Services Privacy Policy

IMPORTANT NOTICE
Privacy @ BLOCK7
Last Revised: January 2022

Introduction and Definitions

This Services Privacy Policy (“Service Notice”) only covers Our privacy practices with respect to the collection, use, and disclosure of information obtained in connection with the purchase and use of Our hosted cloud based software applications and offerings (the “Subscription Services”) and related support services (the “Support Services”), as well as expert services, including professional services, training, and certification (the “Expert Services”)  plus the services operated through Our community hub (the “Resource Services”) that We provide to Our Customers.

In this Service Notice, the Subscription Services, and Our Resource Services plus Our Support Services, and the Expert Services are collectively referred to as the (“Service“).

By using the Service, You are consenting to the practices described in this Services Privacy Policy.

This Service Privacy Policy covers information processed by BLOCK7 Limited for Customer and Partner account management purposes (for example, customer address and billing information collected for processing Customer’s purchase of Our Service).

This Services Privacy Policy does not cover a Customer’s use or disclosure of any information it stores in the Subscription Services, nor does it cover any information or data collected by BLOCK7 Limited for other purposes outside of the Service. The definitions of Service Personal Information and information about You (“Systems Operations Data”) processed when We are providing the Service to You in performing, maintaining, and securing Our products and services does not include Your contact and related information collected from the use of Our Site unless You access a Service through Our Site, or Your or User interactions with Us during the contracting Process. Our handling of this information is subject to the terms of Our General Privacy Policy.

Our users (“You”) include individuals who sign up to use Our Service and together referenced as (“Your”) use of Our Service. For the purposes of this Services Privacy Policy (“Customer”) means the entity that purchases Our Service and (“User”) means an individual authorised by the Customer or Partner to access and use the Subscription Services where (“Partner”) means an entity that sells Our products and services or provides services or technology to Our Customers.

This Services Privacy Policy applies to You and describes Our privacy practices in relation to the use of Our Service. This Service Notice applies to all Service Personal Information processing activities conducted by Us and Our business Partners and this policy has been tailored for the ways Your Service Personal Information may be collected, used, shared, and processed by different BLOCK7 lines of business

In this Services Privacy Policy references to (“We,” “Us,” “Our” or “BLOCK7”) are references to BLOCK7 Limited in connection with Your use of the Service.

As used in this Services Privacy Policy, (“Service Personal Information”) or (“Personal Data”) means information that relates to an identified individual or to an identifiable individual. Service Personal Information may include, depending on the Service (a) information concerning family, lifestyle, and social circumstances; employment details; and (b) subscribers’ information related to the use of Our Resource Services ; and (c) information for billing and contracting purposes; and (d) online identifiers such as mobile device IDs and IP addresses, and first party online behaviour and interest data.

Service Personal Information may relate to Your representatives and end Users, such as Your employees,  contractors, collaborators, partners, suppliers, customers, and clients.

Personal Data is also referred to as (“Customer Data”)  and means the electronic data uploaded into the Subscription Services by or for Customer or its Users.

Updates

This Services Privacy Policy was last updated on the Last Revised date at the top of this policy. However, this policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on Our Site. In case there is an important change that We want to highlight to You, We will also inform You in another appropriate way (for example via a pop-up notice or statement of changes on Our Site).

When We update this policy, We will amend the revision date at the top of this page. The modified or amended privacy statement will apply from that date. We encourage You to review this policy periodically to remain informed about how We are protecting Your information.

Incidental Personal Data We may obtain through providing the Service to You

We may obtain additional Service Personal Information through Our Service Mobile Applications that Our Customer or their Users operate on their mobile device (“Device”). (“Mobile Applications”) means applications downloaded by an authorised User of Our software applications to a mobile device.

    • Mobile Applications We provide may obtain or collect information from a User’s Device in connection with the User’s use of the Service and are designed to interoperate with the Subscription Service; for instance, to provide a User with access to information within the Service or to provide information from a User’s Device to the Subscription Services.
    • To provide and operate the Mobile Applications, We need certain information from the User, and without that information Our Mobile Applications would not work (or would not work very well). For example, We ask Users to provide certain Service Personal Information, such as login credentials to access and use the Subscription Services through the Mobile Applications. In addition to the Service Personal Information Users provide, We also collect certain other Service Personal Information using Our Mobile Applications for instance, Our Mobile Application may use a Device’s geolocation data to provide the Service available through the Mobile Applications and to send Users Service information. If a User has geolocation turned on, the Mobile Applications will, from time to time, tell Us about a User’s Device’s location even if a User is not directly interacting with the Mobile Application. It may also tell Us about a User’s Device location while the User is interacting with the Mobile Application. We may only be able to collect this information if the Device settings allow it.

