Privacy Notice

Blofin.com, operated by BLF Global Limited, Reg. No. 11983 (“Blofin”, “we”, or “us”) is committed to protecting the privacy of our customers, and we fulfill our data protection responsibilities with the utmost seriousness.

This Privacy Notice describes how Blofin.com collects and processes your personal information through the Blofin.com websites and applications that reference this Privacy Notice. Blofin refers to an ecosystem comprising Blofin.com websites (whose domain names include but are not limited to https://blofin.com), mobile applications, clients, applets and other applications that are developed to offer Blofin.com Services, “Blofin.com Operators” refer to all parties that run Blofin.com, including but not limited to legal persons, unincorporated organizations and teams that provide Blofin.com Services and are responsible for such services. “Blofin.com” as used in this Privacy Notice includes Blofin.com Operators.

This Privacy Notice applies to all Personal Information processing activities carried out by us, across platforms, websites, and departments of Blofin.com and Blofin.com Operators. To the extent that you are a customer or user of our services, this Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.

To the extent that you are a customer or user of our services, this Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.

To the extent that you are not a relevant stakeholder, customer or user of our services, but are using our website. This Notice should be read in line with, and forms a part of, Blofin.com's Term of Use, Risk Disclosure Statement, and their related supplimentary terms, agreements, guidelines, and instructions (together referred to as 'Legal Documents')

1. Blofin.com Relationship with you

For the purpose of this Privacy Notice, Blofin Global is the data controller for personal information collected in connection with provision of Blofin.com Services.

2.What Personal Information does Blofin.com collect and process?

  • - email address;
  • - name;
  • - gender;
  • - date of birth;
  • - home address;
  • - phone number;
  • - nationality;
  • - device ID;
  • - a video recording of you and a photographic image;
  • - transactional information;
  • - the Internet protocol (IP) address used to connect your computer to the Internet;
  • - login, e-mail address, password and location of your device or computer;
  • - Blofin.com Services metrics (e.g., the occurrences of technical errors, your interactions with service features and content, and your settings preferences);
  • - version and time zone settings;
  • - transaction history;
  • - Information from other sources: we may receive information about you from other sources;
  • - Information about your activity we may process information about you on your behaviour and your activity for marketing and advertising purposes.

3.Why does Blofin.com process my personal information?

  • - Transaction services. We use your personal information to process your orders, and to communicate with you about orders and services;
  • - Communicate with you. We use your personal information to communicate with you in relation to Blofin.com Services;
  • - We collect and process identity information and Sensitive Personal Data (as detailed in Section 2) to comply with our Know Your Customer (“KYC”) obligations under applicable laws and regulations, and Anti-Money Laundering laws and regulations;
  • - Provide, troubleshoot, and improve Blofin.com Services. We use your personal information to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of Blofin.com Services.
  • - Fraud prevention and credit risks. We process personal information to prevent and detect fraud and abuse in order to protect the security of our users, Blofin.com Services and others. We may also use scoring methods to assess and manage credit risks.
  • - Improve our services. We process personal information to improve our services and for you to have a better user experience;
  • - Recommendations and personalisation. We use your personal information to recommend features and services that might be of interest to you, identify your preferences, and personalise your experience with Blofin.com Services.

4.What are the legal basis for our use of personal information?

Performance of a contract when we provide you with products or services, or communicate with you about them. This includes when we use your personal information to take and handle orders, and process payments;

Legal obligation. to comply with our legal obligations under applicable laws and regulations, and Anti-Money Laundering laws and regulations;

Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your personal information for that purpose. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.;

Our legitimate interests and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others;

Our legitimate interest to improve our services;

5. Can Children Use Blofin.com Services?

Blofin.com does not allow anyone under the age of 18 to use Blofin.com Services and does not knowingly collect personal information from children under 18.

6. What About Cookies and Other Identifiers?

When you visit our Website, we use cookies to record our performance and check the effect of online advertising. Cookies are a small amount of data that is sent to your browser and stored on your computer hard drive. Only when you use your computer to access our Website can the cookies be sent to your computer hard drive. Cookies are usually used to record the habits and preferences of visitors in browsing the items on our Website. The information collected by cookies is non-registered and collective statistical data and does not involve personal data. Cookies, which enable the Website or service provider system to recognize your browser and capture and recall information, cannot be used to obtain data on your hard drive, your email address, or your personal data. Most browsers are designed to accept cookies. You can opt to set your browser to reject cookies, or to notify you as soon as possible if you are loaded on cookies. However, if you set your browser to disable cookies, it is possible that you may not be able to launch or use some functions of our Website.

