Data protection at Blockpit

Fear knocked on the door, trust opened, nobody was outside. Our most important asset is the trust of our customers; not only regarding our service but also regarding your data. That’s why we protect them. With this Privacy Policy according to GDPR, Blockpit AG, FN 477383i, Peter-Behrens-Platz 4, 6. OG, 4020 Linz (hereinafter “Blockpit), as the entity responsible for processing data (for contact details see our imprint), declares WHO, WHAT, WHEN, HOW, WHY and WHERE personal customer data will be processed. The collection, administration and use of personal data by Blockpit complies with all applicable data protection regulations (GDPR, data privacy act, etc.), the Telecommunications Act (TKG) and the E-Commerce Act (ECG).

What?

On our website / platform blockpit.io you can create a profile page with personal data, contact us and possibly “post” comments. Blockpit thus collects information at the registration of a user on the website and in connection with the use of any other Blockpit application. Blockpit stores and uses personal data in particular to develop new applications, improve existing ones and adapt them to the needs of users. Certain information must be provided when registering to use the Blockpit applications (email address, name, etc.). However, certain information is optional and voluntary during registration and can be added or deleted by the user afterwards (e.g. name and surname, date of birth, address, profile picture). In the course of the whitelisting process also KYC and contract data is collected. We process personal data we receive from you (obligatory and voluntary) as part of our business relationship. In addition, we process personal data that we legitimately receive from publicly accessible sources (e.g. land registers, commercial registers, register of associations, press, media, Internet). Personal data includes:

• Personal Information (e.g. name, address, contact details, date of birth, gender, place of birth, nationality)
• Authentication data (e.g. identity card)
• Order data (e.g. payment orders and wallet or account number)
• Data from the fulfilment of our contractual obligations (e.g. purchase amount, exchange amount, virtual payment data)
• Information in accordance with the KYC principle resulting from the legal obligations under the Financial Market Anti Money Laundering Act (e.g. customer profile, documentation of purpose and nature of business relationship, proof of source of funds, PEP-check)
• Advertising and sales data
• Documentation data (e.g. advice record, memos)
• Processing results that we generate ourselves and data in compliance with legal and regulatory requirements

Why?

The purpose of data collection is the automation-supported data processing and service within the framework of transaction analyses and applications in the area of blockchain technology. Blockpit has a business license for services in automatic data processing and information technology. We process the aforementioned personal data or the fulfilment of contractual obligations (article 6 section 1 lit b GDPR) for performing our services and in particular for the execution of our contracts with you or for the execution of pre-contractual measures, which take place on your request, as well as are required for the execution of all activities with the operation and administration of our activities and for the prosecution of legal claims. The purpose of data processing may include, among other things, needs analysis, quality assurance, consulting and the execution of transactions;

for the fulfilment of legal obligations (article 6 section 1 lit c GDPR; e.g. financial markets anti-money laundering act, tax laws, potential future regulatory requirements) for identity and age verification, fraud and money laundering prevention, the fulfilment of tax and supervisory control and reporting obligations (including the provision of information to tax or criminal authorities, the Financial Market Authority and the Austrian National Bank);

within the scope of your consent (article 6 section 1 lit a GDPR) insofar as you have given us your consent to process personal data for specific purposes;

to protect legitimate interests (article 6 section 1 lit f GDPR) in the context of weighing up interests in favor of Blockpit or a third party, such as in cases of consultation and data exchange with credit agencies, advertising or market research (unless you have objected to the use of your data), measures to protect customers and employees as well as the property of Blockpit, measures to prevent and combat fraud (transaction monitoring) and measures to manage business and the further development of products and services.

All personal data provided by the user during registration will be deactivated. All data the user has processed on the blockpit.io platform will within 30 days upon termination or exclusion be made (i) anonymous or (ii) deleted, insofar as there is no legal obligation to retain data or that legitimate interests object. You will find more details in the data protection declaration.

Upon the user’s request, all personal data relating to the user will be deleted, provided that there are no legal storage obligations or legitimate interests to the contrary. You will find more details in the data protection declaration. This requires an email with the email address provided during registration and a request for final deletion to support@blockpit.io or on the blockpit.io platform. Blockpit will respond immediately to such requests.

Who and Where?

