Blink Business Technologies Inc ("Blink Inc") Data Privacy Framework Privacy Notice

Contents

Summary of this notice

  1. This supplement sets out the Data Privacy Framework Privacy Notice of Blink Inc. and supplements the Blink Privacy Notice at https://www.joinblink.com/privacy-policy (“Blink Privacy Notice”), to make available to you the information as set out below, as required by Blink Inc’s participation in and adherence to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework; and the Swiss-US Data Privacy Framework.

Who we are

We are Blink, a US-based company with offices as set out below:

  • Blink Business Technologies Inc, a Delaware corporation, with its registered office address at 353 West 48th Street, 4th Floor New York, NY 10036; and
  • Business offices located at 361 Newbury Street, 3rd Floor, Boston, MA 02115.

In this notice, “Blink Inc”, “us”, “we” refers to this company, specifically.

What this notice covers

  • We recognize that the EEA, and the UK and Gibraltar, and Switzerland have established strict protections regarding the handling of personal data, including requirements to provide adequate protection for personal data transferred outside of the EEA, UK and Gibraltar, and Switzerland.
  • To provide adequate protection for certain personal data about Customers, Business Contacts, End Users, Website Users, prospects and business partners received by us in the US from the EEA, UK and Gibraltar and Switzerland ("Personal Data"), Blink Inc complies with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF") as set forth by the US Department of Commerce (together the "DPF").
  • Blink Inc has elected to self-certify to the US Department of Commerce that it adheres to EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the EEA in reliance on the EU-US DPF, and from the UK and Gibraltar in reliance on the UK Extension to the EU-US DPF.
  • Blink Inc has elected to self-certify to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data from Switzerland in reliance on the Swiss-US DPF. (together the “DPF Principles”).
  • Blink Inc adheres to the DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, and the Supplementary Principles.
  • In the event of any conflict between this DPF Notice, the Blink Privacy Notice and the DPF Principles, the DPF Principles will govern in relation to the Personal Data. For more information about the DPF, see the US Department of Commerce’s DPF website: Data Privacy Framework.
  • For the purposes of enforcing compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF, Blink Inc is subject to the investigatory and enforcement authority of the US Federal Trade Commission. To review Blink Inc’s representation on the DPF list, verify our self-certification and check the information we have provided, see the DPF self-certification list which is located at: Data Privacy Framework.

Personal data collection and use

The Blink Privacy Notice describes the categories of Personal Data we may receive in the US, as well as the purposes for which we use that Personal Data. Blink Inc will only process Personal Data in ways that are compatible with the purpose for which it was collected, or for purposes you later authorise. Before we use your Personal Data for a purpose that is materially different than the purpose for which Blink collected it for or that you later authorised, we will provide you with the opportunity to opt out. Blink Inc maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete and current.

Third party agents or service providers: We may transfer your Personal Data to our third-party agents or service providers who perform functions on our behalf, as described in the Blink Privacy Notice, including Sites and App hosting and maintenance, customer service operations, identity checking, sending postal mail and email, processing payments, legal advice, and for digital advertising, including for example on social media.  

Where required by the DPF, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the DPF Principles require of us and limiting their use of the data to the specified services provided on our behalf.

We take reasonable and appropriate steps to ensure that third party agents and service providers process Personal Data in accordance with our DPF obligations and to stop and remediate any unauthorised processing.  

We are accountable for our onward transfers of Personal Data and may remain liable for the acts of our third-party agents or service providers who perform services on our behalf, for their handling of Personal Data that we transfer to them (unless it is proven that we are not responsible for the event giving rise to the damage).

Third-Party Data Controllers: In some cases, we may transfer Personal Data to third-party data controllers outside of our Blink Group Companies (unaffiliated third-party data controllers). These third parties do not act as agents or service providers and are not performing functions on our behalf. 

We may transfer your Personal Data to such third-party data controllers for the purposes described in our Blink Privacy Notice, including: to our Customers (including your employer/hirer) to provide trend and statistical analysis to customers and/or other relevant parties and/or to enhance the analytics we provide to other customers we may have from time to time as part of our services, however, only ever in aggregate and in a way that does not individually identify you. 

We will only provide your Personal Data to third-party data controllers where you have not opted-out of such disclosures, or in the case of sensitive Personal Data, where you have opted-in if the DPF requires consent. 

We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for Personal Data the DPF Principles require. We also limit their use of your Personal Data so that it is consistent with any consent you have provided and with the notices you have received. 

