The Pyth Data Association with registered office at Grabenstrasse 25, 6340 Baar, Switzerland (“Association”), respects the privacy of Personal Data and is committed to protecting Personal Data. This Privacy Policy (this “Policy”) describes the policies and procedures Association has implemented to protect Personal Data Processed by Association in accordance with applicable Data Protection Laws.

Association has voluntarily opted to apply the protections and obligations outlined in this Policy to all Data Subjects. However, such protections and obligations may be beyond the legal requirements of the jurisdiction of certain Data Subjects. Data Protection Laws vary widely across jurisdictions and while Association will strive to meet this Policy for all Data Subjects, the Data Protection Laws for the Data Subject ultimately govern the protections conferred in the specific jurisdiction applicable to that Data Subject, and this Policy does not confer any rights beyond those granted by the relevant Data Protection Laws.

This Policy describes how Association collects and uses Personal Data, the circumstances under which Association may share Personal Data, the applicable rights of Data Subjects, and Association’s technical and physical safeguards to protect the security of Personal Data.

DEFINITIONS

“Controller” means a natural or legal person, public authority, agency, or other body that, independently or jointly with others, determines the purpose and means of Processing Personal Data, as defined in Data Protection Laws. Controller shall refer to Association, and with regard to certain Processes, Association may act as joint Controller with a third-party.

“Data Protection Laws” refer to applicable privacy legislations, regulations, or codes issued by data protection regulators.

“Data Subject” means a natural person who can be identified, directly or indirectly, by reference to their Personal Data.

“Personal Data” means any information attributable to an identified or identifiable natural person (a Data Subject), as defined in Data Protection Laws. Under the current Swiss Federal Data Protection Act Personal Data also includes information relating to legal entities. Personal Data does not include data where the identity has been removed (anonymous data). Personal Data shall encompass Special Category Data. Such information includes, but is not limited to:

• Name;

• Addresses;

• Telephone numbers;

• Email addresses;

• Government-issued identification numbers;

• User passwords or PINs;

• User identification and account access credentials, passwords, PINs and security question answers;

• Financial account numbers; and

• Geolocation data.

“Process” or “Processing” or “Processed” or “Processes” means, as applicable, any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as collecting, recording, using, organizing, structuring, storing, adapting or altering, retrieving, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or purging.

“Processor” means a natural or legal person, public authority, agency, or other body that Processes Personal Data on behalf of a Controller, as defined in Data Protection Laws. Processors’ activities are limited to the more “technical” aspects of a Process and do not include the exercise of professional judgment or significant decision-making in relation to Personal Data. Processors may include third-party service providers, applications, or agencies utilized by Association in the course of business.

“Special Category Data” means Personal Data revealing racial or ethnic origin, criminal history, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership, or health, genetic, or biometric data, or data pertaining to a child or minor.

A. GENERAL DATA PROTECTION INFORMATION

DATA PROTECTION PRINCIPLES

Association is committed to Processing data in accordance with its responsibilities under the Data Protection Laws, and in particular with the following principles:

• Fair, lawful and transparent Processing;

• Collection for a specified, explicit and legitimate purposes and no further Processing in a manner that is incompatible with the specified purposes;

• Limitation to what is adequate, relevant and necessary in relation to the purposes for which the Personal Data are processed;

• Keep Personal Data accurate and up to date;

• Keep Personal Data only for as long as is necessary or legally required;

• Process Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;

• Process Personal Data in accordance with the rights of the Data Subject; and

• Ensure an adequate level of data protection when transferring Personal Data to a country outside of the European Economic Area.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

Association will only use Personal Data when Data Protection Laws allow Association to do so. Personal Data shall be Processed in a manner that is adequate, relevant, and not excessive in relation to the intended business purpose(s) of such Processing. A legal basis is required to process Personal Data. Personal Data may be processed only if at least one of the following legal bases applies:

1. Consent: Data Subject giving consent to the Processing of his or her Personal Data for a specific purpose(s);

2. Contractual necessity: Processing is necessary for the performance of a contract to which the Data Subject is party or entering into a contract, such as due diligence (anti-money laundering and counter-terrorist financing checks); complying with applicable sanctions and embargo legislation; regulatory, governmental, tax and law enforcement authority requests; surveillance and investigation activities; carrying out audit checks, and instructing our auditors; maintaining statutory registers; and preventing and detecting fraud;

3. Compliance with legal obligations: Processing is necessary for compliance with a legal obligation to which Association is subject;

4. Vital interests: Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;

5. Public interests: Processing is permitted if it is necessary for the performance of a task carried out in the public interest. Examples include taxation, crime reporting, public health and quality and safety of products; or

6. Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by Association or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child.

