This Privacy Policy explains how your information is collected, used, and disclosed when you access the web interface available at https://brightpool.finance/ (the "Website" or "Interface").
- DEFINITIONS AND CONTROLLER
- Controller: SO INTERNATIONAL LTD, a private limited company under the laws of England and Wales, with its registered office at 28-29 The Broadway, No. 1 Ealing Broadway, London W5 2NP, United Kingdom, registered with Companies House under number 11598352.
- Interface: The web-based graphical user interface operated by the Controller at https://brightpool.finance/.
- Protocol (DEX): The autonomous, self-standing decentralized exchange operating on a public distributed-ledger network, giving effect to the will of a decentralized autonomous organization (DAO).
- UK GDPR: shall mean the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in section 3(10) (and supplemented by section 205(4)) of the Data Protection Act 2018, read in conjunction with the Data Protection Act 2018 and any applicable national implementing laws, regulations, and secondary legislation in the United Kingdom, as amended, updated, or replaced from time to time.
- User: Any natural person visiting the Website or using one or more services or functionalities described in the Policy.
- SCOPE OF APPLICABILITY: INTERFACE VS. PROTOCOL
The Controller strictly provides the Interface to facilitate access to the Protocol. The Controller does not provide custodial services, does not process fiat currency, and does not conduct Know Your Customer (KYC) or Anti-Money Laundering (AML) checks, as it does not engage in regulated financial activities.
When you interact with the Protocol, you are directly interacting with public smart contracts. On-chain data, including cryptographic wallet addresses and transaction histories, are public, immutable, and not controlled or processed by the Controller.
- PURPOSES AND LEGAL BASIS OF DATA PROCESSING
In connection with your use of the Interface, the Controller collects minimal data necessary to provide the front-end functionality:
- Technical Data: IP addresses, browser types, and system logs are processed for technical administration, system security, and network integrity. Legal Basis: Legitimate interest in maintaining a secure Interface (Article 6(1)(f) UK GDPR).
- Analytics and Cookies: The Interface utilizes necessary cookies (e.g., Cloudflare) for security and traffic routing, and non-essential cookies (e.g., Google Analytics) for statistical analysis of user preferences. Legal Basis: Performance of a contract for necessary cookies (Article 6(1)(b) UK GDPR) and user consent for non-essential cookies (Article 6(1)(a) UK GDPR).
- Communications Data: If you opt-in to newsletters or marketing, we collect your email address. Legal Basis: Consent and legitimate interest (Article 6(1)(a) and (f) UK GDPR).
- BLOCKCHAIN DATA AND IMMUTABILITY
Due to the inherent nature of decentralized networks, any transactions broadcasted via the Interface to the Protocol will be permanently and immutably recorded on a public blockchain.
- Your cryptographic wallet address and transaction data will be publicly visible.
- This data is inherently out of the Controller's control, and the Controller cannot delete, modify, or restrict the processing of on-chain data.
- Connecting a wallet to the Interface does not constitute a creation of a user account with the Controller.
- COOKIES, CLOUDFLARE, AND ANALYTICS
- Necessary Cookies: The Website uses necessary cookies managed by Cloudflare to ensure security, maintain integrity, manage network traffic, and detect malicious activities. The legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) UK GDPR). Further information on Cloudflare is available at: https://www.cloudflare.com/privacypolicy/.
- Analytics Tools: The Controller uses Google Analytics to compile statistics and reports on the functioning of the Platform. Google does not use the collected data to identify the User or combine this information to enable identification. Details: https://www.google.com/intl/pl/policies/privacy/partners.
- Cookie Management: Any use of cookies for collecting data that is not strictly necessary requires the User's prior consent, secured through a cookies consent management platform.
- MARKETING AND COMMUNICATIONS
The Controller processes Personal Data for marketing activities, including contextual advertising and behavioral advertising based on user preferences.
- Newsletters: If you subscribe to a newsletter, providing your e-mail address is required to provide the service. The legal basis is the performance of a contract (Article 6(1)(b) UK GDPR) and the Controller's legitimate interest for marketing content (Article 6(1)(f) UK GDPR).
- Social Media: The Controller processes data of Users who visit its profiles on platforms like Telegram, Medium, Twitter, and LinkedIn to promote events and products. This does not apply to the data processing done by the platforms themselves.
- DATA RETENTION, SHARING, AND INTERNATIONAL TRANSFERS
- Duration: Data is processed for the duration of the service provision or until the withdrawal of consent or effective objection. After this period, data is irreversibly deleted or anonymized (excluding public blockchain data).
- Data Recipients: Data may be disclosed to external IT system providers, marketing agencies, and competent authorities if requested under an appropriate legal basis.
- UK/EEA Transfers: The Controller transfers Personal Data outside the UK/EEA only when necessary and with an adequate level of protection, subject to appropriate safeguards such as UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses.
- USER RIGHTS
You possess the right to access, rectify, restrict, or object to the processing of your data by the Controller, and the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK. However, the Controller cannot modify, erase, or port any data inherently inscribed on the public blockchain.
- Consent for data processing can be withdrawn at any time by contacting [email protected].