The underlying policy of Blokada Cloud:
- We do not (and never will) sell, license, or share any of the data submitted directly or indirectly by our users with any person or entity. Blocka AB is an independent company entirely funded, and controlled by its founders. We will never engage in any data sharing or selling activities, now or in the future.
- No query data is logged if not explicitly requested by the user, and it is discarded as quickly as possible. Some features require data retention, in which case users are given the control over if they wish to activate the feature, and how long the retention period should be.
We strongly believe in having minimal data retention because we want you to remain anonymous. However, in some situations we might have to process your personal data. In those cases, the General Data Protection Regulation (“GDPR”) and other data protection laws may apply to the processing. In this policy, we describe how we are processing your personal data as a data controller, and how you as an individual can exercise your rights. We only process personal data in accordance with the GDPR and other applicable legislations.
Blokada Cloud provides the device activity monitoring feature users may opt-in for. When activated, data related to network queries from connected devices is stored solely for the purpose of displaying it to the user. The retention period is defined by the user at the moment of activating this feature, and it may be deactivated by the user at any time.
Payment information are processed for the purpose of providing you with the service we offer, to pay out refunds and for accounting purposes. The processing of payment data for the first two purposes are based on a legitimate interest where our rights to process the data for such interest overrides your rights to your personal data. Payment information processed for accounting purposes are necessary for the compliance of a legal obligation to which we are subject.
Processing of e-mails and problem reports via our app are made for the purpose of answering questions, resolve problems, and provide general support to customers. The processing is necessary for the purpose of the legitimate interests where such interest overrides your rights to your personal data.
We are processing the following categories of personal data.
- Device name specified by the user
- Domain name that was queried
- Whether the query was blocked or not
- Timestamp of each query
Blokada can access the personal data below through our payment service providers but that does not necessarily mean that Blokada are storing the data anywhere else than in the service.
- Stripe charge ID
- Expiry date
- Last 4 digits of the card
- Card type
- Origin country
- Support by email or support.blokada.org: your email address and other information which you have written in the email or posted message.
- Problem reported via the app: activity logs specific to Blokada, IP-addresses used when sending the report log. Please refrain from entering any personal data when reporting a problem via the app.
The time periods for which the personal data will be saved are the following.
Data retention is explicitly decided by the user at the moment of activation of the monitoring feature. User can disable the monitoring feature at any time, at which point no more data will be stored.
Certain payment data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year). If not required by law or stated above, the data will be stored for no longer than necessary for the purpose. After the statutory retention periods, the data will be permanently deleted.
After solving a support case or problem report, all related emails and problem reports are archived (removed from the inbox).
Your personal data will only be shared with third party suppliers who are performing services on our behalf and for the purposes stated above. The categories of such recipients are e-mail service providers and payment solution suppliers (which are subject to confidentiality).
No. We only store your personal data within the EU. If transfer to a third country occurs in exceptional cases, we will ensure that there is a legal basis for such a transfer and provide you with necessary information.
No automated decision-making (including profiling) takes place.
You have the right, in certain situations, to request us to correct or delete incorrect personal data regarding you and/or limit the processing. You also have the right to request for a copy of your personal data and a registry extract. However, we cannot give out payment data since the purpose of the processing of the payment data do not require identification of the data subject and would require disproportionate effort for us to further acquire or process additional information to identify the data subject (article 11 in the GDPR).
The registry extract and the copy of personal data will be provided to the data subject (if the personal data are not subject to article 11 in the GDPR) without undue delay and in any event within one month of receipt of the request. If the request is particularly complex or if we receive a large number of requests, the period may be extended where necessary. In this event we will inform the data subject of any such extension within one month of receipt of the request together with the reason for the delay.
Where the legal basis for the processing is based on a weighing of interests you are as a data subject entitled to object at any time to the processing of your data.
If you are displeased with our processing of your personal data, please contact us or submit a complaint to the supervisory authority (The Swedish Data Protection Authority, www.datainspektionen.se).
If you would like to exercise your rights, please contact firstname.lastname@example.org for more information.
Please note that exercising some rights may limit our ability to provide support that requires such information, for example issuing a refund or finding a lost account. We are also unable to approve some request due to legal requirements or that the processing of personal data might be based on a legal basis to which the right do not apply.
Reg. no. 559198-8265
403 11 Gothenburg
To exercise your rights under the GDPR or if you have any questions regarding our processing of your personal data, please send your inquiry to the e-mail address above.
The website used for activating the VPN service utilizes only the following few cookies, all of which are essential for us to provide the service:
- __stripe_sid (expires after 30 minutes) – is implemented by Stripe and created when you proceed to the Stripe payment page
- __stripe_mid (expires after one year) – is implemented by Stripe and created when you proceed to the Stripe payment page.
- _cfduid and bot detection cookies (such as “_cf_bm” and Google’s reCaptcha). These are used by the Cloudflare CDN in order to identify malicious visitors, to reduce the chance of blocking legitimate users, and to provide customized services.