Blink

This Privacy Policy describes how BlinkCore Technology Limited ("BlinkCore", "we", "us", or "our") collects, uses, manages, and discloses your personal information when you use the Blink mobile application (the "App" or "Service"). It also details how payment information is processed.

Your privacy is paramount to us, and we are committed to protecting your personal data in compliance with applicable laws, including the Nigeria Data Protection Act 2023 (NDPA 2023).

By using the Blink App, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

BlinkCore Technology Limited

Registered Address: 11, Limpopo Close, Maitama, Abuja
Website: www.useblink.co
Privacy Contact Email: hello@useblink.co

2. The Purpose of This Privacy Policy

The primary purpose of this Privacy Policy is to inform you, the user, about how your personal information is collected, used, and managed by BlinkCore Technology Limited through the Blink App. It also includes specific details on how your payment data is processed securely.

3. Information We Collect

We collect various types of information for different purposes to provide and improve our Service to you.

a. Information You Provide Directly to Us:

When you create an account, verify your identity, or use certain features, you may provide us with the following personal information:

Account Information: Your first name, last name, email address, and password.
Identity Verification Data: To comply with regulatory requirements (KYC - Know Your Customer and KYB - Know Your Business for merchants), we collect your Bank Verification Number (BVN), National Identity Number (NIN), Passport details, or Driver's License details. We use these details primarily to verify your first and last name as part of the verification process.
Contact Information: Your phone number.

b. Information Collected Automatically:

When you access and use the App, we may automatically collect certain information about your device and usage:

Location Data: We collect your device's location automatically once when you use the app for purposes such as showing nearby merchants and for fraud prevention.
This location data is stored only on your device and is NOT stored in our database. Once you log out from the App, this location data is cleared from your device.
Device Information: Your device ID, IP address, operating system, and App version. This data is used for security, fraud detection, and analytics related to App performance.
App Crash Reports: We collect data related to App crashes to help us diagnose and fix bugs and improve the App's stability.

c. Payment Information:

Debit Card Information: We DO NOT store your full debit card number, CVV, or expiration date on our servers. When you add your debit card, a request is made to Flutterwave (our payment processor) to verify the card information, and Flutterwave then tokenizes it. We only store a non-sensitive token on our database, which acts as a secure point of reference to Flutterwave for processing your payments.

4. How We Use Your Information

We use the collected information for various purposes, primarily to provide, maintain, and improve the Blink App and its services:

Account Management: To create, manage, and secure your user account (using your Email and Password for account creation and identification).
Service Provision: To enable you to make secure and contactless payments.
Identity Verification & Compliance: To verify your identity (using BVN, NIN, Passport, or Driver's License via Smile ID) for "Know Your Customer" (KYC) and regulatory compliance.
Fraud Prevention & Security: To detect and prevent fraudulent activities and enhance the security of your transactions and account (using Device ID and Location data).
Service Improvement: To monitor and analyze App usage and performance through crash reports, helping us to identify and resolve issues and enhance user experience.
Location-Based Services: To show you nearby merchants (using Location data collected once from your device).
Communication: To send you essential service-related communications, security alerts, and updates.
No Marketing or Promotional Use: We do not use your personal data for marketing or promotional purposes.

5. Sharing and Disclosure of Your Information

We share your information with third-party service providers to facilitate our Service and for legal compliance. We ensure that these third parties adhere to strict data protection standards.

Payment Processing: We share necessary transaction details and card tokens with Flutterwave (our payment processor) to process your payments securely. Flutterwave sends back an ID (transaction reference) to us.
Identity Verification: We share your identity verification data (BVN, NIN, Passport/Driver's License details, Name) with Smile ID to verify your identity. Smile ID returns your verification status and confirmed information to us.
Phone Number Services: We share your phone number with Termii for phone number validation and delivery of One-Time Passcodes (OTPs). Termii returns the OTP status to us.
Legal Compliance: We may disclose your personal information in response to a court order, subpoena, or other valid governmental request when we believe such disclosure is necessary to comply with the law, protect our rights, or ensure your safety or the safety of others.

Note: We do not sell your personal data to third parties.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Account Data (Name, Email, Phone, BVN/NIN/Passport/Driver's License details): We retain this data for as long as your account is active. If your account becomes inactive or you delete it, we will retain your information for a period until we ascertain that you will no longer use the App. An email will be sent to you before your information is removed from our active databases.
Transaction Data: Retained for as long as your account is active, and for a period thereafter for legal, regulatory, and accounting purposes, similar to account data.
Location Data: As stated, location data is stored only on your device and is not retained on our databases. It is cleared once you log out.
Verification Data (from Smile ID): The retention period for specific verification data received from Smile ID may also depend on Smile ID's own data retention policies and regulatory requirements they adhere to.

The basis for our data retention periods is primarily operational necessity and compliance with legal and regulatory obligations.

7. Data Security

We are committed to protecting the security of your personal data. We implement reasonable and appropriate technical and organizational measures to safeguard your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All user data is encrypted.
Firewalls: Implementation of firewalls to protect our network.
Regular Security Audits: We conduct regular security audits to identify and address vulnerabilities.
Employee Training: Our employees receive training on data protection and security best practices.

8. Data Breach Response

In the unfortunate event of a data breach, we commit to notifying all affected users via email and in-app notifications. We will also notify relevant regulators as required by law. Depending on the nature and severity of the breach, we may also share information on our official social media channels.

9. Your Data Protection Rights

In accordance with the Nigeria Data Protection Act 2023 (NDPA 2023), you have the following rights regarding your personal data:

The Right to Be Informed: To be informed about the collection and use of your personal data.
The Right to Access: To obtain confirmation from us as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data.
The Right to Rectification (Correction): To request the correction of inaccurate or incomplete personal data concerning you.
The Right to Erasure ("Right to Be Forgotten"): To request the deletion of your personal data under certain conditions.
The Right to Restriction of Processing: To request the restriction of processing of your personal data under certain conditions.
The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.
The Right to Object to Processing: To object to the processing of your personal data under certain conditions, including automated decision-making.
The Right to Withdraw Consent: To withdraw your consent at any time where we rely on your consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
The Right to Lodge a Complaint: You also have the right to lodge complaints with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.

How to Exercise Your Rights: You can exercise these rights by contacting us at hello@useblink.co. You can also delete your account at any time using the "Delete Account" button within the App.

10. Children's Privacy

The Blink App is intended for users who are at least 13 years of age. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

11. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Nigeria. For example, our third-party service provider Smile ID may process data outside Nigeria.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information. We rely on safeguards such as Standard Contractual Clauses (SCCs) for such transfers, where applicable.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will also inform you via email to your registered email address and/or through an in-app notification. The "Last Updated" date at the top of this Privacy Policy will be revised.

You will be given at least one (1) month prior notice before any new changes take effect.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: hello@useblink.co
By visiting our website: www.useblink.co