PRIVACY POLICY DECLARATION

Home - PRIVACY POLICY DECLARATION

1        Introduction

The Blockchain Association is, and Association duly registered under the laws of Cyprus with registration number ΛΑΡ/Σ/69 and registered address at Piliou 23-25, George Mattheou Court, 5th Floor, 6037, Larnaca. (hereafter the “Association”).

. This policy sets out the basis and explains how we will treat and/or process any personal data and/or information we collect from you, or which you provide to us, in the course of cooperating with us and/or contacting us for any reason. By reaching the Association, each interested party hereby gives its consent to such collection, processing, storage and use of personal information by the Association as explained below

Nothing in this Privacy Policy Declaration shall limit your statutory rights in relation to your personal data. By providing personal data to the Association, you consent that the Association will be processing your data in accordance with this Privacy Policy. This privacy policy:

  • provides an overview of how the Association collects and processes your personal data and tells you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),
  • is directed to natural persons who are either current or potential associates and/or members of the Association, or are authorized representatives/agents or beneficial owners of legal entities or of natural persons who are current or potential associates and/or members (herein referred to as the interested parties),
  • is directed to natural persons who have and/or maintain such a business relationship with the Association in the past,
  • contains information about when we share your personal data with other third parties (for example, our service providers).

In this privacy policy, your data is called “personal data” and/or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data and/or personal information.

For the purposes of this declaration, personal data shall mean any information related to you which identifies or may identify you and which includes, for example, your name, address, identification number.

2        The collection of personal information

The Association in the context of exercising its scopes, for which it was founded,, collects the necessary personal information required to safeguard the interested parties’ data and/or assets and/or privacy and to provide the interested parties with the services they require, as well help the Association to construct the interested parties’ profile based on their requirements and preferences in order to achieve its scopes effectively.

In this respect, the Association gathers information fromthe interested parties, which it receives them via its website or via other means. The Association might also collect and process personal data from services providers (such as AML/KYC provider etc.) which it lawfully obtains and is permitted to process. In certain circumstances, the Association may gather personal information from banks and/or credit agencies, and/or clearing agencies and/or other sources.

The personal information the Association collects includes information required to communicate with and identify the abovementioned interested parties. The Association may also collect certain demographic information. The relevant personal data which the Association collect may include:

Name, address, contact details (telephone, email), identification data, EU basic payment account identification, birth date, place of birth (city and country), employed/self-employed, education, source of wealth,  current annual income, estimated assets, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data [e.g. signature], tax residence and tax ID.

3        Usage of personal information and legal basis

The Association will protect your privacy and use, store, process and handle of your data in an open and transparent manner and in accordance with the Regulation (EU) 2016/679, the European Union’s General Data Protection Regulation (GDPR).

The Association uses interested parties’ personal information only as required to perform and offer its services to the interested parties as well as to provide quality service and security to the. This information helps the Association to improve its services, customize browsing experience and enables it to inform its interested parties of any additional products, services or promotions relevant to interested parties and in this respect the interested parties hereby consent to the usage of this data for such purposes.

If the interested parties do not want to receive information of this nature for any reason, they can contact the Association at the following email: info@blockchain.com.cy.

The Association also process the personal data obtained by the interested parties in order to be able to conclude  the acceptance procedure, for the purposes of safeguarding legitimate interests pursued by the Association or by a third party (without unfairly going against the best interest of the interested party), as well as for compliance with all legal obligations emanating from the relevant legal regime, to which the Association is subject to, as well as statutory requirements, which impose on the Association necessary personal data processing activities for credit checks, identity verification, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls.

4        Interested parties’ obligation to provide personal data

In order for the Association to proceed with a membership relationship with an interested party, the interested party must provide all personal data which are necessary for the required commencement and execution of a membership relationship. The Association is obligated to collect such personal data, in order to verify interested parties’ identity before entering in a relationship with them or the legal entity for which an interested party is the authorized representative / agent or beneficial owner, so that it  complies with its statutory and legal obligation as mentioned above.

