Block Party Studio Company (“Block Party,” “we,” “our,” or “us”) takes your privacy seriously. Our Privacy Policy (“Policy”) provides you with information about how we collect, process and use (together referred to as "processing") your personal data as well as your related legal rights. For your convenience, below you can read both an Overview and our full Privacy Policy. We also recommend that you read our Terms of Service available at https://www.blockpartyapp.com/tos/ (the “Terms”), which govern how we provide our online and/or mobile services, website (https://www.blockpartyapp.com/), and software provided on or in connection with the service (collectively, the “Service”). Any terms used in this Policy without definition have the meaning provided in the Terms. This Policy does not extend to the practices of third parties that are not owned, managed or controlled by us. By using our website (https://www.blockpartyapp.com/) or Service, you confirm that you consent to the collection, use and sharing of your information as described in this Policy.

Our values

We collect as little data as possible in order to provide you with our Service. We do not sell your data to third parties or use third-party advertising.

Privacy Policy (Overview)

This Overview provides you with a general description about our processing of your personal data. For more information about our processing activities, please refer to our complete Privacy Policy.

What kind of personal data do we process?

1. As a registered user using our Service or while visiting our website (https://www.blockpartyapp.com) (hereinafter “website”), the following information is collected automatically:
   - Browser version, operating system, device type, IP address and location, button clicks and/or navigation patterns, and screens shown
2. For users registering to use our Service, the following information may also be provided by you at your discretion:
   - Required for use: User registration data, including email address and filter preferences
   - Optional: Real name, phone number and picture
3. For user feedback and support, the following information may be collected in order to address your query:
   - User name (contact via social media) and/or email address
   - Browser type and version, operating system, device type
   - Version of Service and other applicable tech specifications
   - URLs with which you have issues
   - Issues with our Service, which may include screenshots
4. In connection with linked social media accounts, such as Twitter, the following information is also automatically collected from your social media account:
   - User profile data and related information, such as Tweets, social graph data (like following and followed by lists), and other information via platform Application Program Interfaces (“APIs”)
   - Moderation lists (like block and mute lists)
   - Any data you want to be filtered on social media platforms (like Tweets or other posts, comments, and messages)

How do we collect data?

The following is a list of how we collect your data:

1. Based on usage of our website:
   - Cookies
   - Log files
2. In our databases, data such as:
   - your email address and filter preferences
   - Helper accounts and permissions
   - other settings
3. Via Google Analytics
4. For user feedback and support:
   - Via email and survey forms sent by you
   - From user reviews
   - From social platforms like Twitter or Instagram
   - From forum posts
5. Data you provide to us via social media, such as Twitter or Instagram

How and why do we process your data?

• In order to provide you with access to our Service (for example, to connect with your Twitter account(s) for our Service to work)
• In order to inform you about urgent issues in connection with our Service
• For technical purposes, including preventing security attacks, improving our website and services, to ensuring website and product security
• To analyze aggregated usage logs, and for non-EU/EEA users, analytics data, in order to improve our Service
• For communication and assistance purposes
• To assist you with any issues you may have with our Service
• To promote our Service
• For internal market research

How long do we keep data?

1. For a period of 3 years:
   - Website logs
   - Event tracking linked to user ID (we may keep aggregated or anonymized data longer)
   
2. User-generated content is retained for so long as the respective content is not deleted by you or for so long as your account exists.
3. All user support data is deleted one (1) year after closing the respective support case.
4. Subscription data is retained for a period of 10 years.
5. “Aggregated usage statistics”, such as analytics data and other data without any connection to a single user, may be retained indefinitely at our discretion.

What rights do you have?

You have the right to:

• Receive information about the personal data processed by us and how we process your data as well as to gain access to such data.
• Rectify inaccurate personal data and restrict details.
• Request erasure of your data, unless such data needs to be retained for legal purposes.
• Object to the processing of your data.
• Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
• Lodge a complaint with the respective supervisory authority.
• Under the California Consumer Privacy Act (“CCPA”), residents of California have the additional rights outlined here regarding our collection, use, retention, and sharing of their personal information.

Questions?

If you would like to ask questions about our processing of your personal data, or to lodge a complaint, please contact Tracy Chou, our Controller, via email [email protected].

Privacy Policy (Full Version)

General information about your privacy

The following information applies to the collection, processing and use of personal data in connection with our services, our app, and any use of our website.

