Privacy policy

Last updated: March, 2025

Summary of this notice

We (Super Smashing Ltd, trading as “Blink”) use your personal data as a data controller for certain purposes including (depending on your relationship with us) account creation, identity verification, direct marketing, and analytics.
In other scenarios, we may be a data processor acting on behalf of other organizations, for example, your employer. In such cases, this notice does not apply, and you should instead refer to the privacy notice of that organization responsible for your data.
For the purposes set out in this notice, data is shared with others including our business customers, other Blink group companies and third-party vendors. In some instances, data is transferred outside the UK/EEA, including to the US.
Where we rely on your consent, such as in the case of some cookies, you can withdraw this consent at any time.
In some case, you also have data protection rights including the right to object to some of the processing which we carry out.

Who we are

We are Blink, a UK-based company with global offices as set out below:

Super Smashing Ltd, 2 Westland Place, London, England, N1 7LP;
Blink Business Technologies Inc, a Delaware corporation, with its registered office address at 353 West 48th Street, 4th Floor New York, NY 10036 ("Blink Inc"); and
Blink Business Technologies Pty Ltd, a proprietary company registered in New South Wales, with its registered office address at 114-120 Castlereagh Street, Sydney NSW 2000.

In this notice, “Blink”, “us”, “we” refers to these companies collectively. We may also refer to these companies as “Blink group companies”.

We operate a website and provide an employee experience application accessible via mobile, desktop or the internet (the “App”) to employers who are our business customers (our “Customers”), and through which we make our services, such as our communication platform, work-management tools, surveys, and forms (our “Services”) available to Customers.

What this notice covers

This notice relates to the personal data processed in connection with the App and our Services in respect of which Blink acts as data controller. Super Smashing Limited will usually be the data controller, including for any of our data analytics activities in connection with the App. In other cases, for example for personal data processed in the context of your Business Contact relationship with your local Blink group company, the data controller will be one of the other Blink group companies. If you have any questions about this, you can contact us using the contact details under “How to get in touch” below.

If you are a:

Business Contact (i.e., an individual working for one of our Customers, who acts as a point of contact between us and the relevant Customer, including Key Administrators of the App and Services) – we will be the data controller of your personal data we process in connection with your interactions with us. As a Business Contact, we may contact you about the agreement we have with the Customer, and otherwise use your data in order to manage our relationship with that Customer, for example to manage renewals or upgrades.
End-user (an individual or prospective employee, worker or contractor of one of our Customers, making use of the App which our Customer has deployed) or an Administrator (an individual who manages functionality of the App and Services on behalf of that Customer via the administrator portal) – this notice is only relevant for certain personal data we process about you in connection with your use of the App and Services, and your interactions with us. An Administrator may also be a Key Administrator, being those Administrators who manage the Customer’s organizational account with Blink.
‍Important note: For processing we carry out that is not described in this notice, we are data processor (rather than a data controller), and your employer or hirer (our Customer) will be the data controller responsible for providing you with a notice about that processing. For more information on your employer’s (or hirer’s) privacy practices, please refer to their own privacy notice, which may be made available to you via the App. To the extent personal data is shared between us and your employer or hirer, there is an agreement in place between us and your employer or hirer which governs how this data is protected.
Website User (an individual visiting the Blink website, currently found at www.joinblink.com, or such other websites operated by us from time to time (together, the “Sites”), whether or not you fall into any of the categories above) – we will be the data controller of certain of your personal data when you visit and interact with the Site.

This notice also explains how your information is collected by cookies and other tracking technologies when you are using the Sites and the App. You may access and change your cookie preferences at any time via our cookie preference center. For more information, see the section on “Cookies” below.

Personal data we may collect about you

We collect and process the following personal data as a data controller, which we receive either directly from you, via our cookies or via a Customer (from a Business Contact or Administrator):

Data category

Details

Relevant group(s)

Identification Information

Your name, job role and username in connection with your business account, and/or information relating to the industry you work in.

Business Contacts

Contact Information

The name and address of your employer/hirer (our Customer); your business email address and business phone number; in the case of Key Administrators, your administrator ID and account.

Business Contacts
‍
Key Administrators

Business Correspondence

The content of your correspondence with us in the course of maintaining our business relationship, to the extent it includes personal data.

Business Contacts

Marketing Information

Your marketing and cookie preferences, including any consents you have given us and/or where you unsubscribe, the fact you have unsubscribed and your email address, which is maintained on a suppression list in order to not contact you in the future.

Business Contacts

Administrators

Website Users

Sites/App Use Information

Information about your use of the App and/or Sites, for example, which sections of the App you engage with, how many times you open the App, when you connect to third party services or connect to Blink via your social accounts, and other key events; and any inferences we draw from this information.

