Privacy Policy

Last Updated: 24/02/2025

Introduction

At Rockbridge LTD (“we,” “us,” “our”), protecting your personal data is a priority. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the EU General Data Protection Regulation (GDPR) and Bulgarian laws. Terms like “personal data” and “processing” align with GDPR definitions.

Questions? Contact our Data Protection Officer:

We may update this policy to reflect legal or operational changes. The latest version will always be available on our website.

1. Who We Are

Rockbridge LTD, registered in Bulgaria with 208091826, is the data controller responsible for processing your personal data.

2. Data We Collect

We collect and process the following categories of data for the purposes outlined in Section 3:

  • Identity and Contact Information: Including but not limited to full name, government-issued ID (e.g., passport), address, email, and phone number.
  • Financial Details: Such as bank account numbers, crypto wallet addresses, and transaction history.
  • KYC/AML Documentation: Required by law, including source of funds/wealth, employment history, Politically Exposed Person (PEP) status, tax identification numbers, and similar compliance-related information.
  • Technical Data: For security and analytics, such as IP address, device type, and browser information (collected via cookies).
  • Publicly Available Data: Professional social media profiles (e.g., LinkedIn) only if relevant to providing our services or complying with legal obligations.

3. How We Use Your Data

We process your data for the following purposes and legal bases:

To Provide Services

  • Purpose: Facilitate OTC trades, custody, and staking services, and others.
  • Legal Basis: Necessary to fulfill our contractual obligations (GDPR Article 6(1)(b)).

Legal and Regulatory Compliance

  • Purpose: Conduct KYC/AML checks, prevent fraud, and report to authorities.
  • Legal Basis: Legal obligation under Bulgarian AML Act and EU regulations (GDPR Article 6(1)(c)).

Business Improvements and Security

  • Purpose: Enhance platform security, troubleshoot technical issues, and optimize services.
  • Legal Basis: Legitimate interests (GDPR Article 6(1)(f)), balanced against your rights.

Marketing

  • Purpose: Send newsletters or promotional offers (only with your explicit consent).
  • Legal Basis: Consent (GDPR Article 6(1)(a)), which you can withdraw at any time.

4. Who We Share Data With

We share your data with:

  • Regulators: Bulgarian Financial Intelligence Directorate (FID), Financial Supervision Commission (FSC), and EU authorities.
  • Service Providers: Trusted partners such as KYC verification vendors, cloud hosting providers, and auditors.
  • Legal Authorities: Courts, law enforcement, or tax authorities when required by law.
  • Fraud Prevention Agencies: To combat financial crimes like money laundering.

Safeguards: All third parties sign strict confidentiality agreements and comply with GDPR.

5. International Data Transfers

Your data may be transferred outside the EU/EEA. We ensure protections such as:

  • Adequacy Decisions: Transfers to countries with EU-approved data protection (e.g., UK).
  • Standard Contractual Clauses (SCCs): Legally binding agreements with partners in non-adequate countries.

6. How Long We Keep Your Data

  • Active Clients: 5 years after account closure.
  • AML/CFT Records: 10 years (as required by Bulgarian law).
  • Marketing Data: Until you withdraw consent.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Correct: Update inaccurate or incomplete information.
  • Delete: Ask us to erase your data if it’s no longer necessary or unlawfully processed.
  • Restrict Processing: Limit how we use your data during disputes (e.g., contested accuracy).
  • Portability: Receive your data in a machine-readable format.
  • Object: Challenge processing based on legitimate interests.
  • Withdraw Consent: For marketing or non-essential processing.

To exercise these rights: Email [email protected]. We respond within 30 days.

8. Security Measures

We protect your data with:

  • Technical Safeguards: AES-256 encryption, two-factor authentication (2FA), and cold storage for crypto assets.
  • Organizational Practices: Regular staff training, restricted data access, and annual security audits.

9. Cookies and Tracking

We use cookies to:

  • Ensure Security: Prevent unauthorized account access.
  • Improve Performance: Analyze website traffic via anonymized Google Analytics data.

Manage Cookies: Adjust settings in your browser or review our Cookie Policy for details.

10. Complaints

If you have concerns about how we handle your data:

  1. Contact us first at [email protected].
  2. Escalate to the Bulgarian Commission for Personal Data Protection:
    • Website: www.cpdp.bg
    • Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.