Block Party Studio Company
We collect as little data as possible in order to provide you with our Service. We do not sell your data to third parties or use third-party advertising.
The following is a list of how we collect your data:
You have the right to:
If you would like to ask questions about our processing of your personal data, or to lodge a complaint, please contact Tracy Chou, our Controller, via email [email protected].
The following information applies to the collection, processing and use of personal data in connection with our services, our app, and any use of our website.
Protecting your privacy and data confidentiality is very important to us. We take the protection of your personal data seriously and collect as little data as possible. We collect your data because it is necessary for our product and website to function correctly, allows us to communicate with you, and permits us to process payment for our services. Our general practice is to avoid collecting more data than necessary. Collected data is deleted when no longer needed or legally required for retention. This Policy informs you about the collection, processing and use of your personal data. We gather and use personal data firmly within the provisions of U.S. federal and state law as well as applicable international law, such as the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and German national data protection laws. Below we lay out the specific data, scope and purpose of our collection and use of personal data when you are using our Service or visiting our website.
The legal person responsible for the collection, processing and / or use of personal data in connection with our website and Service ("Controller") and Data Protection Officer is:
Controller and Data Protection Officer
Block Party Studio Company
304 S. Jones Blvd
Las Vegas, NV 89107
Purpose of data collection and processing
We collect and process your personal data for specified, explicit and legitimate purposes and do not further process your data in a manner that is incompatible with those purposes.
We collect and process your personal data for the following purposes:
Purpose of data collection and processing
We collect and process your personal data in compliance with U.S. state and federal law, and as applicable for our international users, the GDPR and applicable EU laws, including German national data protection laws.
Collection and processing is based on your consent - Art. 6 (1) a GDPR, Art. 4 (11) GDPR
Other than data that is collected automatically in order for our website or Service to function, we will always ask for your consent to collect and process your personal data for the aforementioned specific purposes, as permitted by applicable law. Where you have provided us with your consent to the collection and processing of your personal data for the aforementioned specific purposes, you have the right to withdraw your consent at any time by either 1) no longer visiting our website if you are not a registered user or 2) deactivating your account and asking us to delete your personal data so far as allowed under applicable law if you are a registered user.
Collection and processing is based on your consent - Art. 6 (1) a GDPR, Art. 4 (11) GDPR
The collection and processing of your personal data may be necessary for the performance of a contract to which you may be a party, such as signing up to use our Service. Prior to entering into such a contract, the collection and processing of your personal data may also be necessary in order to take steps at your request or to operate our website as a visitor. This applies for registration and the use of our Service and website.
Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject – Art. 6 (1) c GDPR
Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under U.S., EU, or other laws of jurisdictions applicable to users of our website or Service.
Collection and processing is necessary for the purposes of our legitimate interests - Art. 6 (1) f GDPR
The collection and processing of your personal data may be necessary for the purposes of our legitimate interests. For example, we use personal data on the social media accounts you select to apply our Service. We also collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs. Furthermore, we collect and process such data to ensure that our website and Service are constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. In addition, we collect personal data to remember your privacy settings and/or to keep you logged in. Ensuring the usability of our website and our Service is in your and our vital interest and therefore we use such data.
Do we disclose any personal data?
We will make every effort to inform you of any third-party transfer of your personal data when reasonably practicable except as used for functionality of our website and Service. If you are a resident of the EU, we may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:
We will not transfer your personal data to third parties as a matter of course without letting you know in advance. As far as practicable and whenever legally required, we will ask for your prior permission unless the transfer of such data is permitted by applicable national data protection laws.
Third-party data transfers
We use third-party service providers for services such as request logging, emailing and error logging. Where we use such third-party providers, we review their privacy policies to ensure that the service providers provide sufficient guarantees regarding an adequate level of data protection and only use personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require the service providers to treat your personal data solely in accordance with this Policy and applicable data protection laws. If you would like more specific information on our service providers and their privacy policies, please contact us at [email protected].
What rights do you have?
To the extent legally permitted and in compliance with applicable U.S. federal and state laws as well as laws applicable to international users, such as the GDPR and German national data protection laws, you have the following rights to protect your personal data collected and processed by us (excluding personal data manifestly made public by the data subject):
Information, access, rectification and restriction rights
Upon request, you have the right to receive information about the personal data stored by us about you and information about how we collect, process and store your personal data. Where we have your personal data stored, you have the right to gain access to such personal data. You also have the right to request that we correct any inaccurate personal data. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. EU/EEA users have the right to request restriction of processing.
Right to data portability
You also have the right (1) to receive all personal data concerning you and which you have provided to us, which for EU/EEA users will be provided in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.
