1. Introduction

POBLADO LABS LTD is a company duly incorporated and operating under the laws of the United Kingdom, with its principal place of business located in London, and registered with Companies House under the corresponding company number (“Poblado Labs”). Together with its affiliated entities, Plenti affirms its strong commitment to the protection of personal data and the privacy of data subjects, in line with its corporate purpose.

With the aim of establishing the fundamental principles and guidelines for the collection, storage, use, circulation, management, transfer, transmission, and deletion of personal data under its responsibility, Plenti presents its Personal Data Processing Policy (“Policy”), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We appreciate the trust you place in us by sharing your personal data, and we want to assure you that we handle this information with the seriousness, transparency, and responsibility it deserves, applying the highest standards of security and confidentiality as required by law.


2. Application

At Poblado Labs, we are committed to managing personal data in full compliance with the applicable data protection regulations of the United Kingdom. This policy is governed primarily by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), which together form the cornerstone of the UK’s data protection legal framework.

The Data Protection Act 2018 supplements and tailors the UK GDPR by providing national specifications on how personal data should be handled in various contexts. It defines lawful bases for processing, outlines conditions for processing special categories of personal data (such as health, religion, or political beliefs), and introduces specific rules for data processing related to law enforcement and national security. It also allows for certain exemptions in situations involving journalism, research, or legal proceedings.


3. Definitions

To facilitate understanding and compliance with our Personal Data Processing Policy, we have established the following definitions:

  • Consent: A freely given, specific, informed, and unambiguous indication by the Data Subject, signifying agreement to the processing of their personal data.

  • Database: An organized collection of personal data subject to processing.

  • Access Request: A request made by the Data Subject to obtain information about the personal data we hold about them.

  • Anonymous Data: Information that does not identify the Data Subject directly or indirectly, which Plenti may use for statistical or analytical purposes.

  • Personal Data: Any information relating to an identified or identifiable natural person (the "Data Subject").

  • Private Personal Data: Information of an intimate or reserved nature that is relevant solely to the Data Subject (e.g., health records, biometric data).

  • Semi-private Personal Data (Contextually adapted): Information that is not entirely public nor entirely private, such as financial or credit information, commercial activity data, or social security details, which may be of interest to certain sectors or the general public.

  • Public Data: Information that is lawfully available in the public domain and not classified as private or sensitive.

  • Data Subject: The identified or identifiable natural person to whom the personal data relates.

  • Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller. In this case, Plenti may act as a Data Processor when processing data on behalf of another entity.

  • Data Source (Adapted from "Fuente"): Any person or entity that provides or holds personal data, and shares such data with a Data Controller or Processor.

  • Operator (Adapted): An entity that collects and manages personal data from various sources and makes it available to Data Subjects in accordance with applicable regulations.

  • Platform: Refers to Plenti’s website and mobile application through which we provide our Services.

  • Complaint: A formal request submitted by the Data Subject to exercise their rights in relation to their personal data.

  • Data Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data.

  • Preliminary Procedure Requirement (Adapted from "Requisito de Procedibilidad"): A recommended step in which the Data Subject first contacts the Data Controller or Processor directly to resolve an issue before escalating to the Information Commissioner’s Office (ICO).

  • Services: Refers to the operations offered through Plenti’s Platform, including the commercialization of virtual assets. These assets, which are non-monetary and intangible in nature, are traded via blockchain networks (e.g., the Polygon network), stablecoins, and cryptocurrencies, using cash, bank transfers, or card payments.

  • Processing: Any operation or set of operations performed on personal data, including collection, recording, organization, storage, use, disclosure, or erasure.

  • Transmission: The act of sharing or delivering personal data to a third party, whether in the UK or abroad, for processing on behalf of the Data Controller.

  • Transfer: The communication of personal data between two Data Controllers, either within the UK or internationally, subject to appropriate safeguards and in compliance with UK data protection law

4. Fundamentals Principles

At Poblado Labs, we adhere to robust fundamental principles recognized under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These principles guide our actions in handling personal data stored on our platform and are detailed as follows:

  1. Principle of Purpose Limitation:
    Personal data is processed for specific, explicit, and legitimate purposes. The purpose of processing is clearly communicated to the Data Subject at the time of collection and will not be used for purposes incompatible with the original intent.

  2. Principle of Data Minimisation and Proportionality:
    The data collected is strictly necessary and proportionate to achieve the stated purposes. It must be adequate, relevant, and limited to what is required.

