This Policy describes how BlockCerts may collect, use, and share information, particularly in association with the offering of BCERT tokens (the Tokens), the operation of the BlockCerts platform (the Platform), the operation of our website(s) (www.blockcerts.com and www.blockcerts.io) (together with all subdomains, the Website) and any future services that may be provided by BlockCerts (together, referred to as our Services). Please read the following carefully to understand our practices regarding your personal data. By purchasing Tokens, utilising the Platform or Services, accessing our Website, setting up an account, subscribing for our updates or otherwise providing us with your personal information, you expressly consent to the collection, use, retention, processing, transfer and sharing of your data under the terms of this Policy.
This Policy describes:
- the types of information we may collect from you;
- how we use the information we collect;
- how we may share the information we collect;
- third party services and content;
- the grounds for using your personal information;
- the measures we take to keep the information we hold secure;
- your choices and rights;
- how to contact us;
- how to make a complaint;
- data for subjects under the age of eighteen; and
- changes to this Policy.
The types of information we collect
“Personal information” is any information that can be used to identify you or that we can link to you as an individual. We collect your personal information when you provide it to us. We may also automatically collect certain information when you use, access, or interact with our Services.
Information you provide to us
As part of the registration process, purchasers of Tokens are required to submit documents and personal information as described in our Know-Your-Client policy (KYC Policy). The requirements are set out in more detail therein, and may be subject to additional requests by us. However, by way of example, we may collect the following information from you:
- first and last name;
- date of birth;
- country of residence;
- email address;
- passport number and issuing body; and
- your BCERT wallet address, Ethereum wallet address, any other cryptocurrency wallet address or bank account details and any related transaction details recorded by the public Ethereum blockchain
- any KYC and AML requirements presented by BlockCerts and its partners, as amended from time to time
In addition, where you utilise the Services, we may collect additional information from you in order to provide such Services. The scope of information will be confirmed to you on registering for such Services, but may include your personal information (including copies of your identity documents, your residential address and contact details) and financial data.
We may also collect information that you voluntarily provide to us, including when you communicate with us via email, on social media or other channels, when you register for our updates and when you respond to our communications or requests for information. The information you provide may include your name, contact information, title and other personal information about you.
Information we may collect automatically through cookies and similar technologies
By accessing our Website or any Services provided thereon, we may also automatically collect certain data from your browser, including server log information (such as login details, internet protocol (‘IP’) address and details on the time spent on various pages of our Website) and device and browser information (such as the type of device, universally unique identifiers (‘UUID’), advertising identifiers (‘IDFA’), type of browser, operating system, hardware and processor information, plug-ins and add-ons).
You can choose how Cookies are handled by your device through your browser or device settings, including refusing or deleting all Cookies. If you choose not to receive Cookies at any time, websites may not function properly and certain services may not be provided. Each browser and device is different, so check the settings menu of the browser or device you are using to learn how to change your advertising settings and Cookie preferences.
Information we may collect from third party sources
We may receive information about you from other sources, including third parties that help us update, expand, and analyse our records; or prevent or detect fraud. Our Services may also include integrated content or links to content provided by third parties (such as live chat, social media content, plug-ins and applications). Additional third parties may include our partners, analytics providers and third party payment vendors.
Please note that the information we may receive from such third party sources will be governed by the privacy settings, policies, and/or procedures of the third party, which may differ from this Policy. This Policy does not address, and we are not responsible for or able to control, the privacy, security, or other practices of such third parties.
How we use the information we collect
We may use the information we collect:
- to conduct know-your-client and anti-money laundering and other sanctions checks;
- to provide you with our Services and other services that you request including, as applicable, supplying, and processing your payment for, the Tokens, accessing and utilising features on the Platform and other services to be provided to you;
- to respond to your enquiries or to any problems that may arise (such as difficulties in navigating our Website or accessing certain Services or features);
- to inform you of important changes or developments to the Services or our policies and to provide you with technical, support or administrative notifications;
- with your separate consent, to send you marketing communications, and other information or materials that may be of interest you or which you have expressed an interest in receiving (and subject to your ability to opt-out from receiving those communications);
- to maintain our list of contacts;
- to understand how people use our Website and other Services, including by generating and analysing statistics and user trends, and to evaluate, administer, maintain and improve our Website and other Services;
- to develop new products or services;
- for our business purposes, including data analysis, invoicing and detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
- to assess the effectiveness of our events, promotional campaigns and publications; and
- as we believe reasonably necessary, advisable or appropriate to comply with our legal or regulatory obligations and to respond to legal, regulatory, arbitration or government process or requests for information issued by government authorities or other third parties or to protect your, our, or others’ rights.
Further, we may aggregate personal and other data captured through our Services so that the data is no longer capable of identifying an individual. Aggregated data may cover patterns of usage relating to our Services, and we reserve the right to use this aggregated information for the purposes of improving and enhancing our Services, generating insights, for use in marketing to other users and current and potential partners and otherwise for the purposes of our business. Provided that such aggregated data does not directly or indirectly identify you as an individual, this data is not considered to be personal information for the purpose of this Policy.
How we may share the information we collect
We may share the personal information we collect with other current or future entities within the BlockCerts network.
We may also disclose information we collect:
- To our partners and third party service providers that perform services on our behalf, such as marketing companies, web-hosting companies, analytics providers and information technology providers. In these circumstances contractual and other technical and security safeguards will be put in place with the partner or service provider.
