Privacy Policy

Effective: May 21, 2025 · Version 1.0 · Blackhole Enterprise FZ-LLC

sales-bot.io

Effective date: May 21, 2025

Version: 1.0

1. Data Controller

Company name:

Blackhole Enterprise FZ-LLC

Registered address:

FOB51646 Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates

Website:

https://sales-bot.io

Contact e-mail:

info@blackholemedia.eu

Activity:

Operation of a B2B sales automation SaaS platform

2. Purpose and Scope of This Policy

This Privacy Policy explains how Blackhole Enterprise FZ-LLC ("we", "us", or "Data Controller") collects, uses, and protects personal data when you visit or use the sales-bot.io platform ("Platform").

This Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR – Regulation 2016/679) and other applicable data protection laws. It applies to all visitors, registrants, and users of the Platform.

3. Personal Data We Process

3.1. Registration and Account Management

Data collected:

Full name, e-mail address, password (hashed), billing details (company name, address, VAT number), phone number (optional)

Purpose:

Creating and managing user accounts, maintaining the contractual relationship

Legal basis:

GDPR Art. 6(1)(b) – performance of a contract

Retention period:

Until account deletion; thereafter 5 years (accounting obligations)

3.2. Subscription and Payment Data

Data collected:

Billing address, billing e-mail, payment transaction ID (card details are processed solely by the payment provider; we do not store them)

Purpose:

Subscription management, invoicing, financial record-keeping

Legal basis:

GDPR Art. 6(1)(b) – contract performance; Art. 6(1)(c) – legal obligation (accounting laws)

Retention period:

8 years (statutory accounting requirement)

3.3. Contact and Support Inquiries

Data collected:

E-mail address, name, message content

Purpose:

Responding to inquiries and providing customer support

Legal basis:

GDPR Art. 6(1)(f) – legitimate interest (responding to your request)

Retention period:

1 year from case resolution

3.4. Web Analytics – Google Analytics 4

Data collected:

Anonymised IP address, browser type, operating system, pages visited, session ID, time on site, conversion events

Purpose:

Measuring Platform traffic, improving user experience, content optimisation

Legal basis:

GDPR Art. 6(1)(a) – consent (via cookie banner)

Processor:

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)

Third-country transfer:

To the USA, to Google LLC – under the EU–US Data Privacy Framework (DPF)

Retention period:

14 months (Google Analytics default)

3.5. Marketing Pixel – Meta Pixel (Facebook Pixel)

Data collected:

IP address, browser identifiers, cookies, visited URLs, conversion events (e.g. registration, subscription start)

Purpose:

Displaying remarketing ads, measuring ad performance, building lookalike audiences

Legal basis:

GDPR Art. 6(1)(a) – consent (via cookie banner)

Processor:

Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland)

Third-country transfer:

To the USA, to Meta Platforms, Inc. – under the EU–US Data Privacy Framework (DPF)

Retention period:

Per Meta's policy, typically 180 days

3.6. Session Cookies

Data collected:

Session identifier, authentication state

Purpose:

Authentication required for Platform operation

Legal basis:

GDPR Art. 6(1)(b) – contract performance (technical necessity)

Retention period:

Until session ends (browser close)

4. Cookies and Consent Management

Detailed information about our use of cookies is available in our Cookie Policy, accessible via the website footer. Non-essential cookies (analytics, marketing) are activated only upon explicit consent through the cookie banner displayed on first visit.

You may withdraw your consent at any time by updating your cookie preferences via the "Cookie Settings" link in the footer. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

5. Data Processors

We engage the following data processors:

Stripe, Inc.

Payment processing – USA (DPF basis)

Google Ireland Limited

Google Analytics – EU / USA (DPF basis)

Meta Platforms Ireland Ltd.

Meta Pixel, advertising services – EU / USA (DPF basis)

Cloud infrastructure provider

Hosting and application operation – EU data centres

E-mail service provider

Transactional e-mail delivery

We have entered into Data Processing Agreements with all processors in accordance with GDPR Art. 28.

6. International Data Transfers

We transfer certain data outside the European Economic Area (EEA), primarily to the USA (Google, Meta, Stripe). All such transfers take place under the EU–US Data Privacy Framework (DPF) or, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights

Under GDPR Chapter III, you have the following rights:

• Right of access (Art. 15): request information about the personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate data.
• Right to erasure ("right to be forgotten") (Art. 17): request deletion where the legal basis for processing no longer exists.
• Right to restriction of processing (Art. 18): request that processing be suspended in certain circumstances.
• Right to data portability (Art. 20): request your data in a machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at: info@blackholemedia.eu. We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with your local supervisory authority. For users in Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), 1055 Budapest, Falk Miksa utca 9–11; www.naih.hu.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS/TLS encryption for all data in transit;
• passwords stored using cryptographic hashing (bcrypt);
• access controls and audit logging;
• regular data backups;
• data security awareness training for staff.

In the event of a personal data breach, we will notify the competent supervisory authority in accordance with GDPR Art. 33 and, where required, affected individuals under Art. 34.

9. Minors

The Platform is intended exclusively for persons aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that data has been collected from a minor, we will delete it without delay.

10. Changes to This Policy

We reserve the right to update this Privacy Policy. Material changes will be communicated by e-mail or via the Platform at least 15 days before taking effect. The current version is always available at https://sales-bot.io/privacy-policy.

Blackhole Enterprise FZ-LLC | sales-bot.io | May 21, 2025