Privacy Policy
Last updated: June 1st, 2023
This document defines the Privacy Policy on the BLINK Platform (hereinafter referred to as the ‘Internet Platform ‘or ‘Platform’) and BLINK mobile application (hereinafter referred to as ‘Mobile application’, ‘Application’ or ’App’), jointly referred to as ‘Services.
This privacy notice describes how and why we might collect, store, use, and or share (“process”) your information when using our services (Services) such as when:
-
Visit our website, or any of ours that links to the privacy notice
-
Engage with us in other related ways, including any sales, marketing, or events
The Services are directed and intended for professionals and professional use only.
​
OUR PRINCIPLES
BLINK has designed this policy to be consistent with the following principles:
-
Privacy policies should be human-readable and easy to find.
-
Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand.
-
Data practices should meet the reasonable expectations of users.
Reading this privacy notice will help you understand your privacy rights and choices. If you don’t not agree with our policies and practices, please do not use our Services.
Our Privacy notice is in accordance with the EU General Data Protection Regulation (GDPR).
Valid for customers, interested parties, suppliers as well as sales and cooperation partners of BLINK Group (hereinafter referred to as "BLINK").
With the following information, we give you an overview of the processing of your personal data by us and your rights from the EU General Data Protection Regulation (GDPR). Which data is processed in detail and in which way it is used depends largely on the products and services requested or commissioned in each case.
I. ​WHAT INFORMATION DO WE COLLECT?
1. Sources
We process personal data that we receive from you in the course of our business relationship. In addition, we process (to the extent necessary for the provision of our products and services) personal data which we have permissibly received from other companies of the BLINK Group of Companies or from other third parties (e.g. for the execution of orders, for the fulfillment of contracts or based on a consent granted by you). On the other hand, we process personal data that we have permissibly obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).
We collect personal information that you voluntarily provide to us when you register on the Services. Express an interest in obtaining information about us or our products and services, when you participate in activities on the services, or otherwise when you contact us.
The personal information that we collect depends on the context of your interactions with and the Services, the choices you make, and the products and features you use,
The personal information we collect may include the following: names, phone numbers, email addresses, mailing addresses, job titles, usernames, passwords, contact preferences, contact or authentication data, billing address.
We may provide you with the option to register with us using your existing social Media accounts details, like Facebook, twitter or other social Media account.
​
2. Categories of personal data
When initiating a business relationship or creating master data, the following personal data may be collected, processed, and stored: address and communication data (name, address, telephone, e-mail address, and other contact data).
​
When using products and services within the scope of the contracts concluded with us, the following additional personal data may be collected, processed, and stored in addition to the aforementioned data: contract master data (order data, data from the fulfillment of our contractual obligations, details of any third-party beneficiaries), billing, performance, and payment data (direct debit data, tax information, other personal master data (profession, employer), documentation data (e.g. protocols), product data (e.g. services and products requested or booked) as well as the following business creditworthiness documents: income/surplus statements, balance sheets, business evaluation, type and duration of the self-employment.
​
3. Customer contact information
In the course of the business initiation phase and during the business relationship, in particular, through personal, telephone, or written contacts, by you or initiated by BLINK, further personal data is generated. This includes, for example, information on the contact channel, date, occasion, and result, (electronic) copies of correspondence, and information on participation in direct marketing measures.
4. ​Information Society services
When processing data in the context of information society services, you will receive further information on data protection in connection with the service in question.
5. ​Information collected from other sources
-
KYC
-
ESG
-
Credit Score
II. ​HOW DO WE PROCESS YOUR INFORMATION?
-
Purpose and legal basis of the processing
We process the personal data mentioned under I. in accordance with the provisions of the EU General Data Protection Regulation (GDPR).
1.1 For the fulfillment of contractual obligations/to fulfill and manage your orders and deliver, facilitate delivery of the service to the user (Art. 6 (1) b) GDPR).
