Socialblox Privacy Statement

Welcome to Socialblox. In this privacy statement, we will explain how we process your personal data when you engage with our platform or visit our website.

Details of the controller

SocialBlox B.V. is the controller of the processing operations described in this Privacy Statement, except where otherwise indicated for a specific processing operation.

Purposes of the processing

If you engage with the Socialblox platform, we may process your personal data for the following purposes:

  • To show you our website;
  • To enable the provision of the services on the Socialblox platform;
  • To secure our website, the SOCIALBLOX platform, your personal data and/or our property;
  • To be able to contact you about the Socialblox platform or similar services that we might offer;
  • If applicable: to be able to charge you for our services and to duly register this in our financial administration;
  • To examine how our service is being used, so that we can make improvements where necessary;
  • To be able to transfer our business one day (including goodwill / customer base) as part of a merger, sale, or relaunch.

Legal grounds for processing and retention periods

Processing operations that are necessary for our contract with you

These are the personal data that we must process in order to be able to enter into a contract with you about the Socialblox platform and to be able to perform our contract with you (Article 6 Paragraph 1 (b) of the GDPR):

  • A user name that allows you to log in to your account. You can choose this name for yourself. It can be different from your real name.
  • A display name that is shown when you post something on the platform. You can choose this name for yourself. It can be different from your real name.
  • An e-mail address that we can use to:
  • ~connect your account to the right person (you) when you first create it
  • ~to send you a link to restore or change your password when you ask us to
  • ~to communicate with you when that is necessary for executing and maintaining our contractual relationship with you or to protect your interests (e.g. security warnings)
  • Your telephone number, so we can use it:
  • ~as a second factor for authenticating you as the owner of your account
  • ~to communicate with you in case of urgency (e.g. a very specific security threat that requires immediate attention)
  • ~if you show a preference for communication over the phone in a specific instance
  • Your age, or rather: whether you are at least 16 years old. The SOCIALBLOX platform is not meant for people under 16.
  • Your IP address, so we can establish the connection between your device and our web server.
  • If you install the SOCIALBLOX app: technical information about your device (e.g. the Device Attestation Certificate and an installation ID that is assigned to the particular copy of the app that is placed on your device)
  • The content that you upload to the SOCIALBLOX platform. For example: your comments, pictures, video and your location (if you choose to share it).
  • Your blockchain account data (public wallet address, private wallet address, wallet seed phrase), in order to create the blockchain contract(s) for challenge(s) that you engage in.
  • The communications you exchange with us in connection with the conclusion and performance of your contract with us, such as letters, e-mails, other text messages and/or notes or recordings from telephone conversations.

Providing us with these personal data is a prerequisite for the conclusion of your ‘contract’ with SOCIALBLOX in the meaning of in Article 13 (2) (e) of the GDPR. We cannot provide our services to you without processing these personal data.

Retention periods

We retain your account details (user name, email address, telephone number, age > 16) for the purpose of providing you with our service until you close your account.  

Your blockchain account data is retained only for as long as necessary to create the blockchain contract; we purge these data right after (either) the seed phrase is entered, you log out or you remove the SOCIALBLOX app.

The deletion of your IP address and technical information about your device is initiated immediately after you close your account, but it may take up to 180 days before this information is also gone from backups made by our backend service provider (Firebase).  

Please note that we may retain some of your personal data for a longer time on a different basis as well. For instance: your contributions on the platform (display name and uploaded content) will remain visible for other users after you close your account. Please read the information under ‘Processing operations that are necessary for a legitimate interest’ to see what you can expect in this regard.

We may also retain your personal data for some time after you close your account, if we have reason to believe that retaining records relating to the conclusion and performance of our contract with you is necessary for the protection of our legal position in case of a dispute, or if we are required to do so by law. For more information about longer retention of personal data in such cases, please refer to the following paragraphs of this privacy statement.

