Privacy Policy

1. General

Blackfort Tech Estonia OÜ (hereinafter, “Blackfort“, “we“, “us” or “our“) is committed to protecting and respecting your privacy.

This Privacy Policy (together with our Terms and Conditions) explains how we collect, process and use your Personal Information when You are opening an account and accessing our services via our Website: https://blackfort.exchange “Website”) and our application: BlackFort Wallet (“App”) or otherwise interacting with Blackfort. “Personal Information” is defined as information which can be used to identify a natural person. This can include, for example, your name, address, e-mail address, information about your business deals, etc.

The purpose of this Privacy Policy is to inform You about:

• who is responsible for the protection of your information;
• the types of Personal Information we may collect about You and how it may be used;
• the sources from which we gather information about you;
• our use of information regarding IP addresses;
• any disclosure of the Personal Information to third parties;
• your ability to correct, update and delete your Personal Information; and
• the security measures we have in place to prevent the loss, misuse, or alteration of the Personal Information under our control.

When processing your Personal Information, Blackfort is required to follow the requirements stipulated in the Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and other data protection related legal acts which are applicable in a specific case (“applicable data protection laws”).

2. Who is responsible for protection of your information?

The controller of your Personal Information is Blackfort Tech Estonia OÜ, registry code: 14883859; address: Harju maakond, Tallinn, Kesklinna linnaosa, Pärnu mnt 158/2, 11317, email address: [email protected].

Should You have any questions about how we process your Personal Information, or should You wish to exercise any of your rights as a data subject, You can contact our Data Protection Officer (DPO) at: [email protected].

3. Gathering and Use of Personal Information

We may collect your Personal Information if You use the Website, open an Account to use Our Services or perform any transactions on the Website. The types of the Personal Information which we collect may include your:

• name;
• ID card data;
• Passport data;
• photographic identification;
• address;
• phone number;
• e-mail address;
• username;
• IP address(es) and geographical location;
• device and browser information;
  • device model;
  • software platform;
  • device software version;
  • device universally unique identifier (UUID);
  • device manufacturer
  • device serial number.
• banking details, including account numbers;
• date of birth;
• documentation regarding the source of funds if the transaction exceeds X €;
• blockchain addresses;
• transaction history.

4. We may use your Personal Information for the following purposes:

• to allow You to open and operate an Account and Wallet on the Website and/or on the App. The legal basis for processing your Personal Information in this case is GDPR Art 6(1)(b);
• to enable You to complete exchange and trade transactions on the Website and/or on the App. The legal basis for processing your Personal Information is GDPR Art 6(1)(b);
• to reply to your queries when You have contacted us. The legal basis for processing your Personal Information is either GDPR Art 6(1)(b) or Art 6(1)(f), depending on the circumstances;
• to analyse the use of our Website and/or our App. The legal basis for processing your Personal Information is GDPR Art 6(1)(f)
• to carry out our anti-money laundering (AML) procedures as required by law. These procedures are outlined in our AML Policy. The legal basis for processing your Personal Information is GDPR Art 6(1)(c);
• as required for other regulatory purposes. The legal basis for processing your Personal Information is GDPR Art 6(1)(c);
• to provide You with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if You have specifically agreed to receive such information. The legal basis for processing your Personal Information is GDPR Art 6(1)(a) or GDPR Art 6(1)(f), depending on the circumstances;
• for market research, e.g., surveying the users of our Website and/or our App about their needs and opinions on our services. The legal basis for processing your Personal Information is GDPR Art 6(1)(a) or 6(1)(f), depending on the circumstances.

We process your Personal Information only for the purpose(s) for which we have collected the Personal Information. If You do not consent to the processing of your Personal Data that is based on a statutory or contractual basis, you may not be able to access our Services.

5. Sources of Personal Information

We collect information about You from several sources including, but not limited to:

• your Account profile in the Website and/or in the App;
• your social network profiles (Facebook, Google);
• cryptocurrency blockchains or networks (e.g. Bitcoin and Ethereum blockchains).

6. IP Addresses

We may collect information about your computer, including where available, your IP address, operating system and browser type for system administration, and to report aggregate information to our advertisers. We note that this constitutes statistical data about our users’ browsing actions and browsing patterns and it is not possible to identify any individuals.

