x
x Mastercard: A new era of Finance for blockbank unveiled 🚀

Privacy Policy

Edition: 25.09.2022

The structure of this document (You can navigate through the document using active links and search for the information
you need in the text):

This document is divided into 2 parts: a detailed text version (on the right) and a summary of the sections (on the
left), which briefly and more clearly explain the content of the section.

About us and our contacts

Summary

In detail

This document explains what data is processed in connection with your use of the blockbank service. It also explains how we receive and use your data, where we store it and how we protect it. We want the use of our service to be as secure as possible for your personal data, so your privacy is a priority for us. By blockbank service (hereinafter referred to as the “Service”) are understood any of its components:

  • Mobile app blockbank
  • Web application blockbank.

It explains how and why we process your personal data, as well as how you can control it and stop it from being processed.

This Privacy notice applies to all personal data that we receive when using the Service.

Please carefully read this document. This is because using the Service implies that you fully understand and accept the terms of use of your personal data without any conditions, exceptions, or reservations. If you do not accept the terms of this document (in general and / or in part) or do not agree with the terms of use of personal data, we ask you not to use the Service. If you disagree with the terms of the Privacy notice, further use of the Service and its components is not allowed.

Some terms

Some terms that can be seen in this document:

Automated decision-making is a decision that our system makes automatically due to its specific algorithm and without human participation.

Processor (vendor) – companies and third-party services that help our service work (for example, a payment system, a message sending service, etc.).

Some terms that can be seen in this document:

Automated decision-making is a decision that our system makes automatically due to its specific algorithm and without human participation.

We don’t use any algorithms to make any decision that would significantly affect you.

Processor (vendor) – a company that we attract to perform on our behalf certain actions necessary for the operation of the Service and related to the processing of your personal data (for example, a payment system, a message sending service, etc.)

Definitions

The terms listed below have the meanings assigned to them in the Data privacy regulation and the accompanying Policy:

  • Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Activity and usage data means any personal data which is generated, collected and processed during the usage of New Sphere’s services;
  • Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Controller means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;.
  • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
  • Data subject is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular information representing personal data;
Our company, which is responsible for processing your personal data using the Service, is called UAB HODL SERVICES and is located in Lithuania at the address: J. Savickio g. 4-7, Vilnius, 01108

Contacts of our Data protection officer:

1) e-mail: [email protected]
2) Postal address: J. Savickio g. 4-7, Vilnius, 01108, LT.

UAB HODL SERVICES is the administrator of the Service and the controller of personal data processed in accordance with this notice.

Our address: J. Savickio g. 4-7, Vilnius, 01108, LT.

If you have any questions about this Notice or questions about our processing of your personal data, we hope that you contact us and we will be able to resolve your issue. You can contact our Data protection officer using:

1) email: [email protected] or
2) by writing us to: Naugarduko 68B, Vilnius, 03203.

We will send responses to your requests to the e-mail address specified by you during registration in the Service or in any other form, at your wish. You can also contact the Lithuanian Supervisory Authority.

Age restriction

You can use the Service only when you reach a certain age. The minimum age for using the Service is 18 years.

We will delete the data of a user whose age does not meet our age requirements as soon as we become aware of this.

The Service can only be used by users who are minimum 18 years old If you are under the minimum age, please do not use the Service and do not provide us with your personal data.

If we become aware that personal data of users who have not reached the minimum age has been obtained through the service, we will immediately take all possible measures to delete such personal data and account.

If you are aware that the App is being used by a person under the age of consent, please contact us using any of the methods described in Section About us and our contacts, and we will take the necessary steps to delete the corresponding information and / or account.

Your rights and how to exercise them

You have a number of rights in relation to your personal data:

a) to access them
b) make amendments and additions to them
c) require us to erasure them
d) request a restriction on their processing
e) object to a particular data processing
f) receive your data from us in electronic format, so that you can then transfer it to another person or
ask us to do so
g) not to be subjected to automated decision-making (i.e., a decision that our system makes
automatically due to its specific algorithm and without human participation)
h) to withdraw consent to their processing. In any case, you can always ask us how we process your data and how you can exercise your rights.If we suspect that someone is impersonating you, we will check whether it is really you who made the request to us.

