PrIvacy Policy

Last updated: October 2025

Controller: RugbyDAO (PEDL Labs Ltd)

Contact: info@therugbydao.com

1. Introduction

RugbyDAO collects and processes limited personal data to operate its digital membership ecosystem — including the Fan Pass Waitlist, Fan Pass claim process, and other RugbyDAO community experiences.

We respect your privacy and comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, South Africa’s Protection of Personal Information Act (POPIA), and other applicable global privacy laws.

This policy explains what information we collect, how we use it, and your rights regarding your personal data.

2. What We Collect

During the RugbyDAO Fan Pass Waitlist and related membership experiences, we may collect the following information.

Basic registration details

  • First name and surname
  • Email address
  • Referral code or referral link
  • Country or region
  • Wallet address (if connected manually)
  • Technical and analytics data (e.g. device type, IP address, browser details)

Additional information (Fan Pass claim and profile setup)

When you claim your Fan Pass or complete your RugbyDAO profile, we may ask for:

  • Full name (required)
  • Email address (required)
  • Fan Role (multi-choice – e.g. Supporter, Player / Ex-player, Coach / Official, Partner / Sponsor)
  • Favourite Nation (drop-down selection)
  • Favourite Club (drop-down or free-text)
  • Occupation or industry category (drop-down or free-text)
  • (Optional) Referral Code or Referrer ID

This information helps us understand and serve our community more effectively — for example, tailoring Fan Pass benefits, content, and invitations to relevant groups.

In future phases, when you claim or activate your Fan Pass, RugbyDAO may also collect:

  • Wallet type and provider (for verification)
  • Transaction details required to issue or validate your Fan Pass
  • Engagement, XP or participation data within RugbyDAO experiences

Any new data types will only be collected for legitimate membership, fulfilment, or compliance purposes, and this policy will be updated before those changes take effect.

We never access or store your private keys, seed phrases, or wallet balances.

3. How We Use Data

We use your data to:

  • Manage the Waitlist and membership records
  • Send updates, news, and invitations
  • Deliver and verify digital Fan Passes
  • Generate referral rewards and XP points
  • Improve our website and community experiences
  • Ensure compliance and account security

We do not sell, rent, or trade your personal data to third parties.

4. Legal Bases for Processing

Purpose & Legal Basis

  • Managing Fan Pass and Waitlist - Contract / Legitimate Interest
  • Sending marketing updates - Consent
  • Referral and analytics tracking - Legitimate Interest
  • Wallet creation and membership fulfilment - Contract
  • Platform improvement and analytics - Legitimate Interest

5. Data Sharing

We share data only with trusted processors who help us operate RugbyDAO securely and efficiently:

  • HubSpot – CRM and email automation
  • Website host (e.g. Webflow or equivalent)
  • Analytics and ad platforms (e.g. Google Analytics, Meta Ads, LinkedIn Ads)
  • Approved wallet provider – for Fan Pass delivery and wallet creation (to be confirmed)

All partners process data under GDPR-compliant agreements and maintain appropriate security measures.

6. Digital Asset Transparency

When you claim or interact with your Fan Pass, limited information may be recorded on a public blockchain, such as your wallet address and transaction identifiers.

These records are public and permanent. RugbyDAO cannot alter or delete blockchain entries.

Any personal information (such as your name or email) is stored securely off-chain.

7. Cookies and Analytics

RugbyDAO uses cookies and analytics tools to:

  • Understand site traffic and usage
  • Improve site functionality and campaigns
  • Optimise the user experience

You can disable cookies at any time through your browser settings.

Analytics data is anonymised and aggregated wherever possible.

8. Data Retention

Data Type & Retention Period

  • Waitlist & contact data - Until unsubscribe or deletion request
  • Blockchain data - Permanent (immutable)
  • Marketing consent - 5 years (for compliance)
  • Analytics data - Up to 26 months
  • Customer service records - 24 months

You may request deletion of any off-chain personal data at any time by contacting info@therugbydao.com.

9. Security

RugbyDAO maintains strict technical and organisational safeguards:

  • Encrypted HTTPS connections across all sites
  • Secure CRM infrastructure (HubSpot ISO 27001 certified)
  • Access restricted to authorised personnel only
  • Regular security reviews and encrypted back-ups

Your wallet and blockchain data remain under your control.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion
  • Withdraw consent for marketing
  • Request a copy of your data (data portability)
  • Object to or restrict processing

To exercise these rights, contact info@therugbydao.com.

We will respond to all valid requests within 30 days.

11. Age Requirement

You must be 16 years or older to join the RugbyDAO Fan Pass Waitlist or claim a Fan Pass.

If we become aware that we have collected data from someone under 16, we will delete it immediately.

12. International Transfers

Data may be processed in the UK, EU, South Africa, or the United States by trusted providers under approved transfer safeguards such as the UK International Data Transfer Addendum and EU Standard Contractual Clauses (SCCs).

13. International Users & Global Privacy Compliance

RugbyDAO welcomes members from around the world and applies a consistent standard of data protection globally, regardless of where you are located.

We comply with key international privacy laws and frameworks, including:

  • UK GDPR (United Kingdom)
  • EU GDPR (European Union)
  • POPIA (South Africa)
  • CCPA / CPRA (United States)
  • PIPEDA (Canada)
  • Privacy Act 1988 (Australia)
  • LGPD (Brazil)
  • PDPA (Singapore)

Where local privacy laws provide additional rights or protections, RugbyDAO honours those rights and extends equivalent standards of transparency and control to all users worldwide.

We ensure appropriate safeguards for any international data transfers and rely on mechanisms such as adequacy decisions and Standard Contractual Clauses (SCCs) where applicable.

For questions or to exercise any region-specific privacy rights, contact info@therugbydao.com.

14. Updates to This Policy

We may update this policy from time to time to reflect new products, features, or regulatory requirements.

Any major changes will be communicated via email or website notice before they take effect.

You can always view the latest version at:

https://www.therugbydao.com/privacy-policy

15. Summary – Our Commitment to You

  • We collect only what’s needed to deliver your Fan Pass and community experience.
  • We never sell your personal data.
  • You control your wallet, your data, and your email preferences.
  • All data is handled securely, transparently, and in line with global privacy standards.