Privacy Policy

Latest Update: February 2023

1. General

This Privacy Policy details Microblink’s commitment to protecting the privacy of individuals who share their personal data with Microblink. It explains how the data is collected, how it is stored, for how long it is retained, what the purposes of processing are, as well as individual rights in relation to such data. Microblink processes personal data following the provisions of the EU General Data Protection Regulation (GDPR) and other applicable data privacy regulations.

This Privacy Policy does not apply to third-party websites and/or services you may encounter using Microblink services. We encourage every user to carefully familiarise themselves with privacy policies applicable to any websites and/or services operated by third parties.

Please read it carefully before accessing any Microblink service (as defined below) or if you interact with Microblink in any other way.

If you have any questions about this Privacy Policy, please email us at privacy@microblink.com.

1.1. About us

Provisions of this Privacy Policy apply to Microblink LLC (Trg Drage Iblera 10, 10000, Zagreb), and its affiliated companies Microblink Ltd. (Devonshire House, 60 Goswell Road London, United Kingdom), BlinkReceipt, LLC (d/b/a Microblink) (10 Grand St, Suite 2400, Brooklyn, NY 11249, United States of America) and SourcePad (INT’L, INC., 25 ADB Avenue, Suite 2701 Discovery Centre Building, Ortigas Center, Pasig City), (referred to as “Microblink”).

This Privacy Policy details Microblink’s commitment to protecting the privacy of individuals who share their personal data with Microblink. In all situations described in this Privacy Policy, Microblink acts as the data controller. Depending on the affiliated company you came into contact with and under what circumstances, such a company shall be considered a data controller in that particular case.

1.2. Personal data

Within this Privacy Policy, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3. Lawful basis for processing

The lawful basis we rely on while processing personal data in the context of this Privacy Policy are:

Consent. In some specific situations (as designated below), we may ask you for your consent to process your personal data. If you provide your consent, we will process your data on the basis of such consent. You may withdraw such consent previously granted at any time. However, withdrawing your consent does not affect the lawfulness of any processing based on your consent before your withdrawal.

Contract. If you engage with Microblink on a contractual basis, Microblink processes personal data to fulfil our obligations under the contract.

Legitimate interest. We process your personal data on the basis of our prevailing legitimate interest to achieve the purpose of giving you services through our website or communicating with you. If collecting and processing personal data is based on Microblink’s legitimate interest, we give our best efforts to ensure your fundamental rights and freedoms are not overridden by Microblink’s interests or the interests of any third party.

1.4. Security of your data

Microblink implements an information security management system to ensure the confidentiality, availability and integrity of information assets and protection from threats and vulnerabilities.

To prevent unauthorized access or disclosure and to maintain data accuracy, as well as to ensure the appropriate use of such data, Microblink utilizes all reasonable technical and organizational measures to protect your personal data, including but not limited to minimizing the processing of personal data, pseudonymization, and anonymization of personal data as soon as possible, transparency about the functions and processing of personal data, enabling each individual to have knowledge of the ways and reasons for data processing.

Furthermore, these measures include adequate physical and logical access control, the use of protective technology, and security principles in system acquisition, development and maintenance. All personal data is encrypted while in transit and in storage by using up-to-date industry standards. Microblink is compliant with the ISO 27001:2013 standard, which ensures that information security risks in the company are adequately managed. Additionally, Microblink continuously undertakes and upgrades different measures to ensure the highest standards for data privacy. We design all our processes with special emphasis on protecting personal and confidential data.

Although Microblink takes best industry practice in keeping the data safely stored, Microblink does not warrant that the undertaken safety, technical and organizational measures will be sufficient to fully protect your personal data against potential unauthorized access and use of your personal data. Moreover, to the maximum extent permitted by applicable law, Microblink cannot guarantee the safety of your information when in the possession of other parties. However, if such an attempt is detected, we will notify you as soon as reasonably possible of a potential breach of the security measures either directly to your contact address, if available, or via an alert notification on the Microblink website and other appropriate channels.

For any questions and reports regarding security, you can reach out to Microblink’s Information Security team via security@microblink.com.