RIGHTS OF DATA SUBJECTS

When applicable, Association shall honor Data Subject rights, as described herein. In accordance with Data Protection Laws and in certain circumstances, a Data Subject may possess the right to:

1. Request access to his or her Personal Data that Association holds to check that it is accurately and lawfully being Processed.

2. Request correction of his or her Personal Data that Association holds. This enables Personnel to have any incomplete or inaccurate Personal Data be corrected, though Association may need to verify the accuracy of any new Personal Data provided.

3. Request erasure of his or her Personal Data. This enables Personnel to ask Association to delete or remove Personal Data where there is no legitimate purpose for the Processing of such Personal Data by Association. Association may not always be able to comply with the request of erasure for specific legal reasons or other legitimate grounds, which will be notified to Personnel, if applicable, at the time of the request.

4. Object to Processing of his or her Personal Data where Association is relying on a legitimate interest (or those of a third party) and he or she would like to object to the Processing because it impacts his or her fundamental rights and freedoms.

5. Request restriction of Processing of his or her Personal Data. This enables Data Subjects to ask Association to suspend Processing Personal Data in the following scenarios: (i) establishing the accuracy of Personal Data; (ii) where Association's use of Personal Data is unlawful, but there is no request of erasure; (iii) where a Data Subject needs Association to hold Personal Data even if retention is no longer required and it is needed to establish, exercise, or defend a legal claim; or (iv) a Data Subject objects to Association's use of Personal Data, but Association needs to verify whether there are overriding legitimate grounds to use it.

6. Request the transfer of his or her Personal Data. Association will provide to Personnel, or a third party, his or her Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information.

7. Withdraw consent at any time where Association is relying on consent to Process Personal Data. This will not affect the lawfulness of any Processing carried out before consent is withdrawn.

8. Be notified of a data breach involving a Data Subject's Personal Data.

Association shall accept, when applicable, any written requests through the appropriate channels from a Data Subject to exercise his or her rights and freedoms pursuant to Data Protection Laws. Association shall use reasonable means to verify the identity of the requester.

ASSOCIATION’S DATA PROTECTION OBLIGATIONS

Association and its Personnel have implemented appropriate technical and organizational measures to provide adequate protection regarding Data Subjects’ rights and the lawful, fair, and transparent Processing of Personal Data, as described herein. Association data protection obligations include the following:

1. Consent: When consent is the lawful basis for Processing, Association shall obtain the affirmative consent of a Data Subject prior to such Processing. Consent shall be written in clear and plain language by Association and the Data Subject must give consent freely. Prior to providing consent, a Data Subject shall be notified by Association that consent may be withdrawn at any time. Consent may not be permanently binding on Data Subjects, as such Data Subjects may withdraw consent at any time.

2. Purpose Limitation: Association shall restrict the Processing of Personal Data to the intended business purpose(s).

3. Notification: Association shall provide notification in clear language to a Data Subject at the outset of Processing, which may include: name of Controller and contact information; purpose of Processing; type(s) of Personal Data Processed; whom has access to Personal Data; Processing location(s); retention period; Data Subject’s rights and instructions for exercising such rights; and protections against data breaches.

4. Access: Upon request by a Data Subject, Association shall provide such Data Subject with access to his or her Personal Data in the possession or under the control of Association and information about the ways in which Personal Data may have been previously Processed.

5. Correction: Upon request by a Data Subject, Association shall correct any error or omission in a Data Subject’s Personal Data in the possession or under the control of Association. If Personal Data is corrected, Association must inform (i) third-parties to whom data has been disclosed of correction and (ii) Data Subjects that his or her Personal Data has been disclosed to third-parties.

6. Erasure: Upon request by a Data Subject, Association shall erase such Data Subject’s Personal Data in the possession or under the control of Association, if: (i) Personal Data is no longer necessary for the intended business purpose for which it was Processed; (ii) the Data Subject withdraws consent and there is no other legitimate basis for the Processing; (iii) the Data Subject objects to Processing based solely on Association’s legitimate interest; (iv) the Processing of Personal Data is unlawful; or (v) Personal Data is related to the offer of information society services to a child. This is not an absolute right, as Personal Data may be retained to the extent required or permitted under applicable law. If Association discloses Personal Data to a third-party, Association shall notify such third-parties of any fulfilled request to erase, unless unreasonable or would result in a disproportionate effort.

7. Accuracy: Association shall make a reasonable effort to verify that Personal Data Processed by or on behalf of Association is accurate and complete. Generally, Personal Data is obtained directly from the Data Subject.

8. Protection: Association shall protect Personal Data in its possession or under its control by securing against unauthorized Processing, as further described in the “Security Measures Taken to Protect Personal Data” Section.

9. Retention: Personal Data will be retained for as long as is necessary for the intended purpose. Association shall cease to retain documentation containing Personal Data or remove the means by which Personal Data can be associated with a particular Data Subject when (i) the intended purpose for which Personal Data was Processed is no longer applicable and (ii) the retention is no longer necessary for legal or business purposes.

10. Breach Notification: In the case of a data breach involving any loss, misuse, or alteration of Personal Data that is likely to result in (i) a risk to Data Subjects’ rights and freedoms, Association shall notify the supervisory or data protection authorities within seventy-two (72) hours; or (ii) a high risk to Data Subjects’ rights and freedoms, Association shall notify Data Subjects without undue delay.

SHARING OF PERSONAL DATA

Association has executed appropriate documentation to protect the privacy and fundamental rights and freedoms of Data Subjects and has taken appropriate measures to ensure data protection during the sharing of Personal Data.

Association may share Personal Data with third-parties to Process (maintain, store, use) on Association’s behalf. Association requires all such Processors to take appropriate security measures to protect Personal Data in accordance with Association’s policies. Association does not allow Processors to Process Personal Data for their own purposes and only permits them to Process Personal Data for specified purposes and in accordance with Association's instructions.

Association may share Personal Data with third parties to Process on their own behalf. Such third parties will be considered joint-Controllers of such Personal Data. While joint-Controllers have shared discretion over the purposes of Processing, all such Controllers agree to Process such shared Personal Data in accordance with Data Protection Laws.

1. Third-Parties: Association may, from time to time, engage with Processors or joint Controllers, such as third-party service providers, applications, or agencies, to Process Personal Data. Prior to the Processing of Association -controlled Personal Data by a Processor or joint Controller, Association will work with such third-parties to verify that adequate documentation and security safeguards are in place to Process Personal Data in accordance with Data Protection Laws. The Processor or joint Controller shall restrict Processing to the intended business purpose.

2. Association Entities: Association shall not transfer Personal Data to a country or territory outside the jurisdiction in which it was Processed, except in accordance with the requirements prescribed under Data Protection Laws. Association may transfer or provide access to Personal Data across jurisdictions and entities in accordance with its Data Protection Agreements and Intercompany Agreements, which are aligned with Data Protection Laws.

Various third-parties are explicitly mentioned in this Policy (e.g., in section “Tracking Tools”). The Personal Data is passed on or accessed for the purpose of providing and maintaining the functionalities of the website.

TRANSFER OF PERSONAL DATA ABROAD

Association may transfer your Personal Data to third-parties based abroad for the purposes of the data Processing described in this Policy.

Such third-parties are obliged to protect the privacy of individuals to the same extent as Association does. If the level of data protection in a country does not correspond to the Swiss or European level, Association contractually ensures that the protection of your Personal Data corresponds to that in Switzerland or the EU at all times. To this end, Association agrees on the EU standard contractual clauses with the third-parties and implements additional technical and organizational measures, if necessary.

Certain third-parties mentioned in this Policy are based in the USA (see section “Links to Our Social Media Presences” or section “Tracking Tools”). Further explanations regarding data transfers to the USA can be found below under section “Note on Data Transfers to the USA”.

