Version 1.0

Date: 17 June 2024




Welcome to! We value your privacy and are dedicated to protecting your personal information. This Privacy Notice (also referred to as “Notice”) explains how we collect, use, and protect your data. We kindly request that you read this document thoroughly. If you have any questions, feel free to reach out to us. Please note that by using our services or accessing our website, you agree to the provisions stipulated in this document. If you disagree with anything stated in this document, we kindly ask that you refrain from using our services or accessing our website. However, we are happy to help clarify any matters if necessary.




At, we take your privacy seriously. As the data controller under GDPR and UK GDPR, we are responsible for determining the purposes and means of processing your personal data, ensuring compliance with data protection laws, and safeguarding your privacy. You can contact us at:


Company name: BLAGOPAY LTD

Company registration No. 15173310






We collect data from:

(a) Direct Interactions: When you sign up, use our services, contact us, etc.

(b) Cookies: Automatically from your interactions with our website. Please see our Cookie Notice published on the website for more information about cookies and our cookie practices.

(c) Third Parties: From our partners (e.g., payment providers), state authorities and public sources.




For the purposes outlined in this notice, we may gather and process the following categories of data:

(a) User Account Information: This includes login credentials, activity logs, settings, avatars, and any other uploaded information.

(b) Contact Details: Examples include phone number, email address, and physical address.

(c) Identity Information: Such as full name, government-issued ID, details from ID documents, and authentication details.

(d) Transaction Information: Includes details about orders and purchases (history, status, etc.), and current balance information.

(e) Payment Information: Details related to payments made (including history and status), and information on preferred payment methods (such as bank account details and payment card information).

(f) User-Generated Content: Includes any data you choose to upload/include via your user account, as well as data generated by you in course of use of our services.

(g) Communication Records: Includes phone conversations, chat histories, and email correspondence.

(h) Customer Support Data: Information on issues raised, resolution status, and related details.

(i) Marketing Data: Includes your marketing preferences, participation in loyalty programs, and similar activities.

(j) Technical Information: Data about the devices you use (such as IP address, operating system details, browser information, and settings).

(k) Legal Compliance Data: Information related to activities for anti-money laundering and counter-terrorist financing (AML/CFT), know-your-customer processes, and other data necessary for legal compliance.

(l) On-Premises Visit Data: Includes video surveillance footage from our office premises.



We handle collected personal data for the following reasons, each justified by the respective legal bases:

(a) Setting up and managing your user account (Legal Basis: Necessary for contract performance).

(b) Providing the requested services (Legal Basis: Necessary for contract performance).

(c) Confirming user identity and verifying users (Legal Basis: Legal obligation, legitimate interests).

(d) Processing and managing orders (Legal Basis: Necessary for contract performance).

(e) Carrying out and handling transactions (Legal Basis: Necessary for contract performance, legitimate interests).

(f) Adhering to applicable legal and regulatory requirements (Legal Basis: Legal obligation, public task).

(g) Engaging with users, offering support, and providing information related to our services (Legal Basis: Necessary for contract performance, legitimate interests).

(h) Managing risks, including business risks, and making business decisions (Legal Basis: Necessary for contract performance, legal obligations, legitimate interests).

(i) Offering marketing information and personalized content (Legal Basis: Consent, legitimate interests).

(j) Preventing fraud and misuse of our services (Legal Basis: Legal obligation, legitimate interests).

(k) Ensuring the security of our information and assets, both physical and digital (Legal Basis: Necessary for contract performance, legal obligation, legitimate interests).

(l) Resolving technical issues with our website and services, including troubleshooting (Legal Basis: Necessary for contract performance).

(m) Enhancing and developing our services (Legal Basis: Legitimate interests).

(n) Handling claims and resolving disputes (Legal Basis: Necessary for contract performance, legal obligation, legitimate interests).




To effectively provide our services, certain data is necessary and must be provided. This essential data is marked accordingly, and its provision is obligatory for us to deliver our services efficiently. Failure to provide this mandatory data may result in an inability to access or use some of our services.


Additionally, there are other types of data that are not essential for the core provision of our services but can enhance your experience. Providing this optional data is entirely up to you and can be managed through your account settings.


We clearly mark when data is obligatory, so you can easily distinguish between required and optional information. If you have any questions or concerns about the data you need to provide, please feel free to contact us.




As part of your interaction with our services, you may choose to upload various types of information into your user account. This includes, but is not limited to, general data and special categories of data, such as health-related information.


Important Considerations:


(a) User Discretion: It is entirely up to you to decide what information you choose to share with us. Please exercise caution and carefully consider the nature and sensitivity of the data you upload.

(b) Special Categories of Data: If you decide to provide special categories of data (e.g., health information), please be aware of the sensitive nature of such information and share it responsibly.

(c) Avoid Overstating: To protect your privacy, refrain from providing excessive or unnecessary details. Only share information that is relevant to the interaction you wish to have with our services.

(d) Disclaimer: We encourage you to be mindful of your privacy and security when sharing information. While we strive to protect your data, the ultimate responsibility for the information you choose to disclose rests with you.


By using our services and uploading any data, you acknowledge that you understand these considerations and agree to share information at your own discretion.




We share your data with trusted partners and authorities only as required by law or as necessary for the provision of our services. Rest assured, your personal information is never sold or misused. We are committed to maintaining your trust by ensuring that your data is handled responsibly and ethically.




We keep data as long as needed or legally required. After that, we delete or anonymize it.


We retain your data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. After the retention period ends, we either delete or anonymize your data to protect your privacy.Different types of data have varying retention periods. For example, data related to anti-money laundering (AML) regulations may be kept for up to 5 years. Tax-related data is typically retained for 6 years, and data relevant to potential legal claims may be stored until the limitation period for claims expires, which can be up to 10 years.


These retention periods ensure that we comply with legal requirements while also safeguarding your personal information. If you have any questions about our data storage practices or specific retention periods, please feel free to contact us.




We are committed to keeping your data safe and secure. To achieve this, we employ a variety of security measures including encryption, access controls, and regular staff training on data protection practices. Encryption ensures that your data is protected during transmission and storage, while access controls limit who can view or manage your information to authorized personnel only.


In addition to our efforts, you can help protect your data by taking at least these simple steps:


(a) Use strong, unique passwords for your accounts and change them regularly.

(b) Be cautious when sharing personal information online or through email.

(c) Enable two-factor authentication (2FA) where possible for an extra layer of security.

(d) Keep your software and devices up-to-date to protect against vulnerabilities.


By working together, we can help ensure that your data remains secure. If you have any concerns or questions about data security, please do not hesitate to contact us.




In some cases, your data may be transferred outside the European Economic Area (EEA), including the EU and the UK. When this happens, we ensure that your data is protected in compliance with applicable data protection laws.


To safeguard your information, we use legal mechanisms such as Standard Contractual Clauses (SCCs) and other appropriate safeguards as required by the GDPR and UK GDPR. These measures ensure that any data transferred internationally is treated with the same level of protection as it would be within the EEA.


Rest assured, we take the necessary steps to ensure your data remains secure and your privacy rights are maintained, no matter where your data is processed. If you have any questions or need more information about our data transfer practices, please feel free to contact us.




As a data subject, you are entitled to the following rights concerning your personal data:


(a) Right of Access: You have the right to request and obtain a copy of your personal data that we hold.

(b) Right to Rectification: You are entitled to request corrections to any inaccuracies or incomplete data.

(c) Right to Erasure: Also known as the 'right to be forgotten,' you may request the deletion of your personal data under certain circumstances.

(d) Right to Restrict Processing: You can request that we limit the processing of your personal data under specific conditions.

(e) Right to Object: You have the right to object to the processing of your personal data for certain purposes.

(f) Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transferred to another controller.

(g) Right to Withdraw Consent: If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.


Please note that these rights are not absolute and may be subject to legal preconditions and limitations. To protect your privacy and security, we may require you to verify your identity before we process your request.


To exercise any of these rights, please contact us as described in this Notice. We are committed to addressing your concerns and ensuring your rights are respected. Please note that some of these rights can be exercised via your account settings as well.




We do not make automated decisions with legal effects. Profiling may be used to tailor your experience.




If you have any concerns or complaints regarding our handling of your personal data, please do not hesitate to contact us. We are committed to addressing and resolving your issues promptly and effectively.


Additionally, if you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority responsible for data protection matters in your jurisdiction. In the UK, this is the Information Commissioner's Office (ICO).




Our services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect or process personal data from children under the age of 18. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly.


If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. We are committed to ensuring the privacy and protection of all users, especially children.




We may update this Notice periodically to reflect changes in our practices or for legal and regulatory reasons. Please revisit this Notice regularly to stay informed about our personal data processing practices. Significant changes will be communicated on our website or through direct notification if necessary.




If you have any questions or concerns about anything stated in this document or our personal data processing practices in general, please contact us at