Privacy Policy

Last updated: November 2025

This Privacy Policy of Box of Blocks Ltd., registered in the British Virgin Islands under company number 2164977 (“Box of Blocks”, “we”, “us”, “our”) explains how we collect, use, disclose and protect personal data when you visit or use our website (“Website”) or purchase our products/services. This document follows the structure of a comprehensive privacy policy and includes specific sections for technical measures, third-party services and user rights. (Structure based on public Bitkern policy.)

1. Data processing of website users

When you visit our Website, we collect the following technical and access data in particular:

  1. IP address (may be stored anonymised or partially masked);
  2. Date and time of access;
  3. Name and URL of the accessed file;
  4. Website/referrer from which access was made (including search terms where applicable);
  5. Operating system and browser type, version and language;
  6. Device type (mobile/desktop);
  7. City or region of access;
  8. Internet service provider.

We process these data for the purposes of website security, operation, performance monitoring and improvement. Technical logging does not allow us to directly identify you. Legal basis: our legitimate interests (e.g., security and site operation) and other applicable law where relevant.

2. Contacting us

If you contact us by email, phone or contact form, we will process the data you provide (e.g., name, email address, phone number, message content) and record the time of receipt. We use this data to answer your request, provide information, handle orders or support, and for related administration. Legal basis: our legitimate interests and/or performance of a contract.

3. Newsletter

If you register for our newsletter, we process the personal data you provide (email address, name). We use this to send the newsletter and related communications. Newsletter messages may contain tracking pixels or similar tools for delivery and performance statistics (opens, clicks). We use those statistics to improve content and delivery; profiling based on this data is possible only with your consent. You may withdraw consent/unsubscribe at any time (unsubscribe link in each email).

4. Creating a customer account

To create a customer account (if applicable) we may collect:

  • Personal details (e.g., salutation, first name, surname, date of birth where required);
  • Contact details (email, telephone);
  • Billing and delivery addresses;
  • Company name and business ID for corporate customers;
  • Login credentials (email and password) and optionally other profile data.

We use these data for identity verification, account management, contract processing and personalization. Legal basis: consent and/or contract performance.

5. Purchase of products and services

When you purchase goods or services, we process data required for order fulfilment, including:

  • Name, billing/delivery address, contact details;
  • Order details (items, prices, timestamps);
  • Payment confirmation and related metadata;
  • Data required for statutory invoices.

We may share necessary order details with carriers and service providers to fulfil delivery and services. Legal basis: performance of contract and, where applicable, your consent.

6. Online payment and prevention of misuse

Depending on the payment method, additional information (e.g., payment instrument data) will be forwarded to payment service providers. We use reputable third-party payment processors; full card data is not stored by us unless explicitly consented. For fraud prevention and to avoid payment defaults, we may retain payment-related metadata and — where permitted — perform credit checks or score calculations via credit agencies. Legal basis: contract performance and legitimate interest.

7. Two-factor authentication (2FA)

For account security we may use 2FA services that process mobile numbers or other contact details. These services are provided by third parties (e.g., Twilio or similar). When using such services, we transmit only the necessary data to the provider. Legal basis: our legitimate interest in securing user accounts and in some cases performance of the contract.

8. Central data storage and CRM / analytics

If identifiable, we may store and link the data described in this policy (personal details, contacts, contract data, site behaviour) in a central CRM or database to manage customer relationships, process requests, and provide services. We may analyse this data for product development, personalization, and marketing. Some analyses constitute profiling; where profiling affects your rights, we will inform and obtain consent where required. We use reputable CRM providers; these processors act under contract and are bound to our instructions.

9. Rights of data subjects

You have the following rights (subject to applicable law):

  • Right to access and obtain a copy of your personal data;
  • Right to rectification of inaccurate data;
  • Right to deletion if the data are no longer necessary or when consent is withdrawn;
  • Right to restrict processing in certain cases;
  • Right to object to processing based on legitimate interests;
  • Right to withdraw consent at any time;
  • Right to lodge a complaint with a supervisory authority.

Requests will be handled promptly and, in any event, within the statutory term. To exercise these rights contact us at the email below.

10. Data security

We apply appropriate technical and organizational measures (e.g., encryption, access controls, backups) to protect personal data against unauthorized access, loss, destruction or alteration. Only authorized personnel have access to personal data on a need-to-know basis. Contract processors are contractually required to implement appropriate security measures.

We retain personal data only as long as necessary for the relevant purposes or to comply with legal obligations. We maintain an internal deletion and retention schedule and can provide details upon request.

11. Data transmission and processors

We may share personal data with the following categories of recipients where necessary:

  • Internal staff with strict access controls;
  • External processors providing services (hosting, CRM, analytics, payment, delivery, legal, marketing);
  • Public authorities when required by law.

All processors operate under contract and are required to implement appropriate safeguards. Where data is transferred to countries without an adequate level of protection, we rely on suitable safeguards (e.g., Privacy Framework certifications, standard contractual clauses) or legal exceptions where applicable.

12. Cookies

We use cookies and similar technologies. Types used include session cookies (temporary), functional cookies (necessary for website operation), analytics cookies and, where used, marketing cookies. Non-essential cookies are only set with your consent via the cookie banner; you can change preferences in your browser or via the cookie consent manager. Disabling cookies may reduce site functionality.

Detailed cookie settings and the list of services using cookies are available through the cookie banner or cookie policy page.

13. Web analytics tools

We use web analytics and tracking services (such as Google Analytics, HubSpot or similar) to monitor website usage and improve services. These providers may process IP addresses and other metadata; we configure analytics to minimise identifiability (e.g., IP anonymisation) and follow applicable safeguards for international transfers. You may opt-out of such tracking via the cookie settings or browser add-ons where applicable.

14. Server logs and retention

Anonymized server log files (e.g., access timestamps, requested pages, amount of data transferred, browser, operating system) may be stored temporarily for site maintenance and security. Default retention periods are defined internally (e.g., up to six months), except where longer retention is required for investigations or legal reasons.

15. Social media plug-ins (2-click solution)

Where we embed social media plug-ins (e.g., LinkedIn, Facebook/Instagram, X), we use privacy-enhancing integrations (such as a 2-click solution) so that no connection to the social network servers is established until you activate the plug-in. Once activated, the social provider may directly receive data (including IP address) and may associate your activity with your profile if you are logged in to that service. Please refer to the social provider’s privacy documentation for details.

16. Right of appeal

You have the right to lodge a complaint with a competent data protection supervisory authority if you consider our data processing to violate applicable law. The authority responsible depends on your residence.

17. Contact for data protection questions, messages, requests

For questions, requests or to exercise your rights, please contact us at: ks@bocksybox.com

Company information: Box of Blocks Ltd.
Company No.: 2164977
Registered in: British Virgin Islands
Director: Kseniia Serikova

Contact Us

Ready to start? Bocksybox support team here for you!
Thank you! Your submission has been received!
Oops! Something went wrong, try again later