NOTE ON DATA TRANSFERS TO THE USA

Some of the third-parties mentioned in this Policy are based in the USA. For the sake of completeness, Association would like to point out for Data Subjects who are resident or domiciled in Switzerland or the EU that there are surveillance measures in place in the USA by US authorities, which generally allow the storage of all Personal Data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of this data. Furthermore, Association would like to point out that in the USA, Data Subjects from Switzerland or the EU do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities.

Association would like to point out to Data Subjects who are resident in Switzerland or a member state of the EU that the USA does not have a sufficient level of data protection from the point of view of the European Union and Switzerland - among other things due to the issues mentioned in this section. Insofar as Association has explained in this Policy that recipients of data (such as Google) are based in the USA, Association will ensure through contractual arrangements with these companies, as well as any additional appropriate guarantees required, that your Personal Data is protected with our partners with an appropriate level.

SECURITY MEASURES TAKEN TO PROTECT PERSONAL DATA

Association has implemented appropriate elements of privacy by design in conjunction with technical and physical safeguards to protect the security of Personal Data from unauthorized or unlawful Processing. Association uses a number of systems and applications to protect Personal Data at all times, which also allow for the following capabilities: (i) the anonymization and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing Personal Data; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing, and evaluating, at least annually, the effectiveness of such security measures.

In assessing the appropriate level of security as well as the risks of varying likelihood and severity for the rights and freedoms of Data Subjects, Association assesses the risks presented by the Processing of Personal Data. Such risks may include, but are not limited to, any accidental, unlawful, or unauthorized destruction, loss, disclosure, alteration, or access to Personal Data Processed by or on behalf of Association, or other factors that may impact Data Subject rights and freedoms. Association shall make reasonable attempts to ensure that any risks presented by the Processing of Personal Data are sufficiently mitigated by technological and/or organizational controls, including limited access of Personal Data utilizing access controls and password protections.

THIRD PARTY WEBSITES AND SOCIAL MEDIA

This website may contain content and links to third-party websites that are not owned, operated, or controlled by Association. Association is not responsible for the privacy practices of or the content displayed on such third-party websites.

When engaging with Association’s content on or through a third-party social networking website, plug-in, or application, Association may Process Personal Data associated with your social media account.

B. SCOPE AND PURPOSE OF THE COLLECTION, PROCESSING, AND USE OF PERSONAL DATA WHEN VISITING OUR WEBSITES

When you visit our websites, our servers temporarily save each access in a log file. The following data may be collected without your intervention and stored by Association until deletion, as is necessary in compliance with applicable laws:

• the IP address of the requesting computer;

• the name of your internet access provider (usually your internet access provider);

• the date and time of access;

• the name and URL of the retrieved file;

• the page and address of the website from which you were redirected to the website and, if applicable, the search term used;

• the country from which the website is accessed;

• the operating system of your computer and the browser you are using (provider, version and language); and

• the transmission protocol used (e.g. HTTP/1.1).

The collection and Processing of this data is carried out for the purpose of enabling the use of the website (connection establishment), to permanently guarantee system security and stability and to enable the optimization of our internet offer as well as for internal statistical purposes. Our legitimate interest in data Processing lies in the purposes described above.

Only in the event of an attack on the network infrastructure or a suspicion of other unauthorized or abusive website use will the IP address be evaluated for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings to identify and take civil or criminal action against the users concerned. Our legitimate interest in data Processing lies in the purposes described above.

Finally, Association uses cookies and other applications based on cookies when you visit the website. For further information, please refer to sections “Cookies” and “Tracking Tools”.

IF YOU CONTACT US BY E-MAIL

On the website you have the possibility to contact Association or one of its experts by e-mail. You can also contact Association for support questions by e-mail.

You are responsible for the message and/or transmitted content that you send to Association. Association recommends that you do not send any confidential data. Personal Data is only collected if you provide it to Association voluntarily. Therefore, you yourself are responsible for what data you transmit to Association. In order to be able to answer your questions, Association may ask you to provide additional information. Association only collects Personal Data from you if this is necessary to answer your questions or to provide the services you have requested.

When Processing your enquiry by e-mail, Association has a legitimate interest in data Processing. You can object to this data Processing at any time (see section “Contact”).

