1. Who we are
This privacy notice applies to all Personal Data processing activities carried out by Bullish (GI) Limited and its affiliates (collectively, “Bullish”, “we”, “us” or “our”).
Bullish acts as the as data controller for your Personal Data unless a different affiliate is named in a separate privacy notice, or we have identified a different data controller for a particular processing operation
We respect individual’s rights to privacy and are committed to protecting the privacy of your personal information. This Privacy Notice explains how we demonstrate this commitment, including:
(a) the types of information we collect through your use of our products and services including our exchange software and mobile applications, and your navigation of our Websites;
(b) the manner in which we use and share the information, and why;
(c) the circumstances in which your information may be transferred to another country;
(d) the rights you may have under relevant privacy or data protection laws;
(e) cookies that we use or used by our service providers; and
(f) whom you can reach out to regarding this Privacy Notice.
Where a law or regulation in the applicable jurisdiction, for example, the EU General Data Protection Regulation (GDPR), requires us to provide you with a notice or other explanation of the information about you that we collect and process or similar, this Privacy Notice is intended to fulfil this obligation.
2. Acceptance to this Privacy Notice
We are committed to protecting your privacy. By accessing Bullish Services you acknowledge and fully understand Bullish’s Privacy Notice practices described in this Privacy Notice.
By accessing and using our Service, you signify your acceptance to the terms of this Privacy Notice. If you do not agree with or you are not comfortable with any aspect of this Privacy Notice, you should immediately discontinue access or use of our Services.
3. Purpose of this Privacy Notice
The purpose of this Privacy Notice is to explain how we collect and use Personal Data in connection with our business. In this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person as may be collected or processed by us in connection with the Data Sources and includes “Personal Data” as defined in the EU General Data Protection Regulation 2016/679 (“GDPR”) or other applicable laws.
This Privacy Notice applies to your use of, access to, or participation in any of the following sources (collectively, our “Data Sources”):
(ii) any Bullish website (URL: www.bullish.com) or subdomains regardless of the medium in which the websites are accessed by a user (e.g., via a web or mobile browser) (the “Websites”);
(iii) any Bullish mobile application, regardless of which medium or operating system on which an App is accessed by a user (the “Apps”);
(iv) any events hosted by us, whether such events are open to the public or by invitation (collectively the “Events”); and
(v) subsections of social media platforms controlled by us.
5. Personal Data We Process
We process the Personal Data we collect about you when you use, gain access to, or participate in our Data Sources. For example, we may collect Personal Data from you when you sign up for a marketing newsletter, or when we onboard you as a client.
We will collect and process the following data about you:
5.1 Information you give to us:
Personal Identification Information, such as full name, title, date and place of birth, gender, signature, photograph, live portrait selfie, email address, residential address, mailing address, telephone number, marital status.
Our third-party identity verification and KYC service providers can use image recognition software to verify your ID when you are looking to open an account with us. This involves them using optical character technology to extract relevant information from your ID documents. In such cases, we will ask you for consent to process this biometric data. An alternative channel will be made available to you should you choose not to give your consent. We will only use your biometric data to fulfil this request.
Government Issued Identification Information, such as passport copy, driving licence, national identification card, Tax id number, visa information and any other information we may request in order to comply with our legal obligation to comply with anti-money laundering laws.
Institutional Information, such as Personal details (as per above) of any agent or attorney acting on behalf of the client. If relevant to the products and services we provide to you, we may also collect information about your additional account holders, business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents. Before providing Bullish with this information, you should provide a copy of this notice to those individuals.
Financial Information, such as bank account information, trading data and tax identification, including source of wealth and source of funds.
Transaction Information, such as which includes account and authentication information; your username, user identification number; billing, contact details or cryptocurrency wallet address (including public key or private key); transaction and account status information; and payment information, such as your credit or debit card number and other card information
Employment information, such as your job title and work experience, office location, and your knowledge of and experience in investment matters.
Correspondence Information, such as which means the contents of the communications and correspondence between us, whether by email, social media, or otherwise through one of our Services, through your submission of an online form and survey responses, or when you otherwise contact us and provide information to our support team or user research team, as well as your communications preferences, such as for marketing purposes. Details of our interactions with you and the products and services you use with a view to establish relevant facts (including without limitation, any records of the phone calls between you and Bullish, emails, meeting notes, letters).
5.2. Information we collect from you:
Online Identifying Information, which means your IP address, browser name, operating system, MAC address, GUID, coarse location and fine location. When you visit our website or access our app, our web server automatically records details about your visit (for example, your IP address, the web site from which you visit us, the type of browser software used, the Bullish Website pages that you actually visit including the date and the duration of your visit). Cookies are set to expire once you have closed your browser session. These cookies do not track where you have been on the internet and do not gather information about you that could be used for marketing purposes. Please read our cookie notice for more information.
