Privacy Policy

Last Updated: January 2025

1. Introduction

BlockCar.io ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our tokenization platform for collectible automotive assets.

This policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

  • Full name, date of birth, and contact information (email, phone)

  • Government-issued identification documents (passport, driver's license)

  • Proof of address (utility bills, bank statements)

  • Financial information (income, net worth, investment experience)

  • Business information for legal entities (company name, address, EIN, articles of incorporation)

2.2 Blockchain and Wallet Information

  • Cryptocurrency wallet addresses

  • Transaction history on the blockchain

  • Token holdings and portfolio data

  • Wallet connection metadata

2.3 Usage Data

  • IP address, browser type, and device information

  • Pages visited and features used on the Platform

  • Time and date of access

  • Interactions with AI Concierge services

2.4 Verification and Compliance Data

  • KYC (Know Your Customer) verification documents and results

  • AML (Anti-Money Laundering) screening results

  • Risk assessment scores

  • Sanctions and watchlist screening results

3. How We Use Your Information

We use your information for the following purposes:

  • Identity Verification: To comply with KYC/AML regulations and verify user eligibility

  • Platform Operations: To provide, maintain, and improve our services

  • Transaction Processing: To facilitate token purchases, sales, and transfers

  • Regulatory Compliance: To meet legal obligations under ERC-3643, MiCA, MiFID II, FINMA, VARA, and SEC regulations

  • Security: To detect and prevent fraud, money laundering, and unauthorized access

  • Communication: To send platform updates, transaction confirmations, and customer support

  • AI Services: To personalize AI Concierge recommendations and market intelligence

  • Analytics: To understand user behavior and improve platform performance

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Contractual Necessity: Processing necessary to fulfill our Terms of Service

  • Legal Obligation: Compliance with KYC/AML and financial regulations

  • Legitimate Interests: Platform security, fraud prevention, and service improvement

  • Consent: For marketing communications and optional data processing (where applicable)

5. Data Sharing and Third Parties

We may share your information with:

5.1 Service Providers

  • KYC/AML verification providers (Chaincomply, identity verification services)

  • Blockchain infrastructure providers

  • Cloud hosting and data storage services

  • Payment processors and financial institutions

5.2 Vault Partners

  • Physical asset custody providers for secure storage

  • Insurance providers for asset coverage

5.3 Regulatory and Legal Authorities

  • Government agencies and regulators as required by law

  • Law enforcement in cases of suspected illegal activity

  • Courts and legal advisors in dispute resolution

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted is encrypted using TLS/SSL protocols

  • Access Controls: Strict role-based access to sensitive information

  • Secure Storage: Personal data stored in encrypted databases with regular security audits

  • Monitoring: Continuous monitoring for unauthorized access and suspicious activity

  • Incident Response: Rapid response protocols for data breaches or security incidents

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services and fulfill contractual obligations

  • Comply with legal and regulatory requirements (typically 5-7 years for financial records)

  • Resolve disputes and enforce our agreements

  • Detect and prevent fraud

Once data is no longer needed, it will be securely deleted or anonymized. Blockchain transaction records are permanent and cannot be deleted.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you

  • Rectification: Request correction of inaccurate or incomplete data

  • Erasure: Request deletion of your data (subject to legal retention requirements)

  • Restriction: Request limitation on how we process your data

  • Data Portability: Receive your data in a structured, machine-readable format

  • Objection: Object to processing based on legitimate interests

  • Withdraw Consent: Withdraw consent for processing where consent was the legal basis

To exercise your rights, contact us at concierge@blockcar.io. We will respond within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings

  • Analyze platform usage and performance

  • Provide personalized content and recommendations

  • Detect and prevent fraud

You can control cookie preferences through your browser settings. Note that disabling cookies may limit platform functionality.

10. International Data Transfers

BlockCar operates globally, and your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and compliance with GDPR adequacy decisions, to protect your data during international transfers.

11. Children's Privacy

BlockCar's services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we discover that a child's data has been collected, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify users of material changes via email or platform notification. The "Last Updated" date at the top of this policy indicates when it was last revised.

13. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact:

Email: hello@blockcar.io

Subject Line: Privacy Inquiry - [Your Request Type]

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.