Blast Log Ltd Privacy Policy

Date of last update: August 1st, 2023

  1. Who is responsible for processing your Personal Data?
  2. What Personal Data do we collect from you?
  3. How do we process your Personal Data?
  4. With whom do we share your Personal Data?
  5. How long do we keep your Personal Data?
  6. Security of your Personal Data
  7. What are your rights?
  8. Data Protection Officer (DPO)
  9. Right to file a claim with the CNIL
  10. Contact and claims
  11. Policy update
Purposes Legal Basis
To allow you to use Our Services. This processing is necessary for the performance of any agreement made between us and you.
To provide you with business information about (i) Blastlog’s Similar Products and Services. We consider it in our legitimate interest to keep our customers informed about our Products and Services. However, where the law requires Blastlog to obtain your consent before sending you such information, Blastlog will rely on your consent to proceed with the processing.
To improve our understanding of our customers. We consider that it is our legitimate interest to understand our customers so that we can develop relevant products and services
For us to comply with any applicable law, court order, legal process, or the requirements of a regulatory body. This processing is required to comply with our legal obligations.
To enforce our legal rights and obligations and for any legal proceedings involving you, initiated by or against you. We consider it in our legitimate interest to protect our organization against any breach of a legal obligation due to it and to defend ourselves in the event of a dispute.
To protect the rights of third parties. This processing is required to comply with the legal obligations to which Blastlog is subject. Such processing is also necessary for the legitimate interests pursued by Blastlog. We consider it in our legitimate interest to ensure that our activities do not violate the rights of third parties.
In anticipation of and/or in connection with a business transaction such as a merger, acquisition, restructuring, or sale. We consider it in our interest to be able to make decisions about the future of our company in an informed manner, in order to preserve and develop our business activities.
To improve our marketing campaigns We consider that it is in our legitimate interest to understand which marketing channels enable us to have effective marketing campaigns. However, where the law requires Blastlog to obtain your consent to measure the effectiveness of our campaigns, Blastlog will rely on your consent before carrying out the required processing.
  • With whom do we share your Personal Data?
      1. We may share your Personal Data with different types of recipients, especially with our Partners, in order to provide you with the Services:
Internal recipients External recipients
Authorised personnel from the marketing department, the departments responsible for customer relations and prospecting, the administrative and legal departments, the logistics and IT departments, as well as their line managers.
  • our Partners;
  • legal officers, if relevant;
      1. Please note that this list is not exhaustive and that there may be other cases in which we share your data with third parties, where this is in Blastlog's legitimate interest, permitted by applicable law, or where it is required to comply with a legal obligation to which we are subject.
      2. Your Personal Data may be transferred outside the European Economic Area (EEA) to countries that do not provide the same level of protection as that provided within the EEA, such as the USA. If the European Commission has not adopted an adequacy decision concerning the country or area concerned, the transfer of your Personal Data shall be governed by the standard contractual clauses adopted by the European Commission, or any other legal protection mechanism in accordance with the applicable law. You can obtain a copy of these protection measures by contacting our DPO at the following address: billb@blastlog.co.uk
  • How long do we keep your Personal Data?
      1. As a matter of principle, your Personal Data is only kept for as long as necessary to achieve the purposes for which it was collected.
      2. Thus, when creating your Account, your identification data (surname, name, date of birth) as well as your personal data (e-mail address, country of residence) is kept for a period of seven (7) years, in the so-called active database, from the date you last logged in.
      3. For the purposes of commercial prospecting, your data shall be stored for a period of three (3) years from the date of end of the commercial relationship, if you are a customer, and for a period of three (3) years from the date of the data collection or the date of your last contact, if you are a prospect.
      4. Data related to the Services use (login data: time and place of your activities, username and IP address, data of the content communicated) is kept for a period of three (3) months, in the so-called active database, from the date you last logged in.
      5. Moreover, we may keep some of your data for a longer period of time, in particular when we are required to do so by law or when such data is required to prove a right or contract. This applies especially to your transaction data (invoices relating to the purchase of games and other Products), the number of transactions you have conducted as well as the date and time of these transactions).
      6. In this case, your Personal Data will be stored and kept for a period of five (5) years in compliance with the standard limitation period.
      7. This data will also be kept in Intermediate Storage for a period of ten (10) years, in compliance with our tax and accounting obligations.
      8. Once the retention periods have expired, we shall ensure that your Personal Data is anonymised or deleted.
      9. However, in accordance with Article 5.6 of our Terms of Use and Services, your Content will be retained even after your Account and/or Personal Data has been deleted, with the understanding that your Content will remain associated with your former account. You may specifically request the deletion of such Content, at any time, as set out in the Article entitled "What are your rights" in this Privacy Policy.
  • How long do we keep your Personal Data?
      1. We are committed to ensuring the security of your Personal Data and we have established information system security policies as well as appropriate technical rules and measures to protect it from unauthorised access, modification, use, and disclosure or unlawful destruction or accidental loss.
      2. All our Partners, employees, Subsidiaries, consultants, and data subcontractors who have access to Personal Data and are involved in its processing are required to preserve its confidentiality.
      3. Security of the storage of personal data
      4. The Platform stores Personal Data on highly secured medium both logically (encrypted hard drives) and physically (secure access data centres).
  • What are your rights?
      1. In accordance with the Personal Data Regulations, you have a number of rights to your Personal Data. Each of these rights is further detailed below:
  • Withdrawal of consent. You can withdraw your consent concerning the processing of your Personal Data at any time, if the processing is based on that consent.