WHEN YOU APPLY FOR A JOB

If you submit a letter of application by e-mail, Association Processes the Personal Data you provide in order to check your application and, if necessary, to contact you in this context. The legal basis for the Processing of your Personal Data lies in pre-contractual measures and the performance of a contract as well as in our legitimate interest. Insofar as Association bases data Processing on the legitimate interest, you can object to this data Processing at any time (see section “Contact”).

The website includes a job section with current job offers. When using this application mechanism, you will be redirected to the website operated by Ashby, Inc. where you have to enter specific Personal Data, such as your first name, family name, e-mail, phone, location and information about your education. You are able to upload other application documents, such as your resume, on the website. We will process your Personal Data for the administration and Processing of your application, i.e. as pre-contractual measure and in our legitimate interest. Please find more information about the data Processing by Ashby, Inc. under https://www.ashbyhq.com/resources/privacy.

WHEN YOU APPLY AS DATA PROVIDER

When you apply as Pyth Data Provider, you may have to enter the following information into the online application form:

• E-mail;

• Company;

• First Name;

• Last Name;

• Street;

• Zip;

• City; and

• Country.

The legal basis for the Processing of your Personal Data lies in the Processing for pre-contractual purposes or for the performance of a contract as well as our legitimate interest. If Association invokes our legitimate interest for data Processing, you can object to this data Processing at any time (see section “Contact”).

WHEN YOU PARTICIPATE IN THE GRANTS PROGRAM

As part of the Pyth Ecosystem Grants Program, different categories of grants are offered, whereby Association Processes different data depending on the category of the program.

When you apply for and participate in Community Grants, Association Processes the following Personal Data:

• First Name;

• Last Name;

• Date of birth;

• Nationality;

• Country of residence;

• Wallet address;

• E-mail address;

• Discord Username.

When you apply for and participate in Research Grants & Developer Grants, Association Processes the following Personal Data:

• First Name;

• Last Name;

• Date of birth;

• Nationality;

• Country of residence;

• Passport / ID copy;

• Tax or other official bill, or an energy, water or telephone bill;

• Wallet address;

• E-mail address;

• Discord Username.

Association may also obtain information about you from other sources, for example, by consulting publicly available sources.

The collection and Processing of this data is carried out to communicate with you, verify your identity, to carry out sanction screening of you as a person as well as your receiving wallet and to be able to fulfill the grants of the corresponding program. Accordingly, the legal basis of this data Processing lies in the fulfilment of legal obligations and in the performance of a contract.

To carry out the personal sanction screening, Association engages the services of a third-party provider selected for this purpose. Prior to any data processing, the Association will provide you with detailed information about the selected provider and their data Processing practices, including their identity, contact details, and privacy policy. Your data may be stored in a database maintained by the provider, which may allow the provider to access your data if necessary for providing the services. For information about data processing by third parties, see section "Sharing of Personal Data". Using the services of the third-party provider may result in a transfer of data abroad (for more information, see section "Transfer of Personal Data Abroad"). The legal basis for this processing lies in our legitimate interest in using the services of third-party providers.

To carry out the wallet sanction screening, Association uses the services provided by Elliptic Enterprises Limited, Office 7, 35-37 Ludgate Hill, London EC4M 7JN, UK (Company No. 08458210). Therefore, your data may be stored in a database of Elliptic Enterprises Limited, which may allow Elliptic Enterprises Limited to access your data if this is necessary for providing the services. For information about data Processing by third parties see section "Sharing of Personal Data". Using the services of Elliptic Enterprises Limited may result in a transfer of data abroad (for more information see section "Transfer of Personal Data Abroad" and "Note on Data Transfers to the USA"). The legal basis for this Processing lies in our legitimate interest in using the services of third-party providers.

There is a possibility that the selected third-party provider for personal sanction screening and/or Elliptic Enterprises Limited may want to use some of the data for their own purposes (e.g., for conducting statistical analysis). For these data Processing activities, the respective provider is the Controller and must ensure compliance with Data Protection Laws. Information about data processing by Elliptic Enterprises Limited can be found at: https://www.elliptic.co/privacy-policy. For the selected third-party provider, relevant information will be provided to you prior to data Processing, as outlined above.

WHEN YOU PARTICIPATE IN SURVEYS

When you voluntarily participate in surveys conducted by Association, we collect and Process Personal Data primarily for marketing, social media engagement, and service optimization. By submitting a survey, you provide explicit consent to these purposes, as outlined in a pre-survey notice.