Website Users (in relation to use of the Site)
‍

Administrators and End Users (in relation to use of the App)

Device Information

Technical information related to the browser or device you use to access our Sites or the App (if different), including the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), your IP address, your mobile network information, your operating system, the type of browser you use, and device time zone setting.

Website Users (in relation to use of the Site)

‍

Administrators and End Users (in relation to use of the App)

As some of the above personal data may be collected through cookies and other tracking technologies, please see the section on “Cookies” below for more information.

Sometimes, we receive personal data about you from third parties:

Data category

Details

Relevant group(s)

Identification Information

Your name, job role, and username in connection with your business account.

We may get this directly from you or from a Customer (via a Business Contact or Administrator).

Business Contacts

Administrator

Contact Information

The name and address of your employer/hirer (our Customer); your business email address and business phone number; in the case of Key Administrators, your administrator ID.

We may get this directly from you or from a Customer (via a Business Contact or Administrator).

Business Contacts

Key Administrators

Publicly available information

We may obtain your name, job role and contact information from your company website, corporate directories or social media.

Business Contacts

How we use this information, and what the legal basis for this use is

We use your personal data for the purposes and legal bases set out below.

Purpose

Legal Basis

Relevant group(s)

Account creation - We will collect, use, and store your Identification Information and Contact Information to enable you to register and create a business account with us on behalf of a Customer.

We have a legitimate interest in managing the legal contract with the Customer, or to take steps at your request prior to entering into a contract with the Customer.

Business Contacts

Identity verification - We collect and use your Identification Information to verify your identity each time you log in to your business account.

We have a legitimate interest in ensuring the security of our services and data..

Business Contacts

Business communications - We will collect, use, and store your Identification Information and Contact Information, and will review and store your Business Correspondence, to communicate with you in connection with the provision of our App and Services and the management of our relationship with the relevant Customer.

We have a legitimate interest in managing our business and facilitating the provision of Services to our Customers.

Business Contacts

Key Administrators

Direct marketing - We will collect, use, and store your Identification Information, Contact Information and Marketing Information to send you direct marketing, relevant emails and surveys via email, telephone and/or within the App, in relation to our relevant products and services, or other products and services provided by us, our affiliates and/or third parties in which we provide an integration via our App.

We have a legitimate interest in promoting our App and Services to our clients.

Your consent (if applicable) where you sign up to receive marketing emails from us relating to our App and/or Services.

Business Contacts

Administrators

Online targeting - We will collect, use and store your Identification Information, Contact Information, and Marketing Information to target you with relevant online advertising, including via social media, or to target others who we think might be interested with relevant online advertising. We do this through the placement of cookies, which recognise your device and track when you visit other sites using the same device. Please not that if you allow it in your cookie preferences, the Meta pixel will be placed and, in that case, we act as joint controllers with Meta in respect of the data processed.

Your consent (if applicable) where you opt in to receiving online targeting. This will include where targeting is based on information collected through cookies (see the section on “Cookies” below).

Business Contacts

Website Users

Fraud and security monitoring - We will collect, analyse and store your Sites/App Use Information and Device Information to monitor, investigate, prevent and detect fraud, security incidents and other misuse of our App and/or Services, in accordance with applicable law.

We have a legitimate interest in preventing and detecting fraud or other wrongdoing.

Business Contacts
‍
Administrators

Website Users

End-users

Analytics to maintain and improve our App and Services - We will collect, analyse, and store your Sites/App Use Information, Device Information, Business Correspondence and/or Identification Information, and your Marketing Information, in order to optimise, maintain and make improvements to our Sites, App and our Services, including to keep them updated and relevant, to develop our business, and to inform our marketing and product development strategy.

We have a legitimate interest in operating our Sites, App and Services, improving their operation and developing product features relevant to a type of Customer or End-user.

Your consent (if applicable) where you opt in to cookies being placed for these purposes (see the section on “Cookies” below).

Business Contacts
‍
Administrators

Website Users

End-users

Analytics we may provide from time to time to relevant parties - We may collect, analyze, and store any category of personal data referenced above on aggregate and/or anonymized format, in order to provide trend and statistical analysis.

We have a legitimate interest in operating our site and improving its operation.

Your consent (if applicable) where you opt in to cookies being placed for these purposes (see the section on “Cookies” below).

Administrators

End-users

Legal obligation - We will collect, use, and store your Identification Information, Contact Information and Business Correspondence to complete our financial reporting and disclosure obligations to our tax agencies and regulators.

We may be required to disclose certain key contract information or otherwise in order to respond to an inquiry or notice from a Customer.

