Privacy Policy

PRIVACY POLICY

Modified: 2-3-2024

1. Introduction

This Privacy Policy (hereinafter, the “Policy”) is enacted by BCF Services LTD (DBA Blockchain Factory)(“Company,” “we,” “us,” or “our”), a legal entity duly registered and headquartered in the United Arab Emirates (UAE). The Company is committed to safeguarding the privacy rights of all users (“Users,” “you,” or “your”) and ensuring compliance with all applicable data protection regulations, including but not limited to:

• United Arab Emirates Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)
• General Data Protection Regulation (EU) 2016/679 (GDPR)
• California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)
• U.S. State-Specific Privacy Laws (CPA, CTDPA, VCDPA, UCPA, ICDPA, TDPSA, etc.)

By accessing, browsing, or using our services and website (the “Website”), you acknowledge and consent to the collection, use, disclosure, and retention of your Personal Information in accordance with this Policy.

2. Country-Specific Privacy Regulations & User Rights

United Arab Emirates (UAE) – PDPL

Regulatory Authority: UAE Data Office
For detailed information, visit: https://tdra.gov.ae

The United Arab Emirates Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) serves as the primary regulatory framework governing how personal data is processed, stored, and transferred within the UAE. Under this law, individuals have explicit rights regarding their personal data, ensuring transparency and accountability from businesses handling such information.

User Rights Under UAE PDPL:

• Right to Access: Users can request copies of personal data that has been collected and stored.
• Right to Rectification: Users can request the correction of inaccurate or incomplete personal data.
• Right to Erasure: Users can request deletion of their personal data under specific conditions, such as unlawful processing.
• Right to Object to Processing: Users can object to the use of their data for marketing, automated decision-making, or other purposes.
• Right to Data Portability: Users have the right to receive their data in a structured format and transfer it to another entity.
• Right to Restrict Processing: Users can limit how their data is used while verification or legal processes are ongoing.

The PDPL requires businesses to obtain explicit consent before processing data, ensure adequate security measures, and implement Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

European Union (EU) – GDPR

Regulatory Authority: European Data Protection Board (EDPB)
For more information, visit: https://ec.europa.eu/info/law/law-topic/data-protection_en

The General Data Protection Regulation (GDPR) is the most comprehensive privacy framework in the EU, regulating how businesses collect, store, and process personal data. It applies to any organization that handles the personal data of EU citizens, regardless of the business’s location.

User Rights Under GDPR:

• Right to Access: Users can obtain confirmation of whether their data is being processed and access such data.
• Right to Rectification: Users can correct inaccurate or incomplete personal data.
• Right to Erasure (“Right to Be Forgotten”): Users can request data deletion under lawful circumstances.
• Right to Restrict Processing: Users can limit how their data is used if they contest its accuracy or lawfulness.
• Right to Data Portability: Users can request their data in a machine-readable format to transfer it elsewhere.
• Right to Object: Users can object to data processing based on legitimate interests or direct marketing.
• Right to Lodge a Complaint: Users can report privacy violations to their national Data Protection Authority.

Businesses processing personal data under GDPR must maintain strict data protection measures, appoint Data Protection Officers (DPOs) when necessary, and adhere to privacy-by-design principles to minimize risk.

United States – Federal & State-Specific Privacy Laws

BLOCKCHAIN FACTORY complies with federal and state-specific privacy laws enacted across the United States. Privacy laws in the U.S. vary by state, with some jurisdictions providing extensive consumer protections similar to the California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA), while others are in the process of implementing new legislation.

California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)

The CCPA, which became effective on January 1, 2020, and the CPRA, which took effect on January 1, 2023, significantly expand privacy rights for California residents. These laws grant consumers the following rights:

• Right to Know – Users have the right to request details about the categories and specific pieces of personal data collected, including the sources of information and the purposes of its use.
• Right to Delete – Users may request the deletion of their personal data unless an exception applies, such as regulatory compliance or security purposes.
• Right to Opt-Out of Sale or Sharing of Data – Users can direct businesses to stop selling or sharing their personal data with third parties.
• Right to Correct Inaccuracies – Users have the right to request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information – Consumers can restrict the processing of sensitive personal data, such as financial details, biometrics, or precise geolocation.
• Non-Discrimination for Exercising Rights – Businesses are prohibited from denying services, charging higher prices, or offering lower service quality based on a user’s exercise of their privacy rights.

The California Privacy Protection Agency (CPPA) oversees enforcement and has the authority to impose fines for violations. Companies that collect, store, or process California residents’ data must ensure compliance or risk legal and financial penalties.

