may, but has no obligation to, monitor, record, and store User Content in order to protect your safety or the safety of other users, to assist with regulatory or law enforcement efforts, or to protect and defend our rights and property. For more information, please see our

Employment Application Information, including your contact and demographic information, educational and work history, employment interests, information obtained during interviews and any other information you choose to provide, if you apply for employment.

Personal Information Automatically Collected

As is true of most digital platforms, we and our third-party providers may also collect personal information from an individual’s device, browsing actions and website usage patterns automatically when visiting or interacting with our Services, which may include log data (such as internet protocol (IP) address, operating system, browser type, browser id, the URL entered and the referring page/campaign, date/time of visit, the time spent on our Services and any errors that may occur during the visit to our Services), analytics data (such as the electronic path taken to our Service, through our Services and when exiting our Service, as well as usage and activity on our Service) and location data (such as general geographic location based on the log data we or our third-party providers collect).

To manage cookies, an individual may change their browser settings to: (i) notify them when they receive a cookie, so the individual can choose whether or not to accept it; (ii) disable existing cookies; or (iii) automatically reject cookies. Please note that doing so may negatively impact an individual’s experience using our Services, as some features and offerings may not work properly or at all. Depending on an individual’s device and operating system, the individual may not be able to delete or block all cookies. In addition, if an individual wants to reject cookies across all browsers and devices, the individual will need to do so on each browser on each device they actively use. An individual may also set their email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether they have accessed our email and performed certain functions with it. For more information about these practices and your choices regarding cookies, please see our

Cookie Notice ↗

Personal Information from Third Parties

We also obtain personal information from third parties which we often combine with personal information we collect either automatically or directly from an individual. We may receive the same categories of personal information as described above from the following third parties:

Other Users or Individuals who Interact with our Services: We may receive your information from other users or other individuals who interact with our Services. For example, if you engage in one of our communities hosted on third-party platforms, such as Discord, we will be able to see any public communications made within that platform.

Business Partners: We may receive your information from our business partners, such as companies that offer their products and/or services on our Service.

Social Media or Third-party Platforms: When an individual interacts with our Services through various social media networks, such as when someone follows us on Twitter, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network, and may include your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services.

Crypto Wallets: When you connect your crypto wallets such as MetaMask or Coinbase Wallet, we receive information such as your wallet address, crypto wallet types (including amounts and balances), and any related transaction and technical information associated with your crypto wallet address, including network information regarding transactions. We use this information to administer your account and provide you with the relevant Service.

Information from Other Sources: We may also collect personal information about individuals that we do not otherwise have from, for example, publicly available sources such as permissionless blockchains, third-party data providers, blockchain analytics providers, customers, third-party digital wallet providers, or through transactions such as mergers and acquisitions. Such information may include contact information, social media account information, general location, domains, crypto wallet address and related information, token ownership information (e.g., transfers of tokens between wallets), the corresponding smart contracts transactions paid and metadata describing each transaction and its properties as a digital asset, transaction recipient information, interest-in-services information and employment-related information. We may combine this information with the information we collect from an individual directly. We use this information to: provide the Services, contact individuals, process employment applications and screen job applicants, send advertising or promotional materials or personalize our Services, and better understand the demographics of the individuals with whom we interact.

2. OUR USE OF PERSONAL INFORMATION

We may use personal information we collect to:

Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services;
‍
Manage our business and its day-to-day operations;
‍
Authenticate your account credentials and identify you, as necessary to log you in and/or ensure the security of your account; Communicate with individuals, including via email and social media;
‍
Request individuals to complete surveys about our company and the Services;
‍
For marketing and advertising purposes, including to market to you or offer you through email and updates on products or services we think that you may be interested in;
‍
Enable you to communicate and share files with users you designate;
‍
Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
‍
Facilitate customer benefits and services, including customer support through our command center services;
‍
Identify and analyze how individuals use our Services;
‍
Conduct research and analytics on our customer and user base and our Services;
‍
Improve and customize our Services to address the needs and interests of our user base and other individuals we interact with;
‍
Help maintain the safety, security and integrity of our property and Services, technology assets and business;
‍
Evaluate your candidacy for employment, to communicate with you during the application process and to facilitate the onboarding process, if you are applying for employment;
‍
Fulfill or enforce our legal or contractual obligations and requirements (including in relation to our Terms of Service), to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
‍
Audit transactions conducted in connection with our services;
‍
Prevent, investigate or provide notice of fraud or unlawful or criminal activity; or
‍
For any other lawful purpose, or other purpose that you consent to or for which you provide your information.

Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry/request and/or personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.

3. OUR DISCLOSURE OF PERSONAL INFORMATION

We disclose personal information in the following ways:

Affiliates: We may share personal information with other companies owned or controlled by ZeroEx, and other companies owned by or under common ownership as ZeroEx, which also includes our subsidiaries (i.e., any business we own or control) or our ultimate holding company (i.e., any business that owns or controls us) and any subsidiaries it owns, particularly when we collaborate in providing the Services.
‍
Blockchain Participants: If you participate in our Services, by virtue of the public nature of the blockchain, the holdings and transactions associated with your crypto wallet address will be publicly available and accessible to blockchain participants and other third parties, as well as any other information you choose to provide or make public.

Contests, Sweepstakes, and Survey Providers: We share personal information with third parties who assist us in delivering our contests, sweepstakes, or survey offerings and processing the responses.

Ad Networks and Advertising Partners: We work with third-party ad networks and advertising partners to deliver advertising and personalized content on our Services, on other websites and services, and across other devices. These parties may collect information directly from a browser or device when an individual visits our Services through cookies or other data collection technologies. This information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. Please see our

Cookie Notice ↗

for more information.

Marketing Providers: We coordinate and share personal information with our marketing providers in order to communicate with individuals about the Services we make available.

Customer Service and Communication Providers: We share personal information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.

Other Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, conducting cryptocurrency transactions, employment application-related services, payment processing services, and administrative services.

Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy or receivership.

Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
‍

in connection with the establishment, exercise, or defense of legal claims;
‍
to comply with laws or to respond to lawful requests and legal process;
‍
to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
‍
to detect, suppress, or prevent fraud;
‍
to protect the health and safety of us and others; or
‍
as otherwise required by applicable law.

With Your Consent: We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Sites or service-related publications.

4. CONTROL OVER YOUR INFORMATION

You may control your information in the following ways:

Email Communications Preferences: You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may not opt-out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).

Modifying or Deleting Your Information: If you have any questions about reviewing, modifying, or deleting your information, you can contact us directly at legal@0x.org. We may not be able to modify or delete your information in all circumstances, especially in relation to information on the blockchain.

5. CHILDREN’S PERSONAL INFORMATION

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information.

6. LINKS TO THIRD-PARTY WEBSITES OR SERVICES

Our Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices.

7. REGION-SPECIFIC DISCLOSURES

Nevada: If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at legal@0x.org with the subject line “Nevada Opt Out Request” to submit such a request.

European Economic Area, United Kingdom or Switzerland: If you are located in European Economic Area (Member States of the European Union together with Iceland, Norway, and Liechtenstein), United Kingdom, or Switzerland, please see the Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures section for additional European-specific privacy disclosures.

8. UPDATES TO THIS PRIVACY NOTICE

We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

9. CONTACT US

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to legal@0x.org.

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

These Additional Disclosures set out information about how we use your personal data when you access our Service from the European Economic Area (“EEA”), United Kingdom ("UK"), and Switzerland. Please ensure that you have read and understood these Privacy Disclosures before you access or use the Services.

Personal Data: When we use the term “personal data” in these Privacy Disclosures, we mean information relating to an identified or identifiable natural person.

Controller: ZeroEx, Inc., a company duly incorporated and organised under the laws of United States of America, having its registered address at 575 Market St, San Francisco, CA 94105, is the “controller” responsible for the processing of personal data in connection with our Services. This means that we determine and are responsible for how your personal data is used.

