Privacy Statement

Last updated: October 28, 2024

Introduction

This is the privacy statement of Blueboard Limited, (“Blueboard”), a member of the Opera Group (“Opera”). This statement describes how Blueboard collects and processes certain data about you, the end user (“you”, “your”, etc.). This privacy statement forms part of a legal contract between Blueboard and you, including also our Terms of Service. Capitalized terms in this privacy statement which are not defined here have the meanings given in the Terms of Service.

Definitions

First, let’s define some key terms. Many of these definitions are adapted (with changes) from the General Data Protection Regulation (or “GDPR”), the data privacy law which applies in the European Union. Blueboard uses the GDPR as a guidepost because it applies directly to our European companies and because Blueboard believes it sets the highest legal standard for user privacy. However, in some cases Blueboard has simplified definitions here for the purpose of clarity.

Personal data: “any information relating to an identified or identifiable natural person” as the GDPR says. This includes data such as your IP address, device IDs, advertising IDs, and location. Below where we describe how we Process personal data, we also list the specific Purpose for doing so, as well as our Legal basis under the GDPR (as those terms are defined below).

Data controller: The person or company that decides whether and how to Process Personal data.

Purpose: the specific reason or reasons we have for Processing Personal data.

Process or processing: collecting or using Personal data. As defined in the GDPR, the word “processing” can mean doing almost anything with Personal data. Below we have used it in this general sense when we have a general meaning in mind, and used more specific terms (like “store” or “share”) where appropriate.

Retention / retain: the time period for which we will continue to store data. In general, we do not Process or store Personal data longer than needed and therefore delete it after a certain period of time. Below we have included some more specific details on retention periods, which vary depending on the type of Personal data at issue and the Purpose for which it is Processed.

Opera Group: Our affiliated group of companies, including Opera Norway AS (a Norwegian company) which develops and publishes the Opera browsers, as well as other subsidiaries and affiliated companies around the world. For more information, see below.

Categories of Data We Collect

When You use Blueboard’s Services, Blueboard needs to process certain information from and about You. Some of the data Blueboard Processes is considered Personal data. Blueboard acts as a Data controller of Personal data that Process via Services.

The categories of information, including Personal data, that Blueboard collects and Processes include information that you provide to Blueboard directly (for example during the onboarding process) and information that Blueboardcollects about you from other sources.

Information that you provide directly

Some categories of data Blueboard collects when you provide it to Blueboard directly (such as when you register as a new user, or request specific Services). You may access our Services like Crypto Wallet Service, MiniPay via Opera browser that is subject to the Opera Terms of Service and Privacy Statement or as a standalone app in case of MiniPay.

If you choose to make a Crypto Assets transaction, you will also need to submit the receiver phone number.

In some cases you provide us with your Personal data like a mobile phone number in order to set up a MiniPay account and use MiniPay (“Contact Information”).

Information that we collect about you

If you choose to use Blueboard’s Services, Blueboard will collect certain data about you from your device or other sources, including:

  • Personal data like your IP address, a unique user ID (UID) which is a unique identifier assigned to your use of the Service, and other technical data including data about your device or use of the Services, your app version, locale, language, dialog events, or other in-app actions (“Technical Data”); and
  • Wallet address and wallet Crypto Assets (“Wallet Data”).

Additionally, if you choose to make a Crypto Assets transaction, Blueboardwill collect data including the type of Crypto Assets or amount of Crypto Assets transferred, and generate some additional data to identify and complete the transaction including a unique item ID, and a link to your user ID (“Transaction Data”).

Purposes of Data Processing

Blueboard uses the information you provide to Blueboard or that Blueboard collects about you for different Purposes, as explained more in detail below.

  • Compliance Purposes – to carry out obligations imposed by applicable laws, including the obligation to avoid money laundering, terrorist financing and fraud; to ensure the security of our Services; and to comply with the lawful inquiries and order of public authorities.
  • Contractual Purposes – to enter into or perform our contracts with You, including providing the Services you have requested.
  • Analytical Purposes – to gain a better understanding of the preferences of our customers and how they interact with our Services, and making improvements to them.
  • Marketing Purposes – to send You marketing information about our products and services.