If we transfer your Personal Data to one of our Blink Group Companies (inc. any other affiliated entities within our corporate group), we will take steps to ensure that your Personal Data is protected with the same level of protection the DPF Principles require.

International Transfer: Where we transfer Personal Data received by us to third parties in locations which do not provide an adequate level of data protection, we will ensure appropriate safeguards are in place to protect the transfer. In the majority of cases, we will rely on relevant data transfer mechanisms (e.g., the appropriate module of the EU’s standard contractual clauses issued on 4 June 2021 (the “EU SCCs”). A copy of the relevant mechanism can be obtained for your review on request from support@blink.com

Disclosures for National Security or Law Enforcement: We may be required to disclose your Personal Data in response to lawful and valid requests by public authorities, including to meet national security or law enforcement requirements. We will only do so in accordance with the DPF Principles.

Security

We maintain reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorised access, disclosure, alteration or destruction in accordance with the DPF. We protect the Personal Data we receive, as described in the Blink Privacy Notice.

Your choices and rights

Under the DPF, you have rights in relation to your Personal Data:

No.Right

1

Information on the types of Personal Data collected.

2

Information on the purposes of collection and use.

3

Information on the type or identity of third parties to which your Personal Data is disclosed.

4

Choices for limiting the use and disclosure of your Personal Data.

5

Access to your Personal Data.

6

Notification of the organisation's liability if it transfers your Personal Data to third party agents or service providers.

7

Notification of the requirement to disclose your Personal Data to lawful requests by public authorities.

8

Reasonable and appropriate security for your Personal Data.

9

A response to your complaint within 45 days.

10

Cost free independent dispute resolution to address your data protection concerns.

11

The ability to invoke binding arbitration to address any unresolved complaint that Blink Inc has violated its obligations under the DPF Principles.

Access rights: In line with right no.5 above, you may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles. These rights may be limited in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than you if, for example, fulfilling your request would reveal personal data about another person, or if you ask us to delete or disclose information which we are required by law to retain. If you wish to exercise any of these rights to request access to, correction, amendment, or deletion of your Personal Data, please email us at support@joinblink.com so we can assist you. Please note in some cases we may request additional information from you to verify your identity before we can respond to your request. In some circumstances, we may charge a reasonable fee for access to your information.

We encourage you to periodically check this DPF Privacy Notice. We reserve the right to update it at any time, and any updated notice will appear on this page. We will provide you with a new privacy notice when we make any substantial updates either by email or when you next log in to the Site or the App. We may also notify you in other ways from time to time about the processing of your personal data.

How to get in touch:

Complaints: In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, we commit to resolve DPF Principles-related complaints about our collection, use or disclosure of your Personal Data.  

EU, UK and Swiss individuals with questions or complaints regarding our handling of Personal Data that we receive in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF should first contact us at dataprotection@joinblink.com; Attn: DPO, Blink.  

We will investigate and attempt to resolve any complaints or disputes regarding the above within 45 days of receiving your complaint.

Independent Recourse Mechanism: In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, we commit to refer any unresolved complaints, concerning the handling of Personal Data received in reliance on the DPF, to JAMS Data Privacy Dispute Resolution Program, an independent dispute resolution provider located in the United States.  If we have not acknowledged your complaint in a timely manner or addressed your complaint to your satisfaction, please see https://www.jamsadr.com/DPF-Dispute-Resolution for information or to file a complaint.  The service of JAMS is provided at no cost to you.

Binding Arbitration: You have the option to select binding arbitration for the resolution of your complaint under certain circumstances, where the other dispute resolution steps above have been followed: (i) contacting Blink Inc and providing us with the opportunity to resolve the issue; and (2) having made use of the JAMS dispute resolution program made available at no cost to you. For more information on arbitration , please see: Data Privacy Framework.

If you wish to write to us rather then please use:

  • Attn: DPO
  • Blink, 2 Westland Place, London, N1 7LP

This Data Privacy Framework privacy notice ("DPF Notice") describes how Blink Inc, collects, uses and discloses certain personally identifiable information or personal data that we receive in the US from the European Economic Area ("EEA"), the United Kingdom ("UK"), and Gibraltar and Switzerland ("Personal Data").

This Policy supplements the Blink Privacy Notice. Unless specifically defined in this DPF Notice, the terms used here have the same meaning a the Blink Privacy Notice.

If you have any questions about this, you can contact us using the contact details under “How to get in touch” below.

Scope of policy.

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. We have created this policy to explain the basis on which any personal data we collect and hold will be used and shared by us, including;

Definitions used in this policy are the same as those used in our Terms of Service.