Business Contacts

Sometimes cookies and other tracking technologies are placed on our Sites and/or the App to process personal data for the above purposes. For more information see the section on “Cookies” below.

There are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out.

How we share your personal data

We may share your data with the following categories of recipients:

Category of Recipient(s)

Why?

Relevant group(s)

Our Customers (including your employer/hirer)

To provide trend and statistical analysis to customers and/or other relevant parties and/or to enhance the analytics we provide to other customers we may have from time to time as part of our services, however, only ever in aggregate and in a way that does not individually identify you.

Administrators

End-users

Other Blink group companies

To operate, improve, and develop our Services and/or App, to operate our business, to communicate with you and/or with you on behalf of the relevant Customer and/or to meet our compliance obligations under applicable law.

Note that in some scenarios, the Customer may contract with a local Blink group company in connection with provision of the App to End-users. However, Blink will remain data controller in those scenarios, and the local contracting entity would only process any personal data described in this notice on our instructions, and always in accordance with applicable data privacy laws.

Business Contacts

Administrators

Website Users

End Users

Third party service providers

We engage other companies and individuals to perform functions on our behalf. Examples include Sites and App hosting and maintenance, customer service operations, identity checking, sending postal mail and email, processing payments, legal advice, and for digital advertising, including, for example, on social media.

Business Contacts

Administrators

Website Users

End Users

Law enforcement and fraud prevention agencies

To prevent and detect fraud, security incidents and other misuse of our App and/or Services, in accordance with applicable law, and where we are under a legal duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.

Business Contacts

Administrators

Website Users

End Users

Prospective Buyer/Seller

In the event that our business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business in order to continue to operate the Sites and provide our App and Services.

Business Contacts

Administrators

Website Users

End Users

We may also share aggregated/anonymised information with selected third parties as appropriate and with analytics and service providers that assist us in fault diagnostics, the improvement or the optimisation of the App or for other business purposes, in accordance with applicable law.

Third party links

The Sites and/or App may contain links to and from third party websites or services. Please note these third parties may have their own privacy notices and we do not accept any responsibility or liability for these notices or for any personal data that may be collected through such third parties (to the extent separate from our own data protection obligations). Please check these third-party privacy notices before you submit any personal data to these third parties.

Where we transfer your personal data

Personal data that we collect from you may be transferred to or stored at a destination outside your own location, including if you are in the UK or EEA, being transferred to the US. We are a global business, with people and offices all around the world. As explained above, your personal data may be disclosed to Blink group companies.

Where we transfer your data to Blink group companies or third parties in locations which do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data to these countries. In the majority of cases, we will rely on relevant data transfer mechanisms (e.g., the appropriate module of the EU’s standard contractual clauses issued on 4 June 2021 (the “EU SCCs”), the UK International Data Transfer Agreement (IDTA) and/or the UK addendum to the EU SCCs). A copy of the relevant mechanism can be obtained for your review on request from support@blink.com.

Where Blink transfers your data to Blink Inc, Blink relies on Blink Inc’s participation in and adherence to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, administered by the US Department of Commerce. Blink Inc’s Data Privacy Framework Privacy Notice is supplemental to this Privacy Notice and is available to view here: www.joinblink.com/dpf-privacy-policy

Security

We protect your personal data through the use of appropriate technical measures such as encryption, but we cannot guarantee the security of information transmitted. Information in transit between our servers and you over the internet is encrypted using industry-wide accepted standards.

Once we have received your data, we use procedures and security features to prevent unauthorised access. All data we hold is stored on our secure servers. At rest, data is encrypted using strong encryption, although some Business Contacts may manage their own encryption keys via our agreement with the Customer.

Your choices and rights

If you are based in the UK or the EU, you have at least the following rights:

Right

Summary

The right of access

Enables you to receive a copy of your personal data.

The right to rectification

Enables you to correct any inaccurate or incomplete personal data we hold about you.

The right to erasure

Enables you to ask us to delete your personal data in certain circumstances.

Third party service providers

The right to restrict processing

Enables you to ask us to halt the processing of your personal data in certain circumstances.

The right to object

Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), including processing for direct marketing purposes or profiling for purposes of direct marketing, or where we are performing a task in the public interest - your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us.

The right to data portability

Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

These rights may be limited if, for example, fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to retain or have compelling legitimate interests to keep.

If you wish to exercise any of these rights, please email us at support@joinblink.com so we can assist you. Please note in some cases we may request additional information from you to verify your identity before we can respond to your request.

Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above. If you want to withdraw your consent to our processing of personal data collected via cookies and other tracking technologies, you can do so through our cookie preference center. For more information see the section on “Cookies” below.

