Privacy Statement — Blicker B.V.
Version: April 2026
Last updated: 21 April 2026
1. Who We Are
Blicker B.V. (hereafter: "Blicker", "we", "us" or "our") is a technology company specialising in AI-powered meter reading solutions for the utilities sector. We are registered and established at:
Blicker B.V.
Stationsplein 45
3013 AK Rotterdam
The Netherlands
Website: www.blicker.ai
Email: hello@blicker.ai
Phone: +31 10 340 29 07
Privacy Contact: V. Westerwoudt — privacy@blicker.ai
Blicker B.V. is the controller of personal data as described in this statement.
2. Scope — Blicker and Its Subproducts
This privacy statement applies to all personal data processing carried out by Blicker B.V. in connection with:
- The Blicker platform — the AI-powered meter reading API and associated services (accessible via www.blicker.ai);
- Kite — Blicker's meter management service portal, intended for utility and energy operators;
- Any other products, subproducts, or services developed and operated by Blicker B.V. that reference this statement.
Where a product or subproduct processes personal data in a materially different way, this is noted in the relevant sections below.
3. Blicker's Two Roles Under GDPR
Depending on the context, Blicker acts in two distinct roles under the GDPR:
3.1 Blicker as Controller
Blicker acts as a controller for personal data it collects directly and independently — for example, from website visitors, prospective customers, account holders, support requesters, and employees.
This privacy statement primarily governs Blicker's processing activities in this controller role.
3.2 Blicker as Processor
When business customers (e.g. utilities, energy companies) use Blicker's platform or Kite to process meter data relating to their own customers or employees, those business customers are the controller and Blicker acts as their processor, operating strictly on documented instructions per Art. 28 GDPR. A separate Data Processing Agreement (DPA) governs that relationship.
If you are an end customer or employee of a utility company and have a question about how your personal data is processed in connection with meter readings, please contact your utility provider directly. They are responsible for informing you about their data processing and handling your rights requests in that context.
4. Personal Data We Process as Controller
4.1 Categories of Personal Data
Blicker collects and processes the following categories of personal data in its role as controller:
| Category |
Examples |
| Contact details |
Name, email address, postal address |
| Account data |
Username, password (hashed), role |
| Usage and log data |
IP address, browser type, pages visited, timestamps, session identifiers |
| Communication data |
Content of emails and other correspondence with Blicker |
| Billing data |
Company name, invoicing address, payment reference (not full card details) |
| Voluntarily provided data |
Any other data you provide, e.g. when filling in a contact form, participating in surveys, or during onboarding |
Blicker does not intentionally collect special categories of personal data (Art. 9 GDPR), such as health data, ethnic origin, or political opinions.
4.2 Purposes and Legal Bases
| Purpose |
Legal basis (Art. 6 GDPR) |
| Creating and managing your account; providing access to the platform and Kite |
Performance of a contract (Art. 6(1)(b)) |
| Responding to support requests and communications |
Performance of a contract or pre-contractual steps (Art. 6(1)(b)) |
| Invoicing and payment processing |
Performance of a contract (Art. 6(1)(b)) |
| Compliance with tax and financial reporting obligations |
Legal obligation (Art. 6(1)(c)) |
| Security monitoring, fraud detection, abuse prevention |
Legitimate interests of Blicker (Art. 6(1)(f)) |
| Error monitoring and platform diagnostics (via Sentry) |
Legitimate interests of Blicker (Art. 6(1)(f)) |
| Bot and abuse protection on web forms (via Cloudflare Turnstile) |
Legitimate interests of Blicker (Art. 6(1)(f)) |
| Improvement of Blicker's services, platform performance, and AI accuracy |
Legitimate interests of Blicker (Art. 6(1)(f)) |
| Sending service-related notifications and updates |
Performance of a contract / Legitimate interests (Art. 6(1)(b)/(f)) |
| Sending marketing communications (if applicable) |
Consent (Art. 6(1)(a)) — you may withdraw at any time |
Where Blicker relies on legitimate interests, it has assessed that these interests are not overridden by your rights and freedoms. You may request more information about this balancing test by contacting privacy@blicker.ai.
