Blink Group recognises the importance of safeguarding your personal information. Blink Group is incorporated in New Zealand. We are bound by, and comply with, the New Zealand Privacy Act 2020 (“Privacy Act”). If you are located in the European Union (“EU”) you may have rights under the EU General Data Protection Regulation (“GDPR”).
SERVICES POWERED BY BLINK GROUP
Blink Group provides finance and technology services to banks, billers and merchants though our “Blink Bills,” “Blink Debit” or other services. Blink Group may process personal data on behalf of these organisations. If we are processing your personal data on behalf of another organisation, you must contact the organisation directly for any requests in relation to your data and privacy rights.
COLLECTION OF INFORMATION
The types of information we collect may include but not be limited to:
- Information you give us when you register for our products or services or to receive communications from us or otherwise interact with us including: name, email address and other contact details, identity information, usernames and passwords, payment card details and any other personal information or items provided via our website.
- Information we receive from another person or organisation linked to your Blink Group accounts as part of the registration process or during use or maintenance of your Blink Group accounts.
- Information, including verification information, we obtain from trusted third parties about you, your personnel or your company to enable us to provide a product or service to you.
- Information collected using automated technologies which track visits to and use of our websites which we aggregate and does not identify individuals.
- Information collected using automated technologies which may identify an individual including information about a customer’s device or computer or use of our website such as:
- Information about computer or device: IP address and domain name, device type, operating system and browser information, device screen size and geographic location.
- Information about use of our website: referring domain, pages visited on our website, date and time when website pages were accessed.
- Cookies and similar technologies: information we obtain from cookies in the administration of our website and to improve the usability of our website.
- Information about use of our products and services via our website: including date and time of use.
You may decide not to provide your personal information to us. However, if you do not provide it, we may not be able to provide you with full access to our products and services, website or associated services.
USE & DISCLOSURE OF INFORMATION
The information we collect will be retained by us for our business purposes including but not limited to:
- communicating with you
- providing you with further information about us or other products or services offered by us if you have opted-in to these communications;
- deal with your queries, complaints or concerns;
- analysing use of our website and associated services;
- reporting in aggregate form (with identifiable characteristics removed so that you will remain anonymous); and
- improving the content of our website and other products and services.
Your personal information will be made available internally at Blink Group for the above purposes and may be accessed by selected staff (such as customer service representatives).
We may also disclose your information to selected third party service providers who hold or process information on our behalf to help us provide our products and services or operate our website. Third party service providers are subject to contractual restrictions to ensure that information held or processed on our behalf is protected.
We may use or disclose personal information that you have provided to us, or which we have obtained about you:
- for the above-mentioned purposes;
- to comply with a legitimate request by a law enforcement or government agency pursuant to a statutory or regulatory requirement or as part of court proceedings or to protect our rights; and
- if we are authorised, required or permitted by law to use or disclose the information.
STORAGE & SECURITY
Information we collect in relation to use of our products and services, website and associated services is stored by Blink Group.
The security of your information is important to us and we follow best industry practice to protect information, including by ensuring personal information is encrypted in transit through SSL/HTTPS and at rest using AES-256 encryption or stronger, using industry authentication and authorisation standards such as OAuth 2 and OpenID Connect, and our security is audited annually by an external third party. Whilst we protect information to the best of our ability, we cannot guarantee the security of factors beyond our control such as vulnerabilities that may be identified in Internet protocols.
GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR)
Blink Group’s access to EU personal data is very limited. EU personal data means any personal information of an individual who is in the EU (whether the individual is a citizen of an EU country or otherwise).
This section only applies to the collection and processing of EU personal data by Blink Group. This section will apply to you and the processing of your EU personal data if you are in an EU country. This section may not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.
For the purposes of this section, the term ‘process’ has the meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EU personal data that is collected by us may have been sourced directly from you, a third party or implied from your use of our services.
Depending on the context of personal information you provide, Blink Group may be the data controller or data processor of your personal information under this policy.
We will only collect and process EU personal data where we have the legal grounds to do so. The principal legal grounds that justify our use of your EU personal data include where:
- you have consented to our use of your EU personal data;
- your EU personal data is necessary for us to perform our contracts with you;
- we need your EU personal data to comply with a legal obligation;
- we use your EU personal data to achieve a legitimate interest; and
- your EU personal data is necessary for us in respect of any legal claims by us, you or a third party.
Any EU personal data will be:
- processed lawfully, transparently and in a fair manner;
- collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU personal data is processed;
- Access and portability: a request can be made by you for a copy of your EU personal data and you may request to be provided with such EU personal data in a structured, commonly used and machine readable format (including for the purposes of transferring to another party).
- Restrictions and objections: You may request that we limit our use of your EU personal data or processing by requesting that we no longer use your EU personal data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU personal data or instances where your EU personal data was provided for direct marketing purposes and now you no longer want us to contact you.
If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Contact’ section.
RIGHT TO ACCESS
Under the Privacy Act and the GDPR you are entitled to certain rights of access to your personal information held by us. You are also entitled to have any incorrect information corrected by us.
You may request access to, or correction of, any personal information we hold about you by sending an email to firstname.lastname@example.org or Privacy Officer, Blink Pay Global Group Limited, Level 12, 11 Britomart Place, Auckland CBD.
To ensure that the personal information we hold about you is accurate and current, please notify us of any changes to your personal information as soon as possible.
RETENTION OF PERSONAL DATA
We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Our standard retention period is 5 years, unless a different applicable statutory retention period applies.
CHANGES TO THIS POLICY
Privacy Officer, Blink Pay Global Group Limited, Level 12, 11 Britomart Place, Auckland CBD.