1.5. Data transfers and sharing the data

The Internet is a global environment and using the Internet to collect and process personal data predominantly involves the transmission of data on an international basis. Any such transfer is made under regulatory requirements that ensure such transfer and/or country maintains the same level of personal data protection. Microblink opted for industry-approved storage providers with the highest privacy and data security standards.

To give you better service and complete support, please note that if you contacted Microblink in relation to a production license of Microblink product(s), Microblink might share your contact details with its partner representing Microblink in your respective territory. Microblink may share information with its affiliates and subsidiaries, its subsequent owner, co-owner, or operator of the services and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, following this Privacy Policy. If legally required to do so or when necessary to protect Microblink rights or the rights of third parties, Microblink will disclose information to public authorities, such as law enforcement.

Microblink may implement additional tools or introduce new third-party providers to enhance your user experience and optimise its services and offerings. Microblink will strive to notify of such changes by updating this Privacy Policy in due time. Data collected through the channels described above might be shared with such third parties.

In section 3. Recipients of personal data, you can find additional information on the categories of recipients and purposes of data transfers. You can contact Microblink at any time to get additional information about such data sharing.

1.5.1. International data transfers

When Microblink transfers personal data to recipients outside of the European Economic Area, we make sure the recipient offers a similar degree of protection and ensure that one of the following safeguards is in place:

• That the data is transferred to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission;
• That the transfer is made on the basis of Standard Contractual Clauses approved by the European Commission or International Data Transfer Agreement approved by Information Commissioner’s Office;
• That the appropriate transfer risk assessment has been conducted to determine whether the recipient of the personal data can offer appropriate safeguards.

When transferring data to third countries, we implement appropriate technical and organizational measures to ensure the adequate level of security of your personal data by conducting transfer risk assessments.

1.6. Data retention period

Microblink will retain your personal data as long as it is required to fulfil the purpose of collection or for as long as the applicable law requires. Upon collection of your personal data, Microblink will disclose for how long it will process your personal data or, if that is not possible, provide criteria for determining that period. Some criteria we use for determining the retention period are categories of personal data processed, the necessity of processing personal data in question to achieve a specific purpose, prevailing legitimate interests of Microblink or any third party, or a legal obligation to retain the data.

If you are unsure how long we process your personal data, feel free to contact our Data Protection Officer via privacy@microblink.com.

1.7. Your rights related to the processed data

Each individual has a right to know what data Microblink holds about any such person. The rights every individual has in relation to personal data processed by Microblink are:

Right of access. You have the right to get confirmation as to whether or not your personal data is being processed by Microblink. Where that is the case, you have the right to access your personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, data subject’s rights, where the personal data is not collected from the data subject, any available information as to their source and the existence of automated decision-making.

Right to rectification. You have the right to ask us to correct the personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure. You have the right to ask us to erase your personal information if it is no longer necessary for the purpose which it was originally collected or processed for, if you withdraw your consent, if you object to the processing of your data, and if there is no overriding legitimate interest to continue this processing or we process your data for direct marketing, if we have processed the personal data unlawfully or we have processed the personal data to offer information society services to a child.

Right to restriction of the processing. You have the right to ask us to restrict the processing of your personal information when you think that your personal data we process is inaccurate, that the data has been unlawfully processed, when we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim, or you have objected to us processing your data, and we are considering whether Microblink’s legitimate grounds override yours.

Right to object to processing. You have the right to object to the processing of your personal information. Keep in mind that in some circumstances, this right is not absolute and that Microblink may not be able to completely delete your personal data from its systems. For example, you can object to the processing of your personal data for direct marketing at any time, and after this, we may not process your personal data for this purpose. However, this does not automatically mean that we will erase all personal data we have about you. It is more likely that we will retain just enough information about you to ensure that your preference not to receive direct marketing is respected in future.

Right to data portability. You have the right to ask that we transfer the personal information we have about you to another organisation, or to you, in certain circumstances.

Contacting the supervisory authority. You have the right to lodge a complaint with a supervisory authority.

Additionally, you have the right not to receive discriminatory treatment by Microblink for exercising an individual’s rights conferred by the applicable data protection laws.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

For any questions and requests for access or deletion, please email Microblink at privacy@microblink.com. It is necessary to clearly state on which basis and through which channel you shared your personal data with Microblink so we can easily fulfil your request. Please note that Microblink may ask for additional information to determine if you are authorized to submit a particular request. If you have a complaint about Microblink’s handling of your data, you can contact the supervisory authority (Croatian Personal Data Protection Agency) to find out more information.

