“Personal data” means any information relating to you that can identify you, directly or indirectly, in particular by reference to an identifier such as a name, email address, an identification number, location data, or an online identifier.
For the purpose of the EU General Data Protection Regulation 2016/679 (GDPR), the data controller is Blend.io, Inc., a company located in New York at C/O ROLI, 68 3rd Street, Suite 43 Brooklyn, NY 11231, USA with company number 5330561.
All your data will be held and used in accordance with the GDPR and any relevant national laws which implement the GDPR and any legislation that replaces it in whole or in part.
What Information Do We Collect?
The information we gather enables us to personalize, improve and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your personal data. We collect the following types of information from our users.
IP Address Information and Other Information Collected Automatically:
Generally, the Services automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies active, because they enable you to take advantage the most attractive features of the Services.
In addition to our own cookies, we are also using third party cookies such as Google Analytics to analyse the use of this website. Please visit their websites and review their privacy policies for more information.
Information from Third Parties:
You may choose to connect to our Services or register a Blend account using an external third party application, such as Facebook. We may receive information from those connected third-party applications. Connecting your Blend account to third party applications or services is optional.
Information Related to Advertising and the Use of Web Beacons:
To support and enhance the Services, we may serve advertisements, and also allow third parties advertisements, through the Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors and research firms.
Advertisements served through the Services may be targeted to users who fit a certain general profile category may be based on anonymized information inferred from information provided to us by a user, including personal data (e.g., gender or age), may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services. We do not provide personal data to any ad networks for use outside of the Services.
To increase the effectiveness of ad delivery, we may deliver a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site.
We collect statistical information about how users, collectively, use the Services (“Aggregate Information”). Some of this information is derived from personal data. This statistical information is not personal data and cannot be tied back to you, or your web browser.
Children and Minors:
The Services are not directed towards children 16 years of age or under, and we do not knowingly collect any information from children.
How, and With Whom, Is My Information Shared?
The Services are designed to help you share information with others. As a result, some of the information generated through the Services is shared publicly or with third parties.
Public Information about Your Activity on the Services:
Some of your activity on and through the Services is public by default. This may include, but is not limited to, content you have posted publicly on the Site or otherwise through the Services.
Please also remember that if you choose to provide personal data using certain public features of the Services, then that information is governed by the privacy settings of those particular features and may be publicly available. Individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through the Services.
IP Address Information:
Information You Elect to Share:
We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non personal data about you that they have independently developed or acquired.
Information Shared with Our Agents:
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal data with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use personal data or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of personal data with our Agents.
Information shared with our group companies:
We may share your personal data with any member of our group, which means ROLI Ltd., as the ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Information Disclosed Pursuant to Business Transfers:
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal data as set forth in this policy.
Information Disclosed for Our Protection and the Protection of Others:
We also reserve the right to access, read, preserve, and disclose any information as it reasonably believes is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce these Terms of Service, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Information We Share With Your Consent:
Except as set forth above, you will be notified when your personal data may be shared with third parties, and will be able to prevent the sharing of this information.
Is Information About Me Secure?
We seek to protect user information to ensure that it is kept private; however, we cannot guarantee the security of any user information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Union, the European Economic Area and Switzerland (“the Territory”), and in particular the United States. It may also be processed by staff operating outside the Territory who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
To the extent that any of your data is provided to third parties outside the EEA, or accessed by third parties from outside the EEA, we will ensure that appropriate safeguards are in place in accordance with the GDPR (such as the European Commission’s standard contractual clauses, or the EU/US Privacy Shield).
We otherwise store all of our information, including your IP address information, using industry-standard techniques and take all steps reasonably necessary to ensure that your data is treated securely. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, personal data or otherwise.
The Legal Basis for Processing your Information
In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:
Necessary for entering into or performing a contract:
In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
Necessary for compliance with a legal obligation:
We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
Necessary for the purposes of legitimate interests:
Either we or a third party will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided that we have established that those interests are not contrary to your rights and freedoms, including your rights to privacy, and to have your information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services, and ensuring that our operations are conducted in an appropriate and efficient manner.
In all other circumstances, we will ask for your consent to process your information, or to communicate regularly with you.
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request. You can exercise any of these rights at any time by contacting us at firstname.lastname@example.org.
Right of Access:
You have the right at any time to ask us for a copy of the personal information that we hold about you and to check that we are lawfully processing it. Where we have good reason, and if the GDPR permits, we reserve the right to decline such a request, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Data Portability:
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. In such circumstances, you can ask us to transmit that information to you or directly to a third party organisation.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
Right of Correction or Completion:
If personal information we hold about you is not accurate or is out of date and requires amendment or correction, you have a right to have the data rectified or completed. This can usually be done by interacting with our platform.
Right of Erasure.
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to Object to or Restrict Processing:
In certain circumstances, you have the right to object to our processing of your personal information e.g. if we are processing your information on the basis of our legitimate interests, but there are no compelling legitimate grounds for our processing which override your rights and interests. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right to Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This can usually be done by interacting with our Services or by contacting us at email@example.com.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are unhappy about our use of your information, you can contact our data protection team or contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Information Commissioner’s Office
If you live or work outside of the Netherlands or you have a complaint concerning our activities outside of the Netherlands, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA can be accessed here.
What Information of Mine Can I Access?
Users can access and delete cookies through their web browser settings.
What Choices Do I Have Regarding My Information?
You can use many of the features of the Services without registering, thereby limiting the type of information that we collect.
You can always opt not to disclose certain information to us, even though it may be needed to take advantage of some of our features.
How long we hold your information
We will only retain your information for as long as is necessary to fulfil our purposes, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.
What If I Have Questions or Concerns?
If you have any questions or concerns regarding privacy using the Services, please send us a detailed message to firstname.lastname@example.org. We will make every effort to resolve your concerns.
Effective Date: June 21, 2018.