Brickblock Ltd. and its subsidiary Brickblock Digital Service Gmbh (“Brickblock” or “we”) is the operator of the websites https://www.brickblock.io and https://portal.brickblock.re (the “Website”) and collects and processes personal data of individuals using the Website (the “User” or “you”). The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable legal data protection laws, in particular with the EU General Data Protection Regulation (the „GDPR“). We process your personal data according to the data processing purposes as listed below.
This applies to:
- Visitors to our website
- Registering as an investor (for the whitelist)
- Certifying as an Eligible Investor ( an investor that is eligible for the particular investment which depends on the jurisdiction)
Personal data – What it is about:
Any data directly or indirectly referring to you are considered personal data, e. g. name, e-mail address, IP address, etc. We collect and process your personal data on the basis of your express consent or where processing of personal data is permitted by applicable data protection laws. At any rate, we will inform you on the legal basis for the processing of personal data.
We will delete your personal data as soon as the purpose of the storage no longer applies. In addition, data may also be stored if applicable European or national legislature has provided for storage in Union regulations, laws or other provisions which Brickblock is subject to. In particular, Brickblock may be obliged by applicable European or national laws to retain data.
In the following, we inform you on which data are collected in connection with the use of the Website, the legal basis for the processing of personal data, the data processing purposes and how your personal data are processed, the duration of data storage and your rights in connection with data processing carried out by us.
I. Who we are – Name and contact details of the responsible body
The responsible body within the meaning of the EU General Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations (the “Controller”) for processing of your personal data is:
Brickblock Ltd. Portland House Glacis Road GX11 1AA Gibraltar Managing Directors: Wayne Almeida & Jefferey Woodward E-Mail: [email protected] Website: www.brickblock.io
II. Provision of the Website and creation of log files
We automatically collect and store information in so-called server log files, which the computer system of the computer used to use the Website automatically transmits to us: (i) browser type and browser version; (ii) operating system used; (iii) your internet service provider; (iv) your IP address; (v) hostname of the accessing computer; (vi) time of the server inquiry; (vii) websites from which your system reaches our Website; (viii) websites accessed by your system via our Website.
The data are stored in the log files of our system. These data are not stored together with other User’s personal data and will not be combined with other data sources. Our Website is hosted by Brickblock Digital Services GmbH.
The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 lit. f) GDPR. The temporary storage by the system is necessary to enable the Website to be delivered to your computer. The storage in log files is done to ensure the functionality of the Website. In addition, the data are used to optimize the Website and to ensure the security of our information technology systems. For these purposes, the data must be stored for the duration of the session. Our legitimate interest in data processing pursuant to Article 6 paragraph 1 lit. f) GDPR also lies in these purposes. Without collection and storage of data as described, the operation of the Website is not possible. This data processing is based on our legitimate interest in the secure and error-free operation of our IT infrastructure, the fight against misuse, the prosecution of criminal offences and the safeguarding, assertion and enforcement of claims which outweigh the interest in not storing the data.
The data are stored for seven days and will be then deleted from the web server.
We use so-called "cookies" on our Website. These are small text files sent from our web server to your computer to store certain information (e.g. identification features). If you use our Website anonymously, statistical evaluations are made using cookies for use, including the recording of new and returning visitors.
The presentation of our Website is also possible without the storage of cookies. You can deactivate the storage of cookies in the settings of your browser or set it so that it informs you about the intended storage by a Website. In this case you decide about the acceptance of the cookie. For technical reasons, however, it is necessary to allow temporary cookies in full for the full functionality of our website.
The legal basis is the legitimate interest pursuant to Article 6 paragraph 1 lit. f) GDPR. As the operator of this Website, we have a legitimate interest in analysing user behaviour in order to optimise our Website and, where applicable, our advertising. Further, some cookies are necessary for implementation of security settings provided by third parties.
It is also possible to use our Website without cookies. For more information on blocking cookies, please refer to the help pages of your internet browser. Stored cookies can be deleted in the system settings of your internet browser.
1. Cfduid cookie
The cfduid cookie is set by the CloudFlare service to identify trusted web traffic. The cookie is necessary for the proper functioning of the CloudFlare service. The cookie does not store any personally identifiable information. For more information see: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do.
2. Google Analytics
This Website uses the functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google is certified under the EU Privacy Shield and thus guarantees compliance with European data protection laws, https://policies.google.com/privacy/frameworks?hl=en&gl=de.
Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after 26 months or earlier in accordance with the settings of your web browser.
This processing is required to pursue our legitimate interests (Art. 6 paragraph 1 lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
3. Browser settings
You can prevent the storage of your cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this Website in full. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You have the possibility and you are invited to get in touch with us by sending us an e-mail to the e-mail address provided on our Website ([email protected]; [email protected]). We are looking forward to your message, suggestion, question or whatever you want to tell us. We store any personal data you transmit with your e-mail to us. They are stored exclusively in order to communicate with you. By entering and submitting your data, you are giving your consent for processing the entered data.