1.8. Do Not Track requests

Your browser or device may include ‘Do Not Track’ functionality. Since these features are not yet uniform and there is no common standard adopted by industry or regulators, Microblink’s information collection and disclosure practices, as well as the choices Microblink provides to its website users, Microblink will continue to operate as described in this Policy, whether or not a Do Not Track signal is received.

1.9. Cookies

For more information on what cookies are, how to manage cookies on this website and the types of cookies we use, please read our Cookie Policy.

1.10. No automated decision-making and profiling

Microblink does not automatically process nor use techniques for profiling its users.

1.11. User content

Microblink practices a zero-tolerance approach to illegal, prohibited, and unethical activities, as well as upload of related content. Please familiarize yourself with the User Content provisions as defined in our Terms of Use. Any and all use of Microblink services must be in compliance with the stated terms.

1.12. Children’s data

Microblink does not knowingly collect information from persons who are considered children by their local law. We encourage parents and guardians to take an active role in their children’s online and mobile activities and interests.

Children below the age of 16 may provide their information only if a parent or guardian has given their consent to do so, in accordance with applicable law. If you have reason to believe that a child below the minimum age has provided personal data to Microblink through using any of the above-stated services without the necessary consent, please contact us at privacy@microblink.com, and we will use commercially reasonable efforts to delete that data.

1.13. Third-party personal data you share with Microblink

When you send personal data of third parties to Microblink, you are responsible for ensuring an appropriate legal basis for any such sharing of third parties/data subjects. Microblink may ask you to provide evidence that such data is shared on a lawful basis. Microblink shall use its best efforts to ensure that third parties’ personal data is processed, handled, and collected in the same manner as your own personal data. However, you are solely responsible for obtaining consent from third parties for the use and processing of their personal data.

Additionally, it is your obligation to understand and abide by the applicable local data protection laws when you process and share personal data with Microblink.

1.14. Questions or concerns

Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the services, or the protection of the personal data Microblink holds about you, please contact us via email at privacy@microblink.com. We seek to resolve any concerns you may have promptly. You can reach our Data Protection Officer at the same address for any questions or concerns about your data shared with Microblink.

1.15. Changes to the Privacy Policy

Microblink is likely to make changes to its services in the future and, as a consequence, will need to revise this Policy to reflect those changes. You can tell when changes have been made to the Privacy Policy by referring to the “Latest Update” section at the top of this page. When the Policy is revised, Microblink will post the new Policy on the Microblink website (www.microblink.com), so you should review the page periodically. We encourage you to review the Privacy Policy whenever you access the services to stay informed about Microblink privacy practices. Please do not use Microblink services if you do not agree with any of the stipulations contained herein.

2. Personal data processing operations

2.1. Use of Microblink online services and websites

Data shared with Microblink by accessing the Microblink website is used for the purposes of managing your relationship with Microblink as well as better personalization of your experience and interaction with Microblink, customizing advertising and offerings.

2.1.1. Contact forms and e-mail communication

Microblink’s website contains multiple contact and support forms through which you can reach our Marketing, Sales or Support teams. To respond more efficiently, we may ask for some additional information when filling out the contact forms (including but not limited to name and last name, user name, e-mail address, phone number, city, country of residence, company name, department, job role, city, device, browser, application name, IP address). Depending on the type of your inquiry, Microblink will process the data expressly stated on the respective form to fulfil the purpose of replying to your request, optimizing our services, and informing you about Microblink’s products and customised offerings. For these purposes, such data may be shared with third-party service providers, as described in section 3. Recipients of personal data.

To process your personal data for the processes mentioned above, Microblink pursues its legitimate interest in answering your inquiry.

2.1.2. Developer Hub registration

If you want to try out Microblink products in a trial environment, we ask you to register on the Microblink Developer Hub by giving first and last name, e-mail, job position, organization name, industry and country.

This collection is based on the Microblink’s legitimate interest to protect its intellectual property and to communicate with you and your company in relation to the use of Microblink products, as well as a contractual obligation on the basis of trial use of Microblink technology.

