Data Protection

  1. Home
  2. Data Protection
  • October

    3

    2025
  • 5

Scope and Data Controller

This Data Protection Notice explains how Idaho PTAC (Idaho Public Token Access Center) collects, uses, discloses, and safeguards personal data. It is designed to align with the principles of the EU General Data Protection Regulation (GDPR) while complying with applicable laws of the United States of America, including relevant state privacy statutes.

Controller: Idaho PTAC, owned and operated by Elizabeth Meléndez.

Postal address: 1601 Darby Rd, Havertown, PA 19083, United States of America.

Contact email: [email protected].

Effective date: October 3, 2025.

Definitions

  • Personal Data: Any information that identifies or relates to an identifiable natural person, including identifiers such as name, email address, IP address, wallet address when linkable to a person, and online identifiers.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Controller: The entity that determines the purposes and means of processing personal data (Idaho PTAC).
  • Processor: A service provider that processes personal data on behalf of the controller.

Categories of Personal Data We Process

  • Identifiers and contact details: Name, email address, postal address, account identifiers, usernames or handles, and wallet/public addresses (when provided or publicly observable).
  • Online identifiers and device data: IP address, cookie IDs, device identifiers, browser type, operating system, language, time zone, pages viewed, referring/exit pages, and general usage metrics.
  • Usage, community, and content data: Preferences, saved items, comments or reviews you post, support requests, survey responses, and participation in community or educational activities.
  • Marketing and communications data: Newsletter opt-in status, communication preferences, engagement with our messages.
  • Transactional and on-chain metadata: Wallet addresses, transaction hashes, and other public blockchain data that may be relevant to research, airdrop eligibility assessments, or educational content. We do not custody assets.
  • Geolocation data: Approximate location derived from IP address; we do not collect precise geolocation.
  • Sensitive data: We do not seek to collect sensitive personal information. If you provide such data, we will minimize use and protect it appropriately.

Sources of Personal Data

  • Directly from you: When you contact us, subscribe to communications, submit forms, or participate in community activities.
  • Automatically: Through cookies and similar technologies when you use our website.
  • Publicly available sources: Public blockchain networks and public web pages.
  • Service providers and partners: Analytics, email delivery, security, and hosting providers acting on our instructions.

Purposes of Processing and Legal Bases

Purposes

  • Provide, maintain, and improve our website, educational content, and community resources.
  • Respond to inquiries, support requests, and feedback.
  • Send newsletters or updates when you opt in, and manage your communication preferences.
  • Conduct research, analytics, and service optimization (including measuring performance and preventing abuse).
  • Maintain security, detect fraud, and ensure integrity of our services.
  • Comply with legal obligations and enforce our terms.

GDPR Legal Bases (for individuals in the EEA/UK)

  • Consent: For non-essential cookies, marketing communications, and certain analytics. You may withdraw consent at any time.
  • Contract: To provide requested services or information you ask us to deliver.
  • Legitimate Interests: For website operation, security, analytics, and community management, balanced against your rights.
  • Legal Obligation: For compliance with applicable laws, court orders, and regulatory requirements.

Alignment with U.S. Privacy Laws

Our practices are designed to comply with applicable U.S. federal and state privacy laws. Where state laws provide specific rights (e.g., access, correction, deletion, and opt-out), we honor them as required.

Cookies and Similar Technologies

We use essential cookies for site functionality and may use preference and analytics cookies to understand usage. Advertising or cross-context behavioral cookies, if any, will only be used in accordance with applicable law and your choices. You can control cookies via your browser settings and, where offered, our cookie controls. Blocking some cookies may affect site functionality.

Special Note on Blockchain and Immutability

Public blockchain data is by design immutable and publicly accessible. When wallet addresses or transaction hashes can be linked to a person, they may constitute personal data. If you exercise rights such as erasure, we will delete or anonymize related off-chain data and dissociate identifiers under our control. However, we cannot alter data recorded on public blockchains.

Disclosure of Personal Data

  • Service providers (processors): Hosting, cloud infrastructure, analytics, email delivery, security/anti-abuse, and customer support providers acting on our documented instructions.
  • Legal and compliance: Courts, law enforcement, or regulators when required by law or to protect rights, safety, and property.
  • Business transitions: In connection with a merger, acquisition, reorganization, or asset transfer, subject to appropriate safeguards.
  • Community moderators or contributors: Limited access where necessary for moderation or safety, under confidentiality obligations.

