Black Tiger Privacy Policy

Last updated: July 15, 2025

How to use this Privacy Notice

This Privacy Notice is presented in a layered format to help you navigate it easily and understand how we handle your personal information.

If you are viewing this online, you can click on any of the section headings in the contents list to jump directly to that section.

1. INTRODUCTION

Black Tiger  (“we”, “us”, or “our”) is committed to protecting the privacy and rights of individuals whose Personal Data ( we collect and process. This Privacy Notice explains how we collect, use, disclose, and protect your Personal Data when you use our website and services (together, the “Service”), as well as your rights and choices under applicable data protection and privacy laws, including the EU and UK General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA) and other U.S. state laws.

This Privacy Notice applies regardless of where you are located when accessing our Service, and whether you are a consumer, business contact, or website visitor.

We process your Personal Data for specific, lawful purposes including the provision, maintenance, improvement, and security of our Service, in accordance with the applicable legal basis under relevant privacy laws. We do not collect, use, or share your information beyond what is necessary for those purposes, unless we are legally required to do so or you have given your explicit consent where required.

By using our Service, you confirm that you have read and understood this Privacy Notice. Please note that your use of the Service does not constitute consent where consent is required under applicable law

This Privacy Notice is presented in a layered format to help you navigate it easily and understand how we handle your personal information.

If you are viewing this online, you can click on any of the section headings in the contents list to jump directly to that section.

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Black Tiger is responsible for operating this website and our services. Under data protection laws, we are the Data Controller, which means we decide what personal data we collect, why we collect it, and how we use and protect it.

3. HOW TO CONTACT US

You can contact us at:

Black Tiger Privacy Team

Email: privacy@blacktiger.com

Address: 11 E 44th Street, Suite 1501, New York, NY 10017

4. DATA PROTECTION OFFICER (DPO)

We have appointed GRCI Law Limited as our Data Protection Officer (DPO) to oversee our data protection compliance.

If you have any questions about this Privacy Notice or how we handle your Personal Data, you can contact the DPO at:

Email: dpoaas@grcilaw.com

Postal Address:
GRCI Law Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom

If you are located in the UK, EEA, or another jurisdiction with applicable data protection laws, you may also contact the DPO to exercise your rights or raise concerns with a supervisory authority.

5. WHAT IS PERSONAL DATA?

"Personal Data" (also referred to as “Personal Information” under U.S. privacy laws and Personally Identifiable Information (PII) in some jurisdictions) means any information that identifies, relates to, or could reasonably be linked to an individual. This includes names, contact details, device data, and online identifiers. 

Some types of Personal Data are considered more sensitive under privacy laws, such as information about health, race or ethnicity, biometric data, political views, or precise geolocation, and may require additional protection or consent. These are sometimes called “Special Category Data” under the GDPR or “Sensitive Personal Information” under U.S. state laws.

6. WHAT PERSONAL DATA WE COLLECT

We may collect, use, store and/or transfer different kinds of personal data about you depending on our relationship with you and the jurisdiction in which you live . 

Personal data we collect includes:

  1. Identity Data: may include your full name, job title, company or organisation name, username or login
  2. Contact Data: may include your email address, mailing address, phone number, and other contact details provided via forms, service requests, or communications.
  3. Employment and Professional Data: Includes employer name, professional role, department, business contact details (e.g. work email or phone), and industry or sector information. If applying for a role, this includes your CV, cover letter, and responses to application forms or screening questions.
  4. Technical and Device Data: Collected automatically through your use of our services or platform, including:
    • IP address
    • Browser type and version
    • Operating system and device type
    • Language settings
    • Time zone
    • Referrer URL and login timestamps
    • Cookies and similar tracking technologies (with consent where required by applicable law)
  5. Platform and Usage Data: Includes data about how you interact with our website, platform, and tools, such as:
    • Session activity
    • Pages visited
    • Search queries
    • Clickstream behaviour
    • Feature or tool usage within our software
    • Error reports and diagnostic logs
  6. Compliance and Governance Data: Includes data entered into our platform in the course of using our data governance, master data management, and compliance tools, such as:
    • Metadata, tags, and identifiers from imported records
    • Audit logs, timestamps, and user actions for compliance tracking
    • Business rules, schema definitions, and user-generated configurations