Your rights in relation to your personal data:

a) The right to access personal data We provide you with the opportunity to access your personal data that is processed by the service. You can request information about what your personal data is processed by us and to what extent by sending us a request *.

b) Right to rectification You can independently change (clarify / supplement) certain personal data in your profile, and you can also contact us with a request to clarify your personal data*. We may ask you for documents confirming
the need for changes, if such changes are related to the receipt of paid services of the service.

c) The right to erasure (the “right to be forgotten”) In certain cases, you can request * the deletion of your personal data and the termination of their processing, for example, when the personal data is no longer needed for the purposes of specific processing, or when you withdraw your consent or object to the processing of your personal data, or when in your opinion the processing of personal data does not comply with the law.

d) The right to restrict processing You may request* that we temporarily or permanently stop processing all or some of your personal dataif:

dispute the accuracy of your personal data,

  • if you believe that the processing is illegal and, instead of deleting personal data, you want to restrict their use by us,
  • you believe that they are necessary for you to declare, implement or challenge legal claims and claims.

e) The right to object to processing Taking into account your specific situation, you can at any time object to the processing of your personal data if the basis for their processing was our legitimate interest or the processing is necessary to perform a task in the public interest or within the framework of the exercise of state power entrusted to us (the grounds for processing are described in the Appendix List of treatments. You can also object to profiling based on these grounds. Also, in cases where we process data for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for the purposes of such marketing, including profiling, to the extent that the processing of your personal data relates to this direct marketing.

f) The right to data portability You have the right to receive your personal data available to us, which we received with your consent or they were provided to us for the performance of the contract, from us in electronic format and then you can transfer such data to another person. We may, at your direction, transfer such data directly to another person, if this is technically feasible.

g) The right not to be subjected to automated decision-making You have the right not to be subjected to a decision that is based solely on the automated processing of your personal data, including profiling, if such actions entail legal consequences (for example, some of your legal rights will be infringed, limited) or in a similar way significantly affect you.

In certain cases, automated decision-making may take place, but we will take measures to protect your rights, freedoms and interests of the data subject. In this situation, you can request* the intervention of our specialist to make a decision, and also have the right to express your position, challenge such a decision.

h) The right to withdraw consent to the processing of personal data If we process your personal information based on your consent, you can revoke your consent to the processing of personal data at any time by changing the settings in your profile or by sending us a request* indicating the revoked consent. Please note that the fact of revocation of consent does not affect the legality of data processing actions performed before the revocation. If you have any questions about your privacy rights or how you can exercise them, or if you want to exercise any of these rights, you can send us a request*. We will try to respond to your request as soon as possible, but in any case we will do it within a month from the date of receipt of the request. In some cases, it may take up to 3 months to fulfill your request, which we will definitely notify you about and explain
the reasons for the delay.

Please keep in mind that if the request is unclear, we can contact you to better understand the content of the request. We may also refuse to satisfy a request if it is clearly unfounded or excessive (repetitive).

If we have doubts whether you have really contacted us (and not someone impersonating you), we have the right to ask you to confirm your identity (for example, to confirm some data known to you and us or to provide a copy of your identity card). This will allow us to make sure that the satisfaction of your request does not violate the rights of third parties.

If you are not completely satisfied with our response, you can also complain about our processing of your personal data to the appropriate data protection authority.

How we receive your personal data

Where do we get your data from:

1) we receive from you (for example, when you enter data during registration or write a request to our
mail);
2) we automatically collect data from your device (phone, computer) from which you use the Service;
3) we receive it from other services and persons (for example, from Facebook, Google, Apple);
4) we create it ourselves (for example, by collecting the history of your use of the service).

