GDPR Notice

Oct, 24 2025

Scope and Data Controller

This GDPR Notice applies to the website vicodi.org and related services operated under the name Virtual Coin Directory ("ViCoDi") in the United States of America. It describes how we process personal data in accordance with the EU General Data Protection Regulation (GDPR), as applicable, and aligned with relevant U.S. federal and state privacy laws.

The data controller is: Virtual Coin Directory (ViCoDi), Owner: George Alyfantis, 600 Commonwealth Pl, Pittsburgh, PA 15222, United States. Contact: [email protected].

Definitions

"Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data. "Controller" means the entity determining the purposes and means of processing. Under certain U.S. state laws, "sell" or "share" may include disclosing identifiers and usage data to third parties for cross-context behavioral advertising.

Categories of Personal Data We Process

  • Identifiers: name, email address, user handle, IP address, device identifiers, account IDs.
  • Professional and project information: affiliations, project roles, coin or token project data you submit for listings.
  • Online activity: pages viewed, clicks, referral URLs, timestamps, approximate location derived from IP, browser and device metadata.
  • User content: profiles, comments, reviews, support inquiries, airdrop submissions.
  • Financial and blockchain-related data: non-custodial wallet addresses you provide, publicly available blockchain addresses and on-chain data associated with your submissions. We do not store private keys.
  • Commercial information: subscription status, transaction metadata related to paid features (processed by payment providers).
  • Inferences: preferences and interest segments derived from usage and cookie data.

We do not intentionally collect special categories of data under GDPR (e.g., health, biometric, precise geolocation) or sensitive personal information under U.S. laws. If such data is inadvertently submitted, we will handle it in line with this Notice and applicable law.

Sources of Personal Data

  • Directly from you when you create an account, submit listings, request airdrop alerts, contact support, or participate in community features.
  • Automatically from your devices through cookies and similar technologies.
  • From publicly available sources (e.g., public blockchain data, public project websites) and service providers (e.g., analytics, anti-fraud).

Purposes and Lawful Bases for Processing

Provide and Operate the Service

To create and manage accounts, enable coin and token listings, compare exchanges, track airdrops, and deliver requested features. Lawful bases: performance of a contract; legitimate interests in operating a secure, reliable service.

Communications

To send service notices, security alerts, and responses to inquiries. Lawful bases: performance of a contract; legitimate interests in effective customer communication.

Analytics and Service Improvement

To analyze usage, debug issues, and improve features and user experience. Lawful bases: legitimate interests; consent where required for non-essential cookies.

Marketing and Airdrop Notifications

To send newsletters, educational resources, and optional airdrop alerts. Lawful bases: consent; legitimate interests for similar products/services to existing users where permitted, with opt-out available.

Security, Fraud Prevention, and Compliance

To protect accounts, prevent abuse, enforce terms, and comply with legal obligations. Lawful bases: legitimate interests; legal obligations.

Cookies and Similar Technologies

We use the following categories of cookies and trackers:

  • Strictly necessary: for core functionality, security, and session management.
  • Preferences: to remember settings such as language.
  • Analytics: to measure performance and usage.
  • Advertising: to provide and measure personalized or contextual ads where applicable.

You can manage cookies via your browser settings and device controls. Where required by law, we seek consent for non-essential cookies. We endeavor to honor applicable browser-based opt-out signals, including recognized Global Privacy Control signals for U.S. state law purposes, to the extent required.

Disclosures to Third Parties

  • Service providers: hosting, security, analytics, email delivery, content moderation, and customer support providers acting on our instructions.
  • Advertising and analytics partners: to measure performance and, where applicable, deliver interest-based advertising. In certain U.S. states, these disclosures may be considered a "sale" or "sharing." You may opt out as described below.
  • Business transfers: in connection with mergers, acquisitions, or asset sales, subject to this Notice.
  • Legal and safety: to comply with law, enforce terms, or protect rights, security, and property of users and the public.

We do not disclose Personal Data to third parties for their independent direct marketing without your consent.

International Data Transfers

ViCoDi is based in the United States. Where GDPR applies, Personal Data may be transferred to countries outside the EEA/UK that may not provide the same level of protection. We rely on appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures as necessary.

Data Retention

We retain Personal Data for as long as needed to fulfill the purposes described, including providing the service, complying with legal obligations, resolving disputes, and enforcing agreements. Retention periods vary by data type and context; for example, account data is retained for the life of the account and a reasonable period thereafter, while log data may be retained for shorter periods for security and analytics.

Your Rights

Rights under GDPR

  • Access: receive confirmation and a copy of your Personal Data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where grounds apply (e.g., withdrawal of consent, no overriding legitimate interests).
  • Restriction: limit processing under certain circumstances.
  • Portability: receive certain data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Objection: object to processing based on legitimate interests or direct marketing, including profiling.
  • Consent withdrawal: withdraw consent at any time without affecting prior processing.
  • Complaint: lodge a complaint with your supervisory authority.

Rights for U.S. Residents

  • Know/Access: request the categories and specific pieces of Personal Data collected, sources, purposes, and third-party disclosures.
  • Delete: request deletion of Personal Data, subject to exceptions.
  • Correct: request correction of inaccurate Personal Data.
  • Portability: obtain a portable copy of certain data.
  • Opt-out: opt out of the sale or sharing of Personal Data and targeted advertising; opt out of certain profiling for decisions with legal or similarly significant effects.
  • Limit use of sensitive Personal Data: where applicable; we do not use sensitive Personal Data for inferring characteristics.
  • Non-discrimination: you will not be discriminated against for exercising your rights.
  • Appeal: if we deny your request, you may appeal; if unresolved, you may contact your state attorney general as applicable.

To exercise rights, contact us at [email protected] or write to: Virtual Coin Directory (ViCoDi), Attn: Privacy, 600 Commonwealth Pl, Pittsburgh, PA 15222, United States. Please include your name, residency, the right you wish to exercise, and sufficient information to verify your identity (e.g., account email, recent interaction details). Authorized agents may submit requests with proof of authority and, where applicable, user verification. We will confirm receipt, verify requests as required, and respond within applicable timelines (generally 45 days, with a permissible extension where necessary). To appeal a decision, email us with the subject line "Privacy Rights Appeal" and we will respond within the applicable timeframe.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. Limited profiling may occur for analytics and content personalization; you may object or opt out as described above.

Children's Data

Our services are not directed to children under 13, and we do not knowingly collect Personal Data from them. If you believe a child has provided Personal Data, contact us so we can take appropriate action.

Security Measures

We implement administrative, technical, and physical safeguards designed to protect Personal Data, including encryption in transit, access controls, logging, and vendor diligence. No security measure is absolute; users should also protect their credentials and use unique, strong passwords.

Business Customers and Processor Disclosures

Where ViCoDi processes Personal Data on behalf of a business customer, we act as a processor pursuant to a data processing agreement upon request, processing data solely on documented instructions and employing appropriate safeguards.

Opt-Out of Sale/Sharing and Marketing

To opt out of the sale or sharing of Personal Data for cross-context behavioral advertising and to opt out of marketing communications, contact [email protected]. You may also manage non-essential cookies via your browser. We will honor applicable opt-out signals where required.

Changes to This Notice

We may update this Notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice.

Contact Information

Data Controller and Privacy Contact: Virtual Coin Directory (ViCoDi), Owner: George Alyfantis, 600 Commonwealth Pl, Pittsburgh, PA 15222, United States. Email: [email protected]. We will respond to privacy inquiries in a timely manner.

Effective date: October 24, 2025.