PRIVACY POLICY

Information about the Controller of Personal Data:

This website is operated by BlockDev PLC, a company registered under the laws of Bulgaria, with registry number 208043482. The registered address of the company is located at 9A, Pozitano Str., Sofia 1000, Bulgaria. You may contact us using the contact form on the website for inquiries related to the processing of your personal data or other requests.

Grounds and Purposes for Data Processing:

We are committed to processing personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy laws. The only personal data we process are those that you voluntarily provide to us when interacting with our services, such as when you complete our contact form, sign a contract, or use our services. This personal data typically includes, but is not limited to, your full name, email address, phone number, billing or shipping address, and any other details that you either choose or are required to share for the purposes of engaging with us.

We may also collect additional data depending on the nature of our interactions, including any preferences, feedback, or inquiries you may submit to us, as well as technical data related to the use of our website, such as IP addresses, browser types, and user interactions on the platform. All data collected will be processed in accordance with the purposes outlined in this Privacy Policy.

The processing of personal data is carried out under the legal basis of your explicit consent, which you provide by engaging with our forms or services. By sharing your personal data, you give us consent to process it for the specific purposes for which it was collected. You are not obligated to provide any personal data, and refusing to do so will not negatively impact your ability to access certain parts of our website or services, unless the data is required to fulfill specific contractual obligations.

We strive to ensure that any personal data we process is accurate, up to date, and used solely for the intended purposes. Should the purpose of processing change, we will inform you and, where necessary, seek your consent again before proceeding with any further processing of your personal data.

The personal data we process will only be used for the specific purpose outlined at the time of collection. This could include, for example, responding to your queries or offering tailored product/service recommendations. The legal grounds for processing your personal data is based on your explicit consent. By submitting your data, you are agreeing to its processing for the stated purpose.

We only process data where you have given clear consent, and you have the right to withdraw this consent at any time without affecting the legality of the processing carried out before its withdrawal. Refusing consent will not have any adverse consequences on your access to our services.

Provision of Data to Third Parties:

We do not share or disclose your personal data to third parties unless it is necessary to fulfill our contractual obligations or required by law. In such cases, we ensure that the third parties we engage with, if any, are also fully compliant with data protection laws.

In addition, we may share data with third-party service providers who are assisting us in managing our services. These third-party processors are required to ensure that they adhere to the same level of data protection and security standards as outlined in this privacy policy.

Processing of Personal Data on Blockchain

We do not store your personal data directly on a public blockchain unless strictly necessary. Personal data is, as a principle, held off-chain, with only hash or reference data on the chain.

When we use on-chain references, we apply cryptographic commitments, hashing, or encryption to mitigate identification risk.

Due to the nature of blockchain, certain data may not be fully deletable once committed on-chain. In those cases, we implement measures such as anonymisation, off-chain key destruction, or removal of linkability, so that the data is no longer identifiable to you.

If you request erasure or rectification, we will:
(i) act on any off-chain component;
(ii) ensure the on-chain component no longer allows identification; and
(iii) communicate the limitations of deletion due to technical constraints.

Retention periods are defined based on purpose, and we regularly review whether data is still required; data not required is deleted or anonymised.

The European Data Protection Board (EDPB)’s Guidelines 02/2025 on the processing of personal data through blockchain technologies set out a range of new expectations that we follow, particularly where we act as a Crypto-Asset Service Provider (CASP) under EU law.

Withdrawal of Consent:

You have the right to withdraw your consent at any time. This can be done through our contact details provided on the website. Upon withdrawal of your consent, we will cease to use your personal data for the purposes you originally consented to, but this will not affect any processing carried out prior to your withdrawal.

In accordance with the General Data Protection Regulation (GDPR), you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal. To withdraw your consent, you may contact us directly through the contact form on our website or use the direct contact information provided in this Privacy Policy. Once your request is received, we will provide you with a consent withdrawal form for you to complete and return.

Please note, however, that in certain circumstances, we may be unable to honor your request to withdraw consent. For example, if the personal data is necessary for the performance of a contract, compliance with a legal obligation, or for other legitimate interests as defined under the GDPR, we may continue processing your data, even after you have withdrawn your consent.

