- What information do we collect?
- How do we use the information we collect?
- Whether and how the information is shared
- Your rights as a data subject
- Data Retention
- Transfers of information across boundaries
- Data Controller/Processor
- Merger and Contact Information
1. What Information do we collect?
1.1 Information that you provide to us:
We collect various types of personal data regarding our Users as well as data regarding Visitors to our Sites. Such data is typically collected and generated through your interaction with the Blix Service. Specifically, we collect the following categories of data (which, to the extent it relates to an identified or identifiable individual, is deemed as “Personal Data“):
When you install or access the Application and set up your account, you provide us with your email account addresses (for the accounts you wish to manage through the Application), your display name of each of your email accounts (Optional) – this could be your actual name, or a nickname you choose, Your Photo (Optional) – if you choose to upload it as your account avatar. You may choose to upload another photo, but you need to make sure you have the appropriate rights to use this photo.
- You may contact us or seek our customer support such as by using “Contact Us” or send us support requests, or provide us with feedback, reviews, or answers to surveys or promotions, including by contacting us on social media channels, by posting on any of our online public forums or communities, by sending an e-mail to any of our designated addresses, or any other form of communication. W we may obtain and maintain any data you choose to provide, including your name, your email addresses, as well as information about your mobile device such as its device type OS type details on a problem you are experiencing and any information concerning your use of the Application.
- When you contact us to seek our customer support, we may obtain and maintain any information you choose to provide, including your name, your email addresses, as well as information about your mobile device such as its device type OS type and any information concerning your use of the Application.
- Sync Services – you may use the optional Sync Services to allow synchronization of data such as your Application settings, contacts, remarks and tasks which are securely stored on our Cloud. We may ask you to provide your phone number to send SMS text message verification.
- When you create a group, we save on our Cloud the group name, avatar, notes and email addresses of the group members.
- When you use the Blix Smart Filter feature, you provide us with the email addresses you interact with. You can disable the Blix Smart Filter at any time from the Application settings.
- You can report emails whether misclassified, safe or malicious, to our Cloud for analysis, sharing, debugging and classification. You can share a link to an email by uploading it to a Cloud sharing service.
- Instant Push Services (Optional) for iOS and OAuth supported email accounts – if you are using imap and exchange email accounts on iOS, or OAuth supported email accounts and configure your settings to allow push notifications (the Blix Cloud sends push notifications to your mobile device when you have a new email), we will we keep either the OAuth token or encrypted credentials. When using the Instant Push Services for those accounts, we receive the email headers including to, from, subject and a small portion of the body. The information will be deleted immediately after sending the Push notification.
- Data concerning third-party apps: If, when using the Services, you or your Administrator choose to integrate your account with third-party apps, we will connect and integrate these third-party apps to ours. The third-party providers of these integrations may receive certain relevant data about or from your Account or share certain relevant data from your Account on their services with our Services, depending on the nature and purpose of such integrations. If you do not wish your data to be shared with such third-party apps, please contact your Administrator.
Are you obligated to provide us with this private data?
You are not obligated to provide us with any of the above information.
However, we will not be able to provide you with the Application and the Blix Services or part of them, as applicable, if you do not agree, or withdraw your consent, or request to object (all as detailed under section 5 with respect to your rights) to our processing of these data items.
1.2 Information that we collect from third parties:
Analytics for Web and Mobile
We use web and mobile analytics software to measure traffic and usage patterns and to help us better understand the functionality of the Blix Service on your device or general information regarding how users use the Blix Service. When using our Website, the web analytic tools collect information sent by your browser, including the pages you visit and other information that assists us in improving the Website. The Application on your device may collect information such as what kind of device you are using, how often you use the Blix Service, the way you use the Bix Service (what functions are used for example) performance data (technical issues concerning crashes, operation metrics, memory consumption and that type of information), and which store the Application was downloaded from and send this information to the Cloud. We use this information only to administer, improve, monitor and analyze the use of the Blix Service.
When you access the Blix Service on a mobile device (like a smart-phones or tablet), we may access, create, monitor or remotely store identifiers such as Instance ID or GUID which uniquely identify our app. Only Blix can access these identifiers. We do not use any hardware identifiers such as Unique Device Identifier (UDID), SSAID (Android ID) and IMEI and we have no way to identify the specific hardware you use.
These identifiers persist on your device and our Cloud to help you log in faster and enhance your navigation through the Application. Some features of the Blix Service may not function properly if these identifiers are impaired or disabled.
