Privacy Policy

Privacy notice (short version)
Privacy Policy (long version)

Privacy notice (short version)

The following privacy notice shall provide you with a general overview about the collection, processing and use (hereinafter together referred to as “processing”) of your personal data. For more information regarding our processing activities, please view our complete Privacy Policy.

What kind of personal data do we process?

  1. Personal Information provided voluntarily during your visit to Blockthrough.com.

Certain parts of our Website may ask you to provide personal data. Such information includes:

  • Email for Dashboard login
  • Submitting enquiries to Blockthrough
  • Subscribing to marketing communications from Blockthrough
  • Applying for an open position to work at Blockthrough

The Personal Information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Information and you will be provided with an option to opt-in to receive future marketing messages.

  1. Personal Information collected automatically during your visit to Blockthrough.com

During your visit to Blockthrough.com, we collect certain information automatically from your device. Such information includes:

  • IP address
  • Device type
  • Unique device identification numbers
  • Browser-type
  • Broad geographic location (e.g. country or city-level location)
  • We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked.

When this information is linked to an identifiable individual, it constitutes Personal Information.

Collecting this automatic information enables us to run website analytics, detect and prevent malicious behavior on our website and improve and organize the content and features of our website.

Some of this information may be collected using cookies and similar tracking technology, as explained below under the heading “Use of Cookies”. The data that is collected automatically (using cookies) does not include any data that can directly identify an individual.

  1. Personal Information we collect in operating our business

In the course of business, we may ask you to provide Personal Information voluntarily. Such information includes:

  • Billing information
  • Account maintenance and other customer services
  • Marketing information for current and prospective customers
  • Responding to general inquiries

We use this Personal Information in order to provide our services to our customers, including administering customer accounts and providing customer service.

  1. Personal Information processed on behalf of our customers

When our customers implement the Blockthrough services on their web properties, Blockthrough processes Personal Information of end users who visit our customer’s websites in order to serve advertisements in accordance with an end user’s blocking preferences. The Personal Information processed by Blockthrough is:

  • IP address
  • Device type
  • Unique device identification numbers
  • Browser-type
  • Broad geographic location (e.g. country or city-level location)
  • Events tracking

How do we collect data?

List of techniques we use for data collection:

  1. In our services:

With your consent, we collect data accessing the local storage on your device.

  1. On our websites:

We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as “essential” or “strictly necessary” cookies.

Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites.

Cookies That Ensure the Website Can Function Properly

Use of essential cookies for:

  1. Reading your browser settings so that your screen will reproduce our website in the best possible way
  2. Identifying your browser when you are logged in so that you will not have to log into our website again (all the time)
  3. Detecting abuse of our website and services, e.g., by registering a number of successive, failed login attempts
  4. Evenly spreading the load on the website, so that the website remains accessible at all times
  5. Offering the option to save login data so that you will not always have to reenter them
  6. Providing the possibility to react to our website

How and why do we process your data?

  • In order to inform you about urgent issues in connection with our products
  • To improve and to evaluate our products by processing and analyzing updates and issue reports
  • For technical purposes, such as, but not limited to, preventing security attacks, to improve our website / products, and to ensure website / product security
  • To analyze aggregated website logs to improve our website
  • For discussing and negotiating a partnership with you
  • For assisting you with any issues you may have with our products
  • To promote our products
  • For evaluating your application for recruitment purposes and offering you jobs

What is the legal basis of data processing?

We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, and US privacy laws such as the CCPA.

How long do we keep data?

We will only retain service use-based information and personal data relating to you for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for such information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process your information including whether we can achieve those purposes through other means, and the applicable legal requirements. Unless contrary to applicable laws, except with respect to information about our Commercial Partners with whom we have an ongoing relationship, our policy is to retain the non-aggregated information we collect for up to twelve (12) months, after which the data is either anonymized or deleted from our systems. And as permitted by law, we may continue to retain aggregated information.

What rights do you have?

  • Receive information about the personal data processed by us and how we process your data, as well as to gain access to such data
  • Rectify inaccurate personal data and restrict details
  • Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller
  • Request erasure of your data, unless such data needs to be retained for legal purposes
  • Object to the processing of your data
  • Withdraw your consent at any time, if you have provided us with your consent to the processing of your personal data
  • Lodge a complaint with the respective supervisory authority

Privacy Policy (long version)

General information about your privacy

Blockthrough participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Blockthrough’s identification number within the framework is 815.

