Drop Privacy Policy


Last updated: replace this text with the day of publication

Dear User,

The "General Data Protection Regulation" (EU Regulation 2016/679, also known and hereinafter referred to as "GDPR"), and the Swiss Data Protection Act require us to provide You with the following information on the processing of Your Personal Data.

In order to simplify this policy, in the following we will mainly refer to the GDPR, since it is the most widely known privacy regulation, but we also grant similar rights to Users located in Switzerland or in other jurisdictions, as required by their respective national laws.

This policy informs you of the Personal Data Processing activities we perform as a result of providing the Services (see in the Glossary what we include in the definition of "Services").

“Processing of Personal Data” means any operation concerning any information relating to an identified or identifiable natural person. For example, first and last name, or an email address with a “user name” that identifies you (e.g. johndoe@….) is considered “Personal Data”, and the actions of collection, registration with us and use of your Personal Data to send you a communication are considered “Processing” operations; same applies to communication of Data to other organisations and storage.

As our entity provides the Services, and establishes purposes and means of the Processing of Personal Data relating to You, it qualifies as “Data Controller” under the GDPR.

If You, the User, are the individual whose Personal Data are processed by us, you are referred to as a "Data Subject," and you have the right to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have regarding it. If the actual User of the Services is some type of entity (e.g., company, association, etc.), the Data Subjects are the natural persons who materially use the Service on behalf of the entity (e.g., the entity's legal representative and/or its members and/or workers). In the latter case, information strictly related to the entity (e.g., VAT number) is not considered Personal Data, while other information referring to individuals (e.g., identification data of the legal representative) is Personal Data.

Depending on the Services that You use, we may need to process certain Personal Data. In some cases, specified below, we may have an interest in processing Personal Data for purposes other than the provision of the Services: in these cases, we will process only where there is an appropriate legal basis and, where required by law, on the basis of the Consent of the Data Subject.

The following grid and clauses explain how the Association, as Data Controller, will process Your Data.

Definitions of terms and expressions used within this Privacy Policy are contained in the Glossary below. For anything not expressly defined therein, please refer to the definitions set forth in our general terms and conditions available at [enter the correct link] on the date You read this Privacy Policy. In any case of conflict between definitions, the definitions contained in the Glossary below will prevail for the purposes of the Privacy Policy.

This Privacy Policy is in force from the date indicated in the header. We reserve the right to modify its content, in part or in full. Such updates will be in force from the date of their publication. You are therefore invited to visit this section regularly.

We do not knowingly collect personal information about natural persons who, according to their national law, lack legal capacity to act for the purpose of entering into contracts, except for requests relating to minors made by persons exercising parental authority or custody over the minors concerned. If information on such persons is recorded, We will delete it in a timely manner at the request of the Data Subject or the person exercising parental authority over him or her.


Our Service does not send data to a blockchain or other kind of distributed ledgers. Our Service is designed to verify certain actions that You perform on the Web, both on-chain and off-chain, for the purpose of granting You rewards. Therefore we solely index data of Yours that are already recorded on-chain as a result of Your personal actions outside our Site.


Applicable Law”: means any provision, of whatever rank, belonging to Swiss Law or to the law of the European Union when applicable, in whatever way applicable to the Site and to the legal relationships arising as a result of the interactions between the Association and the Users.

Authorised Agent”: means the natural person, under the direct authority of the Data Controller, who receives instructions from the Data Controller on the Processing of Personal Data, pursuant to and in accordance with Article 29 of the GDPR.

Authority”: means a body or organisation, public or private, with administrative, judicial, police, disciplinary or supervisory powers.

Browsing Data”: means the data that the computer systems and software procedures used to operate the Site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but given their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and is deleted immediately after processing.

Committee” o “EDPB”: means the European Data Protection Board, established by Article 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 as of 25/5/2018.

Common Data”: means the Personal Data concerning Your personal details, including, but not limited to, Your first and last name, e-mail address, telephone number, tax code, VAT number, as Well as any other data You may provide us with, for example through the forms or contact details of our organisation available on the Site.

Association”: Web3 Music Verein (Web3 Music Association), a company duly existing and incorporated under the laws of Switzerland, with registered office in Zug, Baarerstrasse n. 141 registered at the Registrar of Companies of Zug with Number CHE-184.859.454.

Consent of the Data Subject”: means “any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” (art. 4, paragraph 11, GDPR).

Cookie”: means short fragments of text (letters and/or numbers) that allow the Web server to store information on the browser to be reused during the same visit to the Site (session cookies) or afterward, even after days (persistent cookies). Cookies are stored, according to the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:

  • Technical cookies: these cookies are essential for the correct functioning of the Site and are used for the sole purpose of transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service.

  • Analytical cookies: these cookies are used to anonymously collect and analyse the Site’s traffic and usage. These cookies, while not identifying the user, allow, for example, to detect if the same user logs in again at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of such cookies can be performed without any loss of functionality.

  • Profiling cookies: these cookies are persistent ones used to (anonymously or otherwise) identify Your preferences and improve Your browsing experience.

  • Third party cookies (analytical and/or profiling): these cookies are generated by organisations not part of the Site, but integrated into parts of the Site page. For example, Google widgets (e.g. Google Maps) or social plugins (Facebook, Twitter, LinkedIn, Google+, etc.).

Data”: one or more of the categories indicated as Personal Data.

Data Controller”: means "the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data", as defined in Article 4, subsection 1, no. 7, of the GDPR.

Data Processor”: means "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller", as defined in Article 4, subsection 1(8) of the GDPR.

Data Subject”: “an "identified or identifiable natural person", as defined in Article 4, subsection 1, no. 1, of the EU Regulation 2016/679 (so-called "GDPR").

Disclosure”: the making of personal data to unspecified persons, in any form whatsoever, including by making them available or consulting them.

GDPR”: means the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Limitation”: means the marking of personal data stored with the aim of limiting their processing in the future, as defined in Article 4(1)(3) of the GDPR.

Privacy Law”: the EU Regulation 2016/679 ("GDPR"), the Swiss Data Protection Act, as well as the decisions made by judicial and regulatory bodies, and further applicable pieces of legislation relating to privacy rights and data protection.

Privacy Policy”: means this policy on the Processing of Personal Data.

Profiling”: means "any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements", as defined in Article 4, subsection 1(4) of the GDPR.

Personal Data”: means "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person", as defined in Article 4, subsection 1, no. 1, of the GDPR).

Processing”: means "any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction", as defined by Art. 4, subsection 1, no. 2, of the GDPR.

Publication”: means the action by which the Data Controller communicates information on the Site, without the implementation of procedures requiring the User to view it.

Recipient“: means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.

Services”: means the music protocol drop portal (”Drop Portal”) and the services offered by the Association through the Site, including the provision of the Site itself.

Site”: means the web pages displayed through https://airdrop.musicprotocol.io/ , including subdomains.

Supervisory Authority”: the independent public authority established by a European Union state, or by the European Union itself, in charge of supervising the application of the Privacy Law.

Third Party”: means "the natural or legal person, public authority, service or other body other than the Data Subject, the Data Controller, the Data Processor and the persons authorised to process personal data under the direct authority of the Data Controller or Data Processor", as defined in Article 4, subsection 1, no. 10, of the GDPR.

User”: means any individual, or legal entity using any of the Services.

©2024 Web3 Music Association - All rights reserved