Privacy Policy
Introduction
When you visit the website weareblox.com or use the trading application of BLOX, we collect, use and store your personal data in order to provide you with our services.
This Privacy Statement explains how BLOX B.V. protects and uses your data. It informs you about what kind of data we process, why we use this data, what we do with it and what are your rights.
This Privacy Statement applies to all personal data that BLOX processes.
We process your data respecting the requirements of the relevant privacy legislation, including the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act. That means that we store as little data as possible, we don't store your personal data longer than legally allowed and no longer than necessary for the purposes the data was collected for.
Who is responsible for the processing of your personal data?
BLOX B.V. and Stichting derdengelden BLOX (as described in our User Agreement) are responsible for the processing of your personal data. They act according to this Privacy Notice and as ‘controllers’ under the definition of the GDPR.
What is personal data?
Personal data is all data that can identify you as an individual. Some examples are your name, telephone number or e-mail address. But data such as your IP address, bank account number or your BLOX trade history could also qualify as personal data.
Why do we process your data?
Personal data can only be processed when there is legal ground to do so. The specific ground on which BLOX processes data depends on the purpose for which data is used for.
BLOX has for example a legal obligation to process certain personal data. This obligation is deriving from the Anti Money Laundering Directive (AMLD) and the national implementation of this direcive such as the Dutch Money Laundering and Terrorist Financing Prevention Act (Wwft). We need to process personal data to comply with these legislations.
Besides that we have to process certain personal data for execution of the agreement you concluded with us for the provision of products and services and to prevent fraud, misuse or criminal offences on our platform. We may use certain information about you (name, account number, age, nationality, IP address, etc.) to detect fraudulent activities. For example, we look at transactions that deviate from normal transaction patterns or to transactions that have characteristics of money laundering or terrorist financing.
Finally, we process personal data with your permission, for example, for marketing activities, to alert you via email or in app notification of new features, price alerts etc. In case we process your personal data based on your permission, you can always retract your permission at any time. This will not affect the legality of the use of personal data collected before the retraction. If you retract your permission, we will delete your personal data that we processed based on your permission.
How do we obtain this data?
We only process your personal data when there is a legal ground for that. How we obtain this data depends on the kind of data we process. Most of the data we collect, you provide to us directly during the procedure of creating an account, upgrading an account or executing transactions on the platform.
Some information is collected and stored automatically, for example, your IP address and some data about the mobile device you are using. Besides that, we might generate personal data about you based on the information you provide us, such as data relevant to the risk classification from an AML or CFT perspective or information from third parties such as (public) registers.
What categories of personal data we process from you and for what purposes?
- We process your personal data to provide you with the best possible service and to comply with our legal obligations. The personal data that we process includes:
- Identification data: we verify your identity at the moment you register your account. This information may consist of your first name, last name, residential address, country, email address, and identification documents.
- Account information: we collect and use your personal data during the customer relationship. Some of this data may include employment status, information about your transaction profile and any other information that may be relevant to (continue to) use our services.
- Financial information: we need to process your transactions to enable the use of our service. For this, we process your payment details and collect and store the information about your trades within the platform. Besides that we may ask you for proof of the origin of funds or source of wealth.
- Data for fraud prevention and for promoting the safety of the application: we process personal data to detect and prevent fraud and other criminal offences. We do that to protect the security of our customers and of our platform. We may use scoring methods to assess and manage risks.
- Data we use to communicate with you: we use your personal information to communicate with you about our services in various ways (for example by phone, email, chat). When you contact us, we can use the information stored in your account to answer your questions or complaints. We may also record telephone conversations with you.
- Data to improve our services and platform: we may process your personal data to analyse performance and increase functionality, to investigate customer satisfaction, to fix errors, and to develop the usability and overall quality of our platform.
- Data for marketing activities: We use information about your behaviour in the app to recommend features, products and services that may be of your interest. We may do this through push notifications. We also use your information to identify your preferences and provide a personalised experience. For this purpose we will process your account information (email, username and notification settings) but also some basic non-identifiable information contained on your device (country, language, time zone, operating system, App version, and device ID). We will only use your data for this purpose with your permission.
