All relevant information concerning the Company, including its address, is indicated on the legal notices page.
Scope and purpose
Personal data is any information that directly or indirectly identifies a User (“Personal Data”).
Anonymised information, which is understood as Personal Data that has been processed appropriately to make it irreversibly non-identifiable, is excluded from the definition of Personal Data.
Source of Personal Data
The Personal Data processed by Blade comes from three sources:
- Personal Data provided by the User: this is the data that the User sends us himself/herself, in particular when registering with the Blade Services, in the context of communication that he/she sends to Blade (for example, a request for assistance), or when he/she agrees to respond to a survey;
- Personal Data collected via the use of the Blade Services: this data is generated by or collected on the occasion of the use of the Blade Services (for example, the identification and characteristics of the terminals used to access the Blade Services, the generation of logs, etc.);
- Personal Data collected via other sources: this is data that is transmitted to us via third parties with whom we contract, in particular subcontractors and partners (for example, the terminal delivery data that is provided to us by our logistics partner).
Personal Data collected
Blade does not collect any Personal Data relating to the use made by Users of their Shadow, unless the processing is necessary for the proper functioning of the Blade Services or their optimisation or if the User has explicitly given his or her consent.
Blade may collect Personal Data when a User uses the Blade Services, and in particular the following data (each category of data includes non-exhaustive examples enabling a better understanding of the type of data collected):
- personal details and identification data (marital status, surname, first name, date of birth, address, telephone, email, pseudonym, Apple ID, Discord ID). This is the data that the User completes when he/she registers for the Blade Services or that he/she completes on his/her customer space;
- data concerning personal life (country of residence, language, habits, preferences). This data includes, notably, the country of residence, the language spoken by the User, responses to surveys, or the period of the day that the User prefers to use the Blade Services;
- economic and financial data (invoicing, bank data, payment status, subscription type). This is data relating to the invoicing and payment of Blade Services when they are paid-for (amount due, amount paid, payment dates, etc.), as well as the payment method used (payment method, expiry date of the bank card, etc.);
- connection data (user names, logs, IP address, identification and characteristics of the terminals used to access the Blade Services, Internet provider, characteristics and quality of the Internet connection). This data includes, notably, but is not limited to, connections to Blade Services, terminal identification and characteristics used to connect (e.g., Shadow Ghost, or Windows 10 PC with embedded graphics card), as well as connectivity-related data (e.g., Orange network, fibre, Ethernet connection, transfer speed, packet loss, etc.);
- Internet data in connection with browsing on the Websites (currently shadow.tech and www.blade-group.com) (browsing data on the Websites, cookies, tracers, audience measurements). For example, visit to the Community page of the shadow.tech Website, number of visits to the www.blade-group.com Website, use of the social aspects (Youtube, Twitter, etc.) of the Website.
- usage data (use and status of the Blade Services, type and version of the applications used, version of the services used, degree of use and status of the hardware and connectivity, list, settings and times of use of installed programs and applications, including video games and game launchers). This data is, for example, the fact that a User’s Shadow is in use, the functional status of all services, the use of the MacOs application in production v1.0.2 version, the status of the graphics card (in operation, normal temperature), the status of the connectivity (unstable Internet connection at the User’s Internet service provider level, functional Internet connection at the Shadow level), etc.;
- communication data (satisfaction of Users, messages to the Support Department, messages on social networks or forums, communications sent to the Company). Examples include tickets sent to the Support Department, messages posted on social networks or forums, or responses to satisfaction surveys.
The Personal Data collected varies according to the Blade Users and the Services they use (for example, some data only concerns Blade's Websites, others only the Shadow service). Furthermore, some of this data is only processed with the agreement of the User (see the “Legal basis for processing” section).
Purpose of processing
Blade processes Personal Data for the purpose of operating, providing, improving and informing about Blade Services. In particular, depending on the Blade Services used, Personal Data may be processed for the purposes described below.
Firstly, we process part of your data in order to allow the proper functioning and provision of the Blade Services, including the management of the contractual and commercial relationship (orders, subscriptions, invoicing, accounting, outstanding payments, etc.), the proper technical and administrative functioning of the Blade Services, the provision of the Blade Services, assistance with the use of the Blade Services, the reply to requests and questions from Users as well as the sending of notifications in the event of a technical incident.
For example, Blade processes your Personal Data to manage your subscription, to respond to support requests from Users, or to notify Users of maintenance or an incident.
Secondly, we process part of your Personal Data in order to improve and optimise the Blade Services, which includes measuring and improving the quality of the Blade Services and User satisfaction, following the navigation of the User, producing statistics on the Blade Services and their use, managing and optimising the operation of the servers, providing Blade Services in line with the needs of the Users, in particular on the equipment making up the servers, as well as defining User profiles to enable the improvement and optimisation of the Blade Services.
