Privacy Policy
This privacy policy (“Policy”) describes how BLOCKCO LTD (“Company”, “we”, “our”, or “us”) collects, uses, shares and stores personal data. This Policy applies to the site BLOCK.CO, applications, products, and services and any other sites or applications, products and services that link to the site (collectively, “Services”). By using the Services, you understand and agree that we will collect, process, and use your personal data as described in this Policy.
It is important that you read this Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing data about you so that you are fully aware of how and why we are using your data.

This Policy supplements other notices and privacy policies and is not intended to override them.

Who we are and contact details
The Company is the controller and responsible for your personal data. In some cases, we may process your personal data based on an agreement with a third party; in those cases, that third party being a data controller and us being a data processor. In those cases, the terms of that agreement may govern how we process your personal data.
If you have any questions about this Policy or how we process your personal data or our privacy practices, please contact us:

Email: enquiries@block.co
Telephone number: +357 70007828

You have the right to make a complaint at any time to the Office of the Commissioner for Personal Data Protection, the Cyprus regulator for data protection issues. We would appreciate you coming to us with your complaint in the first instance to give us a chance to resolve it.

Changes to the Policy and your duty to inform us of changes
We keep our privacy policy under regular review. We encourage you to check this Policy regularly to ensure that you are aware of its latest version.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We do not knowingly collect data relating to children.

Third Party links
This website may include links to third-party websites, plug-ins (such as social media plug-ins) and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Third-party wallet extensions
For some of our Services (such as, minting an NFT), we use third-party electronic wallet extensions, such as MetaMask. When you interact with MetaMask or any other third-party electronic wallet extension, your interactions are governed by the applicable privacy policies of these parties.

1. The type of Data we Collect

Personal data means any data about an individual that can identify that individual. We may collect, use, process, store and transfer personal data about you. We may collect and process data that includes:

• Data that have to do with your identity, such as your first name, last name, username, title, date of birth.
• Data by which we can contact you, such as your email address, telephone number, your workplace contact information, the company you work for.
• Data about your transaction with us, such as details about billing and payments and details of any services or subscriptions you have purchased from us.
• Data about the transactions allowed through our services, such as names and emails of parties to a transaction, history of actions taken in relation to that transaction (send, claim NFTs) and personal data about those individuals or their devices (such as name, email address, IP address)
• Data that have to do with the technical aspects of your visit to, and use of, the Services, such as the IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use to access and use the Services. This could also include your precise geolocation (that you allow our Services to access, usually from your mobile phone)
• Data connected to your account with us, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Data that have to do with your use of the Services, how you use our website, products, services, web log data, the number of clicks, the amount spent on particular pages, the date and time you used our Services, and other related information.
• Data that have to do with marketing, including your preferences in receiving marketing from us and third parties, and your communication preferences.
We also collect data that is anonymous in that such data does not, by itself, allow the identification of individuals. This anonymous data includes aggregated (such as statistical or demographic data) and de-identified data. One example is where we may aggregate data relating to your use of our website to calculate the share of our users who access a specific webpage. If we combine or connect anonymous data so that it can directly or indirectly identify you, we treat the combined data as personal data, that we will process and use in accordance with this Policy.

Failure to provide data
Where we need to collect your personal data because of a legal obligation or based on the terms of a contract we have with you, and you fail to provide that data, we may not be able to perform the contract we have or are trying to enter with you. If this is the case, we may have to cancel a Service you have with us. We will notify you if this happens.

2. How is your personal data collected?
We collect and hold information relating to you from different sources.
The information we hold comes essentially from the information you personally provide us or that was transferred to us from a Controller pursuant to a relevant agreement. We may, however, collect your data from other sources. We set these out below.