We do not permit processors to use personal data for their own independent purposes.

International Data Transfers

We primarily process and store data in the United States. If personal data of individuals in the EEA/UK is transferred to the U.S. or other countries that may not provide the same level of protection, we rely on appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms, and we implement supplementary technical and organizational measures where appropriate.

Data Retention

We retain personal data only as long as necessary for the purposes described, including to meet legal, accounting, or reporting requirements. Criteria include the nature of the data, sensitivity, potential risk from unauthorized use or disclosure, purposes of processing, and applicable legal requirements. Illustratively, support inquiries are typically retained for up to 24 months, analytics logs for a period proportionate to security and performance needs, and marketing data until you opt out or your consent is withdrawn.

Security Measures

We employ administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, access controls, least-privilege principles, secure development practices, and monitoring. No method of transmission or storage is completely secure; we continuously review and enhance our measures.

Your Rights under GDPR (EEA/UK)

  • Access: Obtain confirmation whether we process your personal data and receive a copy.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of personal data where applicable, subject to legal and blockchain-related limitations.
  • Restriction: Request limitation of processing in certain circumstances.
  • Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: Object to processing based on legitimate interests and to direct marketing.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent.
  • Complaint: Lodge a complaint with your local supervisory authority if you believe your rights are infringed.

U.S. State Privacy Rights

Residents of certain U.S. states (including, without limitation, California, Colorado, Connecticut, Utah, and Virginia) may have rights such as:

  • Right to know/access: Request information about categories and specific pieces of personal information collected, used, disclosed, or shared.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to delete: Request deletion of personal information, subject to exceptions.
  • Right to portability: Obtain a portable copy of personal information where applicable.
  • Right to opt out: Opt out of the sale or sharing of personal information and targeted advertising, where applicable.
  • Right to limit: Limit the use and disclosure of sensitive personal information, where applicable.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

As of the effective date, we do not sell personal information as defined by applicable U.S. state laws. If our practices change to include selling or sharing for cross-context behavioral advertising, we will provide required notices and opt-out mechanisms.

Do Not Track and Global Privacy Control

We recognize and will endeavor to honor Global Privacy Control (GPC) signals where technically feasible and legally required. Standard Do Not Track (DNT) signals are not uniformly honored by industry; however, we will treat recognized legally required signals as opt-out requests to the extent mandated by law.

Automated Decision-Making and Profiling

We do not engage in solely automated decision-making that produces legal or similarly significant effects concerning you.

Exercising Your Rights and Verification

To exercise any of the rights described above, or to submit a privacy request or appeal (where applicable), contact us at [email protected] or by mail to: Idaho PTAC, 1601 Darby Rd, Havertown, PA 19083, USA.

We may need to verify your identity to process requests, which may require matching information you provide with our records or requesting additional details. We will respond within the timeframes required by applicable law (generally 30 days under GDPR and 45 days under certain U.S. state laws, with permissible extensions where necessary). Authorized agents may submit requests where permitted by law, subject to verification and proof of authorization.

Children’s Privacy

Our services are intended for individuals 13 years of age and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take reasonable steps to delete it. For California residents under 16, we do not sell or share personal information.

Third-Party Links and Services

Our content may reference or link to third-party exchanges, wallets, projects, or resources. These third parties are independent controllers of their own sites and services. We are not responsible for their privacy practices; we encourage you to review their privacy notices before providing personal information.

Changes to This Notice

We may update this Notice to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. Material changes will be indicated by updating the effective date and, where appropriate, by providing additional notice.

Contact Information

For questions or concerns about this Notice or our data practices, please contact: Idaho PTAC, Attn: Data Protection, 1601 Darby Rd, Havertown, PA 19083, USA. Email: [email protected].

About Author

Elizabeth Meléndez
Elizabeth Meléndez

I'm a blockchain analyst and crypto writer focused on turning complex tokenomics into clear, actionable insights. I examine emerging protocols, exchange mechanics, and on-chain data to help readers navigate markets confidently. I also publish practical guides on airdrop strategies and security best practices.

View more post

Similar News

Liquid Staking APY Comparison 2025: Best Platforms and Real Returns
Liquid Staking APY Comparison 2025: Best Platforms and Real Returns 1.01.25
Iquant Crypto Exchange Review: What’s Real and What’s Not?
Iquant Crypto Exchange Review: What’s Real and What’s Not? 25.09.25

Write a comment

Your email address will not be published. Required fields are marked *