Privacy Policy

1. Introduction & Data Controller

Black Global Trust ("we", "our", "us", "BGT", or the "Platform") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

Data Controller:

For the purposes of UK GDPR and the Data Protection Act 2018, Black Global Trust is the data controller responsible for your personal data.

2. Types of Personal Data Collected

We collect the following categories of personal data:

Account Information:

• Email address
• First name and last name
• Password (encrypted)
• Phone number (optional)
• Profile photo (optional)

Contact & Location Information:

• Street address
• City
• State/Province
• Postal code
• Country

Business Information (for Business Owners):

• Company name
• Industry
• Business stage
• Company size
• Company overview and description
• Business documents and files
• Verification status and documents

Funder Information (for Funders):

• Funder type
• Funding focus areas
• Investment preferences

Payment Information:

• Payment method details (processed by Stripe, not stored by us)
• Subscription tier and status
• Billing address
• Transaction history

Usage Data:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Search queries
• Cookies and similar tracking technologies

Communication Data:

• Email preferences
• Customer service communications
• Feedback and survey responses

3. How We Collect Data

We collect personal data through:

• Directly from you: When you register for an account, create a profile, upload content, subscribe to a premium tier, or contact us
• Automatically: Through cookies and similar technologies when you use our website
• Third parties: From our service providers (e.g., Stripe for payment processing, Supabase for authentication and data storage)

4. Lawful Basis for Processing (UK GDPR Article 6)

We process your personal data under the following lawful bases under UK GDPR:

(a) Consent: When you explicitly consent to processing, such as marketing communications or non-essential cookies

(b) Contract: To perform our contract with you, including:

• Providing access to the Platform
• Processing your registration and account management
• Delivering subscription services
• Facilitating connections between businesses and funders

(c) Legal Obligation: To comply with legal obligations, such as tax reporting, fraud prevention, and data protection requirements

(d) Legitimate Interests: For our legitimate business interests, including:

• Improving and developing our services
• Preventing fraud and ensuring security
• Analysing usage patterns to enhance user experience
• Marketing our services (where permitted by law)
• Responding to customer inquiries

5. Purpose of Processing

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our Platform and services
• Account Management: To create and manage your account, process registrations, and authenticate users
• Business Verification: To verify business profiles and facilitate connections with funders
• Payment Processing: To process subscription payments and manage billing through Stripe
• Communication: To send service-related communications, respond to inquiries, and provide customer support
• Marketing: To send marketing communications (with your consent, where required)
• Analytics: To analyse usage patterns, improve our services, and understand user preferences
• Security: To protect our Platform, prevent fraud, and ensure security
• Legal Compliance: To comply with legal obligations and respond to legal requests

6. Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

Service Providers:

• Supabase: Our database and authentication provider. Data is stored and processed by Supabase in accordance with their privacy policy. Supabase may store data in data centres within the European Economic Area (EEA) or other locations as specified in their terms.
• Stripe: Our payment processor. Payment information is handled by Stripe in accordance with their privacy policy and PCI-DSS compliance standards. We do not store full payment card details.
• Hosting Providers: Third-party hosting and infrastructure services necessary to operate the Platform
• Analytics Providers: To help us analyse usage and improve our services

Other Users:

When you create a business profile and it is published, certain information (such as company name, industry, and business description) will be visible to other users, including funders browsing the business directory.

Legal Requirements:

We may disclose your personal data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom and European Economic Area (EEA), including the United States, where our service providers (such as Supabase and Stripe) may operate.

When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or European Commission
• Transfer to countries that have been deemed to provide an adequate level of data protection
• Other appropriate safeguards as required by UK GDPR

You can obtain more information about the safeguards we use by contacting us at info@blackglobaltrust.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Account Data: Retained while your account is active and for 7 years after account closure for legal and accounting purposes
• Business Profiles: Retained while published and for 7 years after removal or account closure
• Payment Records: Retained for 7 years as required by UK tax and accounting laws
• Marketing Consent: Retained until you withdraw consent or unsubscribe
• Usage Data: Retained for up to 2 years for analytics purposes
• Customer Communications: Retained for 3 years after the last interaction

After the retention period expires, we will securely delete or anonymise your personal data, unless we are required to retain it for legal reasons.

9. Your Rights (UK GDPR Articles 15-22)

Under UK GDPR, you have the following rights regarding your personal data:

(a) Right of Access (Article 15):

You have the right to request access to your personal data and receive a copy of the data we hold about you, along with information about how it is being used.

(b) Right to Rectification (Article 16):

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly through your account settings.

(c) Right to Erasure / "Right to be Forgotten" (Article 17):

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or you withdraw consent.

(d) Right to Restrict Processing (Article 18):

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

(e) Right to Data Portability (Article 20):

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

(f) Right to Object (Article 21):

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

(g) Rights Related to Automated Decision-Making:

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

(h) Right to Withdraw Consent:

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights:

To exercise any of these rights, please contact us at info@blackglobaltrust.com. We will respond to your request within one month (or two months if the request is complex).

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with UK GDPR. Visit ico.org.uk for more information.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform. Cookies are small text files placed on your device when you visit our website.

Types of Cookies We Use:

• Essential Cookies: Required for the Platform to function, such as authentication and security cookies
• Analytics Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

Managing Cookies:

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Platform. For more information about cookies and how to manage them, visit allaboutcookies.org.

We may use third-party analytics services (such as Google Analytics) that use cookies to collect information about your use of the Platform. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (using SSL/TLS) and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Secure hosting infrastructure through reputable providers
• Compliance with industry standards and best practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

If we become aware of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (ICO) without undue delay, in accordance with UK GDPR requirements.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@blackglobaltrust.com, and we will take steps to delete such information.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information promptly.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification to registered users (for material changes)

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For complaints about our data practices, you can also contact the UK Information Commissioner's Office: