PRIVACY POLICY
UAB BullkEx is committed to protecting the privacy of our customers and stakeholders, and we take our data protection responsibilities with the utmostseriousness.
This Privacy Policy sets out what Personal Data we collect, how we process it and how long we generally retain it, along with details of your rights as adata subject.
To the extent that you are a customer or user of our services, this Privacy Policy applies together with any Terms and Conditions and other contractualdocuments, including but not limited to any agreements we may have with you. We reserve our right to issue separate policies in respect of other relevant stakeholders such as our employees, connected persons and/or our business partners.
To the extent that you are not a relevant stakeholder, customer or user of our services, but are using our website, this Privacy Policy also applies to you togetherwith our Cookie Policy; if you do not accept these policies, you should immediately discontinue your use of our website.
We have designed our website so that you may navigate and use our website without having to provide Personal Data, subject only to certain data that may becollected via the use of cookies. This Policy should therefore be read together with our Cookie Policy, which provides further details on our use of cookies onthis website. Our Cookie Policy can be accessed at https://www.bullkex.com/.
In this Policy, «we», «us» and «our» refers to UAB BullkEx, a company incorporated in Lithuania with incorporation number 306143314. For moreinformation about us, see the ‘Our details’ section of this Policy.
In this Policy, “Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiablenatural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
For the avoidance of doubt, Personal Data does not include data from which you cannot be identified
(which is referred to simply as data, non-personal data, anonymous data, or de-identified (data).
In this Policy, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not byautomated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Navigating this Policy
If you are viewing this Policy online, you can click on the below links to jump to the relevant section:
- Navigating this Policy
- Your Information and the Blockchain
- How We Use Personal Data
3.1. When visiting our website
3.2. When subscribing to our Newsletter
3.3. When receiving our Newsletter
3.4. When receiving our info-emails
3.5. When visiting our Twitter or Medium Profile
3.6. Other uses of your Personal Data
- Use of Third Party Applications
4.1. Transmitting Social Media Links
- Sharing Your Personal Data
- Transferring Your Personal Data outside of the European Union (EU)
- Existence of Automated Decision-making
- Data Security
- Your Rights as a Data Subject
Right Information and access
Right to rectification
Right to erasure (right to be ‘forgotten’)
Right to restrict processing and right to object to processing
Right to data portability
Right to freedom from automated decision-making
Right to object to direct marketing (‘opting out’)
Right to request access
Right to withdraw consent
Right to lodge a complaint with a relevant supervisory authority
- Storing Personal Data
- Changes to this Privacy Policy
- Our details
- Your Information and the Blockchain
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Blockchains are decentralized andmade up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that thedata is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and thatthere is no centralized place where it is located either.
Accordingly, by design, a blockchain’s records cannot be changed or deleted and is said to be
‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (this being your ‘right to be forgotten’), the right to rectification of your data or your rights to object or restrict processing, of your personal data. Data on the blockchain cannot generally be erased or changed, althoughsome smart contracts may be able to revoke certain access rights, and some content may be made invisible to others; however, it is not deleted.
In certain circumstances, in order to comply with our contractual obligations to you it may be necessary to write certain personal data, such as your cryptographicwallet address, onto one or more blockchains; this is done through a smart contract and requires you to execute such transactions using your cryptographicwallet’s private key.
In most cases ultimate decisions to (i) transact on the blockchain using your Ethereum/Bitcoin or other cryptocurrency wallet address, as well as (ii) share thepublic key relating to your Ethereum/Bitcoin or other cryptocurrency wallet address with anyone (including us) rests with you.
IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ONBLOCKCHAINS AS CERTAIN RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US.
IN PARTICULAR THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAINWILL BECOME PUBLICLY AVAILABLE.
Your information may also be written on other blockchains of the cryptocurrency which you use to purchase your tokens (e.g. such as the Bitcoinblockchain where you chose to pay in Bitcoin).
- How We Use Personal Data
3.1. When visiting our website
We may collect and process Personal Data about your use of our website. This data may include:
- the browser types and versions used;
- the operating system used by the accessing system;
- the website from which an accessing system reaches our website (so- called referrers);
- behaviour: subpage, duration, and revisit;
- the date and time of access to our website,
- the Internet protocol address (“IP address”);
- the Internet service provider of the accessing system; and
- any other similar data and information that may be used in the event of attacks on our information technology systems.
This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-termviability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
We also collect, use and share ‘Aggregated Data’ such as statistical or demographic data. Aggregated Data may be derived from your personal data but is notconsidered personal data in law provided it has been de-identified and anonymised. For example, we may aggregate your usage data to calculate the percentageof users accessing a specific website feature. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identifyyou, we treat the combined data as personal data; such data will be processed in accordance with this Policy.
The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of ourbusiness against risks and your consent when agreeing to accept cookies.