When you contact us by e-mail, the data you provide (your e-mail address, if applicable your name and your telephone number) as well as the data technically necessary in the course of sending an e-mail will be stored. These are technical, automatically transmitted data in the header of an e-mail, which, among other things, provide information about the route taken by the e-mail and provide information about the sender, recipient, date of creation, format of the content and the stations of transmission. They are stored exclusively in order to communicate with you.
We use G Suite, the e-mail service provider of Google. All e-mail communication in which we are involved is transferred to G Suite. For more information please see: https://gsuite.google.com/terms/dpa_terms.html?_ga=2.33963492.433621457.1528117485-659710155.1528117485.
The legal basis for storage and processing of data entered in the contact form is your consent in accordance with Article 6 paragraph 1 lit. a) GDPR, for the storage of personal data transmitted via e-mail Article 6 paragraph 1 lit. f) GDPR. The storage of the latter is necessary for communication with you being the legitimate interest in data processing pursuant to Article 6 paragraph 1 lit. f) GDPR.
We will delete your personal data as soon as the purpose of of the storage no longer applies. We regularly check whether data is still needed or whether it can be deleted.
NOTES ON EMAIL COMMUNICATION
We will of course make every effort to store your personal data in such a way that they are not accessible to third parties by using all technical and organisational means. However, full data security cannot be guaranteed when communicating by email, so we recommend that you send confidential information by post.
NOTES ON SSL ENCRYPTION
Our Website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and the lock symbol in your browser line.
If SSL encryption is enabled, the information you provide to us cannot be read by third parties.
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask will be transmitted to us. In addition, the following data is collected during subscription: (i) your e-mail address; (ii) your IP address; (iii) date and time of your subscription.
If you would like to receive the newsletter offered on our Website, we need an e-mail address from you. The registration for our newsletter is done in a so-called double opt-in procedure (DOI). After your subscription you will receive an e-mail to the e-mail address you have given us, where you will be asked to confirm your registration. This confirmation is required so that no unauthorized third party can register with your e-mail address.
No data is passed on to third parties in connection with data processing for sending newsletters. The data will only be used for sending the newsletter.
The legal basis for the processing of the data after registration for the newsletter by you is Article 6 paragraph 1 lit. a) GDPR on the basis of the corresponding consent. The collection of your e-mail address serves to send the newsletter.
The registration for the newsletter is logged in order to prove the registration process. This includes the storage of the registration and confirmation time as well as the IP address. This data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The data will be saved as long as the subscription to the newsletter is active and we might have to proof your earlier subscription.
You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe"link in every newsletter.
VI. Registration on our Website – The personal data we collect and process
On our website, we offer the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. We do not share data with third party marketers and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
We are required to share data with third party providers to fulfil contractual obligations you have agreed to, such as investing in an opportunity, where KYC (know your customer) and AML (anti money laundering) checks will need to be performed.
The following data is collected during the registration process: (i) first name, last name and if different your maiden name; (ii) your e-mail address; (iii) your phone number; (iv) your residence (street address, city, state, zip code and country); (v) your date and place of birth; (vi) your nationality; (vii) your passport/ID card number and country of issue; (viii) proof of residence document; (ix) your tax ID; (x) your source of wealth; (xi) your source of funds; (xii) your reputation and character; (xiii) if needed (depends on jurisdiction) your qualification as an Eligible Investor and any information provided for such qualification; (xiv) date and time of your subscription and your IP address.
This data will be passed on to solarisBank AG, Anna-Louisa-Karsch-Straße 2, 10178 Berlin, Germany and its certification service provider IDnow GmbH, Auenstraße 100, 80469 München, Germany. This data shall also be passed on to JTC Group (JTC PLC), JTC House, 28 Esplanade, St. Helier, Jersey, JE2 3RT. This data may also be passed on to relevant Issuers as legally required. As part of the registration process, your consent to the processing of this data is obtained.
The legal basis for the processing of the data after registration on our Website is Article 6 paragraph 1 lit. b) GDPR on the basis of the corresponding consent.
Your registration is necessary to carry out pre-contractual measures and to conclude and execute the contract.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. If the data are necessary for the fulfilment of a contract or for the execution of pre-contractual measures, a deletion of the data is not possible. If there are no contractual or legal obligations we will delete any personal data.
VII. Social network functions
1. Data processing in case of use a “share” or “follow” button
For example, if you like one of our blog posts and want to share it with your Facebook, LinkedIn or Twitter friends by clicking the corresponding button of our respective social network, we can receive information about this activity associated with your public Facebook, LinkedIn or Twitter profile. These are your user name or user ID, your age group and your country or language, your friends list and - theoretically - any information you share with your friends. Your privacy settings on Facebook, LinkedIn and Twitter are also important here.