      Note      : This data may include personal data processed by customers on our platform, for which Black Tiger acts as a data processor, not a controller.
  7. Communications and Support Data: Includes records of emails, chat transcripts, or support tickets submitted to our teams, as well as complaint or query correspondence and attachments related to user accounts, platform issues, or legal requests.
  8. Marketing and Preference Data: Includes your preferences for receiving communications from us, your opt-in status for newsletters or product updates, and your responses to marketing campaigns or surveys. This also includes tracking of communication engagement (e.g. email open rates).
  9. Financial and Transactional Data (Business Clients Only):Includes billing information such as name, address, VAT or tax ID, bank or card payment details, invoice history, and related financial records for subscription or licensing purposes.
  10. Location Data: May include geolocation based on your IP address or browser settings (e.g. city, region, country). We do not track precise location unless explicitly provided (e.g. during registration or survey completion).
  11. Images and Visual Content: If you choose to upload profile pictures, submit screenshots, or participate in recorded demos or webinars, we may collect and process visual content that includes your likeness or display name.
  12. Publicly Available Data: Includes professional data obtained from sources like LinkedIn, public company registers (e.g. Companies House), industry directories, or event attendance lists, used to support business development or account verification.
  13.  Consent and Notification Data: Includes records of when and how you gave consent (e.g. cookie banners, form submissions), including logs of marketing preferences and opt-out choices. This ensures compliance with GDPR, CCPA/CPRA, and other consent-based laws.
  14. Sensitive or Special Category Data (Limited Cases Only): We do not routinely collect special category data (e.g. health, race, religion, biometrics). However, if you provide such data voluntarily (e.g. in a job application or accessibility request), we will process it only where necessary and permitted under applicable laws with appropriate safeguards. Please avoid submitting sensitive data unless necessary for a clear purpose. If you wish to remove such content, contact us at privacy@blacktiger.com
  15. Aggregated and Anonymised Data: We generate aggregated, de-identified data for service improvement, product development, and analytics. This data cannot reasonably be used to identify any individual and is not considered personal data under applicable laws.

7. CHILDREN'S PRIVACY

Our Service is not directed to individuals under the age of 13 (“Children”), and we do not knowingly collect Personal Data from children under this age.

If you are a parent or guardian and believe that your child has provided us with Personal Data, please contact us at  privacy@blacktiger.com

If we become aware that we have collected Personal Data from a child without verified parental consent, we will take appropriate steps to delete that information from our systems.

Note for EEA/UK residents: In accordance with the UK and EU GDPR, the minimum age for consent may be up to 16 years, depending on the country. We do not knowingly collect Personal Data from anyone under the age of digital consent as defined by applicable law.

8. WHAT HAPPENS IF YOU DON’T PROVIDE YOUR INFORMATION 

You may always choose what personal data (if any) you wish to provide to us. Please note, however, our products and services cannot be provided to you if you choose not to provide certain details, for example, and we cannot reply to you without a name or contact details.

9. HOW WE COLLECT YOUR PERSONAL DATA

We collect Personal Data through a variety of sources, depending on how you interact with us. The collection is based on legal grounds permitted under applicable privacy laws, including your consent, the performance of a contract, our legitimate interests (such as providing and improving our services), or legal obligations.