If we are unable to fulfill your withdrawal request, we will inform you of the reasons why, along with the legal grounds for continuing to process your data. We will take all reasonable steps to ensure that your personal data is handled appropriately and securely in accordance with applicable data protection laws

Data Retention:

In accordance with the General Data Protection Regulation (GDPR), your personal data will only be retained for as long as necessary to fulfill the specific purposes for which it was collected. The retention period will be determined by the nature of the data and the purpose of its collection.

In general, we will retain your personal data for a period of five (5) years from the date of its initial collection or until you request its deletion, whichever occurs first. This retention period allows us to fulfill any obligations arising from our contractual relationship with you or to address any ongoing legal, regulatory, or operational requirements.

After the retention period has passed, or upon receiving your request for deletion, we will securely delete or anonymize your personal data in accordance with GDPR guidelines. In some cases, where we are required to retain data for legal, contractual, or regulatory purposes, we may continue to store your personal data for longer periods.

Such legal grounds for retention may include but are not limited to, compliance with tax laws, audit requirements, or the establishment, exercise, or defense of legal claims. Once these obligations have been fulfilled, we will ensure that your personal data is securely erased or anonymized.

Data Subject Rights:

In line with the GDPR, you have the following rights regarding your personal data:

  1. Right to Information: You have the right to be informed about the collection and use of your personal data.
  2. Right of Access: You can request a copy of the personal data we hold about you.
  3. Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to have it corrected.
  4. Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data, subject to certain conditions.
  5. Right to Restrict Processing: You have the right to request the restriction of processing under certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  6. Right to Data Portability: You can request that we provide your personal data to you in a structured, commonly used, and machine-readable format, and you may also transfer this data to another service provider if technically feasible.
  7. Right to Object: You can object to the processing of your personal data, including for direct marketing purposes.
  8. Right to Avoid Automated Decisions: You have the right not to be subject to automated decisions, including profiling, which significantly affects you.

To exercise these rights, please contact us directly using the details on our website.

Right of Portability:

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. Furthermore, if technically feasible, you have the right to request that we transmit this data directly to another data controller.

Right to Object:

You can object to the processing of your personal data. If you object to the processing of your personal data for direct marketing purposes, we will immediately stop processing your data for these purposes. For other objections, we will continue processing your data unless we can demonstrate that we have overriding legitimate grounds for continuing the processing, which take precedence over your interests, rights, and freedoms.

Complaint to the Supervisory Authority:

You have the right to lodge a complaint with the Bulgarian Commission for the Protection of Personal Data, or any other relevant supervisory authority, if you believe your personal data is being processed unlawfully. Additionally, you have the right to seek judicial remedies for any violations of your rights under data protection law.

Use of Artificial Intelligence (AI):

We may use Artificial Intelligence (AI) tools to analyze personal data for improving our services, offering personalized recommendations, or automating customer service. In such cases, the processing will be based on your explicit consent, and we will provide you with information on the purpose, logic, and consequences of the automated processing.

We are committed to ensuring that the use of AI respects your rights, and you have the ability to object to any automated decision-making, including profiling, that may significantly affect you.

Data Security:

We implement a variety of technical and organizational measures to ensure the security and integrity of your personal data. These measures include, but are not limited to, encryption technologies, secure data storage practices, access controls, and regular security assessments. Our team regularly reviews and updates these procedures to address potential vulnerabilities and to maintain the highest standards of protection against unauthorized access, data breaches, and other security threats.

While we take all reasonable steps to safeguard your personal data, we acknowledge that no system is entirely invulnerable to breaches or attacks. Despite our efforts to maintain a secure environment, we cannot guarantee absolute security for personal data transmitted over the internet. We advise you to take appropriate precautions when using online services and accessing the internet to minimize any risks associated with data exposure.

Changes to This Privacy Policy:

We reserve the right to amend this Privacy Policy as necessary. Any changes will be posted on this page, and we encourage you to review it periodically. The revised policy will become effective immediately upon posting.

If the changes significantly affect your rights, we will inform you directly via email or through the website, providing you with the opportunity to consent to the updated policy.

Date 01/11/2025