We frequently and securely check the Application version with our Cloud to recommend an upgrade. We also securely check for licenses and premium features to allow or prohibit functionalities.
2. How do we use the information we collect?
- We use all of the above information to operate, maintain, and provide to you with the Blix Service features and functionality.
- We use the email address to establish the accounts you wish to use within the Blix Service, and let you manage your email account through the Blix Service.
- We use your display name to display the different account names as you assigned them.
- We may use the above information to respond to your requests and messages, including with respect to your rights as data subject, as well as to initiate contact with you on issues related to the Services or support and maintenance issues.
- We may use the information you provide to allow certain functions to perform as intended. For instance, for the Smart Filter – to compare your email contacts with spam email lists we have on our Cloud; for the Sync service to be able to perform the requested synchronizations; for the send later feature to be able to save and send the email at a later time you defined, etc.
- To enhance and support or data security measures, including to prevent, detect and fight fraud or other illegal or unauthorized activities.
Our Legal Bases for Processing
The following are the legal reasons why we process your information in the manners specified above:
- Performance of a contract to which Blix and you, the data subject, are parties. Many of the uses described above are actions that involve processing of your information in order to meet our undertakings to you and respond to your requests and indications within the Blix Service.
- Consent – some of the information you provide is based on your agreement and willingness to provide it. In addition, we may ask you from time to time, through the Service interface, to provide your consent for specific uses.
3. Whether and How Your Information is Shared?
We will never share, rent or sell your information to third parties outside of Blix and its group companies (including subsidiaries and affiliates) without your consent, except as noted below:
- Service Providers: We engage third-party business partners to help us provide you with the Blix Services, for instance, Amazon AWS (Cloud hosting and related services), Google Analytics for usage analytics and statistics, Content Delivery Networks (CDN) , fraud detection, billing and payment processing services (collectively, “Service Providers“). These Service Providers will be given limited access to your Personal Data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such limited purposes as determined in our agreements with them. Our Service Providers shall be deemed as ‘Data Processors’ in circumstances where Blix assumes the role of ‘Data Controller’; and where Blix acts as the Data Processor for the Customer, the Service Provider shall be deemed our ‘Sub-Processor’ (as further described in Section 9 below). A list of Blix’s Sub-Processors is available at https://blix.net/legal/subprocessors.
- Compliance with the Law: We may disclose your information if we believe it is necessary in order to comply with the law, such as to comply with a subpoena, regulation or legal request, respond to a government request, to address fraud or security issues, to protect the safety of any person, to enforce our agreements with you; to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing or to protect our own rights or property. If you are located in the EU, we may only do so based on legal requirements specified above of EU authorities. This includes sharing such information with our legal counsel.
- Business Transfers: If the Blix Service is involved in a merger, acquisition, bankruptcy, reorganization or sale of assets, your information may be transferred as part of that transaction to a successor in interest and to the applicable legal authorities as well as legal counsel and other professionals involved, such as accountants, and other officers of the government or of the applicable judiciary instance.
Links to Third Party Websites
This section does not relate to information that we directly convey to third parties.
If you are located in the EU, the following shall apply only if you marked your consent to receive such communications.
If you are located in the US or elsewhere in the world, the following shall apply for as long as you have not opted-out of this activity:
We may use the information we collect or receive to communicate with you directly. For example, you may receive emails from us containing company updates, promotions, marketing, or special offers. We do this to be sure our communications and our products get better over time. If you would rather not receive these emails, you may opt-out of receiving them by following the unsubscribe link located at the bottom of each communication or by emailing us at email@example.com. Even after you opt-out from receiving communications messages from us, you will continue to receive administrative messages from us regarding our services (such as requirement to upgrade the Application).
5. Your rights as a data subject
- You may access and update your information by visiting your account settings within the Application or by emailing us at the email address listed below.
- You can use the panel tool here to view or remove information stored on our Cloud about your email account.
- In case our processing is based on your consent, you have the right to withdraw your consent at any time, by contacting us via email.
- You have the right to object to the processing of your Personal Data for direct marketing purposes at any time.
- You have the right to object to our processing of your Personal Data if processing is based on our legitimate interests.
- You have the right of portability with respect to your Personal Data, in case it is processed by automatic means, and if processing is based on your consent.