When you participate in surveys, Association Processes the following Personal Data:

• Contact information (e.g., First Name, Last Name, personal or business email address, personal or business postal address, personal or business phone number, Discord Username, X.com handle, and other similar contact data if provided);

• Survey responses (e.g., opinions, preferences, feedback and product reviews you write, or questions and information you provide);

• Usage data (e.g. data about how you and your device interact with Pyth Network, like product usage data, device data, error reports and performance data and support data);

• Support data (information about you and your hardware, software, and details about the event, authentication data, your communications with us, data about the machine and the application you were using, and system, registry, and configuration data).

We process your Personal Data to communicate with you, share (anonymized) survey insights on social media (e.g., X.com, Discord, LinkedIn) to promote Pyth Network, and enhance Pyth Network products and services. Accordingly, the legal basis of this data Processing lies in your explicit consent via survey submission or our legitimate interests. You may withdraw consent by contacting privacy@pyth.network, without affecting prior Processing.

COOKIES, SCRIPTS AND RELATED TECHNOLOGIES

When you visit this website, Association and its third-party service providers receive and record Personal Data that you may have provided and your digital signature, such as your IP address. The technologies we use to track your movements around our website include cookies, tracking scripts and pixels, and tagging technologies, which we may employ to understand your preferences, improve your experience on our website, etc.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your end device or a message always appears when you receive a new cookie.

On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers.

• Microsoft Edge

• Mozilla Firefox

• Google Chrome

• Apple Safari

Further information can be found on http://www.aboutcookies.org.

Please note that disabling cookies may prevent you from using all the features of the Websites.

TRACKING TOOLS

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland or Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods that enable an analysis of the use of the website, such as cookies. These generate information about your use of the website, such as:

• Navigation path that a visitor follows on the website;

• How long you spend on the website and subpages;

• The subpage from which you leave the website;

• The country, region or city from where you access the website;

• End device (type, version, colour depth, resolution, width and height of the browser window);

• Returning or new visitor;

• Browser provider/version;

• The operating system used;

• The referrer URL (previously visited website);

• Host name of the accessing computer (IP address); or

• Time of the server request.

This information is transmitted to Google servers in the USA and stored there. In doing so, the IP address is shortened by activating IP anonymisation on the website before transmission within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area, as well as in Switzerland. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure that Google complies with a sufficient level of data protection by means of contractual guarantees, in particular by agreeing to the EU standard contractual clauses and additional measures.

The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services associated with website and internet use for the purposes of market research and demand-oriented design of the website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. According to Google, under no circumstances will the IP address be associated with other data relating to the user.

The legal basis for Processing the data for the above purposes is your consent, which you give us by using the cookie banner. You can revoke your consent at any time (section “Contact”).

You can prevent the collection of the data generated by the cookies (including the IP address), which relate to the use of the website, by Google as well as the Processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

An opt-out cookie will be stored on your device. If you delete all cookies, the link must be clicked again.

Google Tag Manager

We use Google Tag Manager, a service of Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland or Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, to manage cookies and pixels for tracking tools and other tools. The Tag Manager tool itself is a cookie-less domain and does not collect any Personal Data. Instead, the tool triggers other tags that may in turn collect data. If you opt for a deactivation at the main or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

This Processing is based on our legitimate interest. You can object to this data Processing at any time (see section “Contact”).

Vercel Web Analytics

We use Vercel Web Analytics, a service provided by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA, to analyze the usage of our website and to enhance its functionality and user experience.

Vercel Web Analytics collects only anonymized data that cannot be linked to a specific individual. No personal data, such as IP addresses or other identifiers that could track you across websites or applications, is collected. Instead of cookies, a privacy-friendly hash is generated from the incoming request, which prevents tracking of your activities across different days or websites. The collected data is used exclusively for aggregated statistics and includes the following:

• Event Timestamp (e.g., 2024-10-29 09:06:30) 

• URL (e.g., /blog/nextjs-10) 

• Dynamic Path (e.g., /blog/[slug]) 

• Referrer (e.g., https://x.com/home/) 

• Filtered Query Parameters (e.g., ?ref=hackernews) 

• Approximate Geolocation (e.g., Switzerland, Zurich, Zurich) 

• Device Operating System and Version (e.g., Android 10) 

• Browser and Version (e.g., Chrome 86) 

• Device Type (e.g., Mobile, Desktop, Tablet) 

Web Analytics Script Version (e.g., 1.0.0)The data is not used to reconstruct individual browsing sessions or to identify individuals. It is retained only as long as necessary for the purpose of analyzing and improving the website, typically up to 24 months, after which it is deleted or further anonymized.