Data shared with Microblink by registering on the Microblink Developer Hub is used for setting up and maintaining your registration and to provide features available in Microblink technology as well as to update you on the new services, if you are an existing Microblink user. For these purposes, such data may be shared with third-party service providers, as described in Section 3 Recipients of personal data.

We may keep the data you registered in order to protect Microblink’s rights and/or our intellectual property.

2.1.4. Job applications

If you apply for a particular job opening or send an open application, the data contained therein shall be processed and stored by Microblink. Personal data processed can include but is not limited to, first and last name, address, age, date of birth, email, education, work experience and any other personal data included in the CV and cover letter you send as a part of your application.

This data is processed on the basis of Microblink’s legitimate interest in carrying out a selection process. After the selection process is finished, we delete the submitted job applications. However, when applying for a position at Microblink, you are given the option to provide your consent for us to keep you in our candidate database for 24 months, and if a position that would suit your qualifications opens up in the future, we may contact you for a job interview.

When you reach out to Microblink and share personal and other confidential information via emails or any other communication channel will be used to assess your profile for a particular job opening and to potentially contact you. For these purposes, such data may be shared with third-party service providers, as described in section 3. Recipients of personal data. You can always send a reply stating you want your data and CV to be deleted from Microblink’s candidate portfolio.

2.2. Receiving Microblink’s newsletters and direct marketing

If you provided your email to receive Microblink newsletter, we might have collected personal data contained within such email addresses. Subscribing to the Microblink newsletter is voluntary (based on the consent you have given). Following your subscription, you receive an email through which you can unsubscribe at any time.

When subscribed to our newsletters, you will receive emails with promotional communications, including emails about the products and services offered by Microblink or its partners, and customizing Microblink offerings to you or webinars and other events. For these purposes, such data may be shared with third-party service providers, as described in section 3. Recipients of personal data.

If you are a company representative, keep in mind that we may send you marketing emails on an opt-out basis, but only in the context of the position you hold. This communication can occur without prior consent, and it is based on the previous sale of a product or a service, given that you had the chance to prohibit the use of such information.

2.3. Use of Microblink demo applications

2.3.1. Registration

Some Microblink demo mobile applications may ask you to register before using the application. This way, Microblink might have collected personal data contained within such an email address. Since the demo applications showcase our technology, it is Microblink’s legitimate interest to contact you at the given email address with our product offering. You can object to this processing at any given time.

2.3.2. Sharing of personal data

Please note that not all demo applications store scanned images and that some demo applications process personal data on devices. It is described within each application how the data is processed, what lawful basis is used for processing, whether the images are stored and what the retention period for storing the data is.

If you are trying out Microblink’s technology by using demo mobile applications available on public app stores or by using applications intended for beta testing, depending on the document you are scanning and the component you are trying out, you may be sharing personal data with Microblink.

Microblink uses some mobile demo applications to collect personal data for the purpose of training machine learning systems to enhance the accuracy, performance and functionalities of Microblink products, to improve Microblink technology and add support for new types of documents. If we use an application to collect personal data for this purpose, this will be expressly stated in the privacy notice within the application, and Microblink will ask for the user’s consent for this processing. Such data may be shared with third parties solely for the purpose of developing and testing the technology. You can contact Microblink at any time to get additional information about such data sharing and described processing, as well as withdraw your consent at any time.

Personal data shared with Microblink using the demo applications may include (depending on the type of document scanned) first and last name, address, date, and place of birth, gender, sex, nationality, country of residence, signature, passport number, social security number, driver’s license number, state or national ID card number, other ID card number, personal identification number, face image, eye colour, weight, height, organ donor status, biometric data or other categories of data found on scanned identity documents.

3. Recipients of personal data

Microblink uses various tools, third-party service providers, plug-ins and other technologies to pursue its legitimate interest in carrying out web analysis, improving your website experience, personalizing and enhancing its offerings to you, and optimizing Microblink’s products, services and processes. These recipients of personal data are assorted into different categories based on their purpose of processing. Our vendors are located in the EU, UK or US and have undergone security audits to make sure that they can ensure an adequate level of personal data protection. All recipients fall into the IT and ICT sectors.