Questions or comments about this Privacy Policy may be submitted by mail to the address below, or email us at support@joinblink.com.

Information we collect

We collect and process the following data (Information) when you provide it through the use of our service:

Information you give us: Account Holders, Administrators and End-users (you), may give us information about you when downloading or registering to use the App, filling in forms on the App, corresponding with us (for example, by e-mail or chat), sharing data via the App's social media functions and when reporting a problem with the App. Information may include your name, address, email address, phone number, age, username, password, other registration information, personal description, photograph, job title, employer and Blink connections.

Information about you contained within the content you send and receive on the App: The App is designed to help you work collaboratively with colleagues and across teams. It is inevitable, therefore, that messages you send or receive or content you share on the App may contain personal information about you and other people. We take extra care to store this information securely and in a way that protects your privacy.

Information provided when you connect The App to your Third Party services: We receive information about you when you or your administrator link to a third-party service with our Services. For example, if you authorise Blink to connect to your Office 365 account, we receive a token that allows us to access your data in O365, limited to the scope of permissions you grant. We do not mass import data from these 3rd party services, but do access it as needed.

Information we automatically collect each time you use the App: When you use the app we collect some information to help us improve our services:

  • Device and session information: technical information, including the type of Device you use, a unique Device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), your IP address, your mobile network information, your operating system, the type of browser you use, time zone setting, etc;
  • Metrics on use of the app: details of your use of any of the features of the App including how many messages you send, how many times you open the app, when you connect 3rd parties services and other key events.
  • Cookies and Other Tracking Technologies: Along with our third-party partners, such as our analytics partners, use cookies and other tracking technologies (e.g., device identifiers and pixels) to recognise you across different Services and devices.

How we use information

We use the Information you give us and that we collect in the following ways:

  • to make the App and the services it provides available to you;
  • to personalise the service to your needs;
  • to allow you to participate in interactive features of the App, when you choose to do so;
  • to send you service and administrative in App communications and email messages such as those reminding you that you have messages waiting;
  • to allow you to connect to, or link through to non-Blink Services;
  • to provide you with support;
  • to ensure that the App is presented in the most effective manner for you and for your Device;
  • to notify you about changes to the App;
  • to provide you with information about other apps and services we might offer that are similar to those you have already use;

We may use the Information we collect from your Device:

  • to administer the App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve the App;
  • as part of our efforts to keep the App safe and secure.

A note on the information about you contained within the content you send and receive on the App: We do not use Information contained within content you send and receive on the App for any purpose, although we may occasionally be required to disclose such Information as set out below.

Information we share/disclose

We may share your Information as follows (on occasion this may include Information about you contained within the content you send and receive on the App, but this will only be where absolutely necessary):

  • with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  • in the event that we sell or buy any business or assets, in which case we may disclose your Information to the prospective seller or buyer of such business or assets;
  • if Blink or substantially all of our assets are acquired by a third party, in which case Information held by us about our customers will be one of the transferred assets;
  • if we are under a legal duty to disclose or share your Information in order to comply with any legal or regulatory obligation or request;
  • in order to enforce or to investigate potential breaches of the Terms or to protect the rights, property or safety of Blink, our customers, or others.

We may share End-users Information with the relevant Account Holder and/or Administrator.

We may share disaggregated/anonymised information with selected third parties as appropriate and with analytics and service providers that assist us in fault diagnostics, the improvement or the optimisation of the App.

Security

Unfortunately, the transmission of any information via the internet is not completely secure. We will do our best to protect your Information through the use of appropriate technical measures such as encryption but we cannot guarantee the security of Information transmitted; any transmission is at your own risk.

Information in transit between our servers and you over the internet is encrypted using industry wide accepted standards.

Once we have received your Information, we use strict procedures and security features to try to prevent unauthorised access. All Information we hold is stored on our secure servers. Data is encrypted both at rest and in transit.

When you share information, or communicate using the App, you choose the audience who can see what you share. Those people may download or re-share any of your content with anyone on the App or otherwise. We have no control over this so do not share any personal data or information that you do not want to be seen, collected or used by other End-users.

Our legitimate interests

For our EEA users, we process your information in furtherance of our legitimate interests, including:

  • providing the Services, including any personalised Services. We do so as it is necessary to pursue our legitimate interests of providing the Blink service in a way that meets the needs and expectations of our users; and
  • improving the Services, including any personalised Services. We do so as it is necessary to pursue our legitimate interests of developing innovative and tailored offerings to our users on a continually improving basis; and
  • keeping the Services safe and secure. We do so as it is necessary to pursue the legitimate interests of Blink and its members in ensuring the Services are secure, and to protect against fraud, spam and abuse, etc.