1. Introduction
2. Who is responsible for data collection and processing?
3. What is personal data?
4. What is the purpose of data processing and what is the legal basis?
5. Do we disclose any personal data?
6. What rights do you have?
7. Changes to this Privacy Policy
8. Collection and processing in our products
9. Collection and processing in our websites
10. Collection and processing for user support
11. Collection and processing in connection with social media
12. Privacy notice for California Residents

Introduction

Protecting your privacy and data confidentiality is very important to us. We take the protection of your personal data seriously and collect as little data as possible. We collect your data because it is necessary for our product and website to function correctly, allows us to communicate with you, and permits us to process payment for our services. Our general practice is to avoid collecting more data than necessary. Collected data is deleted when no longer needed or legally required for retention. This Policy informs you about the collection, processing and use of your personal data. We gather and use personal data firmly within the provisions of U.S. federal and state law as well as applicable international law, such as the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and German national data protection laws. Below we lay out the specific data, scope and purpose of our collection and use of personal data when you are using our Service or visiting our website.

Who is responsible for data collection and processing?

The legal person responsible for the collection, processing and / or use of personal data in connection with our website and Service ("Controller") and Data Protection Officer is:

Controller and Data Protection Officer

Tracy Chou
‍[email protected]
‍Block Party Studio Company
304 S. Jones Blvd
Suite 1604
Las Vegas, NV 89107
U.S.A.

What is the purpose of data processing and what is the legal basis?

Purpose of data collection and processing

We collect and process your personal data for specified, explicit and legitimate purposes and do not further process your data in a manner that is incompatible with those purposes.

We collect and process your personal data for the following purposes:

1. We collect and process your personal data relating to your use of the Service (including social media accounts for which you elect to apply our Service, such as account information) mainly to provide the services you elect to utilize. We also collect and process such data to improve and evaluate our product.
2. We collect and process website logs (such data is collected and processed by third party providers, namely Google Analytics and LogDNA, and you can access the Google privacy policy here and the LogDNA privacy policy here) for technical purposes, to provide our Service to you in a secure and data-efficient manner.
3. We collect and process the data you have provided us in order to communicate with you and / or to assist you.

Purpose of data collection and processing

We collect and process your personal data in compliance with U.S. state and federal law, and as applicable for our international users, the GDPR and applicable EU laws, including German national data protection laws.

Collection and processing is based on your consent - Art. 6 (1) a GDPR, Art. 4 (11) GDPR

Other than data that is collected automatically in order for our website or Service to function, we will always ask for your consent to collect and process your personal data for the aforementioned specific purposes, as permitted by applicable law. Where you have provided us with your consent to the collection and processing of your personal data for the aforementioned specific purposes, you have the right to withdraw your consent at any time by either 1) no longer visiting our website if you are not a registered user or 2) deactivating your account and asking us to delete your personal data so far as allowed under applicable law if you are a registered user.

Collection and processing is based on your consent - Art. 6 (1) a GDPR, Art. 4 (11) GDPR

The collection and processing of your personal data may be necessary for the performance of a contract to which you may be a party, such as signing up to use our Service. Prior to entering into such a contract, the collection and processing of your personal data may also be necessary in order to take steps at your request or to operate our website as a visitor. This applies for registration and the use of our Service and website.

Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject – Art. 6 (1) c GDPR

Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under U.S., EU, or other laws of jurisdictions applicable to users of our website or Service.

Collection and processing is necessary for the purposes of our legitimate interests - Art. 6 (1) f GDPR

The collection and processing of your personal data may be necessary for the purposes of our legitimate interests. For example, we use personal data on the social media accounts you select to apply our Service. We also collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs. Furthermore, we collect and process such data to ensure that our website and Service are constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. In addition, we collect personal data to remember your privacy settings and/or to keep you logged in. Ensuring the usability of our website and our Service is in your and our vital interest and therefore we use such data.

Do we disclose any personal data?

We will make every effort to inform you of any third-party transfer of your personal data when reasonably practicable except as used for functionality of our website and Service. If you are a resident of the EU, we may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:

• If required for legal proceedings / investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and / or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offenses entailing fines and certain finance authorities.
• As part of the further development of our business, our structure may change. The legal structure may be changed, and subsidiaries, business units or components may be created, bought or sold. In such transactions, user information may be shared as part of the transfer of our whole or part of our company. In the event of a transfer of personal information, we will ensure that it is done in accordance with this Policy and applicable laws.

