Privacy Statement
Last updated: September 5, 2023
Introduction
This is the privacy statement of Blueboard Limited, (“Blueboard”), a member of the Opera Group (“Opera”). This statement describes how Blueboard collects and processes certain data about you, the end user (“you”, “your”, etc.). This privacy statement forms part of a legal contract between Blueboard and you, including also our Terms of Service. Capitalized terms in this privacy statement which are not defined here have the meanings given in the Terms of Service.
Definitions
First, let’s define some key terms. Many of these definitions are adapted (with changes) from the General Data Protection Regulation (or “GDPR”), the data privacy law which applies in the European Union. Blueboard uses the GDPR as a guidepost because it applies directly to our European companies and because Blueboard believes it sets the highest legal standard for user privacy. However, in some cases Blueboard has simplified definitions here for the purpose of clarity.
Personal data: “any information relating to an identified or identifiable natural person” as the GDPR says. This includes data such as your IP address, device IDs, advertising IDs, and location. Below where we describe how we Process personal data, we also list the specific Purpose for doing so, as well as our Legal basis under the GDPR (as those terms are defined below).
Data controller: The person or company that decides whether and how to Process Personal data.
Purpose: the specific reason or reasons we have for Processing Personal data.
Process or processing: collecting or using Personal data. As defined in the GDPR, the word “processing” can mean doing almost anything with Personal data. Below we have used it in this general sense when we have a general meaning in mind, and used more specific terms (like “store” or “share”) where appropriate.
Retention / retain: the time period for which we will continue to store data. In general, we do not Process or store Personal data longer than needed and therefore delete it after a certain period of time. Below we have included some more specific details on retention periods, which vary depending on the type of Personal data at issue and the Purpose for which it is Processed.
Opera Group: Our affiliated group of companies, including Opera Norway AS (a Norwegian company) which develops and publishes the Opera browsers, as well as other subsidiaries and affiliated companies around the world. For more information, see below.
Categories of Data We Collect
When You use Blueboard’s Services, Blueboard needs to process certain information from and about You. Some of the data Blueboard Processes is considered Personal data. Blueboard acts as a Data controller of Personal data that Process via Services.
The categories of information, including Personal data, that Blueboard collects and Processes include information that you provide to Blueboard directly (for example during the onboarding process) and information that Blueboardcollects about you from other sources.
Information that you provide directly
Some categories of data Blueboard collects when you provide it to Blueboard directly (such as when you register as a new user, or request specific Services). To access our Services, you will need to use the Opera browser that is subject to the Opera Terms of Service and Privacy Statement.
If you choose to make a Crypto Assets transaction, you will also need to submit the receiver phone number.
In some cases you provide us with your Personal data like a mobile phone number in order to set up a MiniPay account and use MiniPay (“Contact Information”).
Information that we collect about you
If you choose to use Blueboard’s Services, Blueboard will collect certain data about you from your device or other sources, including:
- Personal data like your IP address, a unique user ID (UID) which is a unique identifier assigned to your use of the Service, and other technical data including data about your device or use of the Services, your app version, locale, language, dialog events, or other in-app actions (“Technical Data”)); and
- Wallet address and wallet Crypto Assets (“Wallet Data”).
Additionally, if you choose to make a Crypto Assets transaction, Blueboardwill collect data including the type of Crypto Assets or amount of Crypto Assets transferred, and generate some additional data to identify and complete the transaction including a unique item ID, and a link to your user ID (“Transaction Data”).
Purposes of Data Processing
Blueboard uses the information you provide to Blueboard or that Blueboard collects about you for different Purposes, as explained more in detail below.
- Compliance Purposes – to carry out obligations imposed by applicable laws, including the obligation to avoid money laundering, terrorist financing and fraud; to ensure the security of our Services; and to comply with the lawful inquiries and order of public authorities.
- Contractual Purposes – to enter into or perform our contracts with You, including providing the Services you have requested.
- Analytical Purposes – to gain a better understanding of the preferences of our customers and how they interact with our Services, and making improvements to them.
- Marketing Purposes – to send You marketing information about our products and services.
Here is further detail on which legal basis applies to which categories of data Blueboard processes:
| Data Category | Purpose of Processing |
|---|---|
| Contact Information | Contractual Purposes, Marketing Purposes |
| Wallet Data | Contractual Purposes, Analytical Purposes, Compliance Purposes |
| Transactional Data | Contractual Purposes, Analytical Purposes, Compliance Purposes |
| Technical Data | Contractual Purposes, Analytical Purposes, Marketing Purposes |
Legal Basis
Applicable law, including the GDPR, requires Blueboard to have a Legal basis for Processing Your Personal data. Blueboard Processes your Personal data under the following grounds:
- Compliance Purposes – GDPR Art. 6(1)(c), as relevant Processing is necessary for compliance with legal obligations stipulated in applicable laws to which Blueboard is subject.
- Contractual Purposes – GDPR Art. 6(1)(b), as relevant Processing is necessary for the performance or entry into a contract with You, including Blueboard Terms of Service. In other words, Personal data Processed for Contractual Purposes is necessary for us to deliver the Services to You.
- Analytical Purposes – GDPR Art. 6(1)(f), as we have legitimate interests to gain a better understanding of the preferences of our customers and how customers interact with the Services.
- Marketing Purposes – GDPR Art. 6(1)(f), as we have legitimate business interests to offer our customers additional services they may be interested in.
Retention
In general Blueboard does not retain Your data for longer than necessary to complete the Purpose for which it was collected.
- Contact Information, Technical Data, Personal Data, and Wallet Data are kept for a period of one year (for MiniPay), or two years.
- Transaction Data is retained for as long as a Crypto Assets or transaction is active, and for a period of one year (for MiniPay), or two years thereafter.
Sharing Information with Third Parties
In some circumstances Blueboard may share data (including Personal data) with third parties, including:
- Other members of the Opera Group. Blueboard is a member of the Opera Group that provides data Processing, marketing, and other support services to Blueboard.
- Third party services providers who help Blueboard to operate the Services.
- Law enforcement agencies, if and when Blueboard is required to provide information to them in accordance with applicable law.
- Third party services providers who provide their own services inside Blueboard Services including on-ramp providers, off-ramp providers, swaps providers and Crypto Assets related services providers (no Personal data).
- Blockchain networks and related providers with whom you might complete a Crypto Assets transaction (no Personal data).
Your Rights
You have the right to make a request to access or delete any of your Personal data that Blueboard might possess. You can make a request via this online request form. You may be required to provide additional information to authenticate your request.
You also have the right to lodge a complaint with the appropriate authorities. You can contact the Data Protection Commission, the data protection supervisory authority of Ireland, or Datatilsynet, the Norwegian Data Protection Authority, through their websites.
Contacts
Blueboard is very open about privacy and recognizes your trust as a great value. If you have any questions about this statement or any privacy issues in Blueboard applications or Services, feel free to contact our Data Protection Officer via this online request form.