  3. Principle of Storage Limitation (Retention Period):
    Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, unless retention is required by law or regulatory obligations.

  4. Principle of Lawfulness, Fairness, and Consent:
    Processing is carried out lawfully and fairly, based on valid legal grounds under the UK GDPR (such as consent, legitimate interest, or contractual necessity). When consent is required, it must be freely given, informed, and explicit.

  5. Principle of Accuracy:
    Personal data must be accurate and, where necessary, kept up to date. We take reasonable steps to ensure that inaccurate data is corrected or erased without delay.

  6. Principle of Transparency:
    Data Subjects have the right to obtain clear and accessible information about the existence and processing of their personal data at any time.

  7. Principle of Integrity and Confidentiality (Security):
    We implement appropriate technical, organisational, and administrative measures to ensure the security of personal data, protecting it against unauthorised or unlawful processing, accidental loss, destruction, or damage.

  8. Principle of Restricted Access and Circulation:
    Except for public data, personal information is shared only with authorised individuals or third parties and under controlled circumstances, ensuring that access is limited and auditable.

  9. Principle of Confidentiality:
    All individuals involved in the processing of personal data are bound by strict confidentiality obligations, even after their professional or contractual relationship with Plenti ends.

5. Consent

At Poblado Labs, we understand the importance of trust in our relationship with our users. For this reason, we ensure that every consent given for the processing of personal data is an informed and empowered act. Here is how we approach it:

5.1 Transparent Collection

We obtain your consent in a clear and transparent manner, using methods permitted by applicable law. We also ensure that you can easily access and review your consents whenever needed.

5.2 Act of Trust

When you provide your consent, you place your trust in us to manage your personal data. Whether consent is given directly to Poblado Labs or to our designated processors, it implies that you understand this Policy and are aware of your rights regarding the processing of your data.

5.3 Informed Consent

We ensure that your consent is always informed. This means you are fully aware of the details of this Policy and your rights concerning the processing of your personal data.

5.4 Documented Recordkeeping

For your peace of mind, Poblado Labs keeps detailed records of how and when your consent was obtained. This ensures traceability and compliance with the commitments we have made. At Poblado Labs, we believe in transparency and accountability in every interaction. Your consent is the foundation of the trust we aim to build with you.

6. Data Management and Headling

At Poblado Labs, we take full responsibility as custodians of your personal data. The information we collect, whether directly or indirectly, varies depending on your relationship with us and may include, but is not limited to:

(i) Identification data, such as first and last name.
(ii) Contact and location details, including physical addresses, email addresses, and phone or mobile numbers.
(iii) Demographic information, such as gender and age.
(iv) Personal characteristics.
(v) Social context and circumstances.
(vi) Academic and professional background.
(vii) Employment details.
(viii) Financial, transactional, or insurance information.
(ix) Date of birth.
(x) Interests and preferences.
(xi) Information on how you became aware of our products and/or services.
(xii) Biometric and visual data, when necessary.
(xiii) Sensitive data, only when strictly required and processed in compliance with applicable law.

Poblado Labs may collect financial information for purposes such as executing payments, establishing and maintaining contractual relationships, reporting to credit reference agencies, and assessing potential risks. This processing is conducted in compliance with the UK GDPR, the Data Protection Act 2018, and other relevant financial and commercial data protection regulations.

Please note that Poblado Labs may report on breaches of obligations previously authorised by the Data Subject. Such reporting will always be carried out with due communication to the individual concerned and in accordance with applicable law.

If you choose not to provide certain personal data, we may be unable to offer specific products or services, and you may not receive information of interest through our designated communication channels.

At Poblado Labs, we respect the confidentiality of your data and retain it only for as long as necessary to fulfill the purposes outlined in this Policy, unless legal or contractual obligations require us to retain it for longer. We will always honor your right to request deletion of your data, except where retention is legally required.

7. Sensitive Data and Data of Minors

At Poblado Labs, we understand the importance of safeguarding sensitive information, especially when it involves the personal data of minors. We always act with the highest respect for the legal restrictions and protections associated with this type of data.

When we request or collect sensitive personal data, we do so only with the explicit consent of the Data Subject, unless otherwise permitted by law. In these cases, we ensure that individuals are clearly informed of the specific purposes for which the information will be used, and we emphasise that providing such data is entirely voluntary in accordance with applicable legislation. No activity or service will be conditioned on the provision of sensitive data.