Here is further detail on which legal basis applies to which categories of data Blueboard processes:

Data Category Purpose of Processing
Contact Information Contractual Purposes, Marketing Purposes
Wallet Data Contractual Purposes, Analytical Purposes, Compliance Purposes
Transactional Data Contractual Purposes, Analytical Purposes, Compliance Purposes
Technical Data Contractual Purposes, Analytical Purposes, Marketing Purposes

Applicable law, including the GDPR, requires Blueboard to have a Legal basis for Processing Your Personal data. Blueboard Processes your Personal data under the following grounds:

  • Compliance Purposes – GDPR Art. 6(1)(c), as relevant Processing is necessary for compliance with legal obligations stipulated in applicable laws to which Blueboard is subject.
  • Contractual Purposes – GDPR Art. 6(1)(b), as relevant Processing is necessary for the performance or entry into a contract with You, including Blueboard Terms of Service. In other words, Personal data Processed for Contractual Purposes is necessary for us to deliver the Services to You.
  • Analytical Purposes – GDPR Art. 6(1)(f), as we have legitimate interests to gain a better understanding of the preferences of our customers and how customers interact with the Services.
  • Marketing Purposes – GDPR Art. 6(1)(f), as we have legitimate business interests to offer our customers additional services they may be interested in.

Retention

In general Blueboard does not retain Your data for longer than necessary to complete the Purpose for which it was collected.

  • Contact Information, Technical Data, Personal Data, and Wallet Data are kept for a period of one year (for MiniPay), or two years.
  • Transaction Data is retained for as long as a Crypto Assets or transaction is active, and for a period of one year (for MiniPay), or two years thereafter.

Promotion & Marketing

We process some data in order to promote and market our products and services. Some of this data comes directly from you, when you submit it to us for some specific purpose. For example, if you decide to provide feedback to Blueboard or participate in a promotional campaign, contest, or survey, organized by Blueboard or our partners on behalf of Blueboard, we may ask for information such as your name, age, phone number, email, or postal address. Depending on the nature of the campaign or contest, it may be necessary to share your data with third parties. When that applies, we will make it clear in the terms applicable to the campaign.

If you agree to receive marketing information from Blueboard via email, SMS, or push notifications, we may use third-party technology providers to deliver such messages to you. You can opt-out from marketing communication at any time in your user profile settings or directly from a marketing email you receive.

We may display in-app campaigns and promotions of Blueboard or Opera products, services or features through push-notifications. You may disable these notifications through your settings menu.

In general when we process data in the context of a promotional campaign, contest, or survey, we process your personal data on the basis that doing so is necessary to enable you to participate in the campaign. In some cases we may process data for marketing purposes based on your consent. In any case we will not retain your data any longer than necessary to fulfill the specific purpose for which it was processed to begin with. You can always control your preferences via the settings menu, and if you have other concerns you can reach us through this form.

Purpose: To promote our products and services.

Legal Basis: Varies by context as explained above - includes contractual grounds, or consent (in some cases).

Sharing Information with Third Parties

In some circumstances Blueboard may share data (including Personal data) with third parties, including:

  • Other members of the Opera Group. Blueboard is a member of the Opera Group that provides data Processing, marketing, and other support services to Blueboard.
  • Third party services providers who help Blueboard to operate the Services. E.g. text message technology providers.
  • Law enforcement agencies, if and when Blueboard is required to provide information to them in accordance with applicable law.
  • Third party services providers who provide their own services inside Blueboard Services including on-ramp providers, off-ramp providers, swaps providers and Crypto Assets related services providers (no Personal data).
  • Blockchain networks and related providers with whom you might complete a Crypto Assets transaction (no personal data).

MiniPay includes third-party technology or code, some of which may use your data in different ways. When such third-party technologies use previously collected data, they typically act as data processors for us. When they collect data on their own, they typically act as independent data controllers. For convenience, we have included links to their privacy policies below. Data controllers are marked with an asterisk.

Your Rights

You have the right to make a request to access or delete any of your Personal data that Blueboard might possess. You can make a request via this online request form. You may be required to provide additional information to authenticate your request. In such a case we will process your email address for the purpose of your inquiry.

You also have the right to lodge a complaint with the appropriate authorities. You can contact the Data Protection Commission, the data protection supervisory authority of Ireland, or Datatilsynet, the Norwegian Data Protection Authority, through their websites.

Contacts

Blueboard is very open about privacy and recognizes your trust as a great value. If you have any questions about this statement or any privacy issues in Blueboard applications or Services, feel free to contact our Data Protection Officer via this online request form in such a case we will process your email address for the purpose of your inquiry.