Our Services are offered through one or more subsidiaries of Blockchain Luxembourg S.A. By using the Services, you understand that your Personal Data may be used by one of the following entities (each, a “Controller”):
You may contact our Data Protection Officer (“DPO”) by email at [email protected].
When you access or use the Services, we collect the following information:
Information you may provide to us: You may give us information about you by filling in forms on our website or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the website or with our app.
Information we collect about you: With regard to each of your visits to our website or our app we automatically collect the following information:
Information We Collect Required By Law, Rule, or Regulation: Depending on the Service, we may collect information from you in order to meet regulatory obligations around know-your-customer (“KYC”) and anti-money laundering (“AML”) requirements. Information that we collect from you includes the following:
Information We Collect from Other Sources: We also receive information from other sources and combine that with the information we collect through our Services. For instance:
We will use your information to:
We also reserve the right to use aggregated Personal Data to understand how our users use our Services, provided that those data cannot identify any individual.
We also use third-party web analytics tools that help us understand how users engage with our website. These third-parties may use first-party cookies to track user interactions to collect information about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose website trends without identifying individual visitors. You can opt-out of such third-party analytic tools without affecting how you visit our site. For more information on opting-out, please contact [email protected].
We will process your Personal Data legally and fairly and not use it outside the purposes of which we have informed you, including selling it individually or in the aggregate for commercial use.
We also may share Personal Data with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Blockchain’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by Blockchain is among the assets transferred.
We shall require any third-party, including without limitation, any government or enforcement entity, seeking access to the data we hold to a court order, or equivalent proof that they are statutorily authorized to access your data and that their request is valid and within their statutory or regulatory power.
Funding and transaction information related to your use of certain Services may be recorded on a public block chain. Public block chains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many block chains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when block chain data is combined with other data.
Because block chains are decentralized or third-party networks that are not controlled or operated by Blockchain or its affiliates, we are not able to erase, modify, or alter Personal Data from such networks
We protect Personal Data with appropriate physical, technological and organizational safeguards and security measures. Your Personal Data comes to us via the internet which chooses its own routes and means, whereby information is conveyed from location to location. We audit our procedures and security measures regularly to ensure they are being properly administered and remain effective and appropriate. Every member of Blockchain is committed to our privacy policies and procedures to safeguard Personal Data. Our site has security measures in place to protect against the loss, misuse and unauthorized alteration of the information under our control. More specifically, our server uses TLS (Transport Layer Security) security protection by encrypting your Personal Data to prevent individuals from accessing such Personal Data as it travels over the internet.
The length of time we retain Personal Data outside our back-up system varies depending on the purpose for which it was collected and used, as follows:
When Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that identifies you or we will securely destroy the records, where permissible. However, we may need to maintain records for a significant period of time (after you cease using a particular Service) as mandated by regulation. For example, we are subject to certain anti-money laundering laws that require us to retain the following, for a period of five (5) years after our business relationship with you has ended.
Except where prohibited by law, this period may extend beyond the end of the particular relationship with us, but only for as long as we are bound to do so for the audit, regulatory or other accounting purposes. When Personal Data is no longer needed, we have procedures either to destroy, delete, erase or convert it to an anonymous form. If you have opted-out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.
After you have terminated the use of our Services, we reserve the right to maintain your Personal Data as part of our standard back-up procedures in an aggregated format.
Blockchain stores your Personal Data at secure locations in the EU. Blockchain ensures that appropriate security standards are in place regarding the safeguarding, confidentiality, and security of Data.
The information that we collect from you will be transferred to, and stored in, destinations outside of your country and the European Economic Area ("EEA") as described below:
We may transfer your Personal Data outside the EEA and the UK to other company subsidiaries, service providers and business partners (i.e., Data Processors) who are engaged on our behalf. To the extent that we transfer your Personal Data outside of the EEA and UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the GDPR and the UK Data Protection Act 2018. If transfers of Personal Data are processed in the US, we may in some cases rely on applicable standard contractual clauses.
The rights that are available to you in relation to the Personal Data we hold about you are outlined below.
If you ask us, we will confirm whether we are processing your Personal Data and, if so, what information we process and, if requested, provide you with a copy of that information within 30 days from the date of your request.
It is important to us that your Personal Data is up-to-date. We will take all reasonable steps to make sure that your Personal Data remains accurate, complete and up-to-date. If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your Personal Data to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
You may inform us at any time that your personal details have changed by emailing us at [email protected]and we will change your Personal Data in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof that we are required to keep for regulatory or other legal purposes.
You can ask us to delete or remove your Personal Data in certain circumstances such as if we no longer need it, provided that we have no legal or regulatory obligation to retain that data. Such requests will be subject to any agreements that you have entered into with us, and to any retention limits, we are required to comply with in accordance with applicable laws and regulations. If we have disclosed your Personal Data to others, we will let them know about the erasure request where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
You can ask us to block or suppress the processing of your Personal Data in certain circumstances, such as, if you contest the accuracy of that Personal Data or object to us processing it. It will not stop us from storing your Personal Data. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your Personal Data to others, we will let them know about the restriction of processing where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
In certain circumstances, you might have the right to obtain Personal Data you have provided us with (in a structured, commonly used and machine-readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
You can ask us to stop processing your Personal Data, and we will do so if we are:
Automated decision-making and profiling
If we make a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our Services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such a decision is necessary for entering into, or the performance of, a contract between us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our Services if we agree to such a request by terminating our relationship with you. You can exercise any of these rights by contacting us at [email protected].
In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at [email protected] and we will attempt to handle your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have violated data protection laws.