You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the unsubscribe link where this is an electronic message, by logging a support request at https://help.joinblink.com/ or by emailing us at support@joinblink.com.

For processing related to account creation, identity verification, business communications, fraud and security monitoring or our legal obligations, the provision of information is mandatory: if relevant data is not provided, then we may not be able to manage or enter a contract with the Customer. The provision of all other information is optional.

How long we retain your personal data

We retain your personal data for no longer than is necessary for the purposes for which it is processed. In general, this is as long as is necessary to provide our services to our Customers (which will depend on how long Customers choose to make the App available to End-users), subject to any legal obligation to further retain such personal data, and/or how long you work for a Customer and/or act on their behalf. More particularly:

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data for analytics purposes (to improve our services and/or to provide or enhance analytics for our Customers), we retain it for 2 years or until you ask us to delete your information (unless we have another legal basis for retaining such information or are required by our contract with the relevant Customer to retain it).
Where we process personal data for App and/or Sites security purposes, we retain it for usually not more than 90 days, or at a maximum up to 1 year.
Where we collect personal data through cookies or other tracking technologies, we retain it for as long as required for the particular cookie. For more information see our see the section on “Cookies” below.

Information about you that is no longer necessary for the purposes for which it is processed may be anonymised, pseudonymised, and/or aggregated with other non-personal data, to provide insights which could be commercially valuable to Blink, such as statistics relating to the use of the App and/or our Services. For example, we may retain anonymised or pseudonymised data on how individuals use the App or interact with the sign-up flow.

Cookies Settings

What are cookies and other tracking technologies?

‍A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org.

We also use other forms of technology (such as web beacons and, in our App, software development kits (usually referred to as SDKs)) which serve a similar purpose to cookies and which allow us to monitor and improve the Sites, the App and/or email communications. When we talk about cookies in this notice, this term includes these similar technologies.

The types of cookies we use

Type of cookie

Purpose

Duration until expiry

Essential

These cookies are required to enable core functionality of the Sites and/or App. Without these cookies, services you have asked for cannot be provided. If you disable these cookies certain parts of the Sites or App will not function for you.

Up to 2 years.

Functional

We may use cookies that are not essential but enable various helpful features on the Sites or App. For example, these cookies collect information about your interaction with the Sites or the App, and may be used to remember your preferences (such as your language preference), your time-zone and the presentation of the website (such as the font size).

Up to 2 years.

Analytics

These cookies help us improve or optimise the experience we provide. They allow us to measure how visitors interact with the Sites and the App and we use this information to improve the user experience and performance of the Sites, App and our Services. We may also share this information back with the Customer (your employer/hirer) or with our other Customers in statistical form (and in each case, never in a way that identifies you).

These cookies are used to collect technical information such as how many messages you send, how many times you open the App, when you connect to third party services, and other key events.

Up to 2 years.

Advertising and social media

These are cookies which collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. We may share this information with other parties who help manage online advertising.

Up to 2 years.

For information about the specific cookies we use which fall into these categories, see Cookies Settings.

‍Session and persistent cookies

‍Cookies can be persistent or session cookies depending on the time that they remain on your device. A persistent cookie is stored on your device after your web browser is closed or once your session ends. It can be used to recognise your device when you open your browser and use the Sites and/or the App again. A session cookie exists temporarily on your device while your browser is open. It is deleted automatically once you leave the relevant Site or App or close your browser.

‍Third party cookies

‍Your use of the Sites may result in some cookies being stored that are not controlled by us. This may occur when the part of the Site you are visiting makes use of a third-party analytics or marketing automation/management tool or includes content displayed from a third-party website. You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country. A list of the third parties who place cookies on the Sites can be found via our cookie preference centre.

‍How you can control and say no to the cookies we use

‍For cookies other than strictly necessary cookies, we will ask for your opt-in consent before placing them on the Sites.You can change whether you do or don’t consent to us using cookies at any time by clicking here. As well as this, you can also change whether you do or don’t consent to us using cookies with the settings in your internet browser.

Updates to this privacy notice

We reserve the right to update this notice at any time, and any updated notice will appear on this page. We will provide you with a new privacy notice when we make any substantial updates either by email or when you next log in to the Site or the App. We may also notify you in other ways from time to time about the processing of your personal data.

How to get in touch

If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please email us at support@blink.com.

We do not have an establishment in the European Union, so we have appointed a local representative, Data Rep. If you are resident in the EU, you can contact them directly using the details below:

datarequest@datarep.com
www.datarep.com/datarequest
DataRep, 72 Rue de Lessard, Rouen, 76100, France

If you have any concerns, you have the right to complain to a data protection authority in the country that you reside in or, the country of your place of work or the country where the alleged infringement took place.