Application Security Information, which means your passwords, two-factor authentication software or key pairs, security questions (including the answers to the said questions) and security device identification number.
5.3. Information we receive from our affiliates and third parties:
Information provided by identity verification and KYC partners, credit reference agencies, and public databases, which means personal information processed with our purpose to comply of our legal obligation related to anti-money laundering laws, to prevent and detect crime and for anti-fraud purposes. Our ID verification partners like, but not limited to, Jumio, Comply Advantage and 4Stop, use a mix of government records, publicly available information, information provided to us by you and the use of technology to help Bullish on your identity verification. Such information may include criminal convictions and offences, credit history, status on any sanctions lists maintained by public authorities, and other relevant data.
We may also process additional information about you to assess and manage risk and to ensure Bullish Services, website and app are not used for illicit activities.
Blockchain Data, such as public blockchain data in order to assess if customers using Services are not engaged in illegal or prohibited activity and/or in breach of our Terms, and to analyse transaction trends.
Advertising Networks & Analytics Providers, such as advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website.
We collect Personal Data through:
- Your use of or participation in our Data Sources.
- A third party’s use of our Data Sources relating to you, for example where a third party may manage a Service or Event on our behalf.
- Direct or unsolicited interactions, such as when you voluntarily provide your information to us by contacting us, submitting requests and comments, subscribing to our newsletters, submitting job applications, or otherwise engaging with us through our Data Sources.
- Indirectly, such as through public or media websites or government websites when conducting user identity verifications and reviews.
We also collect other types of statistical information in aggregate form (either on an anonymized or pseudonymized basis depending on the use) when you use our Data Sources.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
6. How We Use Your Personal Data
The following table outlines how and why we use your Personal Data:
|Activity||Categories of Personal Data||Purpose of Processing||Lawful Basis|
|Providing Services||Personal Identification Information; Government Issued Identification Information; Institutional Information; Financial Information; Transaction Information; Employment information; Correspondence Information, Online Identifying Information; Application Security Information||Enable you to use our Services and enforce our Service terms and conditions||Performance of a Contract|
|Providing support for our Services||Personal Identification Information; Transaction Information; Correspondence Information; Online Identifying Information||Answer your queries, resolve matters with accounts, disputes, collecting fees, to troubleshoot problems and otherwise provide general support related to our Services.||Performance of a contract |
|Personal Identification Information; Transaction Information; Correspondence Information||Keeping you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information.||Performance of a contract|
|Personal Identification Information; Transaction Information; Online Identifying Information||Enabling the download of Apps to access our Services||Performance of a contract|
|User application and account creation process||Personal Identification Information; Transaction Information; Employment information; Online Identifying Information; Application Security Information||Enabling users to create accounts required to access and participate in our Services. Verify and screen individuals in order to protect against fraud and comply with our legal and regulatory obligations.||Performance of a contract|
Consent (when required by law)
|Compliance with laws and regulations, Including AML, Fraud, Sanctions, Terrorist Financing Regulations, Tax evasion||Personal Identification Information; Government Issued Identification Information; Institutional Information; Financial Information; Transaction Information; Employment information; Correspondence Information; Online Identifying Information; Application Security Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases||Verify accounts and activity, including processing personal data for identity verification purposes where required, detect abuse, fraud, money laundering, breach of confidence, theft of proprietary materials and any other illegal activities on our platforms.|
Such processing is necessary for us to comply with laws in the jurisdictions where we are subject to them.