When processing the personal data of minors, we take particular care to comply with the special rights afforded to children under UK data protection law. We guarantee that:

(i) The processing of such data will always consider the best interests of the child.
(ii) We will respect their fundamental rights and freedoms at all times.
(iii) We will consider the views of the child, taking into account their maturity, autonomy, and ability to understand the matter at hand. Their voices will be heard and valued in any process involving their personal data.

At Poblado Labs, we are committed to creating a safe and respectful environment for our younger users.

8. Purpose and Data Processing

8.1 General Purposes

a) Verify and update information provided by data subjects.
b) Formalise relationships through preliminary negotiations.
c) Negotiate, execute, modify, or terminate acts and/or contracts.
d) Contact individuals to share relevant information.
e) Collect, store, and process personal data within our databases.
f) Create user accounts and profiles on digital platforms.
g) Consult relevant information from risk or compliance databases.
h) Report compliance or non-compliance with contractual obligations.
i) Conduct background checks using lawful databases.
j) Submit reports to authorities and respond to official requests.
k) Comply with internal corporate policies.
l) Manage queries, complaints, and requests, ensuring the exercise of data subject rights.
m) Handle requests, claims, and related procedures.
n) Manage administrative, accounting, tax, financial, and operational processes.
o) Transfer personal data during corporate reorganisation processes.
p) Archive, update, and process personal data for internal purposes.
q) Protect the security of our facilities and conduct physical security activities.
r) Identify and control access to our premises, including the use of CCTV recordings for security purposes.

8.2 Specific Purposes – Clients

a) Collect information for commercial research and marketing activities.
b) Store personal data for historical recordkeeping and market segmentation.
c) Conduct satisfaction surveys and improve the quality of our services.
d) Verify legal, technical, and financial requirements.
e) Manage complaints, provide responses, and enable the exercise of rights.
f) Validate and verify identity to offer and provide products and services.
g) Access third-party data for risk management purposes.
h) Consult credit information agencies when necessary.
i) Develop and maintain commercial relationships and related activities.

8.3 Users and Visitors of the Poblado Labs Website

a) Provide access to and ensure proper functioning of the website.
b) Continuously improve the experience of users and visitors.
c) Remember preferences and offer personalised products, services, and promotions.
d) Build user and visitor profiles to optimise content.
e) Use geolocation references to personalise advertising.
f) Record usage patterns and behaviour for statistical analysis.
g) Monitor and ensure the proper use of the website.

8.4 Specific Purposes – Suppliers and Contractors

a) Contact individuals to manage existing relationships.
b) Verify legal, technical, and financial requirements.
c) Store personal data for historical recordkeeping and business prospecting.
d) Prevent fraud and misuse of information.
e) Develop and maintain commercial relationships and related activities.

8.5 Specific Purposes – Applicants, Employees, Former Employees, and Collaborators

a) Manage recruitment, active staff, and payroll processes.
b) Contact individuals regarding employment-related matters.
c) Comply with internal corporate policies and labour regulations.
d) Handle administrative tasks such as issuing employment certificates.
e) Transmit information to other entities within Poblado Labs.
f) Develop corporate activities, training sessions, and wellness programs.
g) Identify operations that may indicate fraud or other risks.
h) Collect feedback through surveys to improve service quality.

9. Data National and International Transfers

In compliance with applicable data protection regulations, Poblado Labs reserves the right to share, transmit, or transfer the personal data provided by data subjects to third parties, whether within or outside the United Kingdom. Such actions will always be carried out in accordance with the UK GDPR and the Data Protection Act 2018.

Personal data may be shared with Poblado Labs’ affiliated companies, whether located inside or outside the UK, as well as with business partners and commercial entities that have an active contractual relationship with Poblado Labs. These actions are undertaken solely to fulfill the purposes authorised by the data subjects and to ensure the effective provision of services.

In certain circumstances, Poblado Labs may perform data transfers to third parties located in jurisdictions:

  • Recognised by the UK Government as providing an adequate level of data protection (adequacy decisions)

  • Where appropriate safeguards are in place, such as International Data Transfer Agreements (IDTAs) or Binding Corporate Rules (BCRs)

  • Where explicit consent has been obtained from the data subject, or when otherwise required or permitted by law.

By accepting this Policy, data subjects consent to Poblado Labs performing these transfers, including transfers to cloud service providers located in jurisdictions with varying levels of data protection, provided such transfers are safeguarded under the mechanisms allowed by UK data protection law.

10. Third Party Websites and Technologies

As part of our ongoing efforts to enhance your online experience, Poblado Labs uses cookies and similar identification technologies across our platforms, including our website, electronic communications, advertisements, and other online services. These tools allow us to better understand your behaviour and interests to provide a more personalised experience.