Blockpit treats all user data confidentially and only publishes such data with legal obligation or the user’s explicit consent. At Blockpit, those departments or employees who need your data to fulfil contractual, legal and potential supervisory obligations and to safeguard legitimate interests have access to it. Also service providers (Processor) employed by us receive data from us if they require this data to perform the respective service or if there is a corresponding case of permission. All contractors and vicarious agents are contractually obliged (Data Processing Agreement) to maintain data secrecy and to treat your data confidentially and to process it only within the scope of the provision of services.

Blockpit has implemented appropriate security policies and procedures to protect stored user data. Sensitive data is not collected. Non-customizable information is stored and used for newsletter advertising purposes or on blockpit.io by Blockpit or its contractual partners. Registered users can also unsubscribe from this advertisement using a function on the blockpit.io website.

When?

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations, at least for the duration of the entire business relationship and additionally in accordance with the statutory retention periods (e.g. 7 years according to the Federal Fiscal Code (BAO) or Austrian Commercial Code (UGB); 30 years according to the Austrian general civil law (ABGB) for warranty and compensation). It is possible that the data may be made anonymous instead of being deleted. In this case, any personal reference will be irretrievably removed, which is why the deletion obligations under data protection law also cease to apply.

Data Security

Data security is very important to us and we have comprehensive administrative, technical and physical measures in place to protect your personal data from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These measures meet the highest international security standards and are regularly reviewed for their effectiveness and suitability to achieve the intended security objectives.

We have implemented the following technical and organizational measures, among others:

• SSL encryption of our websites from which we send personal data;
• Ensuring the confidentiality, integrity, availability and resilience of our systems and services;
• Use of encrypted systems;
• Pseudonymisation and anonymisation of personal data;
• Access, entry and transmission control for our offices and systems;
• Measures to quickly restore the availability of personal data in the event of a physical or technical incident;
• Introduction of procedures to regularly review, evaluate and assess the effectiveness of technical and organisational measures to ensure the security of data processing
• Internal IT security guidelines and IT security training;
• Incident-response management.

Payment and Subscription Information

Through our services you have the possibility to initiate booking transactions. As far as this is necessary for the fulfillment of the contract, data are also handed over to our payment service providers (e.g. Stripe, PayPal) or the bank responsible for the payment processing. The scope of the data is limited to the minimum required for the purpose of contract execution.

When paying by credit card, bank transfer or direct debit, payment is made via Stripe from the payment service provider Stripe Payment Europe Ltd, Block 4, Harcourt Center, Harcourt Roud, Dublin 2, Ireland. For more information on Stripe privacy, visit https://stripe.com/privacy#translation.

Although we do not store any credit card information ourselves, we register a payment ID that is assigned by the provider and can be assigned to a person, as well as the duration of your subscription, price, currency, VAT (based on country information), and payment provider.

Service Providers and Third-Party Services

We share your information with third parties who assist us in providing and improving our products (such as maintenance, analysis, audit, payments, fraud detection, marketing and development). Service providers have access to your data as necessary to perform these tasks on our behalf, and are under an obligation not to disclose or use them for any other purpose. We use processors like Google, Facebook, Amazon Web Services, Firstpromoter, Miro, Notion Labs, Zoom, Semrush, Atlassian, Zendesk, Stripe, AdRoll, Zapier, Hotjar & Hubspot.

Data protection rights

Each person affected has the right of disclosure, rectification, deletion, processing restrictions, opposition and data transferability. In addition, there is a right of appeal to a data protection supervisory authority. The supervisory authority for compliance with data protection regulations in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, phone: +43 1 531 15-202525, e-Mail: dsb@dsb.gv.at, website: http://www.dsb.gv.at.

Before you contact the data protection authority, we request that you first assert all your rights at Blockpit (legal@blockpit.io). Please note that without your data, we usually cannot execute the contract or the execution of the order and may have to terminate it.

Automatic decision-making including profiling?

We do not use automated decision making to establish and carry out the business relationship. Personal aspects are also not evaluated (profiling).

Plugins and Widgets for Social media

Blockpit uses content from third parties on its platform:

https://www.facebook.com/blockpit.io
https://twitter.com/blockpit_io
https://www.instagram.com/blockpit.io/
https://www.linkedin.com/company/18177045/
https://t.me/blockpit
https://reddit.com/r/Blockpit
https://steemit.com/@blockpit
https://medium.com/@blockpit

The social media plugins can collect the IP address of the user and the page that the user has accessed on the blockpit.io platform and they may set a cookie for the function to work properly. Social media plugins and widgets are hosted either by third parties or directly on our websites and the IP address is transferred to a third country or within the EU. User interaction with these functions is subject to the privacy policies of the company providing the function. Blockpit is not responsible for the policies and practices regarding collection, use, disclosure, including third-party data security practices. Please contact these companies directly to find out the legal basis and storage period.

Cookies

For data processing in connection with Cookies and similar technologies, please refer comprehensively to our Cookie Statement (https://blockpit.io/en/cookie-policy/).

 Google Analytics and App Analytics

The Blockpit applications use Google Analytics, a network analysis service from Google Inc. (“Google”). Google Analytics uses “Cookies” (see point above). The information concerning the visit of a website, including the IP address, is collected by the cookie and usually transmitted to a Google server in the USA and stored there. If a website has activated IP anonymization, Google first shortens IP addresses from member states of the European Union and EEA states. The complete IP address is then, as exception, transmitted to a Google server in the USA or Asia and then shortened there. Google uses the information collected on behalf of the website provider to analyze the use of Blockpit applications, to provide reports on website activity and to provide additional services relating to Blockpit applications. Under no circumstances does Google link the IP address transmitted by the browser within the framework of Google Analytics with other Google data.

Your consent also allows us to transfer certain data to our partners for processing in countries outside the EU, such as the USA (e.g., Google Analytics). There is no adequacy decision by the EU Commission for the USA and despite extensive measures, the high level of EU data protection in the USA cannot be guaranteed. There are risks that transmitted data may not be deleted or further processed for any purpose, that there may be disproportionate access to your data by US authorities or that you may not be able to effectively enforce your rights in the US. However, you are welcome to withdraw your consent at any time with effect for the future. However, rejecting some of these cookies may affect your user experience.

Users can prevent the recording by Google and Google’s processing of information regarding the use of the Blockpit platform, including the IP address, by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=en

The Blockpit applications use Google DoubleClick for Publishers (“DFP”). DFP uses cookies to show the user relevant advertisements – more information about DFP can be found at https://support.google.com/dfp_premium/answer/2839090?hl=en. The user can deactivate the setting of cookies by DFP on the following page and thus prevent the display of advertising relevant to the user on the Blockpit platform: http://www.google.com/ads/preferences.

Use of Google Recaptcha

To protect its orders via Internet form Blockpit uses the reCAPTCHA service of Google Inc. (Google). The IP address transmitted by your browser within the scope of reCaptcha and the data required for this are transmitted to Google in the USA. The deviating data protection regulations of the company Google apply to this data. http://www.google.com/policies/privacy/.

Access Data / Server Logfiles

Blockpit (or its web space provider) collects data about every access to the offer (so-called server log files). Access data includes: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. The provider uses the protocol data only for statistical evaluations for the purpose of operation, security and optimization of the offer. However, the provider reserves the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete indications.

Deletion of User Data

If an account of a registered user is terminated, all personal data of the respective user provided during registration will be deactivated. All data collected of the user will (i) be made anonymous, meaning that it becomes visible that this information originates from a deleted account, or (ii) in case of deletion of an account, deleted within 30 days, provided that no legal retention obligations or legitimate interests of Blockpit speak against it and all user data which are no longer required for contract fulfilment by Blockpit or which must be stored due to legal requirements will be irrevocably deleted at the request of this registered user. Such a request for deletion has to be made via e-mail to support@blockpit.io, stating the e-mail address provided upon registration. Blockpit will comply with this request immediately.

Newsletter

Blockpit sends newsletters on the one hand to registered users and on the other hand to persons who have provided their e-mail addresses to another service offered by Blockpit, e.g. https://kryptosteuerguide.com. The email address is processed for the purpose of the newsletter and the user has the opportunity to unsubscribe each time he/she receives it. The legal basis is your consent pursuant to § 107 of the Telecommunications Act (TKG).

Changes to the Privacy Policy

In order to comply with all legal requirements, this Privacy Policy is continuously adapted. You will always find the current version on our website. If we make material changes to this Privacy Policy, we will notify you after you log in to your Blockpit account and provide you with the updated version of the Privacy Policy. If required by applicable law, Blockpit will obtain your express consent to make material changes.

Contact

 If you have any further questions about this Privacy Policy or the processing of your personal data, please contact either our Support (support@blockpit.io) or Legal Team (legal@blockpit.io).

Version: July 2022