In practice, we could also configure our system to let the plugin Providers, such as Facebook, LinkedIn or Twitter tell us all about the usage of the respective plugin. Or we could evaluate this personal data under numerous aspects and parameters. But that's not what we want and it is not what we do! We do not look at which social media-account (for example your Facebook account) was used to "share" a post or other content; we take no notice of any personal data. We will never be interested in storing, evaluating or otherwise doing anything with this data. We will certainly not merge the data with other data.
That sounds confusing? Hence the attempt to say it simple:
As you know, every time you use the Internet you leave behind a wide trail of data that can be attributed to you and becomes personal data. Incredibly large data silos are filled and evaluated. That's not what we do. And that’s not what we want. Never! No evaluations. No creation of profiles. Nothing at all.
But of course we are very happy if you enjoy our content and share it with your friends. We do not want to know anything about the personal data generated. If at all we look at how often one of our contribution was "shared". Completely anonymous to you.
2. “Share function” of social network Providers
Our Website has various links to social networks, through which the function “share” is provided. These are in particular:
the “share function” of the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The “share” button can be recognized by a blue rectangle with a lowercase white "f" (https://www.facebook.com/brickblock.io/).
the “share function” of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA ("LinkedIn"), recognizable by the logo of LinkedIn. In this case a blue rectangle with a lowercase white "in" (https://www.linkedin.com/company/brickblock_io).
the “share function” of Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”), recognizable by the logo of Twitter, which looks like a blue rectangle with a white stylized bird (https://twitter.com/brickblock_io) .
By clicking on the “share” button, the corresponding information is sent directly from your device to the respective plugin Provider and stored there. The data is transferred regardless of whether you have an account with the Plugin Provider and are logged in there. If you are logged in with the respective social network site, your data collected with us will be directly assigned to your existing account with the social network site. If you click the activated button and, for example, link the page, the plugin Provider also stores this information in your user account and shares it publicly with your contacts.
3. “Follow” function of social network Providers
For example, if you would like to stay informed about our activities and publications, we invite you to follow us through one or more of our profiles on social networks. These are in addition to those already mentioned above: Facebook, LinkedIn and Twitter also the social network Providers:
Instagram LLC, 1601 Willow rd., Menlo Park CA 94025, USA (“Instagram”), recognizable by the logo of Instagram, which is a blue rectangle with a stylized camera in a thin white line (https://www.instagram.com/brickblock.io/) and Medium (https://medium.com/@Brickblock).
When you click the “follow” button, Instagram for example collects the technical data (your device, your IP address, your browser and its version, etc.) and the data associated with your activity ("follow") and adds them to your account information. We do not know to what extent this sets a cookie that stores your IP address and sends it to Instagram or to the respective social network on which you follow us, despite detailed research. We are sorry for that. You should know that social media Providers collect a lot of data and use it, for example, for the purpose of targeted advertising.
We may also collect personal information from you when you press the respective “follow” button. But we do not want that either, because it does not bring us any added value or other urgently needed knowledge. Again: No evaluations. No creation of profiles. Nothing at all.
4. The legal basis regarding the use of social network profiles and their functions
With regard of the use of social network profiles and their functions the legal basis of processing personal data is Article 6 paragraph 1 lit. f) GDPR.
If personal data are collected/ processed at all, they are deleted at regular intervals before we have even looked at them. Our plan is that we clean up our data at least once a year and check whether data is still needed or whether it can be deleted anyway.
5. Processing enquiries via social media
In order to process enquiries directed to us via our presence in social networks we will process the personal data published on the respective social network. The processing of your data is required to process your request (Article 6 paragraph 1 lit. b) GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of your request (e.g. interest in promotion of our services). Having fulfilled of the request or enquiry as well as all legal obligations, in particular commercial and tax retention requirements, the data will be deleted.
VIII. Your rights in connection with processing of personal data
In the following, we inform you on your rights that you have in connection with the processing of personal data by us and may exercise according to applicable data protection laws, in particular to the GDPR.
1. Right of access
You have the right at any time to demand information on if we process your personal data. In the event of such processing, you may request the following information from us: (i) the purposes for which personal data are processed; (ii) the categories of personal data which are processed; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you; (viii) the existence of automated decision-making, including profiling in accordance with Article 22 paragraph 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees in connection with the transfer of data.
2. Right to rectification
You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
3. Right to erasure
You may demand your personal data to be deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (iv) your personal data have been processed illegally; (v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
4. Right to restriction of processing
You may request to restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.
5. Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.
6. Right to object
7. Right to revoke the declaration of consent under data protection law
If you give us the consent to process your personal data, you have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
8. Right to lodge a complaint with the supervisory authority
You have the right to address the supervisory authority for any questions or complaints. The supervisory authority is the GRA Gibraltar Regulatory Authority, https://www.gra.gi/data-protection.
IX. Changes to this Privacy Statement
We reserve the right to amend the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this applies solely with regard to declarations on data processing. If your consent is required or if parts of changes are containing regulations of the contractual relationship with you, changes will only be made with your consent.
You are asked to inform yourself regularly about the content of our Privacy Statement.