- To law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us, as provided for under contract, as we deem reasonably necessary to provide legal services or if we believe your actions are inconsistent with our agreements and policies. In these circumstances, we will take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
- To service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
- To partners, financial institutions or service providers who may request such information in connection with providing services to us, including banking services, and only where we enter into an agreement with such institutions to limit their use and handling of the data in a reasonably appropriate fashion.
- To our employees where required or necessary for the performance of their duties and in line with the reasons for processing. Our employees are required to keep that information confidential and are not permitted to use it for any purposes other than to enable you to use the Services or to deal with requests which you submit to us.
We do not sell, rent, or otherwise share personal information that reasonably identifies you or your organisation with unaffiliated entities for their independent use except as expressly described in this Policy or with your prior permission. We may share information that does not reasonably identify you or your organisation as permitted by applicable law.
When you voluntarily make your personal information available online in an environment shared by third parties (for example, on messaging applications, social media, message boards, web logs, emails, during webinars, classes, telephone conferences or in comment or chat areas), that personal information may be viewed, saved, collected, heard, used and/or shared by others outside of BlockCerts. We are not responsible for any unauthorised third party use of information provided in these contexts. Please be mindful whenever you share any information in such environments.
Grounds for using your personal information
We rely on the following legal grounds to process your personal information, namely:
- Necessity for performance of a contract – We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us, for example, when you provide personal information to us to purchase Tokens, to utilise Tokens on the Platform or to otherwise provide Services.
- Consent - To withdraw your consent to such use, you can contact using the methods noted below. The electronic marketing communications we send to you also contain opt-out mechanisms that allow you to opt-out from receiving those communications, update your contact information or change your preferences at any time. You may be able to disable the sharing of location information in your browser settings. Where required by applicable laws, we will rely on your consent for direct marketing and to collect information from your device or computer.
- Legal obligation – We may process your personal information as may be required to comply with any legal or regulatory obligations that may apply to us, for instance under anti-money laundering and sanctions regimes.
- Legitimate interests – We may use your personal information for our legitimate interests to improve our Services. Consistent with our legitimate interests and any consents that may be required under applicable laws, we may use technical information as described in this Policy and use personal information for our marketing purposes provided that those interests are not outweighed by your interests, rights and freedoms.
Third party services and content
Our Services may include integrated content or links to content provided by third parties (such as video materials, social media content, plug-ins and applications).
Please note that the websites, applications and services of third parties (including affiliates, partners, sponsors, advertisers or other persons) will be governed by the privacy settings, policies, and/or procedures of the third party, which may differ from this Policy. This Policy does not address, and we are not responsible for or able to control, the privacy, security, or other practices of such third parties.
Protection and storage of the information we collect
We deploy administrative, technical and physical safeguards designed to comply with applicable legal requirements and to safeguard the information that we collect. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by BlockCerts.
However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the internet and wireless networks.
The Platform and Website will be controlled and operated by BlockCerts Blockchain Canada, Inc. which will be directed from British Columbia, Canada. The entity responsible for the offering of Tokens will be BlockCerts Blockchain Inc. We may store the information we collect in on our servers (both cloud based or in servers located in secure data centres within multiple jurisdictions, in countries where we or our service providers have facilities. Therefore, we may transfer information to countries outside of your country of residence which may have data protection laws and regulations that differ from those in your country.
We retain the information we collect for no longer than is reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations.
Your choices and rights
To withdraw your consent to the use of your information as described in this Policy you can contact us through the methods stated below. Please note that in some circumstances this may mean that we can no longer provide our Services to you.
If you no longer wish to receive marketing communications from us, you can also let us know via through the methods stated below. The electronic marketing communications we send to you also contain opt-out mechanisms that allow you to opt-out from receiving those communications, update your contact information or change your preferences at any time. We will honour your choice and refrain from sending you such announcements. You may also opt back in to receive those communications at any time.
Subject to local law, you may have certain rights regarding your personal information that we have collected. Your ability to exercise these rights will depend on a number of factors and, in some instances, we will not be able to comply with your request, for example because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular information we hold on you. If you would like to discuss or exercise the rights you may have, you can contact us through the methods stated below.
It is important that any personal information we hold about you in accurate and current. Please keep us informed if your personal data changes whilst we continue to retain such information. We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate or out of date. You can also ask us to see what personal information we hold about you and to erase your personal information if it is no longer required. You may also tell us if you object to our use of your personal information.
How to contact us
We welcome your enquiries and comments.
If you would like to contact us regarding this Policy or to withdraw your consent to this Policy or any aspect of it, please send us an email at firstname.lastname@example.org or utilize the contact form at www.blockcerts.com/contact-us.
We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If you would like to contact us, please use the methods stated above.
If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to complain to the data protection authority/regulator, as applicable, in your jurisdiction.
Data Subjects Under Eighteen
Our business is not directed at anybody under the age of eighteen, and we will never knowingly collect personal information from individuals under the age of eighteen.
Changes to this Policy
We may update this Policy from time to time and we encourage you to periodically review this Policy. The use of certain of our Services may also be governed by other applicable terms and policies regarding privacy and the sharing of personal information, which supplement, and should be reviewed alongside, this Policy.
If we make any material changes to this Policy regarding the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes in a clear and conspicuous manner on the Website.