Blink Group Privacy Policy

This Privacy Policy outlines how Blink Pay Global Group Limited and its subsidiaries (“Blink Group” or “us” or “our” or “we”) will collect, store, use and disclose any personal information provided to us in respect of our products and services including use of our website and other associated services.

By providing us with your personal information or your continued use of our products, services, website or associated services you provide unconditional consent to us collecting, storing, using and disclosing your personal information in the manner set out in this Privacy Policy.

Blink Group recognises the importance of safeguarding your personal information. Blink Group is incorporated in New Zealand. We are bound by, and comply with, the New Zealand Privacy Act 2020 (“Privacy Act”). If you are located in the European Union (“EU”) you may have rights under the EU General Data Protection Regulation (“GDPR”).

This Privacy Policy must be read in conjunction with our website terms and product terms and conditions.

Services powered by Blink Group

Blink Group provides finance and technology services to banks, billers and merchants though our “Blink Bills,” “Blink Debit”, "Blink PayNow", "Blink AutoPay" services as well as other integrations and services. Blink Group may process personal data on behalf of these organisations. If we are processing your personal data on behalf of another organisation, you must contact the organisation directly for any requests in relation to your data and privacy rights.

Collection of information

The types of information we collect may include but not be limited to:

  • Information you give us when you register for our products or services or to receive communications from us or otherwise interact with us including: name, email address and other contact details, identity information, usernames and passwords, payment card details and any other personal information or items provided via our website.
  • Information we receive from another person or organisation linked to your Blink Group accounts as part of the registration process or during use or maintenance of your Blink Group accounts.
  • Information, including verification information, we obtain from trusted third parties about you, your personnel or your company to enable us to provide a product or service to you.
  • Information collected using automated technologies which track visits to and use of our websites which we aggregate and does not identify individuals.
  • Information collected using automated technologies which may identify an individual including information about a customer’s device or computer or use of our website such as:
    • Information about computer or device: IP address and domain name, device type, operating system and browser information, device screen size and geographic location.
    • Information about use of our website: referring domain, pages visited on our website, date and time when website pages were accessed.
    • Cookies and similar technologies: information we obtain from cookies in the administration of our website and to improve the usability of our website.
    • Information about use of our products and services via our website: including date and time of use.

If you provide information (including personal information) of other individuals or third parties to us, you must have the express consent of such individual or third party to provide such information to us and for us to use such information for the purposes disclosed in this Privacy Policy.

You may decide not to provide your personal information to us. However, if you do not provide it, we may not be able to provide you with full access to our products and services, website or associated services.

Use and disclosure of information

The information we collect will be retained by us for our business purposes including but not limited to:

  • setting up and maintaining your account with us;
  • processing payments to you;
  • communicating with you;
  • providing you with further information about us or other products or services offered by us if you have opted-in to these communications;
  • deal with your queries, complaints or concerns;
  • analysing use of our website and associated services;
  • reporting in aggregate form (with identifiable characteristics removed so that you will remain anonymous); and
  • improving the content of our website and other products and services.

Your personal information will be made available internally at Blink Group for the above purposes and may be accessed by selected staff (such as customer service representatives).

We may also disclose your information to selected third party service providers who hold or process information on our behalf to help us provide our products and services or operate our website. Third party service providers are subject to contractual restrictions to ensure that information held or processed on our behalf is protected.

We may use or disclose personal information that you have provided to us, or which we have obtained about you:

  • for the above-mentioned purposes;
  • to comply with a legitimate request by a law enforcement or government agency pursuant to a statutory or regulatory requirement or as part of court proceedings or to protect our rights; and
  • if we are authorised, required or permitted by law to use or disclose the information.

Storage and security

Information we collect in relation to use of our products and services, website and associated services is stored by Blink Group.

The security of your information is important to us and we follow best industry practice to protect information, and we have been independently certified with the internationally recognised ISO27001 standard for Information Security Management.

Some of our specific practices include: ensuring personal information is encrypted both in transit through SSL/HTTPS and at rest using AES-256 encryption or stronger, using industry authentication and authorisation standards such as OAuth 2 and OpenID Connect, and by having our security audited annually by an external third party. Whilst we protect information to the best of our ability, we cannot guarantee the security of factors beyond our control, for example vulnerabilities that may be identified in Internet protocols.

