Privacy Policy

Summary

In detail

• Mobile app blockbank
• Web application blockbank.

It explains how and why we process your personal data, as well as how you can control it and stop it from being processed.

This Privacy notice applies to all personal data that we receive when using the Service.

Please carefully read this document. This is because using the Service implies that you fully understand and accept the terms of use of your personal data without any conditions, exceptions, or reservations. If you do not accept the terms of this document (in general and / or in part) or do not agree with the terms of use of personal data, we ask you not to use the Service. If you disagree with the terms of the Privacy notice, further use of the Service and its components is not allowed.

Some terms that can be seen in this document:

Automated decision-making is a decision that our system makes automatically due to its specific algorithm and without human participation.

Processor (vendor) – companies and third-party services that help our service work (for example, a payment system, a message sending service, etc.).

Some terms that can be seen in this document:

Automated decision-making is a decision that our system makes automatically due to its specific algorithm and without human participation.

We don’t use any algorithms to make any decision that would significantly affect you.

Processor (vendor) – a company that we attract to perform on our behalf certain actions necessary for the operation of the Service and related to the processing of your personal data (for example, a payment system, a message sending service, etc.)

Contacts of our Data protection officer:

1) e-mail: dpo@blockbank.ai
2) Postal address: J. Savickio g. 4-7, Vilnius, 01108, LT.

Our address: J. Savickio g. 4-7, Vilnius, 01108, LT.

If you have any questions about this Notice or questions about our processing of your personal data, we hope that you contact us and we will be able to resolve your issue. You can contact our Data protection officer using:

1) email: dpo@blockbank.ai or
2) by writing us to: Naugarduko 68B, Vilnius, 03203.

We will send responses to your requests to the e-mail address specified by you during registration in the Service or in any other form, at your wish. You can also contact the Lithuanian Supervisory Authority.

We will delete the data of a user whose age does not meet our age requirements as soon as we become aware of this.

If we become aware that personal data of users who have not reached the minimum age has been obtained through the service, we will immediately take all possible measures to delete such personal data and account.

If you are aware that the App is being used by a person under the age of consent, please contact us using any of the methods described in Section About us and our contacts, and we will take the necessary steps to delete the corresponding information and / or account.

a) to access them
b) make amendments and additions to them
c) require us to erasure them
d) request a restriction on their processing
e) object to a particular data processing
f) receive your data from us in electronic format, so that you can then transfer it to another person or
ask us to do so
g) not to be subjected to automated decision-making (i.e., a decision that our system makes
automatically due to its specific algorithm and without human participation)
h) to withdraw consent to their processing. In any case, you can always ask us how we process your data and how you can exercise your rights.If we suspect that someone is impersonating you, we will check whether it is really you who made the request to us.

a) The right to access personal data We provide you with the opportunity to access your personal data that is processed by the service. You can request information about what your personal data is processed by us and to what extent by sending us a request *.

b) Right to rectification You can independently change (clarify / supplement) certain personal data in your profile, and you can also contact us with a request to clarify your personal data*. We may ask you for documents confirming
the need for changes, if such changes are related to the receipt of paid services of the service.

c) The right to erasure (the “right to be forgotten”) In certain cases, you can request * the deletion of your personal data and the termination of their processing, for example, when the personal data is no longer needed for the purposes of specific processing, or when you withdraw your consent or object to the processing of your personal data, or when in your opinion the processing of personal data does not comply with the law.

d) The right to restrict processing You may request* that we temporarily or permanently stop processing all or some of your personal dataif:

dispute the accuracy of your personal data,

• if you believe that the processing is illegal and, instead of deleting personal data, you want to restrict their use by us,
• you believe that they are necessary for you to declare, implement or challenge legal claims and claims.

e) The right to object to processing Taking into account your specific situation, you can at any time object to the processing of your personal data if the basis for their processing was our legitimate interest or the processing is necessary to perform a task in the public interest or within the framework of the exercise of state power entrusted to us (the grounds for processing are described in the Appendix List of treatments. You can also object to profiling based on these grounds. Also, in cases where we process data for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for the purposes of such marketing, including profiling, to the extent that the processing of your personal data relates to this direct marketing.

f) The right to data portability You have the right to receive your personal data available to us, which we received with your consent or they were provided to us for the performance of the contract, from us in electronic format and then you can transfer such data to another person. We may, at your direction, transfer such data directly to another person, if this is technically feasible.

g) The right not to be subjected to automated decision-making You have the right not to be subjected to a decision that is based solely on the automated processing of your personal data, including profiling, if such actions entail legal consequences (for example, some of your legal rights will be infringed, limited) or in a similar way significantly affect you.

In certain cases, automated decision-making may take place, but we will take measures to protect your rights, freedoms and interests of the data subject. In this situation, you can request* the intervention of our specialist to make a decision, and also have the right to express your position, challenge such a decision.

h) The right to withdraw consent to the processing of personal data If we process your personal information based on your consent, you can revoke your consent to the processing of personal data at any time by changing the settings in your profile or by sending us a request* indicating the revoked consent. Please note that the fact of revocation of consent does not affect the legality of data processing actions performed before the revocation. If you have any questions about your privacy rights or how you can exercise them, or if you want to exercise any of these rights, you can send us a request*. We will try to respond to your request as soon as possible, but in any case we will do it within a month from the date of receipt of the request. In some cases, it may take up to 3 months to fulfill your request, which we will definitely notify you about and explain
the reasons for the delay.

