Last updated: 2026-04-17 · Effective: 2026-04-17 · Applies to residents of the EEA, United Kingdom, and Switzerland
Lok-N-Blok Systems LLC is the data controller for personal data collected through blokusa.com. Our contact details are at the bottom of this page.
Because we are established in the United States and do not have an establishment in the EEA or UK, we will appoint an Article 27 representative upon request from any EEA / UK supervisory authority. For now, direct all inquiries to info@blokusa.com.
Under GDPR Article 6 we rely on the following lawful bases:
| Processing activity | Lawful basis | GDPR Art. 6(1) |
|---|---|---|
| Creating + authenticating your account | Performance of a contract | (b) |
| Responding to estimator / contact submissions | Performance of a contract (pre-contract steps) | (b) |
| Sending transactional email (password resets, approvals) | Performance of a contract | (b) |
| Server logs, security monitoring, rate limits | Legitimate interests (security of service) | (f) |
| On-site analytics (aggregated, first-party) | Legitimate interests (service improvement) | (f) |
| Investor / distributor NCNDA enforcement + audit | Legal obligation + legitimate interests | (c), (f) |
| Compliance with subpoenas and regulatory requests | Legal obligation | (c) |
| Marketing email (only if you opt in) | Consent | (a) |
We do not process any special-category data (GDPR Art. 9) through blokusa.com.
Ask for a copy of the personal data we hold about you. We will provide it in a commonly used, machine-readable format (JSON) within 30 days.
Ask us to correct inaccurate or incomplete data. Most account fields you can correct yourself.
Ask us to delete your personal data when it is no longer necessary for the purpose it was collected, you withdraw consent (where consent was the basis), or you object to processing based on legitimate interests and we have no overriding grounds. Exceptions: auditable NCNDA access logs, records needed for legal claims, and financial records required by law.
Ask us to limit how we use your data while we verify a correction, evaluate an objection, or while we consider whether deletion is appropriate.
Receive the data you provided to us in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
Object to processing based on legitimate interests (Art. 6(1)(f)) or for direct marketing. We will stop unless we can demonstrate compelling legitimate grounds that override your rights.
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Admin approval of investor/distributor requests is always performed by a human admin.
Where we rely on consent (e.g., marketing email), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
You can complain to your local supervisory authority. For EU residents, that's the data-protection authority in your Member State. For UK residents, the Information Commissioner's Office (ICO). For Swiss residents, the Federal Data Protection and Information Commissioner (FDPIC).
Email info@blokusa.com with "GDPR Request" in the subject line. Specify which right you wish to exercise. We will acknowledge within 3 business days and respond fully within 30 days (extendable by 60 days for complex requests, with notice to you).
We will verify your identity before processing. No fee unless your request is manifestly unfounded or excessive (we will explain in writing if that's the case).
Your data is processed in the United States, where our servers (Railway) and our email provider (Google Workspace) are located. For transfers from the EEA, UK, or Switzerland to the United States we rely on:
We retain personal data only as long as needed for the purpose for which it was collected:
| Data | Retention |
|---|---|
| Active account data | Lifetime of the account |
| Deleted account data | Permanently removed within 7 days |
| Server access logs | 90 days live + 12 months compressed archive |
| Analytics events | 18 months raw, then aggregated indefinitely |
| NCNDA access audit log | 7 years (legal-claim retention) |
| Email audit log | 2 years |
| Consent log (this + other policies) | Duration of account + 3 years |
See our Subprocessors page for the full, updated list of vendors that process personal data on our behalf.
We have not formally appointed a DPO because we do not meet the Art. 37 thresholds. Our designated privacy contact for GDPR inquiries is Kevin Flanagan at info@blokusa.com.
If a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, and notify the competent supervisory authority within 72 hours of becoming aware, in accordance with Art. 33 and Art. 34.
Lok-N-Blok Systems LLC · Privacy Team · info@blokusa.com · 504-913-3606