Other U.S. State Privacy Laws

Many other states have enacted or are in the process of enacting privacy laws that provide consumer rights similar to those in California. BLOCKCHAIN FACTORY ensures compliance with the following privacy laws:

• Colorado Privacy Act (CPA) – https://coag.gov/cpa/
• Connecticut Data Privacy Act (CTDPA) – https://portal.ct.gov/AG/Sections/Privacy
• Virginia Consumer Data Protection Act (VCDPA) – https://www.oag.state.va.us/
• Utah Consumer Privacy Act (UCPA) – https://consumerprotection.utah.gov/
• Iowa Consumer Data Protection Act (ICDPA) – https://www.iowaattorneygeneral.gov/
• Texas Data Privacy and Security Act (TDPSA) – https://www.texasattorneygeneral.gov/
• Montana Consumer Data Privacy Act (MCDPA) – https://dojmt.gov/
• Tennessee Information Protection Act (TIPA) – https://www.tn.gov/attorneygeneral.html
• Indiana Consumer Data Protection Act (ICDPA) – https://www.in.gov/attorneygeneral/
• Delaware Personal Data Privacy Act (DPDPA) – https://attorneygeneral.delaware.gov/

While privacy laws vary, these states generally provide consumers with rights to access, correct, delete, and opt-out of data collection and sharing. Businesses handling consumer data in these states must adhere to applicable regulations, implement robust data security measures, and process privacy-related requests in a timely manner.

As U.S. data privacy laws continue to evolve, BLOCKCHAIN FACTORY remains committed to monitoring legislative updates and ensuring ongoing compliance with all relevant laws and regulations.

BLOCKCHAIN FACTORY complies with federal and state-specific privacy laws enacted across the U.S., including:

• California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)
• Colorado Privacy Act (CPA) – https://coag.gov/cpa/
• Connecticut Data Privacy Act (CTDPA) – https://portal.ct.gov/AG/Sections/Privacy
• Virginia Consumer Data Protection Act (VCDPA) – https://www.oag.state.va.us/
• Utah Consumer Privacy Act (UCPA) – https://consumerprotection.utah.gov/

Each of these laws provides users with rights similar to those outlined in CCPA/CPRA, ensuring that businesses disclose what data is collected, allow users to access and delete their personal information, and implement robust security measures.

3. Collection and Use of Personal Information

BLOCKCHAIN FACTORY, registered and headquartered in the United Arab Emirates (UAE), collects and processes personal information in accordance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), which serves as our primary regulatory framework. The company also complies with international privacy regulations such as the General Data Protection Regulation (GDPR) in the EU and various U.S. state privacy lawswhere applicable. However, all data handling, processing, and retention policies are governed first and foremost by UAE law.

We collect personal information to facilitate identity verification, account creation, service enhancements, compliance with financial regulations, fraud prevention, and marketing analytics. We ensure that all data processing activities are conducted with transparency, proportionality, and security in accordance with UAE PDPL and relevant international standards.

BLOCKCHAIN FACTORY collects and processes personal information for various essential purposes that enhance security, functionality, and service efficiency. Data collection supports account creation, identity verification, fraud prevention, compliance with AML regulations, and marketing analytics.

4. Cookies and Tracking Technologies

BLOCKCHAIN FACTORY utilizes cookies and tracking technologies to enhance user experience, optimize website functionality, and uphold security protocols. As a UAE-based entity, we comply with UAE PDPL’s consent and transparency requirements regarding the collection and use of cookies. Additionally, we align with GDPR and U.S. privacy laws when processing data for users in those jurisdictions.

Types of Cookies We Use:

• Essential Cookies – Necessary for core website functionality, including authentication and security.
• Analytical Cookies – Help us measure and improve site performance through traffic analytics.
• Marketing Cookies – Enable us to serve personalized advertisements and optimize content recommendations.
• Security Cookies – Detect and prevent fraudulent activity to protect user accounts and transactions.

Users may manage cookie preferences via browser settings. While disabling cookies may impact certain features, we respect user choices in compliance with UAE regulations and global best practices.

BLOCKCHAIN FACTORY employs cookies to enhance user experience, improve system functionality, and provide security. Users may manage cookie settings through their browsers.

5. Response Timing and Format

We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by email.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with any portion of a request, the response we provide will also explain why, if applicable. For data portability requests, we will select a commercially reasonable format to provide your Personal Information that is commonly useable and should allow you to transmit the information from one entity to another entity without hindrance, but we do not guarantee that all formats are useable in all media. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

6. Fair Information Practices Principles (FIPP)

BLOCKCHAIN FACTORY adheres to the Fair Information Practices Principles (FIPP) as outlined under the UAE PDPL, ensuring that all data collection, processing, and storage are conducted ethically and transparently.