Since Vercel Inc. is based in the USA, a country that does not offer a level of data protection equivalent to Switzerland, data may be transferred outside Switzerland. We ensure that such transfers are safeguarded by appropriate measures, such as contractual agreements. For more details on how Vercel processes data, please refer to their Privacy Policy at https://vercel.com/legal/privacy-policy. 

Amplitude for Web Analytics

We use Amplitude Web Analytics, a service provided by Amplitude, Inc., 201 3rd Street, Suite 200 San Francisco, CA 94103, USA, to analyze the usage of our website and improve its performance and user experience.

Amplitude Web Analytics collects data about how our website is used, enabling us to understand user interactions and optimize our services. The data collected is anonymized or pseudonymized and does not include personal identifiers such as IP addresses unless explicitly configured by us. Typical data points may include:

• Event data (e.g., page views, clicks, or interactions) 

• Event Timestamp (e.g., 2024-10-29 09:06:30)

• Approximate geolocation (e.g., country or region) 

• Device information (e.g., operating system, browser type, device type)

No individual browsing sessions are reconstructed, and the data is used solely for aggregated statistical analysis. Instead of cookies, Amplitude uses pseudonymized identifiers to track usage patterns, ensuring that your activities cannot be linked across different websites or over extended periods. The data is retained only as long as necessary for the purpose of improving our website, typically for a period of up to 24 months, after which it is deleted or further anonymized.

Since Amplitude, Inc. is based in the USA, a country that does not provide a level of data protection equivalent to Switzerland, data is transferred outside Switzerland. We ensure that such transfers are safeguarded by appropriate measures, including Standard Contractual Clauses (SCCs) and Amplitude’s participation in the EU-U.S. Data Privacy Framework. Amplitude may transfer this data to third parties if required by law or where such third parties process the data on Amplitude’s behalf, such as authorized subprocessors.

This Processing is based on our legitimate interest in understanding and enhancing our website’s performance, in accordance with Swiss data protection law. For more information on how Amplitude processes data, please refer to their Privacy Policy at https://amplitude.com/privacy and https://amplitude.com/dpa.

LINKS TO OUR SOCIAL MEDIA PRESENCES

On the website, we have set up links to our social media presences on the following social networks:

•  X Corp., 865 FM 1209, Building 2, Bastrop, TX 78602 U.S.A., data privacy notice

• Discord Inc., 444 De Haro Street #200 San Francisco, CA 94107, USA, data privacy notice

• Youtube LLC, 1600 Amphitheatre Pkwy Mountain View, CA 94043, USA, data privacy notice

• Telegram Messenger Inc., Vistra (Bvi) Limited, Vistra Corporate Services Centre, Wickhams Cay Ii, Road Town, Tortola, Virgin Islands, British, VG1110, data privacy notice

If you click on the corresponding icons of the social networks, you will automatically be redirected to our profile / channel on the respective social network. To be able to use the functions of the respective network, you must partially log into your user account for the respective network.
When you open a link to one of our social media presences, a direct connection is established between your browser and the server of the social network in question. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged into your account on the network concerned, the content of our website may be linked to your profile on the network, i.e. the network may link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. In any case, an association takes place when you log in to the relevant network after clicking on the link.

If you click on one of these links, you thereby give your consent to the subsequent data Processing.

REVIEW AND UPDATES TO POLICY

Association will review and may update this Policy to reflect changes to Association’s privacy practices or security measures as needed. If a review is not satisfactory, Association will take immediate steps to remedy any noted deficiencies. Please periodically review this Policy for the latest on Association’s privacy practices. The use of Association’s website after any updates constitutes an acknowledgement of having read and understood the Policy.

CONTACT

Please contact Association by email at privacy@pyth.network should you have any questions or comments about this Policy or your Personal Data.