For example, Blade processes your Personal Data to measure the impact of an update through user satisfaction or the Shadow usage rate, to manage server cooling, or to determine whether a User is more likely to use Shadow in the morning or in the evening.
We also process part of your Personal Data for the purposes of communication and marketing, including providing information and news, managing the registration of Users for the newsletter and notifications, carrying out surveys, setting up contests and advertising games, by random draw or by any other means, communication relating to new Blade Services, commercial or promotional offers, whether targeted or not, as well as the setting up of partnerships with third parties.
For example, Blade processes your Personal Data to send Users a newsletter, to propose surveys or contests, or to offer a new service or an option.
For example, Blade processes your Personal Data to ensure that you are the holder of a Shadow account, to prevent or stop a breach of the integrity of a server, or to process User requests relating to their Personal Data.
Legal basis for processing
Personal Data is processed in accordance with the purposes described above to the extent that the processing is:
(i) strictly necessary to provide the Blade Services;
(ii) necessary for the performance of a contract to which the User is a party;
(iii) necessary to comply with a legal obligation to which Blade is subject;
(iv) conducted in light of a legitimate interest; or
(v) carried out with the User’s consent.
Depending on the processing performed on the Personal Data, storage durations may vary between 1 and 10 years:
- Personal Data processed in the course of the performance of a contract or pursuant to a legal obligation will be stored for a maximum period of 10 years from the end of the contractual relationship;
- Personal Data processed in the context of consent will be stored for a maximum period of 3 years from the date consent is obtained, unless the User requests erasure;
- Personal Data processed in the context of a legitimate interest will be stored for a maximum period of 5 years from the end of the contractual relationship.
Once the storage periods have been exceeded, Blade will erase or anonymise the Personal Data concerned.
Sharing and transferring Personal Data
These transfers are mainly explained by the location of the subcontractors that we have chosen. When they are established outside the European Union, Blade ensures that the legal framework of the country in question provides a satisfactory level of security, or implements the procedures required to obtain the guarantees necessary for securing the transfers. To the extent possible, Blade ensures that the service provider is certified by the Privacy Shield when it is established in the United States.
Rights of Users
Right of access, rectification and opposition
The User has a right to access and correct the Personal Data concerning him/her, which he/she may exercise by going to his/her User Account.
With regard to the right of opposition, the User may object to the processing of his/her Personal Data, within the limits of applicable law and with the exception of processing for which there are legitimate and compelling reasons for the processing of Personal Data (for example, the User may object to the processing of his/her Personal Data for marketing purposes).
Right to restriction of processing
The User may request the restriction of processing of his/her Personal Data in the following cases and according to the following procedures:
- The User considers that the processing of his/her Personal Data is unlawful: he/she therefore opposes the erasure of the Personal Data and requires instead a restriction of its use (for example, in the event of identity theft);
- The User disputes the accuracy of the Personal Data: he/she requests the restriction of processing for the period necessary to verify the accuracy of the Personal Data;
- The User wishes his/her Personal Data to be retained for the establishment, exercise or defence of his/her legal rights: the Personal Data is no longer necessary for the provision of the Blade Services, but we will store it at the User's request.
In the event that a processing restriction has been put in place, the Personal Data will only be processed, with the exception of storage, with the User’s consent, except (i) for the protection of the rights of another natural or legal person, or (ii) for important reasons of public interest.
In the event that the restriction on processing is lifted, the User shall be informed thereof by an appropriate means (email or letter, for example).
Right to erasure of Personal Data
Also called the right to be forgotten, the User may request the exercise of his or her right to erasure. By exercising this right, the User requests that his/her Personal Data be erased.
In accordance with applicable law, this right applies to the following two categories of Personal Data:
- Personal Data that is no longer necessary for the purposes for which it was collected or processed; and
- Personal Data whose processing is based on the User’s consent (e.g. the sending of newsletters).
Right to portability of Personal Data
The User may request that he/she receives his/her Personal Data in a structured, commonly used and machine-readable format.
In accordance with applicable law, this right:
- applies if the data is processed automatically on the basis of consent or the execution of a contract;
- is limited to the Personal Data provided by the relevant User; and
- must not infringe the rights and freedoms of third parties.
Right not to be subject to an automated individual decision
The User may request not to be the subject of a fully automated decision.
Exercise of rights
To exercise any of these rights, the User is invited to send an email to the following address: [email protected].
A reply will then be sent to the User in response within one (1) month of the request. This deadline may exceptionally be extended to two (2) months, depending on the complexity of the request or the number of requests to be processed. The User will then be informed of the extension of the deadline by email.
For the purposes of confidentiality and protection of Personal Data, a copy of an identity document signed by the User must be included in the request.
Any requests that are manifestly unfounded or excessive, in particular because of their repetitive nature, may give rise to a refusal to act on the requests or to subordinate the response to the payment of reasonable costs taking into account the administrative costs incurred to process the request.
In the event of an unsatisfactory response, you can contact the CNIL.
Date of last update: October 29, 2019