The processing of personal data is carried out for the purpose of establishing, implementing, and terminating a contract for the provision of products or services, as well as for the implementation of pre-contractual measures for the preparation of offers, contracts, or other requests directed towards the conclusion of a contract, which is made at your request.
The purposes of the data processing are primarily based on the specific products and services and may include, among other things, needs analyses, advice, and support. Further details regarding the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. Interested parties may be contacted during the contract initiation phase, considering any restrictions that may have been expressed, and customers, suppliers as well as sales and cooperation partners may be contacted during the business relationship using the data that they have provided.
-
To facilitate account creation and authentication and otherwise manage user accounts we may process your information, so we can create and log in to your account and keep it in working order
-
To respond to user inquiries/offer support to the user
-
To send administrative information to you
-
To request feedback
-
To protect our services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention
-
To identify usage trends
1.2 On the basis of your consent (Art. 6 (1) a) GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the group of companies), the legality of this processing is based on your consent. Any consent granted can be revoked at any time. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected by this. You can request an overview of the status of the consents you have granted from us at any time.
1.3 Due to legal requirements (Art. 6. (1) c) GDPR) or in the public interest (Art. 6 (1) e) GDPR)
We are subject to various legal obligations and legal requirements and process data for the following purposes, among others: identity and age verification, the fulfillment of fiscal control and reporting obligations, and the assessment and management of risks within the group of companies.
1.4 As part of the balancing of interests (Art. 6 (1) (f) GDPR)
If necessary, we will process your data beyond the actual fulfillment of the contract in order to protect the legitimate interests of us or third parties. Examples:
-
Written and audio-visual business correspondence and business meetings 
-
Testing and optimization of procedures for requirements analysis and direct customer contact; including segmentation and calculation of closing probabilities, advertising or market and opinion research, unless you have objected to the use of your data
-
Assertion of legal claims and defense in legal disputes
-
Ensuring IT security and IT operation
-
Consultation of and data exchange with credit agencies to determine creditworthiness and default risks
-
Prevention of criminal offenses 
-
Video surveillance for the purpose of safeguarding domestic justice, collecting evidence of criminal offenses 
-
Measures for building and office security (e.g. access controls) 
-
Measures to secure the right to the house 
-
Measures for business management and further development of services and products 
-
Risk management in the Group 
2. Usage of Personal Data
We lawfully process subject data with the sole objective to fulfill our “legitimate interests”. The following includes an extensive yet non-exhaustive list of “legitimate interests” under which we operate:
a. Betterment of our Services by providing easily accessible and usable technologies that enable our clients to execute their business objectives with more certainty.
b. When prior consent is asked from and provided by subjects through the same channel of communication, and the objective of such communication is in abiding to clause a).
c. Where the processing is necessary to comply with our legal obligations, and on-demand from regulatory authorities.
​
2.1. The data and content provided or made available to us by users across our different Services is used in the collection, compilation, and collation of data of respective subjects. Subject data is also used in conducting research and development programs to improve user experiences across our digital spectrum and for the overall improvement of our Services.
​
2.2. We notify subjects about the usage of their data in writing, through emails, and/or other media as available and agreed by both parties. Our communications may also include:
-
Service Messages: To acknowledge ongoing and concluded transactions and interactions. Examples include welcome messages, meeting schedules, etc. We don’t offer any opt-out options for service messages, as we are legally obliged to send the same.
-
Marketing Communications: On our own behalf or on behalf of known third parties. Such communications may be sent when subjects have shown interest in receiving so – even when they do not have an account with us. Each of our marketing communications has an opt-out option at the footer of the messaging in case subjects desire to stop receiving future emails in the same regard.
-
We also conduct feedback surveys from time to time to improve marketing experiences for our users.
2.3. We do not use personal data to engage in automated decision-making about subjects.
III. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
1. Recipients of the data
Within the BLINK Group of companies, access to your data is granted to those entities that require it to fulfill our contractual and legal obligations.