If an interested party does not and/or refuses to provide the Association with the required data, then the Association will not be allowed to commence and/or to continue its membership relationship either with the interested party, or as an individual and/ or as the authorized representative/agent and/or the beneficial owner of a legal entity.

5        Protection of personal information

Any personal information provided by the interested party to the Association will be treated as confidential and shared only within the Association and will not be disclosed to any third party except in the circumstances mentioned in the below sections.

Disclosure of any interested party’ s personal data, will only occur, where the interested party has provided the Association with his/her specific consent for processing and the legitimacy of such processing will be based on that consent. The interested party has the right to revoke its given consent at any time. However, any processing of personal data prior to the receipt of their revocation will not be affected.

6        Disclosure of interested parties’ personal data

The Association may share your information with its affiliates and/or any other Associations and/or members in the same group of the Association, as well as with its partners and associates, in the event such information is reasonably required in order to provide the products or services to its interested parties or in order to offer additional similar products and services that meet interested parties’ needs, and which are delivered in a manner that is useful and relevant only where interested parties have authorized the Association to do so. Such affiliates, group members, partners and associates, enter into contractual agreements with the Association by which they observe confidentiality and data protection according to GDPR.

The Association may also be legally required to disclose interested parties’ personal data, to supervisory and other regulatory and public authorities, so it complies with its statutory and legal obligations.

7        Non-affiliated third parties

The Association does not sell, license, lease, rent or share, or otherwise disclose interested parties’ personal information to third parties, except as described below:

  1. Where required by law or a court order by a competent Court; in case such disclosure is required to be made by law or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the regulatory authority;
  2. Where requested by any regulatory authority having control or jurisdiction over the Association and/or the Interested party and/or their associates and/or in whose territory the Association has interested parties;
  3. To relevant authorities to investigate or prevent fraud, money laundering or other illegal activity;
  4. To credit reference and fraud prevention agencies, third authentication service providers, banks and other financial institutions for credit checking, fraud prevention, anti-money laundering purposes, identification or due diligence checks and/or monitoring of the interested parties. To do so they may check the details the interested parties have supplied against any particulars on any database (public or otherwise) to which they have access. They may also use interested parties’ details in the future to assist other companies for verification purposes. A record of the search will be retained by the Association;
  5. To the Association’s professional advisors provided that in each case the relevant professional shall be informed about the confidential nature of such information and commit to the confidentiality herein obligations as well;
  6. To other service providers who create, maintain or process databases (whether electronic or not), offer record keeping services, email transmission services, messaging services or similar services which aim to assist the Association collect, storage, process and use Interested party information or get in touch with the interested party;
  1. To other service providers for statistical purposes in order to improve the Association’s marketing, in such a case the data will be provided in an aggregate form;
  2. Where necessary in order for the Association to defend or exercise its legal rights to any court or tribunal or arbitrator or Ombudsman or governmental authority;
  3. At the interested parties’ request or with the interested parties’ consent;
  4. Interested party Information is disclosed in relation to US taxpayers to the Inland Revenue in the Republic of Cyprus, which will in turn report this information to the Internal Revenue Service (IRS) of the U.S. according to the Foreign Account Tax Compliance Act (FATCA) of the USA and the relevant intergovernmental agreement between the Republic of Cyprus and the U.S.

Interested party information is disclosed in compliance with the common reporting standard (CRS) for the automatic exchange of financial account information developed by the Global Forum of the Organization for Economic Co-Operation and Development (OECD); in the cases where your tax residence is located outside Cyprus, the Association may be legally obliged to pass on the information and other financial information with respect to your financial accounts to Cyprus tax authorities and they may exchange this information with tax authorities of another jurisdiction or jurisdictions pursuant to intergovernmental agreements to exchange financial account information. Under such circumstances, the Association shall expressly inform the third party regarding the confidential nature of the information.

Use of the shared information is strictly limited to the performance of the above and is not permitted for any other purpose. All third parties with which the Association shares personal information are required to protect such personal information in accordance with all relevant legislation and in a manner like the way the Association protects the same. The Association will not share personal information with third parties which it considers will not provide its interested parties the required level of protection.

