Skip to content Skip to footer
Chat with us
info@prospectree.com
1-800-458-56987
Facebook-square Linkedin Youtube-square Twitter-square
Buy Your Trees
Get Early Access
Close

Data Privacy Protection Statement – Privacy Policy

Effective Date: 27/2/2026
Last Updated: 27/2/2026

  1. Introduction / Definitions and Scope

This Privacy Policy describes how ProspecTree AD, a company incorporated under the laws of the Republic of Bulgaria (“Company”), collects, uses, stores, and protects the personal data of users (“User”) who access or use the website (the “Website”) and services (the “Services”).

This Policy is issued in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Bulgarian data protection law.

This Policy applies to all personal data collected through the Website, the Platform, and all interactions related to the conclusion and execution of an Individual Agreement regarding biological assets (trees).

Data Controller

ProspecTree AD
UIC (ЕИК): 206771617
9 Tsar Boris III Street,
Petrich 2850, Bulgaria
Email: info@prospectree.com

 

  1. Types of Personal Data Collected

The Company may collect the following categories of personal data:

  • Identification Data: Name, email, phone number, country of residence, date of birth.
  • KYC/AML Information: Proof of identity, residency, or other verification documents (third-party provider).
  • Payment Data: Limited transaction details (card details not stored by the Company.
  • Financial and Payout Data: International Bank Account Numbers (IBAN), SWIFT/BIC codes, and related banking information provided by the User for the purpose of receiving payments, lease fees, or other distributions as provided under the Individual Agreement.
  • Transactional Data: Records of payments, details of biological assets (trees) linked to the User, Tree IDs, and history within the Tree Ledger.
  • Technical Data: IP address, browser type, login credentials, device identifiers, operating system, access logs, referring pages, cookies.
  • Usage Data: How the User interacts with the Website and Services.
  • Communication Data: Any correspondence between the User and the Company.
  • Asset-Related Data: Information stored within the Tree Ledger and linked to the User’s Account, including:
  • Biological Identification: Tree ID, species type, and physical location within the Plantation.
  • Technical Logs: Records of agricultural maintenance, cultivation milestones, and technical status of the biological assets.
  • Agricultural Production Records: Data regarding the physical output derived from the assets (e.g., wood volume, essential oil quantities) and records of their commercial disposal as provided under the Individual Agreement.
  1. Lawful Basis for Processing

The Company processes personal data based on the following lawful grounds:

  • Performance of a Contract: To facilitate the conclusion and execution of the Individual Agreement and the delivery of Services.
  • Legal Obligation: To comply with Anti-Money Laundering (AML), Know Your Customer (KYC), and tax reporting and accounting regulations under Bulgarian and EU law.
  • Legitimate Interest: To ensure the technical security of the Platform, prevent fraud, and maintain the integrity of the Tree Ledger.
  • Consent: Where explicitly provided by the User for marketing communications, which may be withdrawn at any time.
  1. Purposes of Processing

Personal data is processed for the following purposes:

  • To enable and manage the User’s access to the Website and Services;
  • To perform identity verification (KYC/AML compliance);
  • To process transactions and issue linked digital identifiers (e.g., Tree IDs/NFTs);
  • To ensure legal and regulatory compliance;
  • To respond to inquiries or support requests;
  • To send administrative or promotional communications (with opt-out option);
  • To monitor, secure, and improve the Website and Services.
  1. Data Sharing and Third-Party Providers / Transfers

The Company does not sell or trade personal data. Information is shared with third parties strictly for the fulfillment of contractual and legal obligations, specifically:

  • Identity Verification Vendors: For KYC/AML screening and compliance.
  • Payment Processors: To facilitate financial transactions (the Company does not store full payment card details).
  • Banking Institutions: Personal data, such as the User’s IBAN and identity details, are disclosed to commercial banks solely for the processing of payouts, lease fees, and the execution of financial transactions as provided under the Individual Agreement.
  • Cloud and Hosting Services: For the secure operation of the Platform and the Tree Ledger.
  • Regulatory Authorities: When required by competent judicial or administrative bodies under applicable law.

Personal data shared with Third-Party Providers may be processed in jurisdictions outside the European Economic Area (EEA), subject to the safeguards detailed in Section 9 (International Transfers) below.

 

  1. Data Retention and Ownership Records

The Company retains personal data only for the duration necessary to fulfill the purposes for which it was collected, including the satisfaction of any legal, accounting, audit, or reporting requirements.

In accordance with applicable Bulgarian tax, accounting, and Anti-Money Laundering (AML) legislation, all personal data related to the conclusion, performance, and termination of any and all Individual Agreements — including identity verification records (KYC), transaction history, and communications — shall be retained for a period of ten (10) years following the termination of the last active Individual Agreement or the final cessation of the business relationship between the User and the Company.

This extended retention period is mandatory to safeguard the User’s permanent proof of ownership, ensure the integrity of the Tree Ledger, and fulfill the Company’s statutory obligations toward regulatory and tax authorities. Upon the expiration of this period, data shall be securely deleted or anonymized, unless further retention is required by law.

 

  1. Data Security and the Tree Ledger

The Company implements appropriate technical and organizational safeguards to ensure the security, confidentiality, and integrity of personal data against unauthorized access, loss, or alteration. These measures include advanced encryption protocols, strict access controls, and secure storage procedures. Access to personal data is restricted exclusively to authorized personnel and partners bound by professional confidentiality obligations.

Furthermore, data recorded within the Tree Ledger serves as a permanent, internal usage recording system, ensuring the traceability and integrity of biological assets throughout their lifecycle, in accordance with the security standards of the Platform.

 

  1. User Rights under GDPR

Under the General Data Protection Regulation (EU) 2016/679, the User holds the following rights:

  • Right to Access: To receive a copy of their processed data.
  • Right to Rectification: To correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Subject to statutory retention requirements (see Section 6).
  • Right to Restriction of Processing: To limit how data is used in specific circumstances.
  • Right to Data Portability: To receive data in a structured, machine-readable format.
  • Right to Object: To oppose processing based on legitimate interests or for direct marketing.
  • Right to file a complaint with the Bulgarian Commission for Personal Data Protection or the user’s local supervisory authority.
  1. International Transfers

If personal data is transferred to a jurisdiction outside the European Economic Area (EEA), the Company ensures that such transfers are governed by Standard Contractual Clauses (SCCs) or other adequacy mechanisms as provided by the European Commission.

 

  1. Cookies and Tracking

The Company uses cookies and similar technologies to enhance user experience, analyze Platform performance, support core functionalities, and ensure system security. Comprehensive details regarding the types of cookies used, their purposes, and how the User may manage their preferences are provided in the separate Cookie Policy, which is accessible on the Website.

 

  1. Amendments to this Policy

The Company reserves the right to amend or update this Privacy Policy at its sole discretion to reflect technological, legal, or operational changes. Updated versions will be published on the Website with a revised ‘Last Updated’ date. While minor or technical changes take effect immediately upon publication, the Company shall provide reasonable notice for any material changes that significantly affect User rights, where technically feasible and legally required. Continued use of the Website or Services following the publication of such changes constitutes the User’s express and unconditional acceptance of the amended Policy.