Privacy Policy
Last updated: April 3, 2024
Version: 2
General Information
This Bloom privacy policy (the "Privacy Policy") describes how your data is collected and processed in connection with the Bloom App (the "App").This Privacy Policy is dedicated to the users of the App.
What is Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How we Collect Personal Data
Bloom Labs does not collect your Personal Data through the App. However, if you download, install and use the App, it may be necessary to process some data about you or your device for the operation of the App and to improve our services.
Further, Bloom Labs may collect and process Personal Data like your name, email address or phone number when:
- you contact Bloom Labs, or request that Bloom Labs contacts you, for any reason; or
- you submit your Personal Data to Bloom Labs for any reason.
What Personal Data do we Collect?
It is crucial to note that the private keys of the users are never transmitted to Bloom Labs and it is not possible for Bloom Labs to access a user’s crypto-assets in any case.
We may collect information relating to your general use of the App such as errors, log information concerning any errors encountered in the App and other related information relevant to Bloom Labs's provision of the services, for the purpose of administration and diagnostics analysis to help Bloom Labs improve its services.
Purpose of Processing of Personal Data
We may process data about your use of the App in order to enable the operation and use of the App, as well as for the administration and management of the App and the services offered via it.
Lawful Basis for Processing of Data
In processing your Personal Data in connection with the purposes set out in this Privacy Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- we have obtained your explicit prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way);
- the processing is necessary in connection with any contractual relationship that you may enter into with us;
- the processing is required by the applicable law;
- the processing is necessary to protect the vital interests of any individual; or
- we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
Use of Cookies
We do not use cookies in the App, but we use the localStorage API to store information about the login data to keep you logged in through various sessions (we do not store personal information), furthermore the localStorage data is not accessible by third-parties.
How we Protect and Store Personal Data
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- pseudonymisation and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
- a process for regular testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
In assessing the appropriate level of security, we account for the risks that are presented by processing the Personal Data, in particular, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
How we Share and Disclose Personal Data
In order to properly operate the App and to be able to provide you with the services offered, we use the following software during the operation of the App:
CoinGecko
We use CoinGeckoAPI of Gecko Labs Pte. Ltd, 101 Upper Cross Street, ##05-16 People's Park Centre, Singapore 058357 to obtain historical price and market data for cryptocurrencies. Further information regarding their privacy policy can be found under https://www.coingecko.com/en/privacy
GitHub
We use GitHub of GitHub Inc., 88 Colin P. Kelly Street, San Francisco, CA 94107, USA (in the European Union: GitHub BV Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands) to check for app updates in order to provide the auto-update functionality. Further information regarding their privacy policy can be found under https://help.github.com/articles/github-privacy-statement/
Amazon Web Services
We use Amazon Web Services to host our website. Further information regarding their privacy policy can be found under
https://aws.amazon.com/privacy/
Amplitude
We use Amplitude, Inc., 201 Third Street, Suite 200, San Francisco, CA 94103 to analyse how many active users use the App and obtain the insight needed to improve the security and usability of the App. This is done on the basis of a randomly generated device ID. Amplitude’s privacy policy can be found under https://amplitude.com/privacy.
Tide
We use Tide Protocol, hosted by Five Element Labs, Milan (Italy), Via Savona 97, 20144 to show users various Tide Campaigns and Leaderboards. This feature can be turned off by the user in advanced settings. Five Element Labs’ privacy policy can be found under https://drive.google.com/file/d/1CpBEgfwYVJZNAFc11qNA6xeEubXbkFMI/view.
Transak
We use Transak for our Fiat On-ramp. Transak is a global web3 infrastructure services provider with registered entities in USA, UK, Canada, Australia, Poland, India and Hong Kong. This feature can be turned off by the user in advanced settings. Transaks privacy policy can be found under https://transak.com/privacy-policy.
Providers of Operating Systems and Telecommunication Services
Any transmission of data from your device depends on the operating system, the telecommunication network provider as well as other providers of data communication (e.g. Wi-Fi provider) used. Please observe the data protection notices of these companies.
Data Processors
We may use further data processors during the operation of the App. When we are involving data processors into the performance of our services and contractual obligations and such involvement requires the sharing of Personal Data, we have entered into data processing agreements with the data processors, according to Art. 28 of the European General Data Protection Regulation 2016/679 (“GDPR”) and, as far as required, further appropriate safeguards according to Art. 46-49 GDPR. The list of actual data processors to which we disclose your Personal Data can be requested by e-mail to: privacy@bloomwallet.io.
Please note that Bloom Labs may collect your Personal Data directly from the country where you are based and store it on servers in Europe and the United States of America (USA). For the USA, there does not exist an adequacy decision by the European Commission, guaranteeing an adequate data privacy level. Therefore Bloom Labs has implemented appropriate safeguards to protect your Personal Data in the USA. A copy of the safeguards may be obtained by e-mail to: privacy@bloomwallet.io.
Processing of your Sensitive Personal Data
We do not seek to collect or otherwise process your sensitive Personal Data, except where:
- the processing is required or permitted by applicable law;
- the processing is necessary for the establishment, exercise or defence of legal rights; or
- we have, in accordance with applicable law, obtained your explicit consent prior to processing your sensitive Personal Data (as above, this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Consequences of not Collecting your Personal Data
To enable your use of the App and to provide you with the services offered via the App, it is necessary to process some data about your usage of the App or your device. Without processing such data, we may not be able to provide the App and its services to you.
Consent and Withdrawal
Any consent is provided freely. If you have given your consent to process your data, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After your withdrawal we will stop processing your Personal Data, including storage, unless further data processing is required and legally permitted. This paragraph is only relevant for processing that is entirely voluntary – it does not apply for processing that is necessary or obligatory in any way, as is for example the case with regard to any data required for the installation and the operation of the App.
To withdraw your consent, please send us an e-mail to: privacy@bloomwallet.io or a letter to Bloom Labs Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
Legitimate Interest and Right to Object
You may object to the processing of your Personal Data based on legitimate interests of Bloom Labs or third parties. Unless your objection is directed solely against direct marketing by Bloom Labs, you have to explain your special situation, which makes the processing of your personal data based on legitimate interests unacceptable for you.
To object, please send us an e-mail to: privacy@bloomwallet.io or a letter to Bloom Labs Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
When we Erase Personal Data
We erase your Personal Data automatically when they are no longer required for the purposes listed above. We also erase your Personal Data according to your request, as explained below, and if further storage is neither required nor permitted by the applicable laws. Further storage only occurs as long as and as far as it is designated by the EU or Member States’ legislation in EU Acts, Law, or other regulations, that Bloom Labs is subject to (e.g. transactional data may be stored for a period of 10 years).
Your Rights Related to Data Privacy
You have the right to request access to and rectification or erasure of your Personal Data, or restriction of their processing. Furthermore, you have the right to request data portability. If you are in the EU you have the right to file a complaint to the relevant data protection authority.
You have the right to obtain from us the information as to whether Personal Data concerning you are being processed, the purpose of the processing and the categories of Personal Data concerned.
To exercise any of these rights, please send us an e-mail to: privacy@bloomwallet.io or a letter to Bloom Labs Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
A copy of the Personal Data undergoing processing can be requested.
Our Contact Information
For any requests, you can contact us as follows: privacy@bloomwallet.io.
Bloom Labs Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
Changes to the Privacy Policy
This Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Privacy Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Policy. Your continued use of our services or website constitutes your agreement to be bound by this Privacy Policy, as amended or updated from time to time.
Questions
If you have any questions regarding this Privacy Policy, please contact us at: privacy@bloomwallet.io.