The following information applies to the collection, processing and use of personal data in connection with our services.


We process data in the scope of our products that allow you to recover a receptive audience willing to view less intrusive ads.

General notes

Your protection and data confidentiality is of utmost importance to us (“Blockthrough”, “we”, “our”). We take the protection of your personal data very seriously and collect as little data as possible. Nevertheless, collecting data helps our products and websites function correctly, and allows us to communicate with you. Our general privacy policy is to avoid collecting more data than necessary. Collected data is anonymized, if possible, and deleted when no longer needed. This privacy policy shall inform you about the collection, processing and use of your personal data. We gather and use personal data firmly within the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU Laws, CA national data protection laws and US data protection laws. In the following text we will inform you about the specific data, the scope, and the purpose of the collection and use of personal data by Blockthrough when using our products and visiting our websites.

Who is responsible for data collection and processing (contacts)?

The legal person responsible for the collection, processing and / or use of personal data in connection with our websites and products (“Controller”) is:

Controller

Blockthrough Inc.

325 Front Street West
Toronto, ON M5V 2Y1

Email
[email protected]

Representative in the European Union

Our representative in the European Union in accordance with Art. 27 General Data Protection Regulation (“GDPR”) is:

PL Services GmbH

Südwestkorso 3

12161 Berlin

Dr. Carlo Piltz

[email protected]

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information includes, for example, details such as name and email address, but also nicknames and information in your forum posts.

What is the purpose of data processing and what is the legal basis?

Purpose of data collection and processing

In compliance with Art. 5 (b) GDPR, we collect and process your personal data for specified, explicit and legitimate purposes and do not further process your data in a manner that is incompatible with those purposes.

Your personal data held by us may be used for business and commercial purposes to:

  • contact you about our Services or make the features on our Services available to you or to communicate with you pertaining to your account in our system;
  • monitor the use of our Services and make required modifications and/or enhancements;
  • analyze the use of our Services and generate related reports to support the research;
  • ensure smooth and error-free functioning of our Services;
  • respond to any inquiries or support requests made by you;
  • enforce our rights;
  • prevent fraud and abuse against our Services (collectively, the “Legitimate Purpose(s)”)

Your Service Use-Based Information held by us may be used for business and commercial purposes to:

  • share it with third parties such as advertising partners, ad networks, publishers, data providers and corporate affiliates in order to provide our services, conduct internal analysis to perform and improve our Services and associated technologies;
  • combine data we collect about you with data we obtain from our business partners, ad networks, and/or other companies such as data providers, including our corporate affiliates in order to provide our Services, conduct internal analysis in order to perform and improve our Services;
  • infer eligibility of users for interest, geographic and demographic-based segments;
  • present advertisements tailored to interests users have shown;
  • determine whether users have seen a particular advertisement before so as to avoid sending duplicate advertisements;
  • identify fraud and malicious activity;
  • understand the patterns of people who see advertisements;
  • provide insights and reporting back to our business partners, including statistical reporting in connection with the activity on a website or mobile application, optimization of location of ad placement, ad performance, reach and frequency metrics, billing and logging ads served on a particular day to a particular website or application;
  • evaluate the probability and nature of connections between devices; and
  • create online advertising models through lookalike modeling or similar research methodologies.

Legal basis of data collection and processing

We collect and process your personal data in compliance with the GDPR and the applicable EU laws and US data protection laws.

Collection and processing is based on your consent – Art. 6 (1) a GDPR, Art. 4 (11) GDPR

We will always ask for your consent to collect and process your personal data for the aforementioned specific purposes, unless the collection and processing of your personal data is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal data for the aforementioned specific purposes, you have the right to withdraw your consent at any time.

Collection and processing is necessary for taking steps prior to entering into a contract – Art. 6 (1) b GDPR

The collection and processing of your personal data may be necessary for the performance of a contract to which you may be a party. Prior to entering into such a contract, the collection and processing of your personal data may also be necessary in order to take steps at your request. This applies for installation (data gathered by the browser and / or app store) and the use of our products. 

Also, all data you provide us with in connection with your application is necessary for the sole purpose of hiring new employees and therefore evaluating and selecting applicants including for example setting up and conducting interviews and tests, evaluating and assessing the results thereto and as is otherwise needed in the recruitment processes including the final recruitment (meaning taking steps prior to enter into an employment contract). If you don’t send us your application data, your application cannot be taken into account.

Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject – Art. 6 (1) c GDPR

Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of an EU Member State.