7. Does Blofin.com Share My Personal Information?

We may share your Personal Data with third parties (including other Blofin.com entities) if we believe that sharing your Personal Data is in accordance with, or required by, any contractual relationship with you or us, applicable law, regulation or legal process. When sharing your Personal Information with other Blofin.com entities, we will use our best endeavours to ensure that such entity is either subject to this Privacy Notice, or follow practices at least as protective as those described in this Privacy Notice. We may also share personal information with the following persons:

Third party service providers: We employ other companies and individuals to perform functions on our behalf. Examples include analysing data, providing marketing assistance, processing payments, transmitting content, and assessing and managing credit risk. These third-party service providers only have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with our contractual agreements and only as permitted by applicable data protection laws.

Legal Authorities: We may be required by law or by Court to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. We will disclose information about you to legal authorities to the extent we are obliged to do so according to the law. We may also need to share your information in order to enforce or apply our legal rights or to prevent fraud.

Business transfers: As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that Blofin.com or substantially all of its assets are acquired by a third party, user information will be one of the transferred assets.

Transfer to competent authorities: As part of our commitment to applicable laws and regulations on prevention of money-laundering, tax evasion, fraud, and terrorist financing, we may at times be requested by competent authorities (including, but not limited to, a court of law, police or other investigative bodies with competent jurisdiction, hereinafter referred to as 'Competent Bodies') to disclose information which is related to a suspicious activity as stated above. In these cases we are committed to ensure that your Personal Information receives the fullest possible protection afforded by applicable law and that the receiving Competent Bodies has competent jurisdiction and power to request, receive, and process your Personal Information.

Protection of Blofin.com and others: We release accounts and other personal information when we believe release is appropriate to comply with the law or with our regulatory obligations; enforce or apply our Terms of Use and other agreements; or protect the rights, property or safety of Blofin.com, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

Other Disclosures: notwithstanding the foregoing, Blofin.com may disclose your Personal Information to a third party or parties where there is sufficient ground to believe that your have violated applicable laws or regulations giving rise to a justification of such disclosure, or wherefore the disclosure of your Personal Information would facilitate the conclusion of, inter alia, a dispute settlement process, a judicial or administrative investigations, or a trade carried out on Blofin.com.

(1) SDK Name: EngageLab SDK

Purpose of Usage: Used to push notifications to user devices

Usage Scenario: Push notifications

Type: Device information (Android ID, OAID, IDFA, IDFV, UUID, IMSI, MAC address, browser type, telecom operator, device brand)、Network information (including network type, operator information) 、Push information

Transfer Method: Data is transmitted over the network

Retention and Usage Period: End users’ personal information is retained only for the minimum period necessary to achieve the purpose

Official website: https://www.engagelab.com/

Privacy policy: https://www.engagelab.com/license/privacy

(2) SDK Name: Sensors Data analysis SDK

Purpose of Usage: User behavior analysis

Usage Scenario: When using the service

Type: Device information (Android ID, OAID, IDFA, IDFV, UUID, IMSI, MAC address, browser type, telecom operator, device brand)、Log information (service usage, IP address, language used, time of access)、Location information (location information resolved by IP address, GPS location information)、Unique application number (app unique identifier, app name, and app version number)

Transfer Method: Data is transmitted over the network

Retention and Usage Period: End users’ personal information is retained only for the minimum period necessary to achieve the purpose

Official website: https://www.sensorsdata.com/en/

Privacy policy: https://manual.sensorsdata.cn/sa/latest/zh_cn/tech_sdk_client_privacy_policy_english-112754777.html

(3) SDK Name: Zendesk

Purpose of Usage: Customer feedback

Usage Scenario: When users contact customer service

Type: Personal information (name, email address, phone number provided in chat)、Message information (voice collected by chat, photos, videos or recordings of video chat)、Device information (IP address, browser type, browser language, operating system, state or country, device ID)、App interaction information (number of clicks, pages viewed, browsing time)