Please keep in mind that if the request is unclear, we can contact you to better understand the content of the request. We may also refuse to satisfy a request if it is clearly unfounded or excessive (repetitive).

If we have doubts whether you have really contacted us (and not someone impersonating you), we have the right to ask you to confirm your identity (for example, to confirm some data known to you and us or to provide a copy of your identity card). This will allow us to make sure that the satisfaction of your request does not violate the rights of third parties.

If you are not completely satisfied with our response, you can also complain about our processing of your personal data to the appropriate data protection authority.

1) we receive from you (for example, when you enter data during registration or write a request to our
mail);
2) we automatically collect data from your device (phone, computer) from which you use the Service;
3) we receive it from other services and persons (for example, from Facebook, Google, Apple);
4) we create it ourselves (for example, by collecting the history of your use of the service).

• directly from you when you enter this data when registering or using the service or in connection with its use (for example, when you enter data during registration or write a request to our email);
• automatically received by us when you use the service (for example, technical data of the device);
• received by us from third-party resources and services (for example, from Sum and Substance Ltd (UK) that provides KYC for us);
• generated by our service when you use it (payment history). When you register or log in to our service via Facebook, Google, Apple, you give us permission to receive certain information from these services. The specific types of information that we may receive depend on your settings for this service and will be governed by their privacy policy.

When we ask you to provide your personal data for the provision of the services, we strive to collect only those whose collection is the minimum necessary for the provision of services of the service. If you do not provide us with complete and accurate data, we will not be able to provide you with the services.

If for some functionality (for example, sending news to the mail) or for some of our needs (for example, sending advertising to you), your consent to the processing of personal data is required, such processing will be carried out at your discretion and only after receiving your consent.

In the Table 2 you will find the categories of personal data that we collect in the course of your work with the Service, with a list of personal data that may be affected for each of them.

Some personal data will be stored for the period necessary to ensure our legitimate and significant business goals and interests, or for the period established by law for the storage of certain data.

We will store the necessary personal data after deleting your account, only if it is necessary for:

• fulfillment of our tax and legal obligations,
• compliance with the requirements of the legislation,
• to resolve claims or disputes,
• ensuring security,
• prevention of fraud and money laundering,
• ensuring the safety of our users.

Please note that if you delete some personal data of users from the Service, this deletion may affect the ability to use the Service and its functionality for the user.

We allow these companies to process your data in accordance with our instructions and exactly to the extent that they need it to provide their services and products. As a tool for transferring data to countries that do not provide a level of protection adequate to the European one, we use such as Standard Contractual Clauses (approved by the EU Commission), which describe the conditions for processing data by recipients and mechanisms for their protection (including various technical,
organizational and legal protection measures). For a list of providers see in the Table 3.

To protect your personal data, we:

• have designed and have developed the Service in such a way as to minimize the risks of data breach;
• have chosen reliable partners who comply with the requirements of the laws on personal data protection. Our partners with whom we share your personal data are required to comply with all applicable data privacy requirements and ensure an appropriate level of data protection;
• have restricted access and differentiated the levels of access to your personal data for our employees and third parties, and we also monitor who accesses, uses and transmits your personal data;
• conduct vulnerability scanning of the Service to prevent data breach;
• store personal data on servers located in the European Union;
• encrypt personal data for safe transmission and storage.

If you have any questions about the security of our Service, please contact our Data protection officer
at dpo@blockbank .ai.

We recommend that you restrict access to the device from which you use the service and log out after using the Service.

If necessary, we will notify you of any violations related to your personal data breach and report such breach to the relevant authority for the supervision of compliance with the legislation on the protection of personal data.

In any case, you can get acquainted with the current version of Privacy notice and all its previous versions on our website (blockbank.ai) . We recommend that you periodically review our website or Service applications to get the latest information about our privacy policies regarding your personal data.

You bear the risks associated with untimely familiarization with the Privacy Notice, changes and (or) additions made to the Privacy Notice before using the blockbank service.

The invalidation of certain provisions of the Privacy notice for any reason does not entail the invalidity of the Privacy notice as a whole and its other provisions.

Contacts of the authority that controls the use of your personal data by us:

State Data Protection Inspectorate
L. Sapiegos str. 17, LT-10312 Vilnius
Phones: +370 5 271 2804 / 279 1445
Consultations by phone +370 5 212 7532
E-mail ada@ada.lt
Website: https://vdai.lrv.lt/en/

The entire list of supervisory authorities can be found at the link
https://edpb.europa.eu/about-edpb/about-edpb/members_en

Amazon Web Services EMEA SARL (EU, Luxembourg)

Amazon Web Services (AWS)

Sum and Substance Ltd (UK)

Sumsub