• Direct interactions.
• You may give us some personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you
• apply for our products or services;
• create or login an account on our website;
• create or edit your profile;
• initiate an electronic transaction or activity under our Services (such as, send an NFT);
• subscribe to our service or newsletters;
• enter a competition, promotion or survey; or
• give us feedback or contact us.
• You may also provide us with personal data about others when you use parts of our Services, such as when you initiate or take part in an electronic transaction (send NFT).

• Automated technologies or interactions. When you use our Services, including when you interact with our website without logging in your account, we will automatically collect technical-related data about you, your equipment, browsing actions and patterns.

Every time you use or access the Services, and our website, data is collected. This data is stored in log files on the server and can include:
The temporary storage of data and log files. The IP address is temporarily stored in the system as it is necessary to provide website access to your computer or other device. The IP address is retained while that website is being accessed. These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.

To collect personal data automatically, we use cookies. Please see our cookie policy for further details.

• Third parties or publicly available sources. We will receive personal data about you, subject to applicable laws, from various third parties as set out below:
• Other customers may give us your personal data, for example when they want you to use our Services (e.g., where they want you to receive an NFT).
• analytics providers, such as Google;
• advertising networks;
• providers that offer their services/products on our services, such as MetaMask and other third-party wallet providers that may provide us with your Ethereum address and other data you choose to share with them
• identity and contact data from publicly available sources, such as the Cyprus Commissioner for Companies.
• Personal data we process on behalf of business clients

When our business clients use some parts of the Services, we may process and store some personal data on their behalf, as a data processor. This may happen, for example, when a business client uploads information about their client/end-user, as the recipient of an NFT. In those cases, our business client is the controller and we will process the relevant personal data as data processor based on an agreement we may have with our business client.

3. How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in these circumstances:
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to perform the contract that we are about to enter or have entered with you.
• Where we need to comply with the law.
We do not generally rely on consent to process your personal data although we will get your consent to send you direct marketing communications to you via email or text. You have the right to withdraw your consent to marketing at any time by contacting us.

Purposes and Bases for Processing

In general, we may use your personal data to provide, fix, and improve our Services, develop new Services, and market our Services.
Below, we explain the ways we plan to use your personal data and the grounds we rely on. We may rely on more than one ground to use your data. The below list is non-exhaustive. You can contact us any time to ask for more details on the grounds we are relying on to use your data.

• Purpose: to register you as a new customer.
Basis for processing: a) to perform a contract with you, b) necessary for our legitimate interests.
• Purpose: to create your account and manage our relationship with you (such as to notify you for changes to our Services, website, terms, or privacy policy or other appliable terms, or to ask you to leave a review).
Basis for processing: a) to perform a contract with you, b) necessary to comply with our legal obligations, c) necessary for our legitimate interests (to keep our records updated and to see how our customers use our products and services).
• Purpose: to process and deliver your orders and our Services to you and keep record of any transactions or actions taken in connection with our Services (including to manage payments, fees, and charges, collect and recover money owed to us)
Basis for processing: a) to perform a contract with you, b) necessary for our legitimate interests (recover debts).
• Purpose: to enable you to take part in a draw, competition, survey
Basis for processing: a) to perform a contract with you, b) necessary for our legitimate interests (to see how customers use our products to develop them and grow our business)
• Purpose: to administer and protect the Services, our website and our business
Basis for processing: a) necessary for our legitimate interests (to run our business, provide administration and IT services, network security), b) necessary to comply with our legal obligations
• Purpose: to deliver relevant website content and ads to you and see how effective our advertising is
• Basis for processing: necessary for our legitimate interests (see how customers use our products or services, to develop them, to grow our business, to improve our marketing strategy).
• Purpose: to use data analytics to improve our Services, website, marketing, customer relationships and experiences
Basis for processing: necessary for our legitimate interests (define types of customers for our products/services, update our website and keep it updated and relevant, to grow our business and improve our marketing strategy).
• Purpose: to make suggestions and recommendations to you about Services or new Services that may be of your interest
Basis for processing: necessary for our legitimate interests (develop our products/services, grow our business).