Service providers employed by us may also receive data for these purposes, provided they comply with our written data protection instructions.
About the transfer of data to recipients outside the BLINK Group of companies, it should first be noted that we are obligated to maintain secrecy about all customer-related information of which we become aware. We may only pass on information about you if this is required by law, if you have given your consent, and/or if processors commissioned by us guarantee the requirements of the EU data protection regulations.
Under these conditions, recipients of personal data may be, for example 
-
Public bodies and institutions where there is a legal or official obligation
-
Contract processors to whom we transfer personal data in order to carry out the business relationship with you. In detail: Archiving, document processing, controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, reporting, risk controlling, expense accounting, telecommunications service provider, website operations, auditing services, payment transactions.
Other data recipients may be those entities for which you have given your consent to the transfer of data.
2. Sharing of Personal Data
2.1. We share subject data with:
-
Affiliates (legal entities controlled by us, controlling us, or sharing a common authority of control with us) within reasonable limits, to properly deliver our Services.
-
Selected Third Parties, including our business partners, vendors/suppliers, and sub-contractors, for the performance of the contract we are in with them.
-
Analytics and Search Engine Providers who assist us in improving our digital presence in frequent intervals.
2.2. Under special circumstances, we may disclose your data to other third parties too. Such circumstances may include and not be limited to:
-
Selling or buying of business assets
-
Business acquisition by third party (where data can be treated as transferred asset)
2.3. We ensure maximum contractual and operational safeguards in the instance of third-party processing of subject data.
3. Accessing Data
3.1 Data accessed by default by BLINK team​ are public listings that help find good trade opportunities for the platform users and to run analytics to understand the supply/demand on the platform​​.
3.2 Data not accessible to BLINK team, available only with Customer permission, are sensitive data like transaction details that are masked by default to all staff at blink. Customer Success Managers can access the information in case customers opt-in to share it e.g., for support purposes. If one of the parties transacting a trade wants to open the commercial data to the CSM for any particular reason, this party takes de responsibility in front of his counterpart of the CSM accessing this commercial data.
3.3 Data access to blink. AWS may provide access to the CTO upon request to provide access to production data. With approval from the CTO, DevOps Engineers may gain additional access if required for technical reasons. Everyone's access is audited by AWS following their globally defined standards. Customers can periodically request to see the AWS logs related to their data to learn if it was accessed and used safely.
​
IV. TRANSFER OF DATA TO THIRD COUNTRIES OR TO AN INTERNATIONAL ORGANISATION
1. Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders, if it is legally required (e.g. tax reporting obligations), if you have given us your consent or if it is part of an order processing. If service providers are used in the third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by the agreement of the EU standard contract clauses.
2. Data sharing
2.1 Data sharing in your company
Role-based access system gives the administrator of each company control over who has access to what data. Take the following examples:
-
Sales role does not see service selection or operations platform by default, subject to change by admin.
-
Operations role can be set up to have access to financially sensitive documents or not, subject to change by admin.
2.2 Data sharing with other companies
By default, Customers can choose to share their cargo needs and offers with everyone on the platform, only share it with a selected group of trusted partners or nobody. Data sharing is further limited, so that shared cargos cannot be browsed and become visible only to those chosen to see them on the platform with matching offers and needs1.
For your operations, you can use the Cargo Control Tower for trades completed on Trade Digital module or imported to the platform. It allows but doesn't require you to manage and share all or selected tasks and documents related to your cargo with your trade partner.
At any time, you are under full control over the documents shared with counterparties.
2.3 Data sharing with blink or 3rd parties
Blink uses only pre-transaction data on an aggregated level for monitoring and analytical purposes. Data about ongoing negotiations is neither accessed by blink nor shared with 3rd parties.
V. DURATION OF DATA STORAGE
We retain subject data for as long as it is reasonably necessary, for providing our Services.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:
-
Fulfilment of commercial and tax law retention periods in accordance with European and local Maltese regulations. 