  1. Direct Interactions

    We collect Personal Data directly from you when you:

    • Create an account, log in to our platform, or use our services;
    • Register for a demo, webinar, virtual event, or download gated content;
    • Communicate with us via email, phone, contact forms, or chat;
    • Complete forms, respond to surveys, or participate in promotions or competitions;
    • Subscribe to newsletters, product updates, or other marketing communications;
    • Submit job applications, upload resumes, provide reviews, or contribute content.
  2. Automated Technologies and Interactions

    When you interact with our website, platform, or emails, we may automatically collect certain technical and usage data through:

    • Cookies and similar tracking technologies;
    • System and user interaction logs (e.g. page views, feature usage);
    • Browser and device metadata (e.g. type, version, operating system, time zone);
    • IP address and inferred geolocation (e.g. country or city level).
  3. Third-Party Sources

    We may also obtain Personal Data from from trusted third-party sources where legally permitted and consistent with your reasonable expectations.  :

    • Public authorities, regulatory bodies, and publicly available databases ;
    • Business partners, event organisers, and companies providing services to us;
    • Analytics, technology, and advertising providers that help us improve our services and user experience;
    • Publicly available sources such as company registers, professional directories, or databases (e.g. Companies House, LinkedIn);
    • Social media platforms and user profiles (e.g. Facebook, Instagram, LinkedIn, Google, and X);
    • Providers of technical infrastructure, payment processing, or delivery services.

10. DATA ACCURACY

We are committed to maintaining the accuracy and relevance of the Personal Data we process. To help us do this, we ask that you keep your information up to date and inform us promptly of any changes during your relationship with us.

Under applicable privacy laws, including GDPR, you have the right to request that we correct or update inaccurate or incomplete Personal Data we hold about you.

To request an update or correction, please contact us at privacy@blacktiger.com

11. HOW WE USE YOUR PERSONAL DATA

We use your Personal Data to operate our business, deliver services, and improve your experience on our website and platforms. The purposes for processing your data are aligned with applicable privacy laws, including the UK and EU General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA), and other U.S. state privacy laws.

We process your Personal Data under one or more of the following lawful bases:

  • Performance of a contract: To provide our services, manage your account, fulfil transactions, or respond to requests prior to entering into a contract.
  • Consent: Where required by law, we rely on your consent (e.g. for email marketing, cookies, or processing sensitive data).
  • Legal obligation: To comply with applicable laws and regulatory requirements (e.g. tax, consumer protection, or data access requests).
  • Legitimate interests: To operate and improve our services in a secure and efficient manner. This includes fraud prevention, IT and network security, service analytics, and relevant business communications. We ensure our interests are balanced against your privacy rights.

We process Personal Data for purposes including:

  • Security and service integrity: To protect the confidentiality, integrity, and availability of our systems and user data.
  • Marketing and communications: To send relevant updates and promotional materials, in accordance with your preferences and applicable law.
  • Providing, operating, and improving our services
  • Responding to your enquiries or support requests
  • Sending service updates, administrative notices, or marketing content (where permitted)
  • Personalising your user experience
  • Conducting analytics to improve service performance and security
  • Complying with legal obligations

For more information about our lawful bases for processing, please refer to the Lawful Basis Table in Section 12.

If you have questions about how we process your Personal Data, or wish to object to certain types of processing, please contact us at: privacy@blacktiger.com

12. HOW WE USE YOUR PERSONAL DATA

We use your Personal Data to operate our business, deliver services, and improve your experience on our website and platforms. The purposes for processing your data are aligned with applicable privacy laws, including the UK and EU General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA), and other U.S. state privacy laws.

