Privacy Policy
  1. Introduction

    1. This document is created on the basis and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.
    2. This document applies to you, in your quality of User of website (the “Platform”).
  2. Who is collecting your personal data?

    1. Your personal data is collected by Block Capital SRL (Cluj-Napoca, Dorobanților Nr. 5, Cluj, Romania CUI 39915424 / J12/43172018 / (EUID)ROONRCJ12/4317/2018), the provider of website and Service.
  3. What data is being collected?

    1. When creating your user account and/or when using the Service, we may collect the following personal data:
      1. The data required for creating the User Account: name, email, phone any other required data as mentioned in the singing-in page under the Platform;
      2. The data required for validating your identity, as such data result from the identification documents that you provide to us;
      3. Your activity under the Platform.
  4. Why the data is being collected? How will the information be used?

    1. Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience when using the Service. We may use your personal information to:
      • Evaluate, approve and/or verify your Account after you sign up on the Platform;
      • Provide you the Service (the right to use the website);
      • Resolve disputes and troubleshoot problems;
      • Prevent potentially prohibited or illegal activities, and enforce our Terms of Service;
    2. In some circumstances the data is collected and used in order to comply with legal obligation that we might have.
    3. Also, in case we have your consent, your data might be used on marketing purposes (in order to promote our services to you).
  5. What is the legal basis for processing the data?

    1. We collect and process your data for the purposes stipulated under clause. 4.1 above based on GDPR Regulation article 6 paragraph 1, letter b (execution of a contract).
    2. We collect and process your data for the purposes stipulated under clause. 4.2 above based on GDPR Regulation article 6 paragraph 1, letter c (legal obligation).
    3. We collect and process your data for the purposes stipulated under clause. 4.3 above based on GDPR Regulation article 6 paragraph 1, letter a (your consent).
    4. Please be advised that if you do not accept to process your data required for the provision of Service, you will not be able to use the Platform and the Service.
  6. How long the data will be stored for?

    1. When we process your data with the purpose to provide you the Service we will store your data as long as we will provide you the Service. Therefore, we will delete your personal data at the moment when your user account is deleted (by you or by us), unless we need to keep storing your personal data on the basis of a legal obligation and/or unless we need to retain some personal information from your account to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our Terms of Service.
    2. When we process your data based on a legal obligation, the data will be stored for the entire duration required by the law.
    3. When we process your data based on your consent, the data will be stored as long as we have your consent, but not more than 5 years.
    4. We will delete and/or fully anonymize your data at the end of the storage period.
  7. Where do we store the data?

    1. The data is stored in United States.
    2. Before transferring your data outside EEA, we will verify if a similar level of protection can be obtained following such transfer.
    3. Therefore:
      • We will verify if the country to whom we consider transferring your personal data is subject to an adequacy decision adopted by the European Commission and if possible, we will perform the transfer on the basis of such adequacy decision. You can read more info about this mechanism of data transfer here:
      • In the absence of an adequacy decision, we will perform the transfer of your data outside EEA based on the Standard Contractual Clauses approved by the European Commission. In this respect, we will conclude Standard Contractual Clauses with our providers to whom we consider transferring the personal data outside EEA. You can read more info about this mechanism of data transfer here:
      • Also, we may use other appropriate safeguards for the transfer, accordingly with clauses no. 46 and 47 of the GDPR Regulation In this respect, at the moment in case of a transfer of your personal data to US, we will use the Standard Contractual Clauses mechanism, considering that the Privacy Shield has been invalidated by the CJUE. In order to obtain more detailed information about the protection mechanisms we use when we transfer your data, you can contact us by email.
  8. What security measures we have implemented in order to protect the data?

    1. In order to protect your data, we have implemented security measures in accordance with the applicable laws and the best industry practices. In this respect, we protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. We will protect your data for any security incidents, but we cannot guarantee that such incidents cannot occur.
    2. In case of personal data breach which is likely to result in a high risk to your rights and freedoms we will communicate the personal data breach to you, without undue delay.
  9. Will the data be shared with any third parties?

    1. We will not share your data with third parties unless: we will have such a legal obligation; we will have your consent; it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law. We may also share your data with our service providers under contract who help with our business operations such as fraud prevention, marketing, and technology services such as: ZignSec (for identity verification services), Moonpay, Transak (if you use the option to purchase cryptocurrencies with fiat) and/or others.
  10. What rights do you have?

    1. According to GDPR Regulation, you have the right to:
      • information about the processing of your personal data;
      • obtain access to the personal data held about you;
      • ask for incorrect, inaccurate or incomplete personal data to be corrected;
      • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
      • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
      • request the restriction of the processing of your personal data in specific cases;
      • receive your personal data in a machine-readable format and send it to another controller ('data portability');
      • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
      • Withdrawn your consent.
    2. To exercise your rights, please contact us here. We will try to respond to your request as fast as we can, but no later than 1 month since we receive your request.
    3. We might ask you to provide information to confirm your identity (such as, clicking a verification link, entering a username or password, id copies or others) in order to be able to respond to your request.
  11. Do we use automated individual decision-making, including profiling

    1. No, you will not be subject to any decision based solely on automated processing, including profiling.
  12. How can you raise a complaint?

    1. According to GDPR Regulation, you have the right to lodge a complaint with a supervisory authority. Usually you will lodge a complaint with the supervisory authority headquartered in your country or in the data controller’s country. Please find the Data Protection Authorities contact information here
  13. How can you contact us?

    1. For any question or request regarding your data, please contact us here