We may receive your personal data:

  • directly from you when you enter this data when registering or using the service or in connection with its use (for example, when you enter data during registration or write a request to our email);
  • automatically received by us when you use the service (for example, technical data of the device);
  • received by us from third-party resources and services (for example, from Sum and Substance Ltd (UK) that provides KYC for us);
  • generated by our service when you use it (payment history). When you register or log in to our service via Facebook, Google, Apple, you give us permission to receive certain information from these services. The specific types of information that we may receive depend on your settings for this service and will be governed by their privacy policy.

When we ask you to provide your personal data for the provision of the services, we strive to collect only those whose collection is the minimum necessary for the provision of services of the service. If you do not provide us with complete and accurate data, we will not be able to provide you with the services.

If for some functionality (for example, sending news to the mail) or for some of our needs (for example, sending advertising to you), your consent to the processing of personal data is required, such processing will be carried out at your discretion and only after receiving your consent.

In the Table 2 you will find the categories of personal data that we collect in the course of your work with the Service, with a list of personal data that may be affected for each of them.

How long do we store your personal data?

As a rule, we store your personal data as long as it is necessary to provide you with services in the Service and to provide access to the Service or for the period established by law for the storage of certain data. As a rule, we store your personal data as long as it is necessary to provide you with services in the Service and to provide access to the Service.

Some personal data will be stored for the period necessary to ensure our legitimate and significant business goals and interests, or for the period established by law for the storage of certain data.

We will store the necessary personal data after deleting your account, only if it is necessary for:

  • fulfillment of our tax and legal obligations,
  • compliance with the requirements of the legislation,
  • to resolve claims or disputes,
  • ensuring security,
  • prevention of fraud and money laundering,
  • ensuring the safety of our users.

Please note that if you delete some personal data of users from the Service, this deletion may affect the ability to use the Service and its functionality for the user.

Who we can share your data with

Your data may be processed by other companies engaged by us. Your data may sometimes be transferred for processing outside the EU, including to countries where the level of personal data protection is not adequate to the European level. However, in such cases, we undertake to monitor such processing. For the operation, development, promotion of the service, we cooperate with other service providers who may have access to or receive from us or directly some of your personal data to provide relevant services. Such suppliers may be located outside the European Union and in countries that do not provide an adequate level of personal data protection (for example, the United Kingdom, etc.).

We allow these companies to process your data in accordance with our instructions and exactly to the extent that they need it to provide their services and products. As a tool for transferring data to countries that do not provide a level of protection adequate to the European one, we use such as Standard Contractual Clauses (approved by the EU Commission), which describe the conditions for processing data by recipients and mechanisms for their protection (including various technical,
organizational and legal protection measures). For a list of providers see in the Table 3.

How does the service ensure the security of your data?

The security of your data is important to us. To do this, we use certain common measures to protect them, and also make sure that our partners provide an appropriate level of protection of your data. We strive to protect the personal data of our users and take all reasonable and appropriate measures to protect the personal data of users from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

To protect your personal data, we:

  • have designed and have developed the Service in such a way as to minimize the risks of data breach;
  • have chosen reliable partners who comply with the requirements of the laws on personal data protection. Our partners with whom we share your personal data are required to comply with all applicable data privacy requirements and ensure an appropriate level of data protection;
  • have restricted access and differentiated the levels of access to your personal data for our employees and third parties, and we also monitor who accesses, uses and transmits your personal data;
  • conduct vulnerability scanning of the Service to prevent data breach;
  • store personal data on servers located in the European Union;
  • encrypt personal data for safe transmission and storage.

If you have any questions about the security of our Service, please contact our Data protection officer
at dpo@blockbank .ai.

Personal data breach

No service is 100% secure. If your data is suddenly leaked in our Service, we will do everything to eliminate such a leak and its consequences for you. It is important for you to restrict the access of others to your device and its contents, since we cannot ensure the security of your data in the event of such access. Please note that no security system is perfect, and therefore we cannot fully guarantee the absolute security of the service or unauthorized access to personal data by third parties. In case of occurrence of such circumstances (events) we will take all reasonable measures to eliminate these circumstances (events) and their consequences.