- You have the right to request that we erase all of your Personal Data that we keep, without undue delay, unless processing is necessary as further detailed under “Data Retention”
- In certain countries, you have a right to lodge a complaint with the appropriate supervisory authority in charge of data protection, in case you think that we are breaching any of your rights relating to your Personal Data. If you are located in the EEA, a complaint may be lodged in the country which is your place of residence, your place of work or place of the alleged infringement.
If you have questions on how to exercise your rights, please contact firstname.lastname@example.org. We will respond to your access request without undue delay, or within 30 days at the latest (as the law may require).
6. Data Retention
We will retain your information for as long as we need it for legitimate business purposes and as permitted by applicable law. Once no longer used as stated herein, it will be either deleted or completely de-identified in a manner that does not allow re-identification thereof. Except as required by law or our agreement directly with you, we will not be obliged to retain your Personal Data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.
We will also retain and use your information in the following instances:
- If there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved.
- The information must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.
Specifically, the following information items are retained for the following time periods:
|Optional Functionality||Data Item||Retention period|
|Instant Push Services for iOS and OAuth supported accounts (optional)||Email header (to, from, title, portion of the body)||Deleted immediately upon push completion|
|Settings Backup (optional)||Your phone number||As long as required to perform the Services|
|Report an email (optional)||Reported email||As long as required to perform the Services|
Security is extremely important to us. We use industry leading security practices to preserve the integrity of all your data. For example, when you transmit sensitive information and when you send and receive emails, Blix encrypts the transmission of that information using secure socket layer technology (SSL). However, no method of electronic transmission or storage is 100% secure, so we cannot guarantee absolute security. Blix is not responsible for the functionality or security measures of any third party. If you have questions about this feel free to contact us at email@example.com.
8. Transfer of Personal Data across boundaries
Our legal basis for performing such transfer across boundaries are:
- Model Clauses. With some of our processors, we use standard contract clauses, that are binding standards of processing of Personal Data committed to contractually by third parties processing information for us and on our behalf, approved by the European Commission.
9. Data Controller/Processor
We are the Controller of our Users Personal Data, and certain types of User data; we are the Processor of any Personal Data contained in User data processed on behalf of our Customer.
Data protection laws and regulations including GDPR distinguish between two main roles for parties processing Personal Data: the “Data Controller”, who determines the purposes and means of processing; and the “Data Processor”, who processes the data on behalf of the Data Controller. Below we explain how these roles apply to the Blix Service, to the extent that such laws and regulations apply.
If any of our Users upload or submit Personal Data or other content to our Blix Service which includes Personal Data (e.g., sending a message to another user with personal details), such data will only be processed by Blix on behalf of our Customer, which is the owner of the respective Account, along with all other User data processed on such Customer’s behalf.
In such instances, our Customer shall be deemed the “Data Controller” of such data, and Blix will process such data on the Customer’s behalf, as its “Data Processor”, in accordance with its reasonable instructions, subject to our Terms of Service, our Data Processing Agreement with such Customer (to the extent applicable) and other commercial agreements. Blix’s Service Providers shall act as designated Sub-Processors in these instances. The Customer will be responsible for meeting any legal requirements applicable to Data Controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).
Our Services are not directed to persons under 16. We do not knowingly collect Personal Data from children under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to remove such information and terminate the child’s account. If you learn that your child has provided us with Personal Data without your consent, please contact us at firstname.lastname@example.org.
If you are resident of the State of California you may be entitled to additional privacy disclosures under the California Consumer Privacy Act (“CCPA”) after January 1, 2020. The CCPA provides for additional protections for Personal Data, which the statute defines as your IP address, account or social security number, drivers license or passport information, online activity, employment data, demographic information and others. Under the CCPA: (1) you have the right to know what Personal Data Blix has collected about you as a User and if it has been sold; (2) you have the right to a copy of the Personal Data that Blix has collected about you; (3) you may opt out of any transfer or sale of your Personal Data; (4) you may request that Blix delete any of your Personal Data; (5) if any Personal Data is transferred or sold to third parties, you have a right to know the categories of such third parties; (6) you have the right to know the reasons Personal Data has been collected; and (7) you have the right to equal service and pricing if you assert any rights under the CCPA. Note, the deletion of certain Personal Data may disrupt some or all of the functions and features of the Blix Service.
If you are a California resident and wish to obtain any of the information described above regarding the collection, use and disclosure of your Personal Data, please make such a request by sending an email to email@example.com.
13. Merger and Contact Information
Last Updated: August 15th, 2019
© 2022 Blix Inc.