We may collect or generate Systems Operations Data when providing the Service to You in performing, maintaining, and securing Our products and services and operating Our business in an efficient and appropriate manner for the following purposes:

  • to help keep Our Service secure, including for security monitoring and identity management;
  • to investigate and prevent potential fraud or illegal activities involving Our Service systems and networks, including to prevent cyber-attacks and to detect bots;
  • to administer Our Service back-up disaster recovery plans and policies;
  • to confirm compliance with Service subscriptions and other terms of use (license compliance monitoring);
  • for research and development purposes, including to analyse, develop, improve, and optimise Our Service;
  • to comply with applicable laws and regulations and to operate Our Service, including to comply with legally mandated reporting, disclosure, or other legal process requests, for mergers and acquisitions, finance, and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute.

Scope

We host and Process Service Personal Information at the direction of and pursuant to the instructions of Our Customers. We also collect distinct types of information from Our Customers, including:

  • Information and correspondence Our Customers and Users submit to Us in connection with Expert Services or other requests related to Our Service;
  • Information We receive from Our Partners in connection with use of the Service or in connection with services provided by Our business Partners, including configuration and integration of the Subscription Services;
  • Server logs in support of the Subscription Services;
  • Information collected via Our Mobile Applications.

We collect and Process Service Personal Information about You and/or Your business to enable Us, and other members of the BLOCK7 network such as Our Partner network or Our technology network to:

  • provide Our Service to You or Our Customers; and
  • to enable Us to provide You with information that We think may be of interest to You; and
  • to meet Our legal or regulatory obligations; or
  • strive to improve Our Service and this extends to the data security We offer Our growing Customer and User base.

Service Personal Information processed by Us to provide cloud, technical support, or other services to Our Customers is Personal Data processed by BLOCK7 on behalf of a Customer to provide and perform a contracted Service. If You are a Customer and We are processing Service Personal Information on behalf of Your company, please refer to the terms and conditions attached to the Subscription Services which describes and contractually commits privacy and security practices that apply to Personal Data that may be incidentally contained in Our Subscription Services operation data and Our systems and networks used to monitor, safeguard and deliver Service to Our Customer base that is generated by the interaction of end-users of Our Service (“Named Users”) available at https://www.block7.co.uk/termsofuse/subscription-terms

How We share Service Personal Information

We value and respect any Service Personal Information and the purpose of this Services Privacy Policy is to explain how We collect and or Process Personal Data where (“Process”) means any operation performed on information about You, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available. We may disclose Service Personal Information that Our Customers, Partners, and Users provide to Us to the following categories of recipients:

  • to Our contractors, business Partners and service providers We use to support Our Service and business Partners who provide services on behalf of Our Customers; and
  • to any competent law enforcement body, regulatory, government agency, court or other third party to: (a) comply with any request from any competent law enforcement agency, or any other legal obligation; (b) enforce or apply the terms of any Customer and end User contractual agreements; (c) enforce or apply the terms of the agreement for partnership with Our Partners; and (d) protect the rights, property, or safety of BLOCK7, Our Customers, Users, or others; and
  • to a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of certain or all Our assets (including in the event of a reorganisation, dissolution, or liquidation), in which case Service Personal Information held by Us about Our Customers and Partners will be among the assets transferred to the buyer or acquirer; or
  • in accordance with Customer instructions.

For sharing information outside the UK please refer to both Our General Security Policy found on Our Site and Our GDPR Statement

Security and Breach Notification of Service Personal Information

We maintain an information security program designed to protect Service Personal Information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. The Subscription Services allows Customers to implement and use their use of the Service and enforce their security requirements, including user access controls.

We have a dedicated procedure responsible for monitoring and responding to security incidents and will notify Customers of security breaches in accordance with their Customer and end User contractual agreements.

We promptly evaluate and respond to incidents that create suspicion of or indicate unauthorised access to or handling of Service Personal Information.

If We become aware and determine that an incident involving Service Personal Information qualifies as a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Service Personal Information transmitted, stored or otherwise processed on Our operating systems that compromises the security, confidentiality or integrity of such Service Personal Information, We will report such breach to You without undue delay.

Third Party Services

We may also provide applications and integrations hosted by third party services (for example, mobile forms, messenger applications, security protocols). These applications and integrations will interact with the Subscription Services and Our collection, use, and disclosure of information will be in accordance with this Services Privacy Policy and Our Customer and end User contractual agreements with the Customer.

Please Note: The use of any data You make available to such a third party is subject to that party’s privacy policy and agreements.

Contact Information

We have a Privacy Team that is responsible for the implementation of Our privacy policy and procedures program. If You have questions or comments about this Services Privacy Policy and Our privacy practices or if You are a Customer and need to update, change, or remove information from the Service, please contact Us using the Contact Form on Our Site.