Collection and processing is necessary for the purposes of our legitimate interests – Art. 6 (1) f GDPR

The collection and processing of your personal data may be necessary for the purposes of our legitimate interests. We collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs. We use information collected and processed via emergency notifications and feedback data sent by you, for technical reasons. Ensuring the security of our services is in your and our vital interest and therefore we use such data. Furthermore, we collect and process such data to ensure that our website is constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. In addition, we collect personal data to remember your privacy settings and/or to keep you logged in. Ensuring the usability of our websites and of our products is in your and our vital interest and therefore we use such data.
To build and improve upon products and features more efficiently, we share personal data, in compliance with GDPR, within the context of a joint controllership with partners. This does not affect how we process personal data as outlined in this privacy policy or how you can exercise your data subject’s rights towards us. You can always contact us with questions or feedback about our privacy policy here and can receive the essence of the arrangement between us and our partners via e-mail to [email protected].

Do we disclose any personal data?

We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases:

  • If required for legal proceedings / investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and / or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offenses entailing fines and the finance authorities.
  • As part of the further development of our business, it may happen that the structure of Blockthrough changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions user information may be shared with the transmitted part of the company. In the event of a transfer of personal information Blockthrough will ensure that it is done in accordance with this privacy policy and the GDPR and applicable EU laws, CA data protection laws and US data protection laws.

We will not transfer your personal data to third parties as a matter of course without letting you know in advance. We will ask for your prior permission unless the transfer of such data is permitted by GDPR or any other applicable EU laws, CA data protection laws and US data protection laws.

International data transfers

We use non-EU/EEA partners and service providers. We have carefully selected these external service providers and review them regularly to ensure that your privacy is preserved. The service providers offer sufficient guarantees to ensure an adequate level of data protection and may only use personal data for the purposes stipulated by us and in accordance with our instructions. We rely on the European Commission’s Standard Contractual Clauses for transfers of Personal Data between our partners and third party service providers. We also contractually require our partners and service providers to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws, CA data protection laws and US data protection laws.

What rights do you have?

In compliance with the GDPR and the applicable EU laws, CA laws and US data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:

Information, access, rectification and restriction rights

Naturally you have the right to receive, upon request, information about the personal data stored by us about you and information about how we collect, process and store your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of your inaccurate personal data. Taking into account the purposes for collecting and processing your data, you have the right to have incomplete personal data completed. You have the right to request restriction of processing.

Right to data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.

Right to erasure of your data

You have the right to demand from us the erasure of your personal data, where —inter alia—one of the following grounds applies:

  • If we no longer need your personal data for the aforementioned purposes.
  • If you withdraw your consent on which the collection and processing is based and where there are no other legal grounds for the collection and processing.
  • If you object to the collection and processing and there are no overriding legitimate grounds for the collection and processing.

Please note, if data needs to be retained for legal purposes pursuant to Art. 17 (3) GDPR, we will restrict the use of the respective data.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes the GDPR.

Right to object to the processing of your data

You have the right to object at any time to the collection and processing of your personal data on grounds relating to your particular situation, when collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).

Right to withdraw your consent at any time

You have the right to withdraw your consent at any time, when you have provided us with your consent for the collection and processing of your personal data for one or more specific purposes.

Right to Opt-Out of ‘Sale’ or ‘Sharing’ of Personal Information

If you are a California resident, the CCPA allows you to request that Blockthrough no longer “sells” or “shares” your personal information.

How to exercise your rights

To exercise your rights, please contact us via email or mail to:

Blockthrough Inc

325 Front Street West
Toronto, ON M5V 2Y1
Email contact: [email protected]
Company Number: 801650367

Changes to this Privacy Policy

This Privacy Policy may be changed from time to time.

Collection and processing in our products

Device Information

We collect data about the type of device you are using to access our services, as well as information regarding that device’s unique identifiers (whether computer or mobile), the device’s hardware model, operating system, device type, IP address, and information about how any of our services were downloaded to your device.

Geolocation Information

We collect data about your location when you use our services, when such information is available. Additionally, we collect information about your location to provide certain features offered by our services. We will collect such information only with your consent. Should you choose not to provide the consent to collect such information, certain features of our services may not be available to you.

Log Data

We collect data about your device activity while using our services, the times and duration of your use of our services, the types of queries you submit through our services, the referring URL from which you accessed our services, the browser you used to access our services and the language used to access our services.