  • Access. You may ask us to confirm whether we are processing your Personal Data and, if so, to provide you with the following information
    1. the purposes of the processing;
    2. the types of Personal Data;
    3. the recipients or types of recipients to whom the Personal Data has been or will be communicated;
    4. where possible, the intended storage period of the Personal Data or, where this is not possible, the criteria used to determine this period;
    5. the existence of the right to request the rectification or deletion of Personal Data, or a limitation on the processing of Personal Data, or the right to object to such processing;
    6. the right to file a complaint with the supervisory authority for personal data (in the UK, ICO);
    7. when Personal Data is not collected from you, any information available regarding their source of information;
    8. the existence of automated decision-making, including profiling, and, at least in such cases, relevant information about the rationale, as well as the importance and expected consequences of such processing for you.
      1. Where Personal Data is transferred to a third country or an international organization, you have the right to be informed of the relevant safeguards with regard to the transfer.
      2. We provide you with a copy of the Personal Data that is subject to processing.
      3. We may charge a reasonable fee based on administrative costs for any additional copies you request from us or if you request that Personal Data be transmitted in paper and/or physical formats.
      4. When you make your request electronically, the information will be provided to you in an electronic form that is commonly used, unless you otherwise request.
      5. Your right to obtain a copy of your Personal Data must not infringe on the rights and freedoms of others.
  • Rectification. You have the possibility to have your Personal Data rectified promptly if it is incorrect. You also have the option of having your Incomplete Personal Data completed, including by providing a supplementary declaration.
  • Deletion. You may ask us to delete your Personal Data promptly in the following cases:
    1. when it is no longer required for the purposes for which it was collected;
    2. you have revoked your consent and there is no other legal basis for the processing;
    3. following the exercise of your right to object;
    4. your Personal Data has been unlawfully processed;
    5. or to comply with a legal obligation.
      1. We are not obliged to comply with your request to delete your Personal Data, in particular if its processing is necessary to comply with a legal obligation or to recognise, exercise, or defend legal rights.
  • Limitation. You may ask us to limit the processing of your Personal Data (i.e., to retain it without using it) where:
    1. its accuracy is disputed;
    2. its processing is unlawful but you do not want it to be deleted;
    3. it is still required for the recognition, exercise, or defence of legal claims;
    4. we verify the existence of compelling reasons for exercising your right to object.
      1. We may continue to use your Personal Data following a request for restriction in the following cases; with your consent: to establish, exercise or defend legal claims; or to protect the rights of any other person or entity.
  • Portability. You may ask us to provide you with your Personal Data in a structured format, commonly used and readable by a machine, or you may request that it be transmitted directly to another controller, but only if:
    1. the processing is based on your consent;
    2. within the performance of an agreement made with you and that the processing is automated.
      1. The right to the portability of your Personal Data must not infringe on the rights and freedoms of others.
  • Right to object. You may at any time, for reasons related to your specific situation, object to the processing of your Personal Data based on our legitimate interest. We will then no longer process Personal Data, unless we demonstrate that there are compelling and legitimate grounds for processing that prevail over your interests and your rights and freedoms, in which case we may keep them for the purpose of recognizing, exercising, or defending legal rights. We may also retain the data to establish, exercise or defend legal claims.
      1. You may at any time object to the processing of your Personal Data for the purpose of prospecting.
  • Digital will. You may define guidelines (general or specific) regarding the treatment of your Personal Data after your death, including the storage, deletion, and disclosure of your Personal Data, which guidelines may also be registered with a "certified digital trusted third party". These guidelines may designate a person to carry them out; otherwise, your heirs will be designated.
      1. In the absence of any directive, your heirs may contact us to:
        1. access to the processing of Personal Data allowing "the planning and arrangement of the deceased's estate";
        2. receive communication of "digital property" or "data similar to family memories, transmissible to heirs";
        3. have your Account on the Platform closed and oppose the further processing of your Personal Data.
      2. In any case, you have the possibility of informing us, at any time, that you do not wish your Personal Data to be communicated to a third party in the event of death.
  • Data Protection Officer (DPO)
      1. We have appointed a Data Protection Officer.
      2. The contact details of the Data Protection Officer are as follows:
      3. E-mail: billb@blastlog.co.uk
      4. If you wish to obtain information or ask a specific question, you can contact the Data Protection Officer, who will respond to the question asked or the information requested within a reasonable timeframe.
  • Right to file a claim with the Information Commissioners Office (ICO)
      1. We inform you that you have the right to file a claim with a supervisory authority if you consider that the processing of your personal data does not comply with the data protection regulation. Please send your claims to the following address:
      2. https://ico.org.uk/make-a-complaint/
  • Contact and claims
      1. For more information about your rights, to exercise your rights or for any question regarding the protection of your Personal Data, please contact billb@blastlog.co.uk
      2. In order to assert your rights under the terms referenced above and in the event that Blastlog has doubts about the applicant, Blastlog may ask you to prove your identity by specifying your surname, name, and e-mail address, and submitting a copy of a valid proof of identity along with your request.
      3. You will receive an answer within a maximum of one (1) month following the date of receipt of the request.
      4. If required, this period may be extended to two (2) months by Blastlog, who will inform you of the response in consideration of the complexity and/or number of requests.
      5. In the event of a request to delete your Personal Data and/or in the event of the exercise of your right to request the deletion of your Personal Data, Blastlog may, however, retain it in the form of an Intermediate Storage for the time necessary to meet its legal obligations, or for probationary purposes during the relevant limitation period.
  • Policy update
      1. We may amend this Policy from time to time, for instance to take into account legal changes, technological advances, and good business practices.