Controller: BlackStar Capital
Single contact for all privacy matters and requests: legal@blackstarcapital.com

1. Scope
   This Privacy Policy explains how BlackStar Capital (“BlackStar”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our website and any pages we control that link to this Policy (the “Site”).
2. Personal Data We Collect
   a) Inquiry/contact data: name, work email, company/role, message content, and any files you send (do not submit material non-public information).
   b) Usage/technical data: IP address, device/browser details, language, pages viewed, timestamps, referrer/UTM, error logs (via essential cookies and, if you consent, analytics cookies).
   c) Relationship data (prospects/partners/investors): identifiers, professional details, diligence information, communications, and contractual data gathered during outreach, onboarding, or engagement.
   We do not intentionally collect data from children under 16.
3. Sources
   a) Directly from you (forms, email).
   b) Automatically from your device (cookies/SDKs).
   c) Service providers and professional advisers assisting operations.
   d) Public sources and referrals for business development.
4. Legal Bases by Data Category (EEA/UK)
   • Inquiry/contact data → contract or legitimate interests (responding efficiently).
   • Usage/technical data → legitimate interests (operate/secure the Site); analytics only with consent where required.
   • Relationship data → contract or legitimate interests (evaluate opportunities, manage engagements).
   We perform legitimate-interest balancing tests; a summary is available on request at legal@blackstarcapital.com.
5. Purposes
   a) Respond to inquiries and manage relationships.
   b) Operate, secure, debug, and improve the Site; prevent fraud/abuse.
   c) Run analytics (only with consent where required).
   d) Comply with laws, handle regulatory requests, enforce our rights.
   e) Evaluate opportunities, screen prospects/partners, and communicate with investors per applicable agreements.
6. California and Certain US State Disclosures
   We do not sell or share personal information for cross-context behavioral advertising and do not use sensitive personal information to infer characteristics. If practices change, we will honor opt-out rights and display a “Do Not Sell or Share My Personal Information” link. We honor Global Privacy Control (GPC) signals where required.
7. Cookies and Similar Technologies
   We use essential cookies for core functionality and, with consent where required, analytics cookies to improve performance. Manage preferences anytime via the cookie banner or your browser settings. Details are provided in the Cookie Policy and consent interface.
8. How We Disclose Personal Data
   a) Service providers processing data under our instructions (hosting, security, analytics, IT/support, email/docs, administrators).
   b) Professional advisers (law, audit, consulting) under confidentiality.
   c) Authorities/regulators when legally required.
   d) Successors in corporate transactions, subject to safeguards.
   We do not sell personal data.
9. International Transfers
   Where personal data is transferred outside your jurisdiction, we implement safeguards such as the EU Standard Contractual Clauses and/or the UK IDTA/Addendum (as applicable) and require recipients to protect the data. You may request details of these safeguards at legal@blackstarcapital.com.
10. Retention
    • Inquiry/contact records: up to 24 months after last interaction unless needed longer for legal claims.
    • Usage/technical logs: 12 months unless needed for security/troubleshooting.
    • Contractual/relationship and compliance records: for the contract term and up to 7 years thereafter, or longer if law requires.
    After expiry, data is deleted or irreversibly anonymized.
11. Your Rights
    EEA/UK: access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests; withdraw consent at any time (does not affect prior processing). You may complain to your local supervisory authority (EEA national DPA or, in the UK, the ICO).
    California/US state laws: right to know/access, delete, correct, and appeal denials. We will not discriminate for exercising rights.
    Automated decision-making: we do not engage in automated decisions that produce legal or similarly significant effects.
12. Submitting Requests and Our Process
    Email legal@blackstarcapital.com with “Privacy Request” and the right you wish to exercise. We verify identity by matching your request to data linked to your email and, if needed, limited extra information. Authorized agents may act for you with proof of authorization and identity verification. We respond within one month (EEA/UK) or 45 days (California); extensions (up to two additional months EEA/UK; up to 45 additional days California) may apply with notice. If denied, you may appeal by replying to our decision email; we will provide a written decision on appeal.
13. Security
    We apply administrative, technical, and organizational safeguards appropriate to the nature and risk of processing to protect against unauthorized access, loss, misuse, alteration, or destruction. No method of transmission or storage is fully secure.
14. Third-Party Links
    Third-party sites/services linked from the Site have their own privacy practices. Review their policies before providing personal data.
15. Investment and MNPI Caution
    Do not send material non-public information through the Site or by email. If diligence requires confidential information, we will provide secure channels subject to appropriate agreements.
16. Children
    The Site is not directed to children under 16, and we do not knowingly collect their data. If you believe a child provided data, contact legal@blackstarcapital.com so we can delete it.
17. Representatives and DPO
    EU representative: not appointed; we will appoint one if Article 27 GDPR requires it.
    UK representative: not appointed; we will designate one if UK GDPR representative requirements apply.
    Data Protection Officer: not appointed; we will appoint a DPO if Article 37 GDPR criteria become applicable. Contact for all matters remains legal@blackstarcapital.com.
18. Changes to This Policy
    We may update this Policy. The “Last updated” date above shows the latest version. Material changes will be highlighted on this page. Continued use of the Site after changes constitutes acknowledgment of the updated Policy.
19. Contact
    For any privacy question, request, or complaint—including requests for transfer-safeguard details or legitimate-interest summaries—email legal@blackstarcapital.com.