We will not transfer your personal data to third parties as a matter of course without letting you know in advance. As far as practicable and whenever legally required, we will ask for your prior permission unless the transfer of such data is permitted by applicable national data protection laws.

Third-party data transfers

We use third-party service providers for services such as request logging, emailing and error logging. Where we use such third-party providers, we review their privacy policies to ensure that the service providers provide sufficient guarantees regarding an adequate level of data protection and only use personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require the service providers to treat your personal data solely in accordance with this Policy and applicable data protection laws. If you would like more specific information on our service providers and their privacy policies, please contact us at [email protected].

What rights do you have?

To the extent legally permitted and in compliance with applicable U.S. federal and state laws as well as laws applicable to international users, such as the GDPR and German national data protection laws, you have the following rights to protect your personal data collected and processed by us (excluding personal data manifestly made public by the data subject):

Information, access, rectification and restriction rights

Upon request, you have the right to receive information about the personal data stored by us about you and information about how we collect, process and store your personal data. Where we have your personal data stored, you have the right to gain access to such personal data. You also have the right to request that we correct any inaccurate personal data. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. EU/EEA users have the right to request restriction of processing.

Right to data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, which for EU/EEA users will be provided in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.

Right to erasure of your data

You have the right to demand from us the erasure of your personal data, where, among other situations, one of the following grounds applies:

• If we no longer need your personal data for the aforementioned purposes (including to use our Service).
• If you withdraw your consent on which the collection and processing is based and where there are no other legal grounds for the collection and processing.
• If you object to the collection and processing and there are no overriding legitimate grounds for the collection and processing.

Please note, if data needs to be retained for legal purposes under applicable law (including pursuant to Art. 17 (3) GDPR), we will restrict the use of the respective data. In addition, in some cases, requesting that we not process or retain your personal data will mean that you can no longer use our Service if such data is reasonably required to perform the Service.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority in the place of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes your applicable legal rights, including, for EU residents, under the GDPR.

Right to object to the processing of your data

EU/EEA users have the right to object at any time to the collection and processing of your personal data on grounds relating to your particular situation, when collection and processing is based on our legitimate interest under applicable law (including Article 6 (1) (f) of the GDPR).

Right to withdraw your consent at any time

You have the right to withdraw your consent at any time, when you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes.

How to exercise your rights

To exercise your rights, please contact us via email at [email protected] or mail to:Block Party Studio Company 304 S. Jones Blvd Suite 1604 Las Vegas, NV 89107 U.S.A.

Changes to this Policy

This Policy may be changed from time to time. The current version is available at: https://www.blockpartyapp.com/privacy-policy/

Collection and processing when you sign up for our Service

When you use our Service on your browser, we collect and process the following data:

Event tracking

We also track when an action you take constitutes an “event”, for example by sending an invite to another user. In such a case, data collected may include:

• Device type
• Browser type and version
• Location data based on your IP address
• Button clicks and/or navigation patterns
• Screens shown

This data is solely used to improve our products and your user experience.

Data retention
Event tracking with IDs is retained for 3 years. Aggregated reports may be retained for a longer period.

Error logging

During an error, the following data may be sent to our error logging provider, Functional Software, Inc. (Sentry):

• Device type
• Operating system
• Browser type and version
• Cookie data
• Traceback to code containing error
• User identification
• Location data based on your IP address
• Button clicks and/or navigation patterns
• Screens shown

Said data is only collected when the Service crashes or throws an error.

Data retention
Sentry deletes this information after 90 days.

Collection and processing on our website

When using our website, we automatically collect the following data in order to provide you with our Service, and for security reasons:

Automatically collected information

Website logs

All requests to our website are recorded in the website logs. Data stored includes your IP address (solely for the purpose of IT security and only accessible by our IT Security team), the time at which the request was made, the web address accessed, the browser identifier and the referring page. This data is used to generate usage statistics as well as to investigate potential security issues and forum or blog spam. Detailed logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.

Data retention
The request to our website, including your IP address, is stored when you create a an account. This allows administrators to effectively address spam content and security breaches. All stored requests are deleted after 3 years.