Processing operations that are necessary for a legitimate interest

These are the personal data that we process on the basis of a legitimate interest:

  • Personal data necessary to protect SOCIALBLOX against misuse and/or vandalism, namely:
  • Your IP address;
  • Authentication strings sent by your web browser

Retention period

We initiate the deletion of these data as soon as your session on our website or in our app ends. Your IP address is deleted almost instantly, but it may take up to 180 days until the installation ID is gone from the backups made by our service provider.

  • Personal data necessary to send push notifications to your device, namely:
  • The installation ID of the SOCIALBLOX app, that was assigned to your particular copy of the app when you downloaded it

Retention periods

We initiate the deletion of the installation ID as soon as you remove the app from your device, but it may take up to 180 days until the installation ID is gone from the backups made by our service provider.

Only push notifications that are directly connected with your use of the SOCIALBLOX platform are sent on the basis of legitimate interest. We will not contact you for marketing purposes (about other products) without your consent.

  • Your contributions on the SOCIALBLOX platform, remain after you close your account. The SOCIALBLOX platform is a means for people to enjoy social interactions and the creativity of others. An important part of that is the possibility to look back on challenges and group conversations that took place previously. This is why contributions by former users stay visible on the platform. The contributions that stay visible are:
  • Your display name
  • The content of the challenges you issued or engaged in (including photos and videos you posted) and comments you posted

Retention periods

Contributions to the platform remain visible for 10 years after the relevant challenge is finished.


We encourage all our users to think about the importance of privacy and only post content that is harmless enough to publish openly for a long time. The aim of SOCIALBLOX is to offer a fun way to interact with other people and to allow you to express yourself creatively. We have certain rules about what users are not allowed to post, to protect the interests of other people and of the platform itself. But other than that, you are free to decide what you disclose about yourself on the platform. In deciding that, you should take into account that whatever you post will stay visible for over ten years. That said: if you ever regret posting something, we will work with you to find a solution to restore your privacy as much as reasonably possible. For this, you can contact us via privacy@socialblox.io.


  • Any data relating to our legal relationship with you, if we have reason to believe that this data may be important to our legal position (for our own information and for our burden of proof) in the context of a dispute or impending dispute, or if the personal data may otherwise be necessary for the protection of our legal position.

Retention period

The retention period for these data is: until our legal relationship with you and/or the dispute over it has been fully settled.

  • Analytical data about the way our platform is used, in order to detect and rectify errors, plan and assess technical maintenance, and further develop our platform, namely:
  • The Mobile Ad ID of your device
  • The IDFV/Android ID of your device
  • The installation ID that is assigned to your copy of our app when you download it
  • An instance ID that is assigned to your device by our analytics software
  • User activity (connected to the above mentioned IDs) in the past day and the past half hour
  • The number of users that are active for each particular version of the app
  • The number of users that are active per country over time
  • The engagement time per user
  • The number of views per part of the app

Retention period

The analytical data are aggregated and thus anonymized immediately after collecting them. Therefore, these data are only ‘personal data’ for a very short time. Nobody uses these data to glean any information about you individually – all the ID numbers listed above are only used to be able to distinguish one user from the next, so we can count them without duplications. So, the retention period for these data ‘as personal data’ is: only a matter of seconds. We retain the aggregated analytical information (not personal data) for a maximum of 14 months after collection.  

Processing operations on the basis of your consent

These are the personal data that we only process if you give us permission to do so:

  • Personal data for the purpose of marketing communication or creating a consumer profile for commercial purposes.

We currently don’t use any personal data for the purpose of marketing new products to our users. If we would ever want to do this in the future, we will ask for your consent.

Retention periods

If we use personal data on the basis of your consent, the retention period is: until you withdraw your consent.

Sharing of personal data

We may share your personal data with third parties in the following cases:

Sharing with processors

For some parts of our business activities, we use service providers outside our own organization. If these service providers process personal data for us, they are our "processors". In that case, we conclude a processor's agreement with them, as referred to in article 28 paragraph 3 GDPR.