7. Disclosure of Personal Information

We use the Personal Information for the purposes indicated at the time You provide us with such information, and/or otherwise for the purposes set out in this Privacy Policy and/or as otherwise permitted by law. In certain cases, we may make your Personal Information available to our affiliates, agents, representatives, trusted service providers and contractors.

Whenever we disclose your Personal Information to a third party, there will be a legal basis for this, and we will abide by all relevant rules stipulated in applicable data protection laws. Any third party which receives or has access to the Personal Information shall be required by us to protect such Personal Information and to use it only to carry out the services they are performing for You or for the Website, unless otherwise required or permitted by law. We will ensure that any such third party is aware of our obligations under this Privacy Policy and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to You under this Privacy Policy or which are imposed on us under applicable data protection laws.

Specifically, when it is needed and permitted by applicable data protection laws, we can share information about You with the following parties:

• third-party verification providers (i.e. identity and address verification providers);
• KYC providers
• acquiring and card issuing banks;
• payment processing partners;
• our service providers;
• banks or other financial institutions when disputing claims or chargebacks;
• government and regulatory authorities, when requested;

Please note that we cooperate with partners in different countries, hence your Personal Information might be processed and stored in different jurisdictions, taking into account all the requirements pursuant to applicable data protection laws.

We are committed to ensuring the safety of your Personal Information at all times by using secured data transfer channels, contractual obligations and other means (i.e. working with only trusted partners that have implemented adequate data protection measures).

8. No Automated Decision Making

Blackfort does not use automated decision-making, including profiling. However, we will notify You in writing if this position changes.

9. Your rights as a data subject

You have the following rights as a data subject, considering the relevant conditions stipulated in applicable data protection laws:

• right to access – your right to obtain from Blackfort a confirmation as to whether or not Personal Information concerning You is being processed, and, where that is the case, access to the Personal Information;
• right to the erasure of your Personal Information (“right to be forgotten”);
• right to the correction of any inaccurate Personal Information;
• right to the restriction of our processing of your Personal Information;
• right to data portability;
• right to object to the processing of your Personal Information, including, but not only, to data processing for marketing purposes;
• right to withdraw your consent for data processing, in cases where the legal basis for the processing of your Personal Information is your consent.

You can exercise the abovementioned rights by sending an email to us at: [email protected].

You may also request the deletion of your Account and Personal Information by sending an email to us at: [email protected]. Blackfort will accept your request only when this is not inconsistent with its legal and regulatory obligations.

In addition to the above, you have the right to file a claim with your local supervisory authority or with a competent court, if You believe that Blackfort has infringed your rights as a data subject. Information and contact details about local supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

10. Data Transfers

Blackfort will not transfer personal data to a third country outside the EEA where data protection laws may be different from the requirements under the GDPR, except if that country ensures an adequate level of data protection (e.g. based on the EU-US Privacy Shield framework), or if appropriate safeguards such as the model clauses (i.e. standardised clauses approved by the European Commission) are in place, or if You have clearly consented to such transfer.

11. Security

We have implemented appropriate technical and organisational measures to ensure the confidentiality of your Personal Information and to protect your Personal Information from loss, misuse, alteration or destruction. Only authorized personnel of Blackfort have access to your Personal Information, and these personnel are required to treat the information as confidential.

The security measures in place will, from time to time, be reviewed in line with legal and technical developments.

12. Retention of Personal Information

We will hold your Personal Information only for as long as it is necessary for us to do so, having regard to the purposes described in this Privacy Policy and our own legal and regulatory requirements. In certain cases, for example in case of accounting documents, the retention periods are stipulated in the law.

13. Links

There may be links from our Website to other Websites and resources provided by third parties. This Privacy Policy applies only to our Website. Accessing third party Websites or sources requires You to leave our Website. We do not control third party Websites or any of the content contained therein and You agree that we are in no way responsible or liable for any of those third party Websites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those Websites. We encourage You to review all policies, rules, terms and regulations, including the privacy policies, of each Website that You visit.

14. Changes

Blackfort may amend this Privacy Policy from time to time. If we change this Privacy Policy, we will take steps to notify all users about the amendments and we will post the amended Privacy Policy on the Website.