Data Privacy at Block 64: GDPR, PII, and Compliance

Block 64 is committed to protecting customer data and complying with global privacy regulations, including the General Data Protection Regulation (GDPR). This article outlines how we handle Personally Identifiable Information (PII), our approach to compliance, and your rights as a customer.

Key Links

• Compliance & Trust Centre

• Privacy Policy

Does Block 64 Collect or Process Personal Data?

Yes, Block 64 processes limited PII during most customer engagements, but only the data necessary to complete assessments.

Data types collected may include:

• Usernames

• First and last names

• Email addresses

• IP addresses

• SIP addresses

Sources of this data include:

• Active Directory

• Entra ID (formerly Azure AD)

• Microsoft 365

• AWS SSO logs

• GCP SSO logs

• Microsoft Exchange Server

• Skype for Business Server

• SharePoint Server

Customers may withdraw consent at any time, and Block 64 will permanently delete the relevant data upon request.

What Is Considered Personal Data under GDPR?

According to the GDPR:

‘Personal data’ means any information relating to an identified or identifiable natural person... including names, identification numbers, location data, online identifiers, or factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

 

Is Block 64 GDPR Compliant?

Yes. Block 64 operates as a data processor and complies fully with GDPR by:

• Requiring customer consent before any data processing

• Hosting data in regional data centres (e.g., Western Europe, Germany)

• Limiting PII collection to essential information only

• Using end-to-end encryption to protect data

• Enforcing Role-Based Access Control (RBAC) for data access

• Providing clear channels to revoke consent and request data deletion

Who Is Block 64’s Data Protection Officer?

Sean Ramsay
📧 sean.ramsay@block64.com
Sean oversees compliance and ensures ongoing monitoring of data protection practices.

Right to Be Forgotten

Customers may request the deletion of any personal data collected by Block 64 by:

• Submitting a request at: support.block64.com

• Emailing: privacy@block64.com

All requests are handled promptly and in accordance with GDPR guidelines.

Internal Data Protection Policy

Yes, Block 64 maintains an internal Data Protection Policy which:

• Is reviewed annually

• Is shared with all employees

• Guides how personal data is accessed, processed, and protected internally

The policy is available to customers upon request.

If you have further questions about data privacy or GDPR compliance, feel free to contact our Privacy Team at privacy@block64.com.