Blink Group recognises the importance of safeguarding your personal information. Blink Group is incorporated in New Zealand. We are bound by, and comply with, the New Zealand Privacy Act 2020 (“Privacy Act”). If you are located in the European Union (“EU”) you may have rights under the EU General Data Protection Regulation (“GDPR”).
Blink Group provides finance and technology services to banks, billers and merchants though our “Blink Bills,” “Blink Debit”, "Blink PayNow", "Blink AutoPay" services as well as other integrations and services. Blink Group may process personal data on behalf of these organisations. If we are processing your personal data on behalf of another organisation, you must contact the organisation directly for any requests in relation to your data and privacy rights.
The types of information we collect may include but not be limited to:
You may decide not to provide your personal information to us. However, if you do not provide it, we may not be able to provide you with full access to our products and services, website or associated services.
The information we collect will be retained by us for our business purposes including but not limited to:
Your personal information will be made available internally at Blink Group for the above purposes and may be accessed by selected staff (such as customer service representatives).
We may also disclose your information to selected third party service providers who hold or process information on our behalf to help us provide our products and services or operate our website. Third party service providers are subject to contractual restrictions to ensure that information held or processed on our behalf is protected.
We may use or disclose personal information that you have provided to us, or which we have obtained about you:
Information we collect in relation to use of our products and services, website and associated services is stored by Blink Group.
The security of your information is important to us and we follow best industry practice to protect information, and we have been independently certified with the internationally recognised ISO27001 standard for Information Security Management.
Some of our specific practices include: ensuring personal information is encrypted both in transit through SSL/HTTPS and at rest using AES-256 encryption or stronger, using industry authentication and authorisation standards such as OAuth 2 and OpenID Connect, and by having our security audited annually by an external third party. Whilst we protect information to the best of our ability, we cannot guarantee the security of factors beyond our control, for example vulnerabilities that may be identified in Internet protocols.
Blink Group’s access to EU personal data is very limited. EU personal data means any personal information of an individual who is in the EU (whether the individual is a citizen of an EU country or otherwise).
This section only applies to the collection and processing of EU personal data by Blink Group. This section will apply to you and the processing of your EU personal data if you are in an EU country. This section may not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.
For the purposes of this section, the term ‘process’ has the meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EU personal data that is collected by us may have been sourced directly from you, a third party or implied from your use of our services.
Depending on the context of personal information you provide, Blink Group may be the data controller or data processor of your personal information under this policy.
We will only collect and process EU personal data where we have the legal grounds to do so. The principal legal grounds that justify our use of your EU personal data include where:
Any EU personal data will be:
If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Contact’ section.
Under the Privacy Act and the GDPR you are entitled to certain rights of access to your personal information held by us. You are also entitled to have any incorrect information corrected by us.
You may request access to, or correction of, any personal information we hold about you by sending an email to email@example.com or Privacy Officer, Blink Pay Global Group Limited, Level 12, 11 Britomart Place, Auckland CBD, Auckland 1010, New Zealand.
To ensure that the personal information we hold about you is accurate and current, please notify us of any changes to your personal information as soon as possible.
We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Our standard retention period is 5 years, unless a different applicable statutory retention period applies.
Blink Group is committed to the highest standards of data protection and user privacy. We continually strive to enhance our practices, ensuring transparency, trust, and compliance with international data protection standards.