8        Transfer of interested parties’ personal data to a third country or to an international organization

As a general rule, the interested parties’ data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA. When you provide us with your personal data, you agree that we may proceed as above. This exception applies to the transfer of interested party data when it is required by law, e.g. reporting obligation under tax law and other tax treaties. (FATCA and CRS).

Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

Upon request, the interested party may receive further details on interested party data transfers to countries outside the EU/EEA.

9        Recording of Telephone Conversations and Electronic Communications

Telephone conversations and electronic communications between the interested party and the Association might be recorded and kept by the Association for a period of up to five years and recordings will be the sole property of the Association. The interested parties accept such recordings as conclusive evidence of conversations so recorded. Such recordings shall be provided to the interested parties upon request.

10   Contact to interested parties and use of personal data for Marketing Activities

From time to time the Association may seek to contact interested parties, whether by phone or by email and may process interested parties’ personal data for the purpose of informing them of any updates and/or news and/or any information related to of the Association .

Interested parties’ consent to the receipt of such information by accepting this policy. The Association may also, in certain cases, proceed to such contact if it is considered to be in its legitimate interest to do so. Any interested party wishing to opt out of further contact with the Association at any time whatsoever is entitled to do so, by simply contacting the Association at info@blockchain.com.cy  and requesting that no further contact on behalf of the Association should  be made with them.

11   Restriction of responsibility

The Association is not responsible for the privacy policies or the content of sites to which the Association website links and has no control of the use and/or the protection of information which is provided to the interested parties and/or which is collected by those sites. Whenever an interested party elects to link to a co-branded web site or to a linked web site, the interested party may be asked to provide registration or other personal information. Please note that such information is recorded by a third party and will be governed by the privacy policy of that third party and not the present privacy policy declaration

12    Mailing list

When the interested party is becoming a member of the Association, he agrees to be joining the Association’s mailing list in order to receive Association news, product updates, and analysis & research updates.  If the interested party wishes to unsubscribe from the mailing list, they must inform the Association in writing via sending an email to info@blockchain.com.cy.

13   Record Keeping

Under Applicable Regulations, the Association will keep records containing the interested party’s personal data for at least five (5) years after the interested party ceases to be a member of the association.

14    Interested parties’ data protection rights

Interested parties have the following rights in terms of their personal data that the Association holds about them:

a. Receive access to their personal data. This enables them to e.g. receive a copy of their personal data and to check that the Association is lawfully processing such. A request by the interested party may be sent to info@blockchain.com.cy.

b. Interested parties may also have the right to object where the Association is processing their personal data, for direct marketing purposes. This also includes profiling since it is related to direct marketing.

If the interested party objects to processing for direct marketing purposes, then the Association shall stop the processing of the interested party’s personal data for such purposes.

c. Request to receive a copy of their personal data in a format that is structured and commonly used and transmit such data to other organizations. Interested parties also have the right to have their personal data transmitted directly by the Association to other organizations that they will name.

d. Withdraw the consent that they gave to the Association about the processing of their personal data at any time. Any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by the interested party.

In order for the interested parties to exercise any of their above-mentioned rights, or if interested parties have any other questions about the use of their personal data by the Association, they should contact the Association’s Customer Support Team at info@blockchain.com.cy.

The Association endeavors to address all Interested parties’ requests promptly.

15   Use of “Cookies”

The Association uses cookies to secure interested parties’ trading activities and to enhance the performance of the Association’s web site. Cookies used by the Association do not contain personal information or other sensitive information.

The Association may share web site usage statistics with reputable advertising companies and with its affiliated marketing companies. It is noted that the information collected by such advertising companies is not personally identifiable. To administer and improve the Association’s website, the Association may use third parties to track and analyze usage and statistical volume information. The third party may use cookies to track behavior and may set cookies on behalf of the Association. These cookies do not contain any personally identifiable information.

16   Privacy Policy Updates

The Association may update this Privacy Policy Declaration from time to time. In the event that the Association materially changes this Policy including how it collects, processes or uses interested parties’ personal information, the revised Privacy Policy will be uploaded in the Association’s website. In this respect, the Association shall send any new version of the present Policy to its existing interested parties for their further acceptance, every time a change is affected.