Purpose Type of Information Collected Lawful Basis Explanation of Legitimate Interests
Register as a Customer Identity Data, Contact Data Performance of a contract N/A
Publish a Review Identity Data Legitimate interests To ensure efficient platform operation and proper attribution of user-generated content.
Participating in Interactive Features Identity Data, Technical and Device Data, Platform and Usage Data Legitimate interests To analyse engagement trends and develop platform functionality to meet user expectations.
Prevent and Address Technical Issues Technical and Device Data, Platform and Usage Data Performance of a contract N/A
Allow Connections/Sharing from Social Media Identity Data, Technical and Device Data Performance of a contract To enable optional social media integrations.
Create a Facebook Audience Identity Data, Technical and Device Data, Financial and Transactional Data, Marketing and Preference Data Legitimate interests To improve advertising effectiveness and reach relevant audiences.
Provide services and manage user accounts Identity Data, Contact Data, Employment and Professional Data, Technical and Device Data, Financial and Transactional Data Performance of a contract N/A
Notify You About Changes Identity Data, Contact Data Performance of a contract To keep you informed of service changes relevant to your account.
Service updates and customer support Identity Data, Contact Data, Communications and Support Data, Employment and Professional Data Legitimate interests To maintain communication with users and provide timely assistance and service updates, ensuring user satisfaction and continuity of services.
Fraud detection and service security Identity Data, Contact Data, Technical and Device Data, Platform and Usage Data, Communications and Support Data, Employment and Professional Data Legitimate interests To protect the platform and users from unauthorised access and fraudulent activity, ensuring data integrity and service reliability.
Send promotional emails and marketing to new clients Marketing and Preference Data, Contact Data, Platform and Usage Data, Publicly Available Data Consent N/A
Send promotional emails and marketing to existing clients Marketing Data, Contact Data Legitimate interests To maintain client engagement and inform customers about new features, offers, and services relevant to their interests and relationship with Judge.me.
Conduct surveys, feedback and promotions Identity Data, Contact Data, Marketing and Preference Data Consent N/A
Process job applications and recruitment Identity Data, Contact Data, Employment and Professional Data, Publicly Available Data, Images and Visual Content, Sensitive or Special Category Data (where provided) Legitimate interests To evaluate suitability of candidates and manage recruitment fairly and efficiently.
Improve website, services and user experience Technical and Device Data, Platform and Usage Data, Communications and Support Data Legitimate interests To understand how services are used and improve functionality and performance to meet user expectations and preferences.
Gather Insights to Improve Services Technical and Device Data, Platform and Usage Data Legitimate interests To understand service use, identify issues, and enhance functionality.
Provide Data to Partners Identity Data, Financial and Transactional Data, Contact Data Performance of a contract To facilitate integration with merchant platforms.
Facilitate a Referral to a Service Provider Identity Data, Technical and Usage Data Consent To enable optional introductions and referrals requested by the user.
Comply with legal obligations Identity Data, Contact Data, Financial and Transactional Data, Communications and Support Data, Images and Visual Content Legal obligation N/A
Display or process personal images (e.g. profile photos, call screenshots) Images and Visual Content Legitimate interests To personalise user experience and support engagement or training.
Process cookies and track user behaviour on site Technical and Device Data, Platform and Usage Data Consent N/A
Respond to complaints and user enquiries Identity Data, Contact Data, Communications and Support Data, Employment and Professional Data Legitimate interests To respond effectively and maintain service quality.
Handle data subject rights requests Identity Data, Contact Data, Communications and Support Data Legal obligation N/A
Manage business acquisition or restructuring Identity Data, Contact Data, Employment and Professional Data, Financial and Transactional Data Legitimate interests To ensure business continuity and appropriate handling of personal data in the event of corporate changes.
Maintain Consent and Preference Records Consent and Notification Data Legal obligation To demonstrate compliance with GDPR and similar regulations.
Process Location Data Location Data Legitimate interests To deliver content and support based on regional needs (not precise tracking).

13. CHANGE OF PURPOSE

We will only use your Personal Data for the purposes for which it was originally collected, unless we reasonably determine that we need to use it for another purpose that is compatible with the original one. If you wish to receive further explanation on how the new purpose is compatible, please contact us.

If we intend to use your Personal Data for a purpose that is materially different or incompatible with the original purpose, we will notify you and explain the legal basis permitting such use, in accordance with applicable data protection laws.