Transfer Method: Data is transmitted over the network

Retention and Usage Period: End users’ personal information is retained only for the minimum period necessary to achieve the purpose

Official website: https://www.zendesk.com/

Privacy policy: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/

(4) SDK Name: GeeTest

Purpose of Usage: Preventing bot

Usage Scenario: (a) When users log in and verify that they are not a robot (b) When users sign up and verify that they are not a robot (c) When users click forgot password and verify that they are not a robot (d) When sending verification codes

Type: Device information (hardware serial number, IP address, browser type, network provider, platform type, device type, operating system, date and time stamp access)、App interaction information (mouse movement, scroll position, key events, touch events)

Transfer Method: Data is transmitted over the network

Retention and Usage Period: Data is retained for the minimum period necessary to achieve the purpose of security and fraud prevention

Official website: https://www.geetest.com/en/

Privacy policy: https://www.geetest.com/en/Privacy

(5) SDK Name: Sumsub SDK

Purpose of Usage: Remote Identity verification and fraud prevention

Usage Scenario: When performing KYC identity verification, KYB and KYT

Type: Personal information (full name, gender, personal identification code or number, date of birth, legal capacity, nationality, and citizenship), ID document data (document type, issuing country, ID number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features), Device information (IP address, device identifier, operating system, browser type, browser settings, website activity information), Application activity information (software and hardware attributes (camera and device name); Applicant ID), Geolocation data (IP address and domain name; general geographic location (e.g., city, country) from Data Subject’s device), Biometric data (Face ID)

Transfer Method: Data is transmitted over the network

Retention and Usage Period: 5 years

Official website: https://sumsub.com/

Privacy policy: https://sumsub.com/privacy-notice/

(6) SDK Name: Bangcle Security SDK

Purpose of Usage: Application protection and security enhancement

Usage Scenario: App security reinforcement

Type: No user information shared

Transfer Method: None

Retention and Usage Period: No data retained

Official website: https://www.bangcle.com/

Privacy policy: https://www.bangcle.com/

(7) SDK Name: Firebase

Purpose of Usage: Performance, stability and user behavior analysis

Usage Scenario: When using the service

Type: Device information (device model, operating system and version, mobile advertising ID, IDFV/Android ID, Firebase installation ID, Analyze application instance ID, IP address)、App information (app version, crash log, diagnostic log, performance log)、App activity (app interaction information, user-generated content)

Transfer Method: Data is transmitted over the network

Retention and Usage Period: 14 months after deleting the Firebase installation ID

Official website: https://firebase.google.com/

Privacy policy: https://firebase.google.com/support/privacy

(8) SDK Name: Fingerprint

Purpose of Usage: Fraud Prevention, Security, and Compliance

Usage Scenario: When using the service

Type: Device or other identifiers

Transfer Method: Data is transmitted over the network

Retention and Usage Period: 90 days

Official website: https://fingerprint.com/

Privacy policy: https://dev.fingerprint.com/docs/privacy-policy

8. International transfers of Personal Information

To facilitate our global operations, Blofin.com may transfer your personal information outside of the European Economic Area (“EEA”), UK, Switzerland or your country of residence. The EEA includes the European Union countries as well as Iceland, Liechtenstein, and Norway. Transfers outside of the EEA or your country of residence are sometimes referred to as “third country transfers”.

We may transfer your personal data within our Affiliates, third-party partners, and service providers based throughout the world. In cases where we intend to transfer personal data to third countries or international organisations based in third countries. Blofin.com puts in place suitable technical, organizational and contractual safeguards (including Standard Contractual Clauses), to ensure that such transfer is carried out in compliance with applicable data protection rules, except where the country to which the personal information is transferred has already been determined by the European Commission to provide an adequate level of protection.

We also rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal information. These decisions are referred to as “adequacy decisions”. We transfer personal data to Japan on the basis of the Japanese Adequacy Decision.

9. How Secure is My Information?

We design our systems with your security and privacy in mind. We have appropriate security measures in place to prevent your information being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We work to protect the security of your personal information during transmission and while stored by using encryption protocols and softwares. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

Our security procedures mean that we may ask you to verify your identity to protect you against unauthorised access to your account password. We recommend using a unique password for your Blofin.com account that is not utilized for other online accounts and to sign off when you finish using a shared computer.