General Data Protection Regulation (EU) 2016/679 (GDPR)

Blink Group’s access to EU personal data is very limited. EU personal data means any personal information of an individual who is in the EU (whether the individual is a citizen of an EU country or otherwise).

This section only applies to the collection and processing of EU personal data by Blink Group. This section will apply to you and the processing of your EU personal data if you are in an EU country. This section may not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.

For the purposes of this section, the term ‘process’ has the meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

EU personal data that is collected by us may have been sourced directly from you, a third party or implied from your use of our services.

We may process EU personal data in accordance with this section and our Privacy Policy. To the extent of any inconsistencies between other sections of our Privacy Policy and this section in relation to the processing of EU personal data, this section prevails.

Depending on the context of personal information you provide, Blink Group may be the data controller or data processor of your personal information under this policy.

We will only collect and process EU personal data where we have the legal grounds to do so. The principal legal grounds that justify our use of your EU personal data include where:

  • you have consented to our use of your EU personal data;
  • your EU personal data is necessary for us to perform our contracts with you;
  • we need your EU personal data to comply with a legal obligation;
  • we use your EU personal data to achieve a legitimate interest; and
  • your EU personal data is necessary for us in respect of any legal claims by us, you or a third party.

Any EU personal data will be:

  • processed lawfully, transparently and in a fair manner;
  • collected only for the purposes identified in this Privacy Policy or any other agreed specified purposes and not further processed in a manner incompatible with those purposes;
  • collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU personal data is processed;
  • kept current and up-to-date in accordance with the ‘Right to Access’ section of this Privacy Policy;
  • stored in a form which permits us to identify you, but only for the period necessary in relation to the relevant purposes identified in this Privacy Policy; and
  • stored and processed securely to protect EU personal data against unlawful or unauthorised access and accidental loss, damage or disclosure in accordance with the ‘Storage & Security’ section of this Privacy Policy.

In addition to other rights you may have as set out in this Privacy Policy, you may exercise the data protection rights set out below in relation to your EU personal data:

  • Access and portability: a request can be made by you for a copy of your EU personal data and you may request to be provided with such EU personal data in a structured, commonly used and machine readable format (including for the purposes of transferring to another party).
  • Restrictions and objections: You may request that we limit our use of your EU personal data or processing by requesting that we no longer use your EU personal data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU personal data or instances where your EU personal data was provided for direct marketing purposes and now you no longer want us to contact you.

If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Contact’ section.

Right to access

Under the Privacy Act and the GDPR you are entitled to certain rights of access to your personal information held by us. You are also entitled to have any incorrect information corrected by us.

You may request access to, or correction of, any personal information we hold about you by sending an email to privacy@blinkpay.co.nz or Privacy Officer, Blink Pay Global Group Limited, Level 12, 11 Britomart Place, Auckland CBD, Auckland 1010, New Zealand.

To ensure that the personal information we hold about you is accurate and current, please notify us of any changes to your personal information as soon as possible.

Retention of personal data

We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Our standard retention period is 5 years from the time we no longer have a relationship with you, unless a different applicable statutory retention period applies.

External websites

Blink Group websites may contain links to a various third party website sources. Some of these links may request or record information from users or use cookies or other methods to collect information from you. We have no control over, and we are not responsible for, the content or privacy policy practices of such websites and/or the reliability of the information published on those websites, and encourage our users to review the privacy policies of such sites before engaging in any activity with them.

Changes to this policy

We reserve the right, at our discretion, to make changes to this Privacy Policy at any time. Changes to this Privacy Policy will take effect immediately once they are published on this website.  Please check this Privacy Policy regularly for modifications and updates. If we make a change to this policy that, in our discretion, is material, we will notify you by email to the email address we have for you. If you continue to use our products and services, website or associated services or if you provide any personal information after we post changes to this Privacy Policy, this will indicate your acceptance of any such changes.

Contact and disputes

If you have any questions, comments or dispute relating to our Privacy Policy please feel free to contact us by sending an email to privacy@blinkpay.co.nz or by post to Privacy Officer, Blink Pay Global Group Limited, Level 12, 11 Britomart Place, Auckland CBD, Auckland 1010, New Zealand.

Conclusion

Blink Group is committed to the highest standards of data protection and user privacy. We continually strive to enhance our practices, ensuring transparency, trust, and compliance with international data protection standards.