Privacy

This policy is issued by The Black Book, a private entity registered in Afghanistan, with a business address in Kabul, Afghanistan (the "Company", "we", "us", or "our"). The Black Book is the data controller responsible for the personal information described in this policy. For any privacy-related request, you can reach us through the channels listed on our contact page or by writing to The Black Book, Kabul, Afghanistan.

This policy applies to information we collect through our website, our contact and intake forms, and any messages you send us over email, Telegram, WhatsApp, or other channels we use to communicate. It also covers information processed in the course of delivering our distribution, community engagement, and outreach services. It does not apply to third-party websites, platforms, or services that we link to or that you use to reach us, each of which is governed by its own privacy terms.

We collect only the information needed to evaluate and deliver an engagement. This includes: (a) identity and contact details you provide, such as your name, company or project name, role, email address, phone number, and messaging handles; (b) inquiry details, such as your market, objectives, budget range, and what you are trying to achieve; (c) engagement data generated while we work together, such as briefs, approvals, reporting, and correspondence; and (d) technical and usage data automatically collected when you visit our website, such as your IP address, browser type, device information, referring pages, and interactions with the site.

We collect information directly from you when you submit a form, send us a message, or speak with us. We also collect technical data automatically through cookies and similar technologies when you browse our website. In limited cases, we may receive information from publicly available sources or from people who refer you to us, and only to the extent necessary to assess a potential engagement.

Our website may use strictly necessary cookies to function and may use limited analytics cookies to understand how visitors use the site so we can improve it. You can control or disable cookies through your browser settings; disabling certain cookies may affect how parts of the site work. We do not use cookies to build advertising profiles or to track you across unrelated websites.

We use your information to: respond to your inquiry and communicate with you; assess whether we are the right fit for your objectives; negotiate, enter into, and perform a service agreement; deliver, report on, and improve our services; maintain records and manage our business operations; prevent fraud, abuse, and security incidents; and comply with applicable legal and regulatory obligations. We do not sell your personal information, and we do not publish it without your consent.

Where applicable data-protection law requires a legal basis, we rely on one or more of the following: your consent, which you may withdraw at any time; the performance of a contract with you or steps taken at your request before entering into a contract; our legitimate interests in operating, securing, and growing our business in a way that does not override your rights; and compliance with our legal obligations.

We treat client information as confidential and share it only when necessary: with trusted service providers who support our operations (such as hosting, communications, and analytics providers) under appropriate confidentiality and data-processing terms; with professional advisers such as lawyers and accountants; with authorities or third parties where required by law or to protect our rights, safety, or property; and in connection with a business transfer such as a merger, acquisition, or reorganisation. We never sell or rent your personal information.

We may process and store information in countries other than the one in which you are located. Where information is transferred across borders, we take reasonable steps to ensure it is protected by appropriate safeguards and that any recipients are bound by confidentiality and data-protection obligations consistent with this policy.

We apply reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures include access controls, encryption in transit where available, and limiting access to information on a need-to-know basis. No method of transmission or storage is completely secure, so while we work to protect your data, we cannot guarantee absolute security.

We keep personal information only for as long as necessary to fulfil the purposes described in this policy, including to deliver our services, maintain business and accounting records, resolve disputes, and comply with our legal obligations. When information is no longer needed, we delete it or anonymise it. You may request earlier deletion of inquiry details that we are not required to retain.

Depending on your location, you may have the right to: access the personal information we hold about you; request correction of inaccurate or incomplete information; request deletion of your information; restrict or object to certain processing; request portability of information you provided to us; and withdraw consent where processing is based on consent. To exercise any of these rights, contact us using the details in this policy. We will respond within the time required by applicable law and may ask you to verify your identity first.

Our services and website are intended for businesses, founders, and professionals and are not directed to children. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us and we will take appropriate steps to delete it.

We communicate and deliver services through third-party platforms, including X, email providers, Telegram, and WhatsApp. When you interact with us through these platforms, your information is also subject to their respective privacy policies and terms, over which we have no control. We encourage you to review the privacy practices of any platform you use to contact us.

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "last updated" date below and, where appropriate, provide additional notice. Your continued use of our website or services after an update constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us through any channel listed on our contact page or write to The Black Book, Kabul, Afghanistan. We will do our best to address your inquiry promptly and in accordance with applicable law.