Necessary cookies

We use cookies to recognize signed-in users or to store your privacy preferences. Cookies are small files that are stored on your computer with the help of your internet browser. The cookies are necessary to provide you with our Service and/or website functionality, are not evaluated in any other manner, and are never used to track website visitors. If you do not want to enable cookies, you can opt against using them by selecting the appropriate settings on your browser. Please note that the efficiency and range of our services may be restricted as a result.

Google Analytics

We use Google Analytics, a web analytics service from Google Inc. ("Google"), on our website for non-EU resident users. Google Analytics uses so-called "cookies" (text files stored on your computer that enable us to analyze your use of our Websites). Information generated by the cookies (including your abbreviated IP address) is transmitted to and stored at a Google server in the United States. Google uses this information to assess your use of our website/Service, to compile activity reports, and to provide more services connected with the use of our website/Service. It is possible that Google may transmit this information to third parties if required by law, or if third parties process this information on behalf of Google.

Information you give to us on a voluntary basis

Our Service is publicly available to all website visitors. If sign up for our Service, we collect and process personal data you voluntarily provide as follows:

User registration

We use personal data you provide to provide our Service. This information includes:

• Your name and email address
• Information on your social media account(s) that you link to our Service, including your profile information, username / handle, posts, friends, followers, and block and mute lists.
• Information you add to the Service, such as nominating Helpers, comments to your Helpers, and blocking or flagging other users.
• This information will not be visible to the public, other than any Helpers you appoint, who are also visible to other Helpers you have appointed.

Passwords go through one-way encryption before they are stored on the server. By default, e-mail addresses are only used to send notifications to which you subscribe or to send other information about your account or use of the Service. You can delete your account at any time.

Email collection

We may host product campaigns or offer mailing lists that rely on email collection. For example, you can request to receive updates about our Service through our newsletter, which is hosted by a third-party provider, Substack. We will never sell your email address, or any other information collected, to any third parties.

Phone number collection

As an alternative to using a third party application for 2 factor authentication, we can use your phone number. We only use your phone number, if provided, for 2 factor authentication. We will request your permission before using your phone number for any other purpose. We will never sell your phone number, or any other information collected, to any third parties.

Data retention

Data provided by you in connection with our website / Service will be retained for the same time as the comment and / or your account exists.In general, we do not store your email address unless it is specifically required to execute the related campaign (i.e. email signups for a newsletter or signing up to get notified about a product launch). In cases where we do store your email address, we only store it for the length of time that is needed to execute the campaign.

‍California Privacy NoticeThis section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.

“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

What Personal Information we collect and how we use it

In order to provide you with our Service, we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided in the above Policy. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:

• Identifiers;
• Internet or other electronic network activity information, including information about your browser, extension, and operating system; and
• Inferences drawn from any of the information identified that reflect your preferences and attitudes.

We may have collected these categories of Personal Information for the following business purposes:

• To personalize the Service we provide to you;
• To evaluate and improve our Service;
• To provide limited analytic services;
• To communicate with you;
• To ensure security and functionality of our Service; and
• To perform other business purposes.

How we share Personal Information

Subject to the limitations in this Policy, we share your Personal Information with external vendors (“Service Providers”) that are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than the specific business purposes described in the contract. These Service Providers include:

• Service providers that analyze your use of our website and test the accompanying data;
• Service providers that support our products; and
• Service providers that facilitate user support.

Additionally, we may also share your Personal Information with law enforcement or other third parties as necessary to comply with legal requirements.

Sources from which we collect Personal Information

We receive Personal Information from you, our website, social media platforms you link to our Service, your device(s), and our external service providers. The categories of sources from which we have collected or received Personal Information include:

• You: We collect information that you voluntarily provide, such as registration data on our public forum or information that you send to us as part of issue reports, user support queries, and user reviews.
• Your device(s): We receive information from and about the computers, phones, and browsers that you use in connection with our Products.
• Our Website: We collect information about how you interact with and use our websites.
• Your Social Media Profiles: We collect information about your social media subscriptions, if you choose to contribute to content in that manner.
• Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including, analytics, mobile product support, hosting of products, and user support.

What are your rights under the CCPA?

The CCPA provides you with the following rights:

• Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
• Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity. Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.To exercise any of these rights, please submit a request to [email protected].

Contact for more information

If you have any questions about this section or how to exercise your rights under the CCPA, please contact us [email protected].

‍Updated September 9, 2020