Please note that, where required or permitted by law, we may process your Personal Data without your knowledge or consent, for example, where the processing is necessary for legal claims, public interest, or regulatory obligations.

14. RETENTION OF DATA

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting obligations, or to establish or defend legal claims.

To determine the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purpose of processing, and whether those purposes can be achieved by other means, in line with applicable laws such as GDPR, CPRA and other US State privacy laws.

In some cases, we may anonymise your Personal Data (so that it can no longer be associated with you) for statistical or research purposes. We may use such anonymised data indefinitely without further notice.

Where required by law (for example, under tax regulations), we may retain basic customer information (such as Identity, Contact, Financial, and Transaction Data) for a specified statutory period (e.g., six years in the UK).

You may request deletion of your data at any time, subject to certain legal or legitimate grounds (see Your Rights below).

15. SHARING YOUR DATA

We may share your Personal Data with trusted third parties where necessary to deliver our services, fulfil a contract, comply with legal obligations, or support our business operations. In all cases, we ensure appropriate safeguards are in place to protect your data and require third parties to process your information lawfully, securely, and only for specified purposes.

We may share your Personal Data with:

  • Webinar and content partners: where you register for joint events or co-branded content, your details may be shared with the named partner for that event, as disclosed at the time of registration.
  • Service providers: including IT infrastructure, cloud hosting, software vendors, analytics platforms (e.g. Google Analytics), and customer service tools, to help deliver and support our services.
  • Payment processors: used to securely process financial transactions. This may include third-party platforms that facilitate payments in compliance with relevant financial and data protection regulations.
  • Platform integration partners: where our services connect with external e-commerce, CMS, or SaaS platforms, your data may be exchanged to enable the integration or functionality requested by you.
  • Professional advisers: including legal counsel, auditors, accountants, or insurers engaged by us under duties of confidentiality and regulatory compliance.
  • Public authorities: including regulators, tax authorities, courts, or law enforcement, where required to comply with legal obligations or respond to lawful requests, subpoenas, or claims.
  • Marketing and social media partners: where you have opted in to receive marketing communications, or have interacted with our brand through social media channels. Data sharing will respect your preferences and applicable law.
  • Third-party processors or subcontractors: who act on our behalf to deliver certain services, under binding contractual agreements that include appropriate data protection obligations (e.g. Article 28 UK GDPR).
  • Prospective buyers or business partners: in the context of a business sale, acquisition, reorganisation, or similar transaction. Any such recipient will be required to respect this privacy notice or a comparable privacy framework.
  • Others with your consent: or as otherwise disclosed to you at the point of data collection, where specific sharing is explained and you have agreed.
  • We require all third parties with whom we share Personal Data to enter into appropriate contractual arrangements that ensure your information is processed lawfully, kept secure and confidential, and is not used for their own purposes.

We will never sell your Personal Data.

16. INTERNATIONAL DATA TRANSFERS

We may transfer and process your Personal Data outside of your country of residence, including to jurisdictions that may not provide the same level of data protection as your home country

Whenever we transfer your Personal Data internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including:

  • Transferring data only to countries recognised as providing an adequate level of protection; or
  • Implementing legally recognised safeguards such as:
    • Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities;
    • Data Transfer Agreements (DTAs);
    • Binding Corporate Rules (BCRs);
    • Express consent where no other mechanism applies and the transfer is not repetitive.

You may contact us at privacy@blacktiger.com for further information on the legal mechanisms we use to safeguard international data transfers.

17. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website to help us understand how visitors use our site, improve functionality, ensure security, and deliver a better user experience.

A cookie is a small text file placed on your device when you visit a website. Cookies serve various purposes, including recognising your browser, remembering your preferences, and collecting usage data to analyse website performance.

We currently use only essential cookies and basic analytics tools to support the secure and effective operation of our website. These may include:

  • Strictly Necessary Cookies: These are required for core functionality, such as page navigation, form submission, and access to secure areas of the site.
  • Performance/Analytics Cookies: These help us understand how visitors interact with our site (e.g. page views, time on site, or error messages). All data collected is aggregated and does not identify you personally.