We use the following types of processors:

  • A hosting provider, to allow us to store data and run our website (Amazon Web Services);
  • An IT service provider, to develop and maintain our platform (website and app), manage and maintain our databases and computer systems and provide IT support for our employees (Coffee IT);
  • A backend provider, to help us run, develop and maintain our app (Firebase).

It is possible that one of our processors may collect your personal data directly from you, on our behalf. In such cases, we instruct our processor to collect only the personal data that is necessary for the provision of the services we have agreed with that processor. If you provide additional personal data to a processor of ours, please be aware that you do so of your own volition; in such a case, we are not the controller of those additional personal data.

Sharing based on a legal obligation

We will share your personal data with third parties if we are legally obliged to do so. For example:

  • If the police or any other investigative service, the tax authority, a governmental body or any other authority lawfully request personal data from us;
  • If a private party has a legitimate claim to receive or access your personal data on the basis of a judicial authorization.

If we receive a request from third party to share your personal data with them, we will inform you of this, unless informing you is not permitted by law.

Sharing on the basis of a legitimate interest

Security and our legal interests

We may share your personal data with third parties such as our attorney and/or a bailiff, a (forensic) accountant, detective agency, cyber security experts or other types of researchers and/or the police if this is reasonably necessary:

  • to protect rights, property or the safety of our organization, our users, our employees or the public;
  • to protect our organization and our users from fraudulent or otherwise unlawful, inappropriate or offensive use of the SOCIALBLOX platform;
  • to respond to a (current or imminent) liability or other (current or imminent) legal consequences.

If we share your personal data on this basis, we will inform you about it if we can. We cannot inform you about sharing your personal data if doing so might interfere with the purpose and effectiveness of the investigation or other measures for which we have to share the data.

Sale or merger of our company

We may share your personal data with third parties if we intend to sell our company or a division within our company (either as part of a relaunch or otherwise), or if our company intends to merge with another. In the preparatory phase of the sale or merger, we may share your personal data with potential buyers or merger partners. When the company is actually transferred or merged, we will share your personal data with the final buyer or merger partner. In the preparatory phase of the sale or merger, we will try to anonymize the personal data that are part of our business information as much as possible.

We will not sell your personal data separately - outside of the context of a relaunch, company sale or merger - to an organization that will use your personal data for activities that are significantly different from ours.

If we intend to transfer your personal data to a third party in the course of a relaunch, company sale or merger, we will inform you about this as soon as we can do so without disrupting the preparatory phase of the relaunch, sale or merger.

If we share your personal data with a third party on the basis of a legitimate interest, and the third party is not already appropriately bound to confidentiality by law or by professional deontology, we will conclude a confidentiality agreement with the third party before we share the personal data.

Automatic decision-making and/or profiling

SOCIALBLOX does not use automated decision-making or profiling.

Using the blockchain

The SOCIALBLOX platform allows you to issue, accept and judge challenges to earn cryptographic tokens (SBX tokens). The transfer of these tokens entails a transaction on the Etherium blockchain.

. You need to be aware that information that is ‘entered into’ the Ethereum blockchain cannot be changed or deleted. Ever. You also need to know that the Ethereum blockchain offers the possibility to enter free text as a description to a transaction and that SOCIALBLOX cannot control what people enter into the Ethereum blockchain this way, when they issue a challenge.

For the free text that is entered into the Ethereum blockchain, SOCIALBLOX is not a controller in the sense of the GDPR.

SOCIALBLOX does voluntarily take it upon itself to encrypt everything that is entered into the blockchain through its platform. However: no encryption is ever 100% failsafe. Please be aware that any information you enter into the blockchain may possibly be decrypted by a third party at some point.

So, out of regard for your own interests and the importance of your privacy: please do not enter any personal information about yourself into the Ethereum blockchain that you might ever regret ‘getting out’. We cannot fix it for you, if you do. Also: do not enter any information about anybody else into the blockchain. This is strictly prohibited by SOCIALBLOX’ terms and conditions and also: totally uncool. Don’t do it.

