Panther Protocol Foundation

01

Introduction

Panther Protocol Foundation (“we”, “us”, “our”), a Swiss foundation, is committed to protecting personal data and ensuring transparent, lawful, and proportionate data processing in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU GDPR.

This Privacy Policy explains what data we collect, how and why we process it, with whom we share it, and your rights.

By using our website (panther.org) or otherwise engaging with us, you agree to the practices described in this Privacy Policy.

02

Who We Are (Controller)

Panther Protocol Stiftung (Foundation)
Baarerstrasse 43
6300 Zug
Switzerland

UID: CHE-446.770.613
Registered with: Commercial Register Office of the Canton of Zug
Email: [email protected]

The Foundation is a non-profit Swiss foundation. It does not provide financial services and does not act as a financial intermediary. It does not hold client assets.

Any identity verification, screening, or due diligence described in this policy is conducted solely for governance, internal risk management, legal compliance, and accountability purposes in connection with grant programs and Foundation operations.

If required by law, we may appoint an EU representative and/or a Data Protection Officer (DPO).

03

Principles of Data Processing

We process personal data in accordance with the following principles:

Lawfulness, good faith, and transparency
Purpose limitation
Data minimisation and proportionality
Accuracy
Storage limitation
Integrity and confidentiality
Access restriction on a need-to-know basis

04

What Information We Collect

a) Information you provide

Name, email, contact details, information submitted in forms, applications, or communications, and correspondence with us.

b) Information collected automatically

Limited technical data such as IP address, browser type, operating system, and access logs, strictly for security and operational purposes. We do not use cookies or profiling technologies.

c) Information from third parties

Where appropriate, information from partners, service providers, or publicly available sources.

d) Information from grantees and grant applicants

In the context of grant programs, we may collect:

Identity and contact information
Verification information (e.g., proof of identity, residence, or control of wallets)
Information necessary to assess legal, sanctions, or reputational risk
Organisational information where applicable
Grant-related project and reporting information
Financial-administrative records necessary for grant administration (e.g., invoices, payment records)

Data is collected only to the extent necessary for proper governance, accountability, and lawful operation of the Foundation.

05

Purposes of Processing

We process personal data for:

Operating and administering the Foundation
Managing communications and community interactions
Evaluating and administering grant programs
Ensuring organisational integrity, security, and abuse prevention
Meeting legal, accounting, record-keeping, and audit obligations
Internal reporting and governance oversight

We do not use personal data for commercial profiling or advertising.

06

Legal Basis for Processing

Processing is based on one or more of the following:

Consent
Performance of a contract or pre-contractual steps
Compliance with legal obligations
Legitimate interests, in particular:
- Proper governance
- Risk management
- Organisational security
- Accountability and auditability

07

Sharing of Information

We may share personal data on a strict need-to-know basis with:

IT, hosting, and administrative service providers
Professional advisers (legal, accounting, audit)
Auditors
Authorities, where legally required
Successor entities in the event of restructuring

For grant-related processes, limited data may be shared with:

Identity verification or risk-screening service providers
Professional advisers or auditors

We do not sell personal data. We do not disclose personal data to protocol users or the public, except where an applicant voluntarily includes such information in a governance or DAO-related proposal.

08

International Data Transfers

Switzerland is recognised by the EU as providing adequate data protection.

Where data is transferred to other jurisdictions, we ensure appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

09

Data Retention

We retain personal data only for as long as necessary for the stated purposes or as required by law.

Grant-related data (including identity verification and risk-screening records) is retained only for:

Legal and accounting retention periods
Internal governance and audit requirements

Sensitive identity data is stored separately, access-controlled, logged, and restricted to authorised personnel. Data is deleted or anonymised once no longer required.

10

Data Security and Internal Controls

We apply appropriate technical and organisational security measures, including:

Access controls and role-based permissions
Segregation of sensitive data
Logging and audit trails for sensitive access
Secure storage systems and encryption where appropriate

Access to sensitive identity and financial-administrative data is limited to a small number of authorised persons with defined responsibilities.

11

Your Rights

Under the Swiss FADP and, where applicable, the EU GDPR, you have the right to:

Access your data
Request correction or deletion
Request restriction or object to processing
Request data portability
Withdraw consent
Lodge a complaint with the FDPIC or your local EU/EEA authority

12

Children

Our activities are not directed to persons under 16. We do not knowingly collect such data.

13

Changes

We may update this Privacy Policy from time to time. Material changes will be published on panther.org or communicated by appropriate means.