|Protection of company interests||Personal Identification Information; Government Issued Identification Information; Institutional Information; Financial Information; Transaction Information; Employment information; Correspondence Information; Online Identifying Information; Application Security Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases||Protecting of the Services we provide, protection of our business interests, and protection of data||Legitimate interest|
|Personal Identification Information; Government Issued Identification Information; Institutional Information; Financial Information; Transaction Information; Employment information; Correspondence Information; Online Identifying Information; Application Security Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases||Obtain professional advice from consulting, tax, legal, audit, or other professional firms for the proper protection or functioning of our business||Legitimate Interest|
|Personal Identification Information; Government Issued Identification Information; Institutional Information; Financial Information; Transaction Information; Correspondence Information; Online Identifying Information; Application Security Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases||Operate, administer, secure, and improve the safety and security operations of our Services, detect spam, prevent harmful or illegal conduct, detect and prevent fraud and/or fund loss, investigate suspicious activity in breach of terms of Service, administer policies and rules applicable to the Service.||Legal Obligation|
|Personal Identification Information; Transaction Information; Employment information; Correspondence Information||Facilitate Event registration, plan and execute Events, and share pre- and post-event information with registrants and interested individuals.||Legitimate Interest|
|Personal Identification Information; Transaction Information; Correspondence Information; Online Identifying Information||Provide you with relevant information and news about our Services, events, promotions, prizes, giveaways and other opportunities. Send information that may be of interest to you based on your preferences.||Consent |
|Website traffic analysis and usage analytics||Personal Identification Information; Transaction Information; Online Identifying Information||Understand how users interact with our Websites, analyse Website traffic and usage, to improve our Websites and our offerings||Legitimate Interest |
you on social
|Personal Identification Information; Correspondence Information; Online Identifying Information||Engaging with you on social media, including on subsections of social media platforms controlled by us. Understanding how you engage with us on social media, engaging users through social media platforms, and improving our social media activities and users’ social media experience||Legitimate Interest |
|Sharing with law|
|Personal Identification Information; Government Issued Identification Information; Financial Information; Transaction Information; Employment information; Correspondence Information; Online Identifying Information; Blockchain Data; Information provided by identity verification and KYC partners, credit reference agencies, and public databases||Comply with valid legal requests from authorities, and to comply with our legal and regulatory obligations in the jurisdictions where we are subject to them.||Legal Obligation |
|Personal Identification Information; Government Issued Identification Information, Institutional Information, Employment information, Correspondence Information||To enable us to initiate or conclude corporate acquisitions, mergers, or other corporate transactions.||Legitimate interests|
|Protection of the|
vital interests of
|Personal Identification Information, Institutional Information, Employment information||Protect the life or physical safety of individuals, to combat harmful conduct, to promote safety and security||Vital Interests|
|Personal Identification Information, Transaction Information, Correspondence Information||Ensure quality control and staff training to make sure we continue to provide you with accurate information and high-quality Services.||Legitimate Interest|
|Online Identifying Information, Application Security Information||Enhance user experience, manage your preferences, and personalise content delivered to you.||Consent|
|For research & development||Online Identifying Information, Blockchain Data, Information provided by identity verification and KYC partners, credit reference agencies, and public databases||We process your personal information to better understand the way you use and interact with our Services. In addition, we use such information to customize, measure, and improve existing and new Services, the content and layout of our Website.||Legitimate interest|
|Product user research & testing||Personal Identification Information, Employment Information, Correspondence and Online Identifying Information||Identify the behaviour patterns, thoughts, and needs of customers by gathering user feedback from observation, task analysis, and other methods.||Consent|
In the above table, “consent” refers to Article 6(1)(a) or the manner of consent required in your jurisdiction, “performance of a contract” or “steps we must take prior to entering into a contract” to Article 6(1)(b), and “legitimate interest” to Article 6(1)(f) of the GDPR.
When the lawful basis for processing your personal data is legitimate interest, we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.
In addition to the processing activities outlined on the above table, we may also process your Personal Data to comply with our obligations under applicable law, where the processing is necessary to protect a person’s vital interests, and for any purpose that you provide your consent.
7. How We Share Your Personal Data
We may share your Personal Data with the following categories of third parties:
- Third-party service providers who need access to Personal Data to assist us in delivering Services or the operation of our business. For example, such third parties include payment processors; information technology service providers; providers of identity verification services; Website hosting providers; insurance, marketing, accounting, shipping, and delivery vendors; other business process outsourcing providers; and partners who assist us with administering programs we offer to you, such as our bug bounty program.
- Third-party service providers who need access to Personal Data to provide advertising and analytics services. For example, we use a third-party service for the collection and management of your Personal Data that enables us to deliver marketing communications about our Services and events to you.
- Public entities and institutions (e.g. Gibraltar Financial Services Commission (e.g. transaction data which is routed via an agent ), Gibraltar Regulatory Authority (e.g. data protection breaches), Gibraltar Financial Intelligence Unit (e.g. Suspicious Activity Reports), Gibraltar Finance Centre (e.g. fiscal details, balances and interest for onwards transmission to relevant foreign tax authority), other financial authorities, including criminal prosecution authorities upon providing a legal or official obligation.
- With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
- Other credit and financial service institutions or comparable institutions to which we transfer your personal data in order to process payments you have authorised and/or to carry out a business relationship with you (depending on the contract, e.g., correspondent banks, custodian banks, brokers, stock exchanges, information offices).