Change of Purpose
We will use your personal data for the purposes for which we collect it or where we reasonably consider that we need to use it for another reason only if this reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing and Promotional Offers
In case you agree, we will send you marketing messages in relation to our Services or new Services that we think you may want or need or may be of your interest.

Third-party Marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

How to stop Marketing Messages from Us or Third Parties
You can ask us or third parties to stop sending you marketing material and messages any time. You can use any of the following methods:
• By following the unsubscribe or opt-out links in any marketing email or marketing message, or
• By adjusting your marketing preferences where we provide relevant links, or
• By contacting us at any time at [enquiries@block.co] or via any other means of communication (including social media messages).
Where you opt out of receiving marketing messages, you will not stop receiving service communications, such as updates regarding the Services you use.

Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may be come inaccessible or not function properly. For more details, see our Cookie Policy.

4. Data Sharing with others
We may disclose your information to our employees, agents, and affiliates to perform services for us.
We may also disclose your information to third parties, such as:
• Service Providers who provide IT and system administration services, fraud detection, customer support,
• Professional advisers including lawyers, bankers, auditors, and insurers who provide relevant services,
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
• Governmental agencies or entities, regulatory authorities, or other persons in line with applicable rules, orders, subpoenas, official requests, or similar processes as either required or permitted by applicable law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not sell, rent, or otherwise make your personal data commercially available to any third party, except with your prior permission.

5. Transfers to third countries
We may need to transfer your data to locations outside the EEA. Where we transfer your data outside the EEA, we ensure a similar degree of protection with that in the EEA and the General Data Protection Regulation (GDPR) is afforded by implementing appropriate safeguards and measures.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Data stored on the Blockchain (for some parts of our Services)
We may store your personal data with appropriate physical, technological, and organizational safeguards and security measures on the Blockchain.
For some parts of our Service, we enable the issuance of digital certificates anchored to the Blockchain assuring immutability, and security, instead of the storage of certificates on a cloud, computer machine, or hardcopy.
Once issued and successfully anchored on the Blockchain, a certificate has no ongoing dependence on the Company. These records are anchored on the blockchain that recipients own for a lifetime.
We have also developed a methodology whereby certificates can be revoked in case there is a need for that.

7. Data Retention
We keep your personal data for no longer than necessary for the purposes for which it is processed. The length of time for which we retain personal data depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Generally, this means we retain your personal data to comply with any retention or statutory limitations or for purposes of performing a contract with you. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.

8. Your rights:
We provide information relating to the rights you have under certain circumstances under the applicable privacy laws as well as the exercise of these rights.

1. Right of access
You have the right to request and receive a copy of your personal data undergoing processing. However, for any further copies requested, we may charge you a reasonable fee that is based on administrative costs.
2. Right to rectification
You have the right to obtain from us within reasonable time the rectification of inaccurate personal data concerning you. We may need to verify the accuracy of the new data you provide to us.
3. Right to erasure (‘right to be forgotten’)
You have the right to ask for the erasure of your personal data and that such data is no longer processed where such processing is no longer necessary in relation to the purposes for which it is processed.
We may may object to such a request and may keep the relevant personal data that are required in order for us to comply with our legal obligations or the legal obligations of a controller that cooperates with us pursuant to the terms of a relevant agreement.
4. Right to restriction of processing
You have the right to restrict the processing of your personal data. Nonetheless, for the personal data that is necessary for compliance with a legal obligation, we may object the restriction request.
5. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided.
6. Right to object
You have the right to object to the processing of your personal data. However, as long as we lawfully process such data, we will still have the right to process the data.
7. Withdraw consent at any time
Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing before the withdrawal of your consent. Please note that if you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is the case when you withdraw your consent.
8. Right to complain with the data protection authority
You have the right to complain with the Office of the Commissioner for Personal Data Protection, if you are not satisfied with our handling or response to your complaint.