Privacy and Data Protection at Blinkline

The safeguarding of your personal data is of paramount importance to us. For this reason, Blinkline prioritizes data protection and data security for customers and users above all else. We continuously monitor, update and enhance our policies and privacy practices to ensure that all certification and compliance requirements are met and executed to the highest standards possible. In particular, personal data are processed by us only when necessary and for the purpose of delivering a functional and user-friendly platform, including its contents and the services we provide.

What is the GDPR

On May 25, 2018, the European Union implemented a comprehensive data privacy law, the General Data Protection Regulation (GDPR). A primary objective of the GDPR is to standardize data privacy laws across the European Union, to safeguard and strengthen all EU citizens' privacy both online and offline and to transform the way organizations across the EU handle their customers' personal data.

As such, any company that gathers or processes personal data of EU citizens falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including Blinkline are required to implement and follow the GDPR for all data processing activities.

At Blinkline, we recognize the critical importance of protecting your data and have aligned all services in accordance with the principles established in the GDPR. This particularly applies when our clients use our products and services to process end-user data regardless of whether this constitutes personal data and/or business personal data.

What is personal data under the GDPR?

Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address, your online identifiers, location data, biometrics such as your fingerprint and behavioral and profile data. Anonymous data exists when no personal reference to the user can be established.

What are Technical and organizational measures?

These measures are a requirement for the security of processing. Those measures are integrated into our data protection framework and aim to prevent breaches and ensure privacy by design. Simply put, technical and organizational measures are the functions, processes, controls, systems and procedures used and implemented to protect and secure the personal information that we process. Those include:

• no unauthorized access, usage;
• or transmission of data;
• data segregation, encryption and separate processing;
• pseudonymization of your data;
• regular backups and safe and secure storage and transfer;
• advanced data loss protection.

What are the benefits of GDPR compliance?

GDPR compliance benefits include increased trust and credibility, along with a better understanding of the data that's being collected and how it's managed. Those benefits include:

• store & process customer data locally;
• fulfill deletion and data subject access requests from a simple interface;
• update, delete and confirm measures requested by your users;
• block data collection and issue suppression requests for specific users;
• allow user data collection with a single API;
• compile user data for access and manage portability requests;
• easily organize and integrate raw data or warehouse data of a specific user when you need to respond to a user request;
• automatically update user profiles and accounts when new data becomes available.

What is the CCPA?

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.

To whom does the CCPA apply?

The CCPA applies to for-profit businesses that do business in California and meet any of the following:

• have a gross annual revenue of over $25 million;
• buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
• derive 50% or more of their annual revenue from selling California residents' personal information.

What is considered personal information under the CCPA?

Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

What is not considered personal information under the CCPA?

Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

What are the rights under the CCPA?

The CCPA secures new privacy rights for California consumers, including:

• The right to know about the personal information a business collects about them and how it is used and shared;
• The right to delete personal information collected from them (with some exceptions);
• The right to opt-out of the sale of their personal information; and
• The right to non-discrimination for exercising their CCPA rights.

Businesses are required to give consumers certain notices explaining their privacy practices.

Acknowledgement and Disclaimer

This guide does not amount to legal advice and is for informational purposes only. When working with personal data you should always consult your legal counsel and be aware of all personal data protection laws that apply to your specific requirements of your country and the unique requirements of your business and services. For more information on our GDPR and CCPA compliance at Blinkline, please contact us at legal [@] blinkline.com