Privacy Policy

Privacy policy E-pick by Murasaki

Welcome to E-pick. E-pick is a Service of Murasaki. We (Murasaki B.V.) can process Personal Data, as referred to in the General Data Protection Regulation (GDPR) and as further defined below. We can do this when you visit our website and/or use our Service.

In this Privacy Policy we explain to you which Personal Data we process and for what purposes we do so. This Privacy Policy was last updated on June 30, 2025.

Definitions

In this Privacy Policy the following definitions, always capitalised and used in both singular and plural, have the following meanings:

  • Privacy Policy: this privacy policy of Murasaki B.V.

  • Service: The browser-based card pack platform operated by Murasaki B.V., accessible via our website.

  • Personal Data: Any information relating to an identified or identifiable individual, as defined in Article 4(1) of the GDPR.

  • Usage Data: Information collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., page visit durations, clicks, IP address).

  • Cookies: Small text files placed on your device to store data about your activity and preferences.

  • Data Subject: Any identified or identifiable natural person from whom Personal Data is processed.

  • Data Controller: The party that determines the purposes and means of the processing of Personal Data — in this case, Murasaki B.V.

  • Data Processor: A third party who processes Personal Data on behalf of Murasaki B.V.

When does this Privacy Policy apply?

This Privacy Policy applies to the visit to our website and the use of our Service. This Privacy Policy also only applies to processing of Personal Data by us as Data Controller. If an organization processes your Personal Data through our Service, then this organization is the Data Controller. We are then the Data Processor. In that case, this Privacy Policy does not apply.

Personal Data We Collect

We collect Personal Data from you in a variety of ways, including when you use our Service, interact with us, or communicate through third-party platforms. The types of data, which can include Personal Data, we collect include:

1. Information You Provide to Us

  • Contact Data: Your email address and (if applicable) shipping address, phone number, or other contact details you provide when using the Service or contacting support. The basis for the processing of this Personal Data is Article 6(1)b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide the Service to you.

  • Wallet Data: Your cryptocurrency wallet address used for receiving proceeds from card sales or making purchases. The basis for the processing of this Personal Data is Article 6(1)b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide the Service to you.

  • Account Data: Any credentials used to access features of the Service, such as your username and password (if applicable). The basis for the processing of this Personal Data is Article 6(1)b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide the Service to you.

  • Communications: Any information you send to us through email, contact forms, or customer support channels. The basis for the processing of this Personal Data is Article 6(1)a of the GDPR: you have given us permission to process this data, because you have explicitly chosen to send us the information.

  • Transaction Data: Details of your card purchases, crypto payouts, and related payment activity (including transaction hashes and blockchain metadata). The basis for the processing of this Personal Data is Article 6(1)b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide the Service to you.

  • Marketing Preferences: Your opt-in or opt-out preferences for newsletters and/or promotional communications. The basis for the processing of this Personal Data is Article 6(1)a GDPR: you have given permission for the processing of this Personal Data, because you have chosen to receive this kind of communications.

2. Information We Obtain from Third Parties

We may combine the information you provide with data from:

  • Analytics providers (e.g., Google Analytics)

  • Payment processors

  • Affiliate partners or marketing platforms

  • Social media platforms, if you connect or interact with us through them

The legal basis for the processing of this Personal Data is Article 6(1)f of the GDPR: we have a legitimate interest in this processing. This information is required for the Service to function properly. Or the legal basis might be Article 6(1)b of the GDPR: the processing is necessary for the performance of the agreement between us and you, because it is necessary to provide the Service to you.

3. Information Collected Automatically

We and our service providers may automatically log:

  • Device Data: Your browser type, operating system, IP address, screen size, device identifiers, and language settings.

  • Usage Data: Your activity on the Service, such as pages viewed, navigation paths, time spent on pages, and interactions with features.

  • Cookies and Tracking Technologies: As described in the “Cookies and Tracking Technologies” section, we use first-party and third-party cookies, tags, and scripts to analyze use of the Service and personalize content.

The legal basis for the processing of this Personal Data is Article 6(1)f of the GDPR: we have a legitimate interest in this processing. This information is required for the Service to function properly.