Right to erasure of your data
You have the right to demand from us the erasure of your personal data, where, among other situations, one of the following grounds applies:
Please note, if data needs to be retained for legal purposes under applicable law (including pursuant to Art. 17 (3) GDPR), we will restrict the use of the respective data. In addition, in some cases, requesting that we not process or retain your personal data will mean that you can no longer use our Service if such data is reasonably required to perform the Service.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority in the place of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes your applicable legal rights, including, for EU residents, under the GDPR.
Right to object to the processing of your data
EU/EEA users have the right to object at any time to the collection and processing of your personal data on grounds relating to your particular situation, when collection and processing is based on our legitimate interest under applicable law (including Article 6 (1) (f) of the GDPR).
Right to withdraw your consent at any time
You have the right to withdraw your consent at any time, when you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes.
How to exercise your rights
To exercise your rights, please contact us via email at [email protected] or mail to:Block Party Studio Company 304 S. Jones Blvd Suite 1604 Las Vegas, NV 89107 U.S.A.
Changes to this Policy
This Policy may be changed from time to time. The current version is available at: https://www.blockpartyapp.com/privacy-policy/
Collection and processing when you sign up for our Service
When you use our Service on your browser, we collect and process the following data:
We also track when an action you take constitutes an “event”, for example by sending an invite to another user. In such a case, data collected may include:
This data is solely used to improve our products and your user experience.
Event tracking with IDs is retained for 3 years. Aggregated reports may be retained for a longer period.
During an error, the following data may be sent to our error logging provider, Functional Software, Inc. (Sentry):
Said data is only collected when the Service crashes or throws an error.
Sentry deletes this information after 90 days.
Collection and processing on our website
When using our website, we automatically collect the following data in order to provide you with our Service, and for security reasons:
Automatically collected information
All requests to our website are recorded in the website logs. Data stored includes your IP address (solely for the purpose of IT security and only accessible by our IT Security team), the time at which the request was made, the web address accessed, the browser identifier and the referring page. This data is used to generate usage statistics as well as to investigate potential security issues and forum or blog spam. Detailed logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.
The request to our website, including your IP address, is stored when you create a an account. This allows administrators to effectively address spam content and security breaches. All stored requests are deleted after 3 years.
We use Google Analytics, a web analytics service from Google Inc. ("Google"), on our website for non-EU resident users. Google Analytics uses so-called "cookies" (text files stored on your computer that enable us to analyze your use of our Websites). Information generated by the cookies (including your abbreviated IP address) is transmitted to and stored at a Google server in the United States. Google uses this information to assess your use of our website/Service, to compile activity reports, and to provide more services connected with the use of our website/Service. It is possible that Google may transmit this information to third parties if required by law, or if third parties process this information on behalf of Google.
Information you give to us on a voluntary basis
Our Service is publicly available to all website visitors. If sign up for our Service, we collect and process personal data you voluntarily provide as follows:
We use personal data you provide to provide our Service. This information includes:
Passwords go through one-way encryption before they are stored on the server. By default, e-mail addresses are only used to send notifications to which you subscribe or to send other information about your account or use of the Service. You can delete your account at any time.
We may host product campaigns or offer mailing lists that rely on email collection. For example, you can request to receive updates about our Service through our newsletter, which is hosted by a third-party provider, Substack. We will never sell your email address, or any other information collected, to any third parties.
Phone number collection
As an alternative to using a third party application for 2 factor authentication, we can use your phone number. We only use your phone number, if provided, for 2 factor authentication. We will request your permission before using your phone number for any other purpose. We will never sell your phone number, or any other information collected, to any third parties.
Data provided by you in connection with our website / Service will be retained for the same time as the comment and / or your account exists.In general, we do not store your email address unless it is specifically required to execute the related campaign (i.e. email signups for a newsletter or signing up to get notified about a product launch). In cases where we do store your email address, we only store it for the length of time that is needed to execute the campaign.
California Privacy NoticeThis section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.
“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
What Personal Information we collect and how we use it
In order to provide you with our Service, we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided in the above Policy. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:
We may have collected these categories of Personal Information for the following business purposes:
How we share Personal Information
Subject to the limitations in this Policy, we share your Personal Information with external vendors (“Service Providers”) that are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than the specific business purposes described in the contract. These Service Providers include:
Additionally, we may also share your Personal Information with law enforcement or other third parties as necessary to comply with legal requirements.
Sources from which we collect Personal Information
We receive Personal Information from you, our website, social media platforms you link to our Service, your device(s), and our external service providers. The categories of sources from which we have collected or received Personal Information include:
What are your rights under the CCPA?
The CCPA provides you with the following rights:
Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity. Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.To exercise any of these rights, please submit a request to [email protected].
Contact for more information
If you have any questions about this section or how to exercise your rights under the CCPA, please contact us [email protected].
Updated September 9, 2020