-
Preservation of evidence under the statute of limitations rules according to with European and local Maltese regulations. 
​​
VI. HOW DO WE KEEP YOUR INFORMATION SAFE
At BLINK Group, we give utmost importance to safeguarding your privacy, at every step of processing or storing your personal information. We take every step to protect the confidentiality and security of the said data. We apply state-of-the-art servers with the latest encryption technologies.
1. Data protection rights of the data subject
1.1 Every data subject has the right of access under Art. 15 GDPR. the right of rectification under Art. 16 GDPR, the right of deletion under Art. 17 GDPR, the right to restrict processing under Art. 18 GDPR, the right of objection under Art. 21 GDPR and the right of data transferability under Art. 20 GDPR.
In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). You can revoke your consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing that took place on the basis of the consent until the revocation.
1.2 BLINK ensures that all customer data remains the property of the respective customers. We also do not use, rent, sell, transfer, or otherwise expose the contents of the tracking information resulting from click-through, messages opened, messages read, or eCommerce conversions. 
1.3 We maintain all customer data in a carrier-class secure facility protected by firewalls and other security systems. These measures are designed to protect visitor and client information.
2 Blink applies best practices for data storage and encryption by working with global cloud providers (i.e., AWS) to secure the database and conduct data encryption at the highest standards. This is achieved through:
-
Communication secured through HTTPS
-
Data stored by AWS S3 (data center in Italy) with high data security standards
-
Data encrypted by default with AWS KMS Keys at AES-256 Standard (incl. logs, backups, snapshots, and replication across regions)
-
Secure logins by AWS Cognito
3.Information security certification
BLINK is in the process of obtaining ISO/IEC 27001.It is an internationally recognized standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive company and customer information. It means BLINK is passing an audit from an external company that verifies:
-
Clearly defined security policies, procedures, and controls in place (i.e., ensuring that management or sales teams cannot access sensitive data)
-
Perform regular risk assessments to identify and address potential vulnerabilities and threats
-
blink team is trained in information security management
4. AWS Partner Network
More than 90 percent of Fortune 100 companies and the majority of Fortune 500 companies utilize APN Partner solutions and services. Some of the world's biggest brands such as Netflix, Adobe, and BBC rely on it to fuel their top projects.
VII. WHAT ARE PRIVACY RIGHTS
1. Right of objection on a case-by-case basis
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) e) of the GDPR (data processing in the public interest) and Art. 6 (1) f) of the GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
2. Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object, at any time, to the processing of personal data concerning you for the purpose of such direct marketing, including profiling, to the extent that it relates to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes. The objection can be addressed to the person responsible without any formality.
​
VIII. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA COLLECTED FROM YOU?
Under circumstances provided for by law, you have the right to: access data and receive a copy of it, rectify (change) data, delete personal data, limit data processing, to data portability - if the legal basis for their processing is consent (Art. 6(1)(a) or Art. 9(2)(a) of the GDPR) or a contract (Art. 6(1)(b) of the GDPR), the right to withdraw consent to data processing when it is the basis for data processing (Art. 6 (1)(a) of the GDPR), the right to object to the processing of personal data - if the legal basis for processing is a legitimate interest (Art. 6(1)(f) of the GDPR). If you find that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority.
More information on the rights of data subjects is available in Art. 12-23 of the GDPR, the text of which can be found at:
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679
Under applicable data privacy regulations, subjects may:
-
Request for access to their data and ask for a machine-readable copy for the same
-
Request for the same to be updated, rectified, deleted, or blocked
-
Request to abstain from using the said data
-
Revoke their consent to process their data (for consent-based processing)
To exercise any of the rights listed above, please email us at dpo@blinkmaterials.com
Visitors and users should be aware that we cannot always delete all historical data records, and this complies to legal audits and financial reporting purposes which we are obliged to participate in.