- We share information with Law enforcement and other external parties to
- spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it’s necessary for other reasons
- the police, courts or dispute resolution bodies if we have to
- other banks to help trace money in cases of fraud or other crimes
- any other third parties where necessary to meet our legal obligations
- We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
- Other recipients of data can be any person for which you have given us your consent to transfer data.
- Our corporate affiliates in the Bullish Group, when necessary to complete the processing activities described above.
- Other third parties, as reasonably necessary:
- In relation to a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control (whether in whole or in part); or
We always endeavour to only share the minimum amount of Personal Data that these third parties need to perform their tasks.
8. Third Party Applications and Websites
Our Data Sources may contain links to third-party applications not affiliated with us. Your use of an external application or any informational content found on external applications is subject to and governed by the privacy policies, terms, and conditions of that application.
We do not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on external applications are framed within our Data Sources.
While we do review the privacy practices of our Service Providers prior to engaging them to ensure that they meet Bullish Service Provider privacy standards, we ultimately do not control the privacy practices of any external applications or Websites. The Websites may contain links to Websites not affiliated with us. Your use of external Websites or any informational content found on external Websites is subject to and governed by the privacy policies, terms, and conditions of those Websites. We do not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on external Websites even if one or more pages of the external Websites are framed within a page of our Websites.
9. Advertising and Analytics Services Provided by Third Parties
The third-party service providers we use for advertising and analytics include:
When you first land on the Websites, you will be asked for your consent to the placement of Cookies. No Non-essential Cookies are placed on your browser until you give your consent. You also have the option to manage your consent on an ongoing basis by opting out of any Cookies category except Strictly Necessary Cookies by changing your Cookies Settings. Please note that if you reject cookies, the functionality of some areas of the Websites may be limited.
11. Automated Decision-Making and Profiling
Automated decision-making is a process by which your Personal Data is used to make a decision about you that creates legal or other significant effects in an automated fashion using an algorithm alone, without any human intervention in the process. Profiling is where Personal Data is evaluated in an effort to predict things like interests or preferences about what types of information an individual might light to receive. Although profiling is a type of automated processing, it does not produce legal (or other significant) effects and in that way is different from automated decision-making.
As discussed above in the section on “Advertising and Analytics Services Provided by Third Parties”, we may use profiling as part of our analytics to deliver the most relevant content and best experience to you
Bullish relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Customers won’t be subject to decisions that will have a significant impact on them based solely on automated decision-making. In cases where a customer does not pass our KYC verification, they will be immediately provided with an option to contact customer support and initiate a manual process to review the automated decision-making. Transaction monitoring will also be automated, with alerts and escalations being manually investigated by our Compliance team.
You have the right to not be subject to a decision based solely on automated processing.
12. Your Rights
Applicable privacy legislation may entitle you to some or all of the following rights with respect to your Personal Data:
- To access the Personal Data we maintain about you. We will provide you with one copy of your Personal Data free of charge, but we may charge you a reasonable fee to cover our administrative costs if you request further copies of the same information. In the cases we charge a fee, our time to respond to your request starts after we have received the fee.
- To be provided with information about how we process your Personal Data. This will include information on the categories of data, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, the recipients of your Personal Data, and the safeguards regarding data transfers to other jurisdictions, subject to the limitations set out in applicable laws and regulations.
- To correct your Personal Data. You have the right to ask us to rectify Personal Data you think is inaccurate or incomplete. In some cases, you will need to make these changes yourself by using the tools we provide in the Data Sources.
- To have your Personal Data erased. You have the right to ask us to delete your Personal Data. In some cases, you will need to do the deletion yourself using the tools we provide in the Data Sources. If we have shared your Personal Data with a third party in the manner described above, we will require the third party to delete the Personal Data that we have shared with them (consistent with their legal obligations to do so). We will decline your request for deletion if processing your Personal Data is necessary: (i) to comply with our legal obligations such as fraud detection and monitoring, (ii) or being required to perform a task in the public interest; (iii) in pursuit of a legal action; (iv) for exercising the right of freedom of expression and information; and (v) for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing.
- To object to how we process your Personal Data. Where we process your Personal Data based on our legitimate interest (or that of a third party), you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will decline your request where we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defence of legal claims.
- To stop your Personal Data from being used for direct marketing purposes. At your request, we will stop using your Personal Data for the purpose of direct marketing. Our marketing communications include an unsubscribe facility, which we encourage you to use. If you want to stop us from contacting you in connection with marketing communications, please email us at the email address specified below
- To restrict how we process your Personal Data. At your request, we will limit the processing of your Personal Data if:
- you dispute the accuracy of your Personal Data;
- your Personal Data was processed unlawfully, and you request a limitation on processing, rather than the deletion of your Personal Data;
- we no longer need to process your Personal Data, but you require your Personal Data in connection with a legal claim; or
- you object to the processing and no overriding legitimate interest for the processing exists.