Legal Bases for Processing

We only process and retain your personal information as permitted under applicable law. For example, we will only process your information where we have established a lawful basis to do, as follows:

When it is necessary for the performance of a contract to which you are party, or to take steps at your request prior to agreeing a contract: This applies to any processing where you sign a contract with us, for example when you become our customer, participate in our affiliate or premium partner program, or deliver services to us as a vendor or contractor. This may also include our

We have a legitimate interest which we believe outweighs your interests or fundamental rights and freedoms. This applies to the following processing activities:

When we communicate with you: To respond to your inquiries and, on some occasions, keep records in case of complaints or legal claims.

When you use our Services: When you access and use our Services, we process technical and analytics data to see if and how our Services can be improved, so that we can offer you a better user experiences in the future.

Global Suppression List: Avoid contacting you again if you have withdrawn your consent to marketing-related activities.

Marketing to existing customers (unless you have consented to such marketing): To find, customize and offer products and services we hope you find useful and relevant, i.e., provide you with excellent customer service.

Sharing personal information with other parties: To run our business efficiently and securely.

Your consent: Wherever you clearly consent to the processing, for example when you sign up for our newsletters or events. Here, your consent is implied, meaning that you consent by submitting a particular form. We also rely on your consent for using cookies and other technologies on our website and here you explicitly agree to these. Note that your default setting depends on your location (country), as the rules for using such technologies vary across jurisdictions.

We are subject to a legal obligation: For any processing where we need to comply with laws and regulations related to bookkeeping, accounting, taxation and employment, for example for keeping records.

Data Retention

We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in this Privacy Notice, and in accordance with our legitimate business interests and applicable law. For example, if your personal information is subject to the EU GDPR or UK GDPR, the criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

Contract. Where we are processing personal data is based on contract, we generally will retain your personal data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.

Legitimate Interests. Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.

Consent. Where we are processing personal data based on your consent, we generally will retain your personal data until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal data.

Legal Obligation. Where we are processing personal data based on a legal obligation, we generally will retain your personal data for the period of time necessary to fulfil the legal obligation.

Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

Storing and Transferring Your Personal Information

Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.

International Transfers of Your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. If you are accessing our Services from the EEA, UK or Switzerland, your personal information will be processed outside of the EEA, the UK and Switzerland.

In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Notice.

Marketing and Advertising

From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.
‍

We will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by contacting us at legal@0x.org.

Profiling

We may analyze personal data we have collected about you to create a profile of your interests and preferences to help us better understand and improve your use of the services, and so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively send product updates. We may also use personal data about you to detect and reduce fraud. The entering of personal data in our systems is optional and occurs only if consent is given to one of the purposes detailed in the Our Collection and Use of Personal Information section of the Privacy Notice; it automatically implies that ZeroEx personnel across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.

Your Rights in Respect of Your Personal Information

In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

Right of access. You have the right to obtain:

(i) confirmation of whether, and where, we are processing your personal information;

(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;

(iii) information about the categories of recipients with whom we may share your personal information; and

(iv) a copy of the personal information we hold about you.
‍
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
‍
Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
‍
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
‍
Right to withdraw consent. There are certain circumstances where we require your consent to process your personal information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.

You have the right to provide instructions regarding the retention, deletion and disclosure of your personal information after your death. In the absence of instructions from you, it is possible for your heirs to request the disclosure or deletion of your personal information.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html). If you wish to exercise one of these rights, we kindly ask you to contact us at

legal@0x.org

.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

Cookies and Similar Technologies Used on Our Services

Our Services use cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together “cookies”) to distinguish you from other users of our Services. This helps us to provide you with a good experience when you browse our Services and also allows us to monitor and analyse how you use and interact with our Services so that we can continue to improve our Services. It also helps us and our partners to determine products and services that may be of interest to you. Please see our Cookie Notice ↗ for more information about these practices and your choices regarding cookies.

Tracking Technologies Used in Our Emails

Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you. Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default. Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.

Processing Method

Personal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outline in the Our Collection and Use of Personal Information section of the Privacy Notice will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified.