GDPR Compliance

1. Introduction

This page provides information specifically for European Union (EU) and European Economic Area (EEA) residents about your rights under the General Data Protection Regulation (GDPR).

Support Buying Black is committed to protecting your personal data and respecting your privacy rights. This page supplements our Privacy Policy with GDPR-specific information.

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

2.1 Right to Access (Article 15)

You have the right to:

• Obtain confirmation that we process your personal data
• Access your personal data
• Receive information about how we process your data
• Request a copy of your personal data

How to exercise: Visit Settings > Privacy > Download Your Data or email privacy@supportbuyingblack.com

2.2 Right to Rectification (Article 16)

You have the right to:

• Correct inaccurate personal data
• Complete incomplete personal data

How to exercise: Update your information in Settings or contact privacy@supportbuyingblack.com

2.3 Right to Erasure / "Right to Be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased for compliance with legal obligations

Important Limitation: Data recorded on public blockchains cannot be deleted due to the immutable nature of blockchain technology. We minimize personal data stored on-chain to address this limitation.

How to exercise: Visit Settings > Account > Delete Account or email privacy@supportbuyingblack.com

2.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

• You contest the accuracy of your personal data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You object to processing pending verification

How to exercise: Email privacy@supportbuyingblack.com with your request

2.5 Right to Data Portability (Article 20)

You have the right to:

• Receive your personal data in a structured, commonly used, machine-readable format
• Transmit your data to another controller without hindrance

This right applies when processing is based on consent or contract and is carried out by automated means.

How to exercise: Visit Settings > Privacy > Download Your Data (exports to JSON format)

2.6 Right to Object (Article 21)

You have the right to object to processing based on:

• Legitimate interests (including profiling)
• Performance of a task in the public interest
• Direct marketing (including profiling)
• Scientific/historical research or statistical purposes

How to exercise: Email privacy@supportbuyingblack.com with your objection

2.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

We do not engage in automated decision-making that produces legal or similarly significant effects.

2.8 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to exercise: Visit Settings > Privacy > Manage Consent

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Consent (Article 6(1)(a))

We process data based on your consent for:

• Marketing communications
• Non-essential cookies and analytics
• Optional features requiring explicit consent

3.2 Contract Performance (Article 6(1)(b))

We process data necessary to perform our contract with you for:

• Account creation and management
• Platform access and functionality
• Marketplace transactions
• Event management
• Customer support

3.3 Legal Obligations (Article 6(1)(c))

We process data to comply with legal obligations, including:

• Tax and financial reporting
• Law enforcement requests
• Regulatory compliance
• Record keeping requirements

3.4 Legitimate Interests (Article 6(1)(f))

We process data based on legitimate interests for:

• Platform security and fraud prevention
• Service improvement and optimization
• Analytics and research (anonymized when possible)
• Internal administration

We balance our legitimate interests against your rights and freedoms.

4. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO regarding:

• Questions about how we process your data
• Exercising your GDPR rights
• Data protection concerns
• Complaints about data processing

Contact Information:

• Email: dpo@supportbuyingblack.com
• Subject Line: "GDPR Request" or "Data Protection Inquiry"

Response Time: We will respond to your inquiry within 30 days (may be extended by 2 months for complex requests).

5. International Data Transfers

Support Buying Black is based in the United States. When you use our Platform from the EU/EEA, your personal data is transferred to the U.S. and other countries outside the EU/EEA.

5.1 Safeguards for Transfers

We ensure adequate protection for your data through:

Standard Contractual Clauses (SCCs)

• We use EU-approved Standard Contractual Clauses for transfers to third countries
• SCCs provide appropriate safeguards for your data
• All service providers are bound by SCCs or equivalent mechanisms

Adequacy Decisions

• Where available, we rely on adequacy decisions by the European Commission

Additional Safeguards

• Data encryption in transit and at rest
• Access controls and authentication
• Regular security audits
• Contractual data protection obligations

5.2 Third-Country Transfers

Your data may be transferred to:

• United States: SBB servers and infrastructure
• European Union: CDN providers
• Other Regions: Analytics and service providers with adequate safeguards

6. Exercising Your Rights

6.1 How to Submit a Request

You can exercise your GDPR rights through:

Option 1: In-Platform Tools

• Visit Settings > Privacy > Your Rights
• Select the right you wish to exercise
• Follow the prompts to submit your request

Option 2: Email Request

• Send an email to privacy@supportbuyingblack.com or dpo@supportbuyingblack.com
• Subject: "GDPR Rights Request"
• Include: Your name, email, and description of your request

6.2 Verification Process

To protect your privacy, we may need to verify your identity before fulfilling your request. We may ask for:

• Account login credentials
• Government-issued ID (for sensitive requests)
• Answers to security questions

6.3 Response Timeline

• Standard Requests: 30 days from receipt
• Complex Requests: May be extended by 2 additional months with notice
• Urgent Requests: We prioritize requests involving potential harm

6.4 Free of Charge

We do not charge a fee to exercise your rights unless your request is manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse the request.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

7.1 EU Supervisory Authorities

You can contact the supervisory authority in:

• Your country of residence
• Your place of work
• The place where the alleged infringement occurred

Find Your Supervisory Authority:

Visit the European Data Protection Board website for a list of supervisory authorities:EDPB Member List

7.2 We Encourage Direct Contact First

While you have the right to lodge a complaint directly with a supervisory authority, we encourage you to contact us first at dpo@supportbuyingblack.com. We are committed to resolving your concerns and working with you to address any issues.