We may continue to store your Personal Data to the extent processing is required or based on one of the following bases: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest; or where an overriding legitimate interest for the processing exists.
- The right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your personal information to another controller.
Please note information may already be available to you via the Data Sources.
- To withdraw any consent that you gave us to process your Personal Data. You have the right to withdraw any consent you may have previously given us at any time. Your consent withdrawal will not affect the lawfulness of the processing done before the withdrawal.
- To complain to a supervisory authority. If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
- Not to be subjected to automated decision making. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
To exercise the above rights, please complete a Data Subject Rights Request Form or To exercise the above rights, please complete a Data Subject Rights Request Form or contact us at [email protected]. We will consider and process your request within the required period of time. Please be aware that under certain circumstances, or in relation to certain types of data, the applicable legislation may limit your exercise of these rights.
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
13. International Data Transfers
We may transfer your Personal Data to any of our offices in countries outside of your jurisdiction for processing in accordance with this Privacy Notice and as permitted by the applicable laws. These locations include the EU, United States, and Asia-Pacific region. Such intra-organisational transfers are based on approved mechanisms.
Where we rely on our service providers located outside of your jurisdiction and acting as data processors, we ensure that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
In the event we transfer information to countries outside the European Economic Area, we will only transfer data to third parties where:
- The European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and/or
- we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
14. How long we keep your information
We retain Personal Data for the period of time necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Retention periods may be changed from time to time based on business or legal and regulatory requirements.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that the bank will be able to produce records as evidence, if needed.
If you would like more information about how long we keep your information, please contact us at [email protected]
15. Data Security
We have a significant investment in Cyber Security controls, including, but not limited to in-house and external expertise, state of the art technologies and processes. We follow a security by design approach, strengthened by continuous vulnerability and threat management, regular penetration testing, a bug bounty program, ongoing security monitoring and risk management practices.
You can opt-out of receiving marketing communications from us at any time, please click the unsubscribe link at the bottom of a marketing email or let us know by reaching us at the email address specified below. Please note that even if we stop all marketing communications, you may still receive administrative, legal, and other important Service-related communications from us.
17. Children’s Privacy
Bullish Services are directed at adults aged 18 years and over, and not intended for children. We do not market to and do not knowingly collect Personal Data from individuals under the age of 18. Our verification process prevents Bullish collecting data of minors. Please contact us at [email protected] if you believe any individual under the age of 18 is using our Services so we can take immediate action to prevent his or her access to our Services and delete the information as soon as possible.
18. Do Not Track
Certain web browsers and other devices may permit you to submit your preference for not being “tracked” online, also known as “Do Not Track” or “DNT” signals. Since uniform standards for DNT signals have not been adopted, we do not currently process or respond to “DNT” signals. We will make efforts to monitor developments around “do not track” browser technology and the implementation of a standard.
19. Updates to the Privacy Notice
To keep up with changing legislation, best practices and changes in how we process your personal data, we reserve the right to revise this Privacy Notice at any time and without notice by posting an updated version on this website. To stay up to date on any changes, we would therefore encourage you to review this Privacy Notice regularly to stay informed of the purposes for which we process your Personal Data and your rights to control how we process it. To the extent permitted by law, by continuing to use our Data Sources after changes have been posted, you are confirming that you have read and understood the latest version of this Privacy Notice.
20. Our Role and How to Contact Us
If you have any questions, comments or complaints, or would like to exercise your rights concerning your Personal Data and privacy preferences, you may use self-service options if they are available to you or contact in the following ways:
- Submit a request through the Bullish Data Subject Rights Request web form.
- Contact us directly at [email protected]
If you are in the EEA, you may also contact our EU Representative, designated for the purposes of Article 27 of the GDPR:
- Achieved Compliance Advocacy, Ltd., Singel 250; 1016 AB, Amsterdam, Netherlands
- [email protected]
If you are in the UK, you may also contact our UK Representative, designated for the purposes of Article 27 of the UK GDPR:
- Achieved Compliance Advocacy, Ltd., Princess House, Princess Way, Swansea, UK SA13LW
- [email protected]
Alternatively, you may contact our appointed Data Protection Officer (DPO) whose contact details are as follows:
- HewardMills Ltd., 77 Farringdon Road, London, UK EC1M 3 JU.
- [email protected]