Core FIPP Principles Applied to UAE Law:

• Notice & Transparency – Users are informed about data collection practices and purposes before providing their personal information.
• Choice & Consent – Users retain control over their data, including the ability to opt in or out of processing activities where applicable.
• Data Accuracy & Integrity – We ensure all collected data is accurate, complete, and up-to-date.
• Security Safeguards – Advanced cybersecurity measures are implemented to protect personal information against unauthorized access, alteration, or destruction.
• Access & Correction – Users may request access to their data, review it, and request modifications in accordance with UAE PDPL regulations.
• Accountability & Enforcement – We are committed to enforcing strong internal policies and complying with regulatory bodies in the UAE.

BLOCKCHAIN FACTORY adheres to FIPP, ensuring transparency, data minimization, user rights, and breach notification procedures.

7. CAN-SPAM Act Compliance & Electronic Communications Regulations

While BLOCKCHAIN FACTORY operates under UAE jurisdiction, we also adhere to electronic communications regulations applicable in other jurisdictions, including the CAN-SPAM Act (United States) and GDPR electronic communications guidelines (EU).

Key Email & Electronic Communication Standards:

• Transparent Sender Identification – Emails and notifications will always clearly indicate the sender and purpose.
• Opt-Out Mechanisms – Users can easily unsubscribe from marketing communications through explicit opt-out links.
• No False or Misleading Information – All messages must contain accurate subject lines and sender information.
• Prompt Opt-Out Compliance – All unsubscribe requests are honored within regulatory timeframes to ensure compliance with UAE and international standards.

We ensure compliance with CAN-SPAM Act, including clear sender identification, accurate subject lines, and easy opt-out mechanisms.

8. Children’s Privacy Compliance

BLOCKCHAIN FACTORY prioritizes the protection of minors and complies with UAE PDPL, which enforces strict regulations on the collection and processing of children’s data. Additionally, we comply with international laws such as the Children’s Online Privacy Protection Act (COPPA) in the U.S. and relevant EU GDPR provisions on minors.

Key Child Privacy Protections Under UAE PDPL:

• Explicit Parental Consent – Personal data of individuals under 18 years of age cannot be collected without verified parental or guardian approval.
• Restricted Data Processing – Children’s data must be handled with heightened security, ensuring limited and necessity-based processing.
• Educational Data Protection – Any collection of educational records or health-related data for minors must comply with UAE privacy requirements.

If we become aware of any unauthorized collection of a minor’s personal data, we will take immediate steps to delete the data and notify relevant authorities as required by UAE regulations.

BLOCKCHAIN FACTORY complies with COPPA and UAE PDPL, ensuring children’s data is only processed with explicit parental consent.

9. International Data Transfers

As a UAE-registered company, BLOCKCHAIN FACTORY prioritizes compliance with UAE PDPL for all cross-border data transfers. Our policies also align with GDPR (EU), U.S. state laws, and other applicable international regulations when handling personal information of users outside the UAE.

International Transfer Standards:

• Adequacy Decision & Secure Transfers – Personal data may only be transferred outside the UAE if the destination country meets UAE-approved security standards.
• Binding Corporate Rules (BCRs) – All data transfers within our corporate entities follow UAE-approved BCR frameworks.
• Explicit Consent & Contractual Safeguards – Where necessary, users are required to provide explicit consentbefore data is transferred internationally.
• Governmental & Law Enforcement Requests – Any governmental or law enforcement data access requests must be in compliance with UAE legal mandates.

Our cross-border data transfers comply with UAE PDPL, GDPR, and U.S. privacy laws, ensuring secure data handling and regulatory adherence.

10. User Rights & Contact Information

BLOCKCHAIN FACTORY recognizes and enforces user data rights in accordance with UAE PDPL as the primary legal framework, with compliance to GDPR and relevant U.S. state privacy laws where applicable.

Your Rights Under UAE PDPL:

• Right to Access – Request access to personal data stored by the company.
• Right to Correction – Request corrections to inaccurate or outdated information.
• Right to Deletion – Request removal of personal data under specific legal conditions.
• Right to Object – Object to processing activities such as direct marketing.
• Right to Data Portability – Receive structured data and transfer it to another provider.

Users who wish to exercise these rights or inquire about their data protection can contact us at:
privacy@blockchainfactory.io

Users can access, modify, delete, or restrict their personal data in accordance with UAE PDPL and other applicable laws. Privacy requests should be directed to privacy@blockchainfactory.io

11. Policy Updates

BLOCKCHAIN FACTORY reserves the right to update this Privacy Policy periodically to reflect changes in UAE data protection laws, emerging security standards, and business operations. Any updates will be communicated through our website and direct notifications where required.

This Privacy Policy is subject to periodic updates. Users will be notified of significant changes via email or website announcements.