We do not currently use marketing or advertising cookies, nor do we engage in cookie-based profiling or behavioural targeting.

Upcoming Cookie Consent Mechanism

We are in the process of implementing a cookie banner and preference centre to give you greater control over which types of cookies you allow. Once live, you will be able to:

  • Accept or reject non-essential cookies (e.g. analytics, marketing)
  • View detailed information about each category of cookie
  • Change your preferences at any time

Until this system is active, we are taking a conservative approach and limiting our use of cookies to those that are strictly necessary or aggregated analytics permitted under applicable data protection law.

How to Control Cookies

Most web browsers allow you to manage your cookie preferences via settings. You can typically:

  • Delete cookies already stored on your device
  • Block all or specific types of cookies from being set

Please note that blocking some types of cookies may affect how our website functions.

For more information on how to manage cookies in your browser, visit www.allaboutcookies.org.

If you have any questions about our use of cookies or data collection practices, please contact us at: privacy@blacktiger.com

18. THIRD-PARTY LINKS

Our website may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling such connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we strongly encourage you to read the privacy notice or policy of every website you visit, especially where the third party operates under different privacy laws.

19. HOW TO WITHDRAW CONSENT

You may withdraw your consent at any time, where consent is the legal basis, we rely upon to process your personal data. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal. However, please note that if you withdraw your consent, we may no longer be able to provide you with certain services or features. We will inform you if this is the case at the time of your request.

In some jurisdictions (e.g., under the EU and UK GDPR and  Canada's PIPEDA,), withdrawing consent may also trigger a right to erasure or restriction of processing.

In U.S. states with comprehensive privacy laws (such as California, Colorado, Virginia, Connecticut, Texas, Oregon, and others), consent is specifically required for:

  • Targeted advertising,
  • Sale of personal data, and
  • Processing of sensitive personal data (e.g., health, race, religion, precise geolocation).

For more details, please refer to the section titled: "Consent Requirements Regarding Targeted Advertising and Sale of Personal Information.”

20. DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?

We do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on individuals, as defined under the GDPR or other global privacy laws.

21. BROWSER PRIVACY SIGNALS AND "DO NOT TRACK" (DNT)

Some web browsers offer a "Do Not Track" (DNT) feature or other privacy signals, such as Global Privacy Control (GPC), which you can enable to signal your preference not to be tracked across websites.

Currently, our website does not respond to DNT signals, as there is no consistent industry standard for interpreting them.

However, we recognise, and honour browser-based privacy signals where required by law, such as Global Privacy Control (GPC) under the California Consumer Privacy Act (CCPA/CPRA) and other U.S. state laws that mandate the respect of such opt-out signals.

Where applicable (e.g., under California, Colorado, Connecticut, Virginia, Texas, and similar state laws), we treat a valid privacy signal as a request to opt out of:

  • The sale or sharing of personal data for targeted advertising, and
  • The use of sensitive personal information beyond what is necessary to provide services.

For jurisdictions such as the UK and EU , we offer additional privacy rights mechanisms (such as cookie consent banners or opt-out settings) to reflect your choices.

22. HOW WE KEEP YOUR PERSONAL DATA SECURE

The security of your data is important to us. We implement appropriate technical and organisational measures designed to protect your personal data from accidental loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption, secure data storage, and staff confidentiality obligations, aligned with recognised industry standards and legal requirements.

We restrict access to your personal data to employees, contractors, and authorised third parties who require it to perform their job duties and who are subject to contractual or legal confidentiality obligations.

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

We continue to review, monitor, and update our security practices to meet evolving standards

23. YOUR PRIVACY RIGHTS

We are committed to respecting your privacy and complying with applicable data protection laws in all jurisdictions in which we operate. We have implemented reasonable measures to enable you to exercise your data protection rights in a timely and transparent manner.