10. What About Advertising?

In order for us to provide you with the best user experience, we may share your personal information with our marketing partners for the purposes of targeting, modelling, and/or analytics as well as marketing and advertising. You have a right to object at any time to processing of your personal information for direct marketing purposes (see Section 11 below).

11. What Rights Do I Have?

Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your personal information. You have the right to request access to, correct, and delete your personal information, and to ask for data portability. You may also object to our processing of your personal information or ask that we restrict the processing of your personal information in certain instances. In addition, when you consent to our processing of your personal information for a specified purpose, you may withdraw your consent at any time. If you want to exercise any of your rights please contact us at [email protected]. These rights may be limited in some situations - for example, where we can demonstrate we have legitimate interest to process your personal data.

Right to access: you have the right to obtain confirmation that your personal information are processed and to obtain a copy of it as well as certain information related to its processing;

Right to rectify: you can request the rectification of your personal information which are inaccurate, and also add to it. You can also change your personal information in your Account at any time.

Right to delete: you can, in some cases, have your personal information deleted;

Right to object: you can object, for reasons relating to your particular situation, to the processing of your personal information. For instance, you have the right to object where we rely on legitimate interest or where we process your data for direct marketing purposes;

Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal information by us, provided there are valid grounds for doing so. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law;

Right to portability: in some cases, you can ask to receive your personal information which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your personal information on your behalf directly to another data controller;

Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter;

Right to lodge a complaint with the relevant data protection authority: We hope that we can satisfy any queries you may have about the way in which we process your personal information. However, if you have unresolved concerns, you also have the right to complain to a competent Data Protection Commission or the data protection authority in the location in which you live, work or believe a data protection breach has occurred.

If you have any questions or objection as to how we collect and process your personal information, please contact [email protected].

12. How Long Does Blofin.com Keep My Personal Information?

We keep your personal information five years to enable your continued use of Blofin.com Services, for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, and as may be required by law such as for tax and accounting purposes, compliance with Anti-Money Laundering laws, or as otherwise communicated to you.

13. Application and Usage of Information Permission

We may call certain application and information permissions from users. Provided is a list of requested permissions and the reason they are required. Users should note that once they agree to the Privacy Policy, the corresponding device permissions will not be granted by default. When key or sensitive device permissions are required, BloFin will prompt you with a pop-up window to request your consent when you make use of the corresponding function. Once a permission is granted, it may be revoked at any time through your device settings. Refusing to grant device permissions will not affect the normal operation of unrelated functions.

App Permissions
Description
Usage Scenario and Purpose
android.permission.INTERNET
Allow app to access network
Allow app to access network
android.permission.ACCESS_NETWORK_STATE
Allow app to access network status
Allow app to access network status
android.permission.POST_NOTIFICATIONS
Allow app to send notifications
Activate the system notification bar when receiving push notifications
android.permission.READ_MEDIA_IMAGES
Allow app to read image files from external storage
1. Update user profile picture. 2. Upload proof image when applying to become a trader.
android.permission.READ_MEDIA_VIDEO
Allow app to read video files from external storage
Upload identification videos during the security reset process
android.permission.USE_BIOMETRIC
Allow app to use biometric authentication
Allow for the collection of fingerprint data for quick login using fingerprints
android.permission.USE_FINGERPRINT
Allow app to use fingerprint hardware
Allow for the collection of fingerprint data for quick login using fingerprints
android.permission.FOREGROUND_SERVICE
Allow app to start foreground service
Check for foreground notifications during the KYC verification process using SumSub
android.permission.CAMERA
Allow app to access the camera device
1. Collect QR code data when authorizing login through scanning QR code. 2. Collect facial data when performing KYC identity verification.
android.permission.READ_EXTERNAL_STORAGE
Allow app to read data from external storage
Read images for updating user profile picture
android.permission.WRITE_EXTERNAL_STORAGE
Allow app to write to external storage
Save sharing images
android.permission.WAKE_LOCK
Allow preventing processor from going to sleep or screen dimming
Need by Google FCM
android.permission.VIBRATE
Allow app to use vibrator
Trigger a vibration alert upon sliding the slider when opening an order
android.permission.READ_PHONE_STATE
Allow read-only access to phone status
Risk control environment determination function, collecting device information, network information and location information, etc.
android.permission.NFC
Allow app to use NFC
Read NFC-based ID verification when KYC
android.permission.RECORD_AUDIO
Allow app to record audio
1. Record video for security reset documents. 2. Record video for KYC identity verification.
Clipboard
Allow app to access clipboard contents
1. Collect the verification code from clipboard when performing identity verification 2. Collect the address from clipboard when adding a wallet address
App Permissions
Description
Usage Scenario and Purpose
Photo
Photo
Identity verification, deposit and withdrawal, scan QR code
Microphone
Microphone recording
Identity verification
Camera
Camera
Identity verification, deposit and withdrawal, scan QR code
Face ID
Face Verification
Log in
Network
Network permissions (only for national banks)
First-time network access for domestic devices
Push notification
Push notification permissions
Push notifications
Clipboard
Allow app to access clipboard contents
1. Collect the verification code from clipboard when performing identity verification 2. Collect the address from clipboard when adding a wallet address

Users have the option to disable some or all of the permissions requested by the app through their device settings. The display and configuration of permissions may vary depending on the device. If users are unable to locate the relevant function, they can reach out to the device or system manufacturer for assistance.

14. Contact Information

Our data protection officer can be contacted at [email protected], and will work to address any questions or issues that you have with respect to the collection and processing of your personal information. If you have any requests and comments, you can send an email to [email protected], which is the only valid and official email through which we communicate with you, so we will not bear any liability for your failure to using effective contact information, any act or omission. We only publish announcements and information on the basis of the valid and effective contact information on this Website or post announcements on this Website; therefore, we shall not be held liable for any loss arising from your trust in the information that has not been obtained through the above-mentioned means.

If you have any questions regarding our Privacy Policy, you are welcome to contact us at any time.

15. Notices and Revisions

If you have any concerns about privacy at Blofin.com, please contact us, we will resolve your queries as soon as possible. You also have the right to contact your local Data Protection Authority.

Our business changes regularly, and our Privacy Notice may change accordingly. You should check our websites frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account.

16.Additional Provisions for EU Users Only

These provisions under this Clause 15 apply only if you are a user who resides within the European Union (the 'EU'). These provisions take precedences over any inconsistent provisions in the remainder of this Privacy Policy

Your Personal Information may be transferred outside of the EU. In such cases, we take all reasonable precautions to apply the appropriate or suitable safeguards set forth by the GDPR. For example, we implement measures such as appropriate contractual clauses to ensure that the recipients of such transfers will protect and treat your personal data in accordance with all applicable personal data protection laws.

You are entitled to exertices the following rights in accordance with the GDPR:

a) right to access the personal information concerning themselves, to correct or rectify inaccurate information and, where applicable, to object to data processing;

b)the right of erasure of those information that either have been collected solely based on your consent, or they are no longer needed to perform the purposes(s) for which they were collected for;

c)The right to restrict processing when such data are nolonger needed to perform the purpose(s) for which they were collected;

d)The right to have Personal Information provided in a structured, commonly used and machine-readable format;

e)The right to withdraw consent at any time and without any detriment, as long as the Personal Information processing is based exclusively on your consent.

17.Account Deletion

You may delete your Blofin.com account at any time, subject to the provisions under the Legal Documents. The consequences of account deletion include, but not limited to, the following:

a)you may lose all Digital Assets and data contained in said account;

b)you may not be able to recover the Personal Information, transaction records, business data, and historical information under the account;

c)you may not be able to use this account to log into Blofin.com's services or services related thereto;

SPECIAL REMINDER: The account cannot be recovered once it is deleted. To protect your rights and interest against fraud or other malicious acts, we have in place strict procedures to ensure that the application to delete your account is bona fide and remind you of the risks of deleting your account before and during the account deletion process.

The deletion of your account does not mean that all your account operations and responsibilities before account deletion are exempted or mitigated. All records and information associated with your account will be deleted. However, we may retain certain information pertaining to your account according to the provisions of this Privacy Notice and/or as otherwise required by applicable laws and regulations.