Data retention

We keep access request logs to our platform for up to sixty (60) days. We keep data about user events when using our services for up to ninety (90) days. Unless contrary to applicable laws, except with respect to information about our Commercial Partners with whom we have an ongoing relationship, our policy is to retain all other non-aggregated information we collect for up to twelve (12) months, after which the data is either anonymized or deleted from our systems. And as permitted by law, we may continue to retain aggregated information.

List of subprocessors:

Business Platform  Business Type Privacy Policy
HubSpotCRM Platform used to host Blockthrough’s business data, sales data, and analyticshttps://legal.hubspot.com/privacy-policy
GoogleEmail hosting, cloud file hosting, website analytics, and servershttps://cloud.google.com/security/privacy/
AtlassianCRM platform, technical projects and ticketing for organizational purposeshttps://www.atlassian.com/legal/privacy-policy
MaxCDNServers, content distributionhttps://www.stackpath.com/legal/privacy-statement/
CloudflareContent distribution networkhttps://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/
AmazonServershttps://aws.amazon.com/privacy/
Digital OceanWebsite Hostinghttps://www.digitalocean.com/legal/privacy-policy/
Sentry.ioLog monitoringhttps://sentry.io/privacy/
ComscoreWebsite analyticshttps://www.comscore.com/About/Privacy-Policy
OutgrowLead capturehttps://outgrow.co/global-data-privacy-policy/
RevueEmail marketing platformhttps://www.getrevue.co/privacy
Google AdsAdvertisinghttps://policies.google.com/technologies/ads
LinkedInAdvertisinghttps://www.linkedin.com/legal/cookie-policy

California Privacy Notice

This section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.“

Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

What Personal Information we collect and how we use it

In order to provide you with our products and services (“Products”), we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided above. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:

  • Identifiers;
  • Internet or other electronic network activity information, including information about your browser and operating system;
  • Geolocation data; and
  • Inferences drawn from any of the information identified that reflect your preferences and attitudes.

We may have collected these categories of Personal Information for the following business purposes:

  • To personalize the Products we provide to you;
  • To evaluate and improve our Products;
  • To provide limited analytic services;
  • To communicate with you; 
  •  To ensure security and functionality of our Products; and
  • To perform other business purposes.

How we share Personal Information

Subject to the limitations in this Privacy Policy, we share your Personal Information with external vendors (“Service Providers”) that are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than the specific business purposes described in the contract. These Service Providers include:

Google cloud servicesUS centralservers, databases – data storagehttps://cloud.google.com/security
cloudflareglobal (https://www.cloudflare.com/en-in/network/)content distribution (CDN) – disclosure by transmission and disseminationhttps://www.cloudflare.com/security/
sentry.ioUS centrallog monitoring – storage and analyzeshttps://sentry.io/security/

Additionally, we may also share your Personal Information with law enforcement or other third parties as necessary to comply with legal requirements.

Sources from which we collect Personal Information

We receive Personal Information from you, our websites, your device(s), and our external service providers. The categories of sources from which we have collected or received Personal Information include:

  • You: We collect information that you voluntarily provide, such as registration data on our public forum or information that you send to us as part of issue reports, user support queries, user reviews and job applications.
  • Your device(s): We receive information from and about the computers, phones and browsers that you use in connection with our Products.
  • Our Websites: We collect information about how you interact with and use our websites.
  • Your Social Media Profiles: We collect information about your social media subscriptions, if you choose to contribute to content in that manner.

Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including analytics, mobile product support, hosting of products and user support.

What are your rights under the CCPA/CPRA?

The CCPA/CPRA provides you with the following rights:

  • Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
  • Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.
  • Right to Opt-Out of sale or sharing of personal information: If you are a California resident, you have the right to request that we do not “sell” or “share” your personal information.

Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity.

Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.

To exercise any of these rights, please submit a request to [email protected].

Contact for more information

If you have any questions about this section or how to exercise your rights under the CCPA/CPRA, please contact us.

Minors

We at all times comply with the Children’s Online Privacy Protection Act (COPPA). Children under the age of 18 are prohibited from accessing the Services and may not give us any Personal Information or participate in any aspect of our Services. Our Services are not directed to children under the age of 18. Unless required by law, we will not knowingly collect, maintain, or disclose any Personal Information from children under the age of 18. We do not intentionally gather Personal Information about visitors or end-users who are under the age of 18. Please contact us at [email protected] if you believe that we have collected Personal Information about a visitor or end user who is under the age of 18, and such account and/or Personal Information will be deleted.

December 2024

COOKIE LIST