Transfer of personal data outside the European Economic Area (EEA)

In order to provide the SOCIALBLOX platform with the quality, speed and security that we deem necessary, we currently see no other option than to work with hosting and backend services from companies in the USA (Amazon Web Services and Firebase). Insofar as these companies offer localized storage and processing of data, we will opt for processing within the EEA. Meanwhile, our contracts with our providers in the USA contain the standard contractual clauses made or ratified by the European Commission (within the meaning of Article 46 paragraph 2 under c and d). This way, we ensure that our processors offer adequate safeguards for your privacy.  

Security of your personal data

SOCIALBLOX takes the appropriate technical and organizational measures to secure your personal data. We will ensure that our security measures are appropriately updated to remain in line with the state of the art regarding data security. Currently, we apply (at least) the following types of security measures:

  • We have taken physical measures in our business premises to ensure that unauthorized persons cannot access our documents, workstations and servers.
  • Our company regulations contain behavioral rules to prevent unauthorized access to and/or loss of personal data.
  • All our employees are contractually bound to secrecy.
  • We use SSL (Secure Socket Layer) technology where appropriate to encrypt sensitive information and personal data (such as account passwords and other identifying information) during transmission.
  • Sensitive information is stored in encrypted form, in so far as is reasonably possible within our company’s activities.
  • Back-ups of personal data are made to the reasonably possible extent.
  • Vulnerabilities in our software are always addressed as quickly as possible.

Insofar as we use the services of third parties, who act on our behalf as processors of personal data, these processors are contractually obliged to take appropriate technical and organizational measures to protect the personal data.

Although we do our best to ensure good security, we must point out that absolute security when storing personal data and sending data over the Internet can never be guaranteed.

Your rights

For processing operations that we carry out on the basis of your consent, you have the right to withdraw your consent at any time. If you do, we will stop the processing operations in question. However: the processing operations that previously took place on the basis of your granted consent will not become unlawful with retroactive effect.

For processing operations that we carry out on the basis of a legitimate interest, you have a ‘right to objection’ on grounds relating to your particular situation. If you want to exercise this right, please send an email in which you tell us:

  • Which data processing you object to (e.g. which particular content on the platform creates a problem for you)  - so we can understand the scope of your request
  • What type of problem the data processing is creating for you – so we can search for a solution that is both effective for you and the least disruptive for our company
  • Enough information about yourself (i.e. your user name and contact details) so we can determine the legitimacy of your request and communicate with you about your request

In all cases, you have the right to request access to the personal data we process about you, the right to have inaccuracies in your personal data corrected ('right to rectification') and the right to have your personal data erased if their processing is not/no longer based on a valid legal ground.

If there is no longer a valid legal ground for our processing of your personal data, but you do not want to have the data removed immediately, you can also make use of the right to 'restriction of processing'. Restriction of processing means that we retain your personal data for you, but do not use it for any other purpose.

In some cases, you may have the right to data portability. Data portability means that you can receive your personal data from us in a structured, commonly used and machine-readable format, or have it transferred to a new service provider (where technically feasible). This right only applies to personal data that you have provided directly to us and that we process on the basis of your consent, or because it is necessary for the performance of our contract with you.

To exercise your rights, please contact us using the contact details stated at the end of this Privacy Statement.

Your right to lodge a formal complaint

If you are dissatisfied with anything related to our processing of your personal data, please discuss it with us so that we can try to resolve it. You can contact us for this purpose using the contact details below.

You have the right to lodge a complaint with the Autoriteit Persoonsgegevens if we are unable to resolve your objection within a reasonable period of time. Please refer to the website of the Autoriteit Persoonsgegevens for their most current contact details:

https://www.autoriteitpersoonsgegevens.nl/

Contact us about your privacy

For questions or comments on our processing of personal data, or to exercise your rights, please contact us at:

privacy@socialblox.io

Updates to this privacy statement

Our privacy statement may be changed or updated from time to time. We can do this unilaterally, by amending this page.

This page was last updated on 02-11-2022.

Please revisit this page from time to time to stay aware of the most up-to-date version.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.