You may have the right, subject to applicable local laws and any lawful limitations, to exercise the following rights regarding your personal data:

  • Right of Access:  You may request confirmation as to whether we process your personal data and, where we do, request access to a copy of that data.
  • Right to Rectification:  You may request that we correct or update inaccurate or incomplete personal data concerning you.
  • Right to Erasure (Right to be Forgotten) : You may request the deletion of your personal data where there is no lawful basis for us to continue processing it. Please note that in some cases, deletion may not be possible due to contractual, legal, or regulatory obligations.
  • Right to Restrict Processing: You may request that we restrict the processing of your personal data where the accuracy of the data is contested, processing is unlawful, you have objected to processing, or the data is no longer needed but required by you for legal purposes.
  • Right to Data Portability: Where processing is based on your consent or the performance of a contract and carried out by automated means, you may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.
  • Right to Object: You may object to our processing of your personal data in certain circumstances, such as where the processing is based on our legitimate interests or where personal data is used for direct marketing purposes.
  • Right to Withdraw Consent:  Where we rely on your consent to process personal data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out prior to your withdrawal.

Whenever possible, you may update your personal data directly by logging into your account settings. If you are unable to make changes through your account or wish to exercise any of the rights listed above, please contact us at: privacy@blacktiger.com

We may request verification of your identity before responding to your request.

We aim to respond to all valid requests within one month, or within the time limits required by applicable data protection laws. Where legally permitted, this period may be extended by a further two months, if necessary, due to the complexity or number of requests, in which case we will inform you of the extension.

24. HOW TO MAKE A COMPLAINT

If you have concerns about how your personal data has been handled or believe your privacy rights have been infringed, please contact us first at privacy@blacktiger.com . We are committed to addressing and resolving privacy-related concerns promptly and fairly.

If you remain dissatisfied, you may contact the appropriate supervisory authority in your jurisdiction. Below is a non-exhaustive list:

  • United Kingdom: Information Commissioner's Office (ICO) : www.ico.org.uk
  • European Union / EEA: Contact your national Data Protection Authority – List of EU DPAs
  • United States: Refer to your state’s Attorney General: www.naag.org, or the Federal Trade Commission (FTC) : www.ftc.gov
  • Canada: Office of the Privacy Commissioner : www.priv.gc.ca

You may also have the right to seek judicial remedies under applicable data protection laws.

25. NON-DISCRIMINATION

We will not discriminate against individuals for exercising their privacy rights under applicable laws. This includes not denying services, charging different prices, or providing a different level of service, except where variations are permitted or required by law (e.g., differential pricing in California where explicitly allowed by the CCPA/CPRA).

26. POLICY CHANGES AND UPDATES

We may update or revise this Privacy Notice from time to time to reflect changes in our data processing practices, legal requirements, or operational needs.

Where required by applicable law, such as the UK and EU GDPR, or U.S. state privacy laws (e.g., California CPRA, Colorado, Virginia), we will notify you of any material changes before they take effect. Notification may occur through:

  • A prominent notice on our website or within our service,
  • A direct communication via email (where appropriate), or
  • Any other method required by law.

We will also update the “Effective Date” at the top of this Privacy Notice to reflect when the latest changes were made.

Your continued use of our services following any update will signify your understanding and acceptance of the revised Privacy Notice, to the extent permitted by law.

We encourage you to review this Privacy Notice periodically to stay informed about how we collect, use, and protect your personal information.

27. ADDITIONAL INFORMATION FOR CALIFORNIAN RESIDENTS (CCPA)

This section applies only to residents of the State of California and supplements the information in our general Privacy Notice. It describes your rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and how Black Tiger complies with these laws.

Unless otherwise defined in this section, terms such as "personal information," "business purpose," "sale," and "share" have the meanings given in the CCPA/CPRA.

