Legal Mentions & Data Policy

Protecting your trust and data

Protecting Your Trust and Data – Privacy Policy

Black River is committed to transparency and data protection. Our privacy policy outlines how we collect, store, and process personal information in full compliance with EU GDPR and international standards.

Effective Date: January 2025

Last Updated: November 2025

At Black River, we uphold the highest standards of transparency, confidentiality, and data integrity. This Privacy Policy explains how we collect, use, protect, and store personal information when you interact with our website, digital platforms, or investment services.

We comply with the European General Data Protection Regulation (EU GDPR 2016/679), the Luxembourg Data Protection Law, and where applicable, the Swiss Data Protection Act (DSG).

1. Scope and Applicability

This policy applies to:

  • Visitors of the website https://www.blackriver.green/ and its subdomains

  • Investors, partners, and organizations registering via our portals (e.g., Carbon Impact Bond, ITMO Partnership)

  • Representatives of local communities, project developers, and institutions interacting with Black River

  • Candidates applying for careers, internships, or fellowships

By accessing or submitting your data through our website, you acknowledge and accept the practices described in this policy.

2. Data We Collect

We may collect the following categories of data:

a. Identification Data

Name, organization, job title, email address, phone number, and country.

b. Professional and Financial Data

Investment interests, transaction details, KYC/AML documentation, and project-related submissions.

c. Technical Data

IP address, browser type, operating system, cookies, session logs, and referral data.

d. Voluntary Data

Information you share through contact forms, newsletter subscriptions, or project applications.

We do not collect sensitive data (such as political opinions or health data) unless required by regulation (e.g., KYC).

3. Purpose of Data Processing

Your data is processed for the following legitimate purposes:

  • Managing partnerships and investment relations (e.g., Carbon Impact Bond, ITMO Agreements)

  • Responding to inquiries, due diligence requests, and partnership proposals

  • Ensuring compliance with financial regulations (AML/CFT, ESG disclosure, ICMA, LGX)

  • Providing access to data rooms, dashboards, and newsletters

  • Website analytics, improvement of our digital services, and communication optimization

  • Legal and administrative compliance under Article 6(1) GDPR

We never sell, rent, or transfer your data to unauthorized third parties.

4. Legal Bases for Processing

We rely on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): When you voluntarily provide your data (e.g., newsletter, contact form).

  • Contractual necessity (Art. 6(1)(b)): When data is required to execute agreements or investments.

  • Legal obligation (Art. 6(1)(c)): When processing is mandated by law (e.g., KYC, AML).

  • Legitimate interest (Art. 6(1)(f)): When processing ensures platform security, analytics, or fraud prevention.

5. Cookies and Analytics

Our website uses functional cookies to enhance navigation and user experience.

  • We may use Google Analytics or equivalent GDPR-compliant services to collect anonymized usage statistics.

  • You can manage or withdraw your cookie consent at any time through your browser settings.

  • No tracking is performed for marketing purposes without explicit consent.

6. Data Storage and Security

We implement technical and organizational measures to secure data against unauthorized access, alteration, loss, or misuse.

  • All data is hosted on secure European servers compliant with ISO 27001 and GDPR.

  • Access to personal data is restricted to authorized personnel bound by confidentiality agreements.

  • Encryption (SSL/TLS) is applied across all data exchanges, and routine audits ensure continuous compliance.

7. Data Transfers to Third Countries

If data is transferred outside the European Economic Area (EEA), we ensure compliance through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy Decisions where applicable

  • Explicit user consent for transfers to jurisdictions without an adequacy ruling

8. Retention Period

We retain personal data only as long as necessary for the purpose of processing and in accordance with legal obligations.

  • For financial or contractual records (KYC, AML, investment data), retention may extend up to 10 years as required by law.

  • After this period, data is securely deleted or anonymized.

9. Your Rights under GDPR

You have the right to:

  • Access and obtain a copy of your personal data

  • Request rectification or deletion ("right to be forgotten")

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request portability of your data

  • File a complaint with your national Data Protection Authority

To exercise these rights, contact:

📩 privacy@blackriver.green

10. Links and Third Parties

Our website may contain links to partner sites (e.g., Verra, ICVCM, LGX, CertiCongo).

We are not responsible for the privacy policies or content of external websites.

We encourage you to review the policies of third-party sites before providing personal data.

11. Updates to the Policy

This Privacy Policy may be updated periodically to reflect regulatory changes or improvements in our practices.

The most recent version is always available at https://www.blackriver.green/legal/privacy-policy.

12. Contact

For questions, requests, or data concerns:

Black River Finance S.A.

📩 privacy@blackriver.green

Logo Black River