Data Privacy Risk refers to the potential for user personally identifiable information (PII) to be shared non-compliantly with external parties, as well as the processes involved in allowing users to request the deletion of their data. Given that blockchain transactions are immutable and cannot be altered post-execution, it is crucial to ensure that PII does not appear onchain in any form. Data Privacy Risk exists both on and off the blockchain, with securing access to any repositories of this data being paramount. Mitigating these risks involves protecting against unauthorized access, theft, and accidental loss through robust security measures. Endaoment is committed to safeguarding user data through stringent data management practices, including multi-factor authentication, regular compliance checks, and adherence to applicable privacy regulations.
Endaoment is dedicated to protecting user data and upholding individuals’ rights to data privacy, including the right to request data deletion. We implement secure data management practices and comply with all relevant privacy regulations to mitigate data privacy risks and protect our users’ information. Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.
Implement strict access controls to ensure that only authorized personnel can access sensitive PII. This includes the use of multi-factor authentication and role-based access controls.
Encryption and Secure Storage
Utilize advanced encryption techniques for both digital and physical PII. Ensure that PII is stored securely to minimize the risk of unauthorized access.
Collecting, using, or processing PII, including sensitive personal information.
Sharing PII with any third party.
Transferring PII outside of the individual’s country of residence.
Using PII to market Endaoment goods or services.
Using or placing web cookies on an individual’s device.
Consent Withdrawal
Allow individuals to withdraw consent or object to data processing, requiring Endaoment to stop processing, using, or sharing the individual’s PII within 45 days.
Maintain documentation related to the incident, including:
Root cause and containment efforts.
Description of personal data elements involved.
Analysis for individual or regulatory notification requirements.
Relevant notification correspondence, if required.
Implement corrective measures to prevent future incidents.
PII Incident Definition:
A PII Incident occurs when PII has been or potentially has been exposed to or obtained by unauthorized individuals, constituting a potential data breach.