We do not sell or share your personal information as defined under the CPRA. For more information about the categories of personal information we collect, how we use it, and the sources from which it is obtained, please refer to the relevant sections of this Privacy Notice.

  1. Categories of Personal Information Disclosed for Business or Commercial Purposes

    These categories reflect our good-faith belief, based on our business practices, and not all listed examples may have been disclosed in every case.

    • Category A: Identifiers (e.g. name, email, IP address)
    • Category B: Personal information categories from the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
    • Category F: Internet or other network activity (e.g. usage data, cookies)

    Whenever we disclose personal information for a business or commercial purpose, we enter into contracts with recipients that limit use to the stated purposes and require confidentiality and security protections.

    In the last twelve (12) months, we  may have collected and disclosed the following categories of personal information for a business or commercial purpose:

  2. Your Rights Under the CCPA/CPRA

    As a California resident, you have the following rights:

    • Right to Know: Request access to the personal information we have collected about you, including:
      • Categories and specific pieces of personal information
      • Categories of sources
      • Purposes for collection
      • Categories of third parties we disclosed to
      • Whether information was sold or shared (note: we do not sell or share personal information)
    • Right to Delete: Request that we delete your personal information, subject to certain legal exceptions.
    • Right to Correct: Request that we correct inaccurate personal information we hold about you.
    • Right to Limit Use of Sensitive Personal Information:  If we collect Sensitive Personal Information (SPI), you may limit its use to what is necessary to perform the services. Note: We do not collect SPI as defined by the CPRA.
    • Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. Note: We do not sell or share personal information, so this right does not apply.
    • Right to Non-Discrimination: You will not be penalised or treated differently for exercising your privacy rights.
  3. How to Exercise Your Rights

    To submit a verifiable request, contact us at: privacy@blacktiger.com

    Only you or a person registered with the California Secretary of State and authorised to act on your behalf may make a verifiable request. Your request must:

    • Provide sufficient information to verify your identity (or authority)
    • Describe your request in enough detail for us to understand, evaluate, and respond
    • We may not fulfil your request if we cannot verify your identity or confirm the information relates to you.

    We aim to respond within 45 days of receiving a verifiable request. If necessary, we may extend the deadline by an additional 45 days with notice. Disclosures will cover the 12-month period preceding your request.

    For data portability, we will provide your information in a commonly used, machine-readable format.

  4. Do Not Track” and Global Privacy Control Signals

    While our services do not respond to standard browser "Do Not Track" (DNT) signals, we recognise Global Privacy Control (GPC) signals as valid requests to opt out of the sale or sharing of personal data where required under California law.

  5. California “Shine the Light” Law (Civil Code § 1798.83)

    If you are a California resident with an established business relationship with us, you may request once per year information about how we shared your personal information (if any) with third parties for their direct marketing purposes. To make such a request, please contact us at privacy@blacktiger.com.

  6. California Privacy Rights for Minors

    If you are a California resident under 18 and have posted content on our platform, you may request removal of such content under California Business and Professions Code § 22581.

    To request removal, please email privacy@blacktiger.com,   stating the email address associated with your account. 

    Please note: removal may not be possible in certain circumstances, including where we are legally required to retain the information.

28. OTHER U.S. STATE PRIVACY RIGHTS

In addition to California, residents of the following U.S. states also have specific privacy rights under their respective laws: Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Tennessee, Indiana, and Iowa. These laws grant many of the same rights as the California Consumer Privacy Act (CCPA), including:

  • The right to access and delete personal information;
  • The right to correct inaccuracies;
  • The right to data portability;
  • The right to opt out of targeted advertising, the sale of personal data, and profiling (where applicable).

If you are a resident of one of these states and wish to exercise your rights, please contact us at: privacy@blacktiger.com

We do not sell personal data, and we do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects.

We honour valid Global Privacy Control (GPC) signals as opt-outs from targeted advertising where required (e.g., in California, Colorado, and Connecticut).