Where we store your personal data

For our EEA users, the Information we hold on you is typically stored within the European Economic Area (EEA). With some Account Holders we may agree to store data at specific locations requested by them which may be outside of the EEA. In that case we will take all steps reasonably necessary to ensure that data is treated securely and in accordance with this Privacy Policy and regional legal requirements.

Some of the Third Parties and partners we work with, such as our analytics provider, do store their data outside of the European Economic Area (EEA) and as such some identifiable information will be transfered to other countries, predominately to the United States. This information does not include the content (for example, your messages) within your account, which are always held by Blink. In all cases, where a third party is transfering your data outside of the European Economic Area (EEA), we have taken reasonable steps to ensure the third party is GDPR compliant.

How long we store your data for

We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until you ask us to delete it or your account is deleted, whichever comes first.

Where consent is you withdraw your consent to Blink processing your data, we will delete all information you provided. Following the deletion of your account, it may take up to 30 days to fully delete all personal information from our systems. Note that content you have shared with others will remain visible to them after your account has been deleted.

Information about you that is no longer necessary and relevant to provide our Services may be anonymised, and aggregated with other non-personal data, to provide insights which could be commercially valuable to Blink, such as statistics of the use of the Services. For example, we may retain anonymised data on how people use the app or interact with the sign-up flow.

If your account is provided by your employer, or part of the Organisation, please see the section below.

Organisation accounts

If you register or access the Services using an email address within a domain that is owned by your employer or organisation, or if you associate that email address with your existing organisation account and such organisation wishes to establish a Blink organisation account, certain information about you including your name, profile picture, contact info will become under the control to that organisation’s administrator.

In the case that the Services are made available to you through an organisation (e.g. your employer), we retain your information as long as required by the administrator of your account. This does not impact your personal rights, but if you choose to exercise certain rights listed below it may result in you being unable to continue using the service as provided via your organisation.

Your rights

You have the right to ask for copies of all the information we hold on you: This report will include the Personal Data we have about you, provided to you in a structured, commonly used and portable format. Please note that Blink may request additional information from you to verify your identity before we disclose any information. If you wish to request a copy of your data, please log a support request at https://help.joinblink.com/ so we can assist you.

You have the right to have your personal data corrected: You can correct or change your personal data within the Settings and Profile areas of the app. If you need assistance or find you can't edit the data you'd like to change, please log a support request at https://help.joinblink.com/ so we can assist you.

You have the right to have your personal data deleted: You may request that your account is deleted by logging a support request at https://help.joinblink.com/. Once deleted, your data, (including your account) cannot be accessed. Note that content you have shared with others will remain visible after your account has been deleted.

You have the right to object to us processing your personal data: You can ask us to stop using your Personal Data, including when we use your Personal Data to send you marketing emails. You may withdraw your consent at any time by clicking the “Unsubscribe” link found within Blink emails. Please note you will continue to receive transactional messages related to our Services, even if you unsubscribe from marketing emails.

We will also send you messages and emails that are of a service or administrative nature, but you may not opt out of these while you have an active account.

Third parties

The App may contain links to and from non-Blink Services. Please note these non-Blink Services may have their own privacy policies and we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these non-Blink Services, such as contact and location data. Please check these policies before you submit any personal data to these non-Blink Services.

Cookies

When you set up or access the App via your browser, we use Cookies to distinguish you from other users of the App. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. These cookies help us to provide you with a good experience and also allow us to improve our site.

We use the following types of cookies:

  • Strictly necessary cookies: These are cookies that are required for the operation of the App via your browser. They include cookies that enable you to log into the App or make use of e-billing services.
  • Analytical/performance cookies: These help us to improve the way the App works; (for example, by ensuring that End-users can find what they are looking for easily).
  • Functionality cookies: These are used to recognise you when you return to the App. This enables us to greet you by name and remember your preferences; (for example, your choice of language or region).
  • You may block cookies by activating the setting on your browser that allows you to refuse all or some cookies. However, if you do you may not be able to access all or parts of the App via your browser.

Changes to privacy policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email or when you next start the App. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the App.

Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to support@blink.com.

For legal purposes the Data Controller/Processor is Super Smashing Ltd, (trading as Blink), of 71 Fanshaw Street, London, N1 6LA. This is also our contact address.

Trusted by the top frontline organizations

Book your demo
Get demo
See how Blink works for you
Schedule your product demo