How do we use these technologies?

  • User Authentication: To help keep your session secure and protect your privacy.

  • Preference Management: To remember your settings and preferences for future visits.

  • Content Performance Analysis: To evaluate the relevance and popularity of our content.

  • Advertising Effectiveness: To measure and optimise the performance of our campaigns.

  • Traffic and Behaviour Analysis: To understand usage patterns and trends on our platforms.

Your Control Over Cookies

You have control over how cookies are managed. Most browsers allow you to accept, reject, or receive notifications about the use of cookies. Please note that rejecting all cookies may impact the functionality or effectiveness of certain features, products, or services we offer.

Third-Party Links

Our website may contain links to platforms or websites operated by third parties. If you choose to explore these links, please be aware that the processing of personal data by these third parties is governed by their own privacy notices and policies. Poblado Labs is not responsible for the collection, use, or disclosure of your personal data by third-party websites. We encourage you to review their privacy practices before providing any personal information.

11. Data Subject Rights

At Poblado Labs, we believe in empowering you to have full control over your personal data. As a data subject, you are entitled to the following rights under applicable data protection law (UK GDPR and Data Protection Act 2018):

a) Right of Access (Subject Access Requests)
You can request confirmation of whether we process your personal data and obtain access to that data at no cost.

b) Right to Rectification
You can request that we update or correct inaccurate or incomplete personal data to ensure it always reflects your current information.

c) Right to Proof of Consent
You may request evidence of the consent you have given us, reinforcing our commitment to transparency.

d) Right to Lodge a Complaint
If you believe that any aspect of our processing does not comply with applicable law, you may raise a complaint with us and, if unresolved, with the Information Commissioner’s Office (ICO), the UK’s supervisory authority.

e) Right to Erasure (“Right to be Forgotten”) and Withdrawal of Consent
You can request deletion of your personal data or withdraw your consent at any time, provided there are no overriding legal or contractual obligations requiring us to retain it.

f) Right to Restrict or Object to Processing
You can object to or request restrictions on certain types of processing, including direct marketing activities.

g) Right to Data Portability
Where technically feasible, you can request that we provide your data in a structured, commonly used, and machine-readable format so it can be transferred to another controller.

h) Right Not to Be Subject to Automated Decision-Making
You have the right to request human intervention in cases where decisions about you are made solely through automated processes that significantly affect you.

Important Notes

  • The exercise of these rights is free of charge, and we aim to respond within the timeframes required by law (generally one month).

  • These rights are personal and exclusive; they can only be exercised by you or by a legal representative duly authorised to act on your behalf.

    At Poblado Labs, your privacy is a top priority. We are committed to ensuring that the process of exercising your rights is clear, accessible, and transparent

12. Communication Channels

We know your personal data is important to you, and we want to hear from you. To exercise your rights or submit any queries or complaints regarding this Policy or the processing of your personal data, please contact our dedicated team at:

  • Email: information@pobladolabs.uk

  • Postal Address: Flat 6, London, United Kingdom, SW11 6ER

Our team is committed to ensuring compliance with applicable data protection laws and to addressing your concerns promptly and transparently.

13. Withdrawal of Consent and Data  Erasure

We want you to remain in full control of your personal data. You may withdraw your consent and request the erasure of your data in the following circumstances:

  • At any time, at your own discretion.

  • When you believe we are not adhering to the principles or rights established under applicable data protection law.

If you believe that your information should be corrected, updated, or deleted, or if you wish to raise a complaint about how we process your data, you can submit a request through either of the following channels:

  • Written request to: Flat 6, London, United Kingdom, SW11 6ER

  • Email: information@pobladolabs.uk

Your request must include:
(i) Your identification details.
(ii) A clear description of the facts or issue.
(iii) Your contact information and address.
(iv) Any supporting documents or evidence related to your claim.

If any of this information is missing, we will notify you and give you five (5) working days to provide the required details.

We aim to respond to your request within fifteen (15) working days. If additional time is needed due to the complexity of the matter, we will inform you of the reason for the delay and provide a new response date, which will not exceed an additional eight (8) working days.

Our Customer Service team is responsible for receiving and coordinating your requests, ensuring that all areas of Poblado Labs respond promptly and appropriately.

14. Effective Date

This Policy is effective as of 1 January 2025 and will remain in force until it is expressly revoked or modified. Your trust is important to us, and we are committed to keeping you informed of any significant changes to this Policy.