Personal Data will be stored for 14 months and will be deleted automatically afterwards, or de-identified for statistical purposes, and in this latter case shall bekept indefinitely.
In certain cases, some of the above data is collected using cookies, and includes data from which you cannot be identified. Such data will be retained inaccordance with our Cookie Policy, which can be accessed via the link at the beginning of this Policy.
3.2. When subscribing to our Newsletter
We may collect and process the Personal Data that you provide to us for the purpose of subscribing to our email newsletter. This data mayinclude:
- your email address;
- the date and time of registration;
- your IP address.
This data is collected and processed for the purpose of sending you our newsletter.
The legal basis for this processing is your consent as provided in the double opt-in confirmation part of our newsletter sign-up process.
Your email address will be stored as long we have the consent to send you a newsletter.
3.3. When receiving our Newsletter
If you have subscribed to our newsletter, each time you receive a newsletter from us, we may collect and process Personal Data. This data may include:
- the date and time you opened the email;
- what (if any) links or URLs you accessed from our newsletter;
- the location it was accessed from
This data is collected and processed for the purpose of improving the content of our newsletter.
The legal basis for this processing is your consent as provided in the double opt-in confirmation part of our newsletter sign-up process.
3.4. When receiving our info-emails
If you have subscribed to our info-email, each time you receive a newsletter from us we may collect and process Personal Data. This data mayinclude:
- the date and time you opened the email;
- what (if any) links or URLs you accessed from our Newsletter; and
- the location it was accessed from
This data is collected and processed for the purposes of improving the content of our info email. The legal basis for this processing is your consent
The collected data will be deleted after 6 months.
3.5. When visiting our Twitter or Medium Profile
We may collect and process Personal Data about your use of our Twitter or Medium Profile. This data may include:
- clicks on a shortened URL;
- a history of referral URLs for clicks of a shortened URL;
- and a history of IP addresses used to access a shortened URL.
This data is collected and processed for the purposes to track the success of the marketing campaigns, blog posts, and other marketing material; and for userdemographics in order to identify target markets. This data is collected and processed for the purpose of improving the content of our shared linkspursuant to our legitimate interests. It is de-identified and becomes Aggregated Data to the furthest extent possible.
3.6. Other uses of your Personal Data
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is ourlegitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Further, we may process your Personal Data where such processing is necessary in order for us to comply with a legal obligation to which we are subject.
- Use of Third Party Applications
4.1. Transmitting Social Media Links
One of more of our websites may provide links to our social media profiles. Those services might also collect Personal Data. Below is a broad selection ofsocial media applications that we may currently use or potentially use in the future, and links to their privacy policies:
Slack channel: https://slack.com/privacy-policy Facebook: https://www.facebook.com/policy.php Twitter: https://twitter.com/privacy
Reddit: https://www.redditinc.com/policies/privacy-policy
Medium: https://medium.com/policy/medium-privacy-policy-f03bf92035c9
Please refer to their privacy policies on the above links, noting however that they may be changed without notice by those social media service providers.We are not responsible for the privacy policies and practices of other organisations and you should check with the relevant organisation as to how theymanage Personal Data and any updates they may make to their policies.
- Sharing Your Personal Data
We may pass your information to our business partners, administration centres, third party service providers, agents, subcontractors and other associatedorganisations for the purposes of completing tasks and providing our services to you.
In addition, when we use any other third-party service providers, we will disclose only the Personal Data that is necessary to deliver the service required and wewill ensure, that they keep your information secure and not to use it for their own direct marketing purposes.
In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any businessrestructuring or reorganisation, or if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation. However, we willtake steps to ensure that your privacy rights continue to be protected.
- Transferring Your Personal Data outside of the European Union (EU)
As explained above in this Policy, some of our products and services rely on blockchain technology. Interacting with a global decentralized public networkmeans that any Personal Data written onto blockchains may be transferred and stored across the globe.
We will ensure that any transfer of data outside of the EU or the European Economic Area (EEA) to what are commonly referred to as “third countries” is onlyeffected to such extent as allowed by applicable legislation, and subjected to additional safeguards that are appropriate to ensure the processing of your dataoutside of the EEA remains within our control as far as possible and allows you to continue to enforce your rights as a data subject.
The EEA includes all the EU Members States plus Norway, Iceland and Liechtenstein.
However, as explained above in section 2 of this Policy, a blockchain is a global decentralized public network and accordingly, any personal datawritten onto blockchains may be transferred and stored across the globe.
- Existence of Automated Decision-making
We do not use automatic decision-making or profiling when processing Personal Data, save that we may carry out a risk profile of our clients in compliancewith applicable anti-money laundering legislation.
This means decisions are not made by robots or computers, and therefore not ‘automated’. However, certain third parties may use certain automated decision-making tools or software. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.