How We Use Your Personal Data

We use your Personal Data for the following purposes, or as otherwise described at the time of collection or at the specific type of data processing described above:

1. Service Delivery and Operations

We process your Personal Data to:

  • Provide and operate the Service;

  • Facilitate card purchases, crypto payments, and card sales;

  • Maintain and verify user accounts and wallet addresses;

  • Provide technical support and respond to user inquiries;

  • Personalize user experience based on preferences and activity.

2. Communication

We may use your Personal Data to:

  • Send transactional messages such as confirmations, technical notices, updates, security alerts, and administrative messages;

  • Contact you about changes to the Service;

  • Deliver customer service and support.

3. Marketing and Promotions

With your consent (Article 6(1)(a) GDPR), we may:

  • Send you newsletters, promotional content, special offers, and announcements about new features or services;

  • Customize and optimize our marketing based on your interaction with the Service.

You may opt out of marketing communications at any time using the unsubscribe link provided in our emails or by contacting us.

4. Research and Development

We use aggregated and de-identified data to:

  • Analyze how the Service is used;

  • Improve the functionality, performance, and design of the Service;

  • Develop new features and services.

5. Compliance, Protection and Legal Obligations

We may process your Personal Data to:

  • Comply with applicable laws, legal obligations, and requests from public authorities;

  • Enforce our Terms of Use or other legal rights;

  • Prevent, investigate, or take action against suspected fraud, abuse, or illegal activities;

  • Maintain the security and integrity of our systems and services.

6. With Your Consent

We may process your Personal Data for any other purpose for which you explicitly grant consent. In such cases, you have the right to withdraw your consent at any time.

Cookies and Tracking Technologies

We use Cookies and similar technologies to collect information about your interaction with the Service and to improve your experience.

What Are Cookies?

Cookies are small data files placed on your device when you visit a website. They allow us and our partners to recognize your device, store preferences, and understand how you use our Service.

We may also use related technologies such as:

  • Web beacons (pixels) – small images embedded in emails or pages that track engagement;

  • Local storage (e.g. HTML5) – used to store data on your device for certain functionalities;

  • SDKs – third-party tools used within our platform for analytics, performance, or advertising features.

Types of Cookies We Use

Type

Purpose

Strictly Necessary

Required to provide core functionality (e.g., session management).

Preferences

Remember user settings (e.g., language or display options).

Analytics

Understand user activity and improve the Service (e.g., via Google Analytics).

Advertising

Deliver personalized ads and measure effectiveness (e.g., Google AdSense).

Your Cookie Choices

You may choose to:

  • Configure your browser to reject some or all Cookies;

  • Delete Cookies already stored on your device;

  • Use browser extensions to manage tracking preferences.

Please note: Disabling Cookies may impair certain features of the Service.

For more information about Cookies and how to manage them, visit www.allaboutcookies.org.

How We Share Your Personal Data

We may share your personal data with the following parties, or as otherwise disclosed to you at the time of collection:

1. Service Providers

We share data, which may include Personal Data, with third-party vendors and partners who help us operate the Service and our business. These include:

  • Hosting and cloud service providers

  • Payment and cryptocurrency processing partners

  • Email and customer support tools

  • Analytics providers (e.g., Google Analytics)

  • Advertising networks (if applicable)

These service providers only access your data as needed to perform their functions and are contractually obligated to process Personal Data only on our behalf and in accordance with this Privacy Policy and applicable laws.

2. Professional Advisors

We may share data with legal, financial, or compliance advisors (e.g., lawyers, auditors, accountants, and insurers) where necessary for legitimate business interests.

3. Law Enforcement and Government Authorities

We may disclose personal data when legally required to do so, such as:

  • To comply with a subpoena, court order, or legal obligation;

  • To respond to law enforcement requests;

  • To protect our rights, users, or the public (e.g., fraud prevention, security).

4. Business Transfers

We may share or transfer your data in connection with any actual or potential merger, acquisition, financing, sale of assets, or similar business transaction. You will be notified before your data is transferred and becomes subject to a different privacy policy.

5. Other Users or the Public

If the Service allows for optional public features (e.g., leaderboards or profile pages), and you choose to make your activity visible, your information may be accessible to others. However, we do not publicly display wallet addresses or transaction history by default unless explicitly permitted by you.

