Data Processing Agreement

Effective Date: January 8, 2026

This Data Processing Agreement ("DPA") complies with GDPR Article 28 and applies to our processing of personal data on your behalf.

1. Definitions

Controller: You (the user of our Website)
Processor: INTcoin Core Development Team
Personal Data: Any information provided to or collected by our Website
Processing: Any operation performed on Personal Data
Data Subject: Individual whose Personal Data is processed
GDPR: General Data Protection Regulation (EU) 2016/679

2. Subject Matter and Duration

Subject Matter: Website operation and minimal data processing

Duration: As long as you use our Website

Nature and Purpose: Providing website services, responding to inquiries, maintaining security

3. Types of Personal Data

We may process the following types of Personal Data:

Contact Information: Email addresses (if you contact us or subscribe)
Technical Data: IP addresses (anonymized in logs), browser information
Usage Data: Pages visited, access times (in server logs)

Note: We collect minimal data. Most website functionality works without providing any Personal Data.

4. Categories of Data Subjects

Website visitors
Newsletter subscribers (if applicable)
Individuals who contact us via email or forms

5. Processor Obligations (GDPR Article 28(3))

We (the Processor) undertake to:

5.1 Process Only on Instructions

Process Personal Data only based on your instructions (by using our Website) and applicable law.

5.2 Confidentiality

Ensure that persons authorized to process Personal Data are bound by confidentiality.

5.3 Security Measures (GDPR Article 32)

Implement appropriate technical and organizational measures:

Encryption: HTTPS/TLS 1.2+ for data in transit
Access Controls: Limited access to systems and data
Pseudonymization: IP addresses anonymized in logs
Security Headers: HSTS, CSP, X-Frame-Options
Regular Updates: Software security patches
Monitoring: Security monitoring and intrusion detection

5.4 Sub-Processors

We may use the following sub-processors:

Web Hosting Provider: Servers that host our Website

We ensure sub-processors comply with GDPR obligations equivalent to this DPA.

5.5 Data Subject Rights

We assist you in responding to Data Subject requests for:

Access to Personal Data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Restriction of processing
Data portability

Contact for requests: privacy@international-coin.org

5.6 Data Breach Notification

In case of a Personal Data breach, we will:

Notify you without undue delay (within 72 hours when feasible)
Provide details: nature of breach, affected data, potential consequences
Describe measures taken to address the breach

5.7 Data Protection Impact Assessment (DPIA)

We assist with DPIAs when required, providing information about our processing activities and security measures.

5.8 Deletion or Return of Data

Upon termination of services or your request, we will:

Delete all Personal Data (unless required by law to retain)
Confirm deletion in writing if requested

5.9 Audit and Inspection

We make available information necessary to demonstrate compliance with GDPR Article 28. You may request an audit or inspection with reasonable notice.

6. International Data Transfers

If Personal Data is transferred outside the EEA, we ensure:

Adequate safeguards are in place (Standard Contractual Clauses, adequacy decisions)
Compliance with GDPR Chapter V requirements

7. Data Retention

We retain Personal Data only as long as necessary:

Server logs: 30 days (anonymized)
Contact form submissions: Until inquiry resolved, then deleted
Newsletter data: Until unsubscribe

8. Your Rights as Controller

You (the Controller) have the right to:

Receive information about our processing activities
Request deletion of your Personal Data
Object to processing
Lodge a complaint with a supervisory authority

9. Liability and Indemnification

Each party is liable for damages caused by processing that infringes GDPR, except where the party proves it is not responsible for the event giving rise to the damage.

10. Changes to This DPA

We may update this DPA to reflect changes in law or our practices. Material changes will be communicated with 30 days' notice.

11. Governing Law

This DPA is governed by the GDPR and applicable data protection laws.

12. Contact

Data Protection Contact:
INTcoin Core Development Team
privacy@international-coin.org

Data Protection Officer (if applicable):
To be designated if required by GDPR Article 37

Summary for Users

This DPA ensures we handle your data responsibly and in compliance with GDPR. Key points:

✅ We collect minimal data
✅ Strong security measures in place
✅ You can request deletion anytime
✅ We notify you of any data breaches
✅ No data shared with third parties (except hosting)