- Data Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way,altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Theywill only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we arelegally required to do so.
- Your Rights as a Data Subject
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (‘General Data Protection Regulation’ or ‘GDPR’). Weexplain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website at the following Link https://ec.europa.eu/info/law/law-topic/data-protection_en.
Right Information and access
You have a right to be informed about the processing of your Personal Data (and if you did not give it to us, information as to the source) and this Policyintends to provide the information. Of course, if you have any further questions you can contact us using the details found under the ‘Our details’ section of this Policy.
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed.You may also request that we restrict the processing of that information.
The accuracy of your information is important to us. If you do not want us to use your Personal Data in the manner set out in this Policy, or need to advise us ofany changes to your personal information, or would like any more information about the way in which we collect and use your Personal Data, please contact ususing the details found under the ‘Our details’ section of this Policy.
However, when interacting with blockchains, we may not be able to ensure that your personal data is amended or rectified. This is because (as explainedabove in section 2 of this Policy) blockchains are a public decentralized network and blockchain technology does not generally allow for data to beamended or modified. This means your right to rectification may not be fully enforceable, or may be wholly unenforceable in certain cases.
Right to erasure (right to be forgotten)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
However, when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted. In these circumstances we will only be able toensure that all Personal Data that is held by us is permanently deleted.
However, when interacting with blockchains, we may not be able to ensure that your personal data is deleted. This is because (as explained above insection 2 of this Policy) blockchains are a public decentralized network and blockchain technology does not generally allow for data to be deleted. This means your right to erasure may not be fully enforceable, or may be wholly unenforceable in certain cases. In these circumstances, we will only be able toensure that all personal data that is held by us is permanently deleted; not those data which are written onto any blockchains (as applicable).
We will proceed to comply with an erasure request without delay and to such extent we are able to do so, unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defence of legal claims.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on yourconsent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
However, when interacting with blockchains, we will likely not be able to prevent external parties from processing any Personal Data which has beenwritten onto blockchains. This is because (as explained above in section 2 of this Policy) blockchains are a public decentralized network and blockchaintechnology generally requires data to be made public and we do not have full control over the means and purposes of processing as much of this is donewithin the blockchains themselves and depending on the way the relevant blockchain is structured, may involve external parties processing your data. This means your right to restrict processing may not be fully enforceable, or may be wholly unenforceable in certain cases. In these circumstances,we will use our reasonable endeavours to ensure that all processing of Personal Data held by us is restricted. Notwithstanding this, your right torestrict to processing may still be affected.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or inorder to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured,commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
As explained above, we do not use automated decision-making, but where any automated decision- making takes place, you have the right in this case toexpress your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantlyaffecting you and based on your Personal Data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opt ing out’)
You have a choice about whether or not you wish to receive information from us.
We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
- you have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us using the details found under
the ‘Our details’ section of this Policy..
On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your Personal Datafor marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on anyforms we use to collect your Personal Data. You may also opt-out at any time by contacting us using the details found under the ‘Our details’ section ofthis Policy.
Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Policy or applicable terms ofbusiness, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe, as they arenecessary to provide the services requested.
Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact youregarding your use of our website and/or our products and services, or as part of a contractual relationship we may have with you.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Data that we hold or process. Toprotect your Personal Data, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing suchinformation. You can exercise this right at any time by contacting us using the details found under the ‘Our details’ section of this Policy.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting ususing the details found under the ‘Our details’ section of this Policy.
Raising a complaint about how we have handled your Personal Data
If you wish to raise a complaint on how we have handled your Personal Data, you can contact us using
the details found under the ‘Our details’ section of this Policy.
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make acomplaint to the Director of the Lithuanian State Data Protection Inspectorate: https://vdai.lrv.lt/en/.
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege aninfringement of one or more of our rights has taken place, if that is based in the EEA.
- Storing Personal Data
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this Policy. Records can be heldon a variety of media (physical or electronic) and formats.
Retention periods are determined based on the type of record, the nature of the data and activity and the legal or regulatory requirements that apply to thosedata. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential riskof harm from unauthorised use or disclosure of the Personal Data, the purposes for which we process the Personal Data and whether we can achieve thosepurposes through other means, considering the applicable legal requirements that may require us to retain or destroy it.
However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to whichwe are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Changes to this Privacy Policy
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed toour emailing lists directly of the changes, and change the ‘Last Updated’ date above. We encourage you to review this Policy whenever you access or use ourwebsite to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinueyour use of this website.
- Our details
This website is owned and operated by UAB BullkEx; a company incorporated in Lithuania (Company Registration Number 306143314) with its registeredoffice address at Zalgirio g. 88-101, 5FL, LT-09303, Vilnius, Republic of Lithuania.
If you have any queries concerning your rights under this Policy, you can contact the Privacy Manager on the details above and via email to: support@bulkex.com