We recommend that you restrict access to the device from which you use the service and log out after using the Service.

If necessary, we will notify you of any violations related to your personal data breach and report such breach to the relevant authority for the supervision of compliance with the legislation on the protection of personal data.

Changes to the Privacy notice

This document may change periodically. We will notify you about important changes in the service itself or by email. We may periodically make changes to this Privacy notice and, if necessary, we will notify you about it (for example, by posting a notification in the Service or sending you an email and / or notification to your device). Your continued access to or use of the Service after the effective date of such changes will be governed by the revised Privacy notice. If you do not agree with the changes made to Privacy notice (in general and / or in part), please do not use the Service and delete your profile (if you want us to stop processing your personal data).

In any case, you can get acquainted with the current version of Privacy notice and all its previous versions on our website (blockbank.ai) . We recommend that you periodically review our website or Service applications to get the latest information about our privacy policies regarding your personal data.

You bear the risks associated with untimely familiarization with the Privacy Notice, changes and (or) additions made to the Privacy Notice before using the blockbank service.

The invalidation of certain provisions of the Privacy notice for any reason does not entail the invalidity of the Privacy notice as a whole and its other provisions.

Lithuanian Supervisoryauthority

Contacts of the authority that controls the use of your personal data by us:

State Data Protection Inspectorate
L. Sapiegos str. 17, LT-10312 Vilnius
Phones: +370 5 271 2804 / 279 1445
Consultations by phone +370 5 212 7532
E-mail [email protected]
Website: https://vdai.lrv.lt/en/

The entire list of supervisory authorities can be found at the link
https://edpb.europa.eu/about-edpb/about-edpb/members_en

Table 1: List of Processing

Processing Category of processing data Base for processing
Creating an account and providing access to the service data about a person, identifiers, location performance of contract
Application functionality data about a person, confidential information, location our legitimate interest in preventing fraud or other financial crime, and complying with statutory and regulatory requirements in relation to anti-money laundering and terrorist financing investigation and prevention
Payments and invoicing data about a person, identifiers, financial information performance of contract
Creating an account and providing access to the service Creating an account and providing access to the service performance of contract
Card data storage data about a person, financial information consent
Elimination and prevention of failures and errors, protection the service data performance of contract
Providing technical support data about a person, identifiers, location, usage data / app activity, app info and performance, financial information performance of contract
Fulfill our tax obligations data about a person, financial information legal obligation
Fulfill our accounting obligations data about a person, financial information our legitimate interest in performing accounting

Table 2: Category of Data

What’s included in processing data categories Data
Data about a person full name, address, date of birth, email address, citizenship, residency, language, password, phone number
Identifiers IP address, user ID, other online identifiers, social security number, driver’s license number, passport number, or other similar identifiers
Location precise or coarse / approximate location or the location of your device, time zone, country
Financial information payments, income, funds, bank card data, cryptographic keys, transactions, or any other financial information
Usage data / app activity interaction with the Service, for example, launching applications, touches, clicks, scrolling information, or other information about how the user interacts with the application, any other data about user activity in the application
App info and performance сrash, data information about hardware and software, information about Internet connection, other diagnostic data, performance data

Table 3: Service providers

Supplier categories The supplier and its product or service / country of service provided Services Links to the supplier’s privacy information, documents describing the relevant measures and guarantees of confidentiality
Technical providers

Amazon Web Services EMEA SARL (EU, Luxembourg)

Amazon Web Services (AWS)

Data storage on servers located in the European Union. AWS prohibits, and its systems are designed to prevent, remote access by AWS personnel to customer data for any purpose, including service maintenance, unless access is requested by us, is required to prevent fraud and abuse, or to comply with law.
https://aws.amazon.com/blogs/security/aws-and-the-general-data-protection-regulation/
https://aws.amazon.com/security/
Privacy policy: https://aws.amazon.com/compliance/data-privacy-faq/
KYC provider

Sum and Substance Ltd (UK)

Sumsub

Know-Your-Customer (KYC) procedure https://sumsub.com/privacy-notice/