- Data used for purposes for which you give us your consent: We may also ask for your permission to process certain personal data for a specific purpose. You will always be notified in these cases.
Who do we share your data with?
In certain cases we share your personal information with third parties. This happens for example when we use other companies and individuals who provide us services or perform certain activities on our behalf. These third parties are verified and if needed we enter into agreements with them to make sure they provide at least the same level of protection as described in this Privacy Policy. Below you will find some cases in which your data can be shared with a third party:
- We use third parties in regard to IT-services such as hosting services or IT development services
- We use the services of third parties to send you automatic newsletters, push notifications and to analyse customer engagement with our application.
- Our customer support department uses software to quickly and efficiently handle your questions.
- To process payments on our website we work with several payment services providers and banks.
- We use identity authentication software to verify the legitimacy of your identification documents.
- We use automated customer screening and transaction monitoring to comply with our AML requirements.
Moreover, we can provide certain information to third parties when it is required by law, to enforce our terms of use and other agreements, to protect our rights, property, or safety, and to protect our customers and others. This includes exchanging information with other companies and organisations in the context of fraud protection and credit risk reduction.
It can also be the case that we share your personal information with the government. This can happen if certain government institutions need this information for the performance of their duties, such as the tax authorities. The police or judicial authorities may also need certain information in the event of fraud or other illegal activities. Finally, certain supervisory bodies may have access to personal data in the context of an investigation.
Where and for how long do we store your personal data?
We store your data within the European Economic Area ("EEA"). However, some data we collect can be transferred or stored outside the EEA, for example because one of our third-party service providers is based there. When this is the case, we ensure that this is done safely, in accordance with this Privacy Policy and as permitted by applicable data protection law. In such cases, BLOX will take appropriate measures to ensure that your data is protected as best as possible. We rely on adequacy decisions from the European Commission or use standard contractual clause contracts published by the European Commission.
In principle, we do not store your personal data for longer than necessary. However, for some data, there are retention periods established by law. For example, data regarding financial administration is kept for 7 years. Information regarding the Money Laundering and Terrorist Financing Prevention Act (Wwft) is kept for 5 years after the end of the business relationship between us and our customers.
Personal information we process only on the basis of your permission will be deleted after
you withdraw your consent.
How secure is your data?
We take several technical and organisational measures to protect your personal data. We make sure your data is stored safely, according to our internal policies, procedures and guidelines. When possible, we ensure your data is encrypted and pseudonymised before sharing it with third parties.
We also have internal specialists who work daily to secure our systems in general and we partner with external experts that monitor our security. Have you found any vulnerabilities that have slipped through our nets? You can report them here.
Do we use cookies?
When visiting our website we process information through cookies. Cookies are small data files in which your browser saves some information. These cookies do not save any personal information, but they enable us to keep track of your prior visits and your IP address.
We use two types of cookies, technical and analytical cookies. Technical cookies keep the website working properly, so disabling these cookies might lead to certain reduced functionality. Analytical cookies help us keep track of visitor statistics and give insight into the functioning of our website. For this we use Google Analytics and Hotjar. You can object to the collection and processing of these Google Analytics cookies through the following link: https://tools.google.com/dlpage/gaoptout?hl=nl.
What are your rights?
In line with the GDPR, you have the right to:
- Request access to the data we have about you.
- Correct and supplement any outdated, incorrect or incomplete data
- You also have the right to have your personal data removed.
- In addition, users of our platform have the right to file a complaint with the Dutch Data Protection Authority.
- Would you like to do so? Send an email to: privacy@weareblox.com.
Updating Privacy Policy
We might update this Privacy Statement from time to time. We advise you to check this statement regularly to stay informed about these changes. We will announce substantial updates on our website.
How can you contact us?
The contact information for both BLOX B.V. and Stichting derdengelden BLOX is:
Kerkenbos 1025, 6546 BB
Nijmegen, the Netherlands.
privacy@weareblox.com
stichtingderdengelden@weareblox.com
If you have questions about the processing of your personal data, you can contact us by email. You can also use the chat, phone or the contact form on our website. When you contact us, we store some of your personal data to handle your request, such as your phone number, email address, and name