Your Rights and Choices

As a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR). We are committed to upholding these rights and providing you with control over your personal data.

1. Your GDPR Rights

You have the right to:

  • Access – Request access to the Personal Data we hold about you, including copies of that data.

  • Rectification – Request that we correct any inaccurate or incomplete Personal Data.

  • Erasure (“Right to Be Forgotten”) – Request that we delete your Personal Data, subject to certain legal exceptions.

  • Restriction – Request that we temporarily or permanently stop processing all or some of your Personal Data.

  • Objection – Object to our processing of your Personal Data where we rely on legitimate interest as a lawful basis.

  • Data Portability – Request a copy of your Personal Data in a structured, commonly used, and machine-readable format, and request us to transfer it to another Data Controller (where technically feasible).

  • Withdraw Consent – If we process your Personal Data based on your consent (e.g., marketing emails), you may withdraw that consent at any time.

You may exercise these rights by contacting us using the contact information provided at the end of this Privacy Policy. We may request proof of identity before fulfilling your request.

2. Access and Update Your Information

If you have an account with us, you may access, update, or correct certain account information directly by logging into your account. For other changes, please contact us.

3. Marketing Communications

You may opt out of receiving promotional emails from us by following the unsubscribe instructions in the email or by contacting us. Please note that even after opting out, you may still receive non-promotional communications related to your account or transactions.

4. Do Not Track and Cookie Preferences

You may configure your browser to block cookies or use privacy extensions. We currently do not respond to browser “Do Not Track” signals, as there is no industry-standard mechanism for compliance.

International Data Transfers

We are based in the Netherlands and primarily store and process Personal Data within the European Economic Area (EEA). However, some of our service providers may operate in countries outside of the EEA.

When Personal Data is transferred to countries outside of the EEA that do not provide an adequate level of data protection under EU law, we ensure that appropriate safeguards are in place. These may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;

  • Binding Corporate Rules (BCRs) where applicable;

  • Other lawful transfer mechanisms permitted under the GDPR.

Your Acknowledgment of Cross-Border Processing

By using the Service or providing your Personal Data to us, you acknowledge that your data may be transferred to — and processed in — countries outside of your country of residence. These jurisdictions may have data protection rules that are different from those of your jurisdiction.

We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy.

Data Retention

We do not keep your Personal Data longer than necessary for the purposes for which they were collected or used. We only keep the Personal Data for a longer period if this is necessary to comply with a legal obligation, such as a tax retention obligation. We may also retain anonymized or aggregated data that no longer identifies you, amongst others for analytical or statistical purposes.

Security

We take the protection of your Personal Data seriously and implement appropriate technical and organizational measures to safeguard it against unauthorized access, loss, misuse, alteration, or destruction.

Measures We Use Include:

  • Encrypted data transmission using HTTPS;

  • Access controls and authentication mechanisms;

  • Regular security assessments and updates;

  • Data minimization and access limitation on a need-to-know basis.

Despite these efforts, no method of electronic transmission or storage is 100% secure. Therefore, while we strive to protect your Personal Data, we cannot guarantee its absolute security.

If you believe your interaction with the Service is no longer secure, please contact us immediately using the contact details provided below.

Children’s Privacy

Our Service is not directed to, and we do not knowingly collect Personal Data from, individuals under the age of 18.

If you are a parent or guardian and you believe that your child has provided us with Personal Data without your consent, please contact us. If we learn that we have collected Personal Data from a minor without verified parental consent where required by law, we will take steps to delete that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time in order to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes to this Privacy Policy, we will:

  • Post the updated policy on this page;

  • Update the date at the top;

  • Where appropriate, notify you via email or a notice on the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we process your Personal Data.

Contact Information and Complaints

If you have any questions, concerns, or complaints regarding this Privacy Policy or our processing of your Personal Data, you can contact us at:

Murasaki B.V. Wilhelmina van Pruisenweg 35 2595AN 's-Gravenhage The Netherlands Email: epick@murasaki.community

Complaints to Supervisory Authority

If you are a resident of the European Economic Area (EEA) and believe that we have not complied with data protection laws, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens Website: https://autoriteitpersoonsgegevens.nl

PreviousTerms of Use

Last updated