5. Personal Data Processed as Processor (Meter Data)
When Blicker processes personal data on behalf of a business customer under a Data Processing Agreement, the categories of data typically include:
- Meter readings (linked to meter numbers);
- Meter numbers and metering point identifiers;
- Identification data of end users (name, customer number, account number);
- Contact details (address, email, telephone number);
- Location or premises information related to the metering point;
- Images of meters submitted through the platform or Kite;
- Any other data strictly necessary for the controller's use of the Solution.
The purposes, retention periods, and rights applicable to this data are governed by the controller's instructions and their DPA with Blicker. Data subjects should direct rights requests to their utility or energy provider.
The default retention period for this data, unless otherwise agreed in writing, is 12 months from the date of processing.
6. AI-Supported Processing
Blicker's platform and Kite use artificial intelligence components to support meter reading — specifically to automatically detect, interpret and validate meter values from images submitted by users or end customers.
These AI components are intended solely to support metering and utility-administration processes. They do not make decisions that produce legal effects or similarly significant effects on data subjects within the meaning of Art. 22 GDPR. Blicker does not carry out automated decision-making as defined in Art. 22(1) GDPR. All AI outputs that are used for billing or regulatory purposes remain subject to human oversight.
In compliance with the EU AI Act (Regulation (EU) 2024/1689), Blicker:
- Provides its business customers with documentation on how the AI components operate, including their intended purpose and limitations;
- Implements technical and organisational measures to ensure the AI components function as intended;
- Notifies customers of any material change to the AI components that significantly affects their performance or intended purpose.
7. Retention Periods
Blicker does not retain personal data longer than necessary for the purposes for which it is collected. The following retention periods apply:
| Data category |
Retention period |
| Account and contact data |
For the duration of the contractual relationship, plus up to 24 months after termination |
| Communication and support data |
Up to 24 months after the last interaction |
| Usage logs and IP addresses |
Up to 12 months |
| Financial and invoicing data |
7 years in accordance with Dutch tax law (Belastingwetgeving) |
| Meter data (as processor) |
12 months from date of processing, unless otherwise agreed in the applicable DPA |
After expiry of the applicable retention period, data is permanently deleted or irreversibly anonymised.
8. Recipients and Sub-Processors
Blicker shares personal data with the following third parties and sub-processors in order to deliver its services:
8.1 Sub-Processors
| Sub-processor |
Role |
Location |
Transfer basis |
| Microsoft Corporation (Azure) |
Cloud infrastructure: hosting, data processing and storage of all platform and Kite data |
Redmond, WA, USA (data processed in EU — Western Europe region) |
Data stored within the EEA; EU Standard Contractual Clauses (SCCs) for any data transferred outside EEA |
| Sentry (Functional Software, Inc.) |
Error and performance monitoring: collection of application error logs, stack traces, and associated context data for debugging |
San Francisco, CA, USA |
EU Standard Contractual Clauses (SCCs) |
| Cloudflare Turnstile (Cloudflare, Inc.) |
Bot detection and abuse prevention on Kite and other web-facing interfaces (processes browser signals, interaction patterns, IP address — no cookies set without consent) |
San Francisco, CA, USA |
EU Standard Contractual Clauses (SCCs) |
8.2 Other Recipients
Blicker may share personal data with other third parties in limited circumstances, including:
- Legal and regulatory authorities, if required by law or court order;
- Auditors or legal advisors, bound by professional confidentiality obligations;
- Business successors, in the event of a merger, acquisition or sale of assets, subject to equivalent privacy protections.
Blicker does not sell personal data to third parties.
9. International Data Transfers
Blicker's primary data processing takes place within the European Economic Area (EEA), using Microsoft Azure infrastructure in the Western Europe region.
Where data is transferred to sub-processors located outside the EEA (such as Sentry and Cloudflare, both US-based), such transfers are governed by EU Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of protection in line with the GDPR (Chapter V).
Personal data will not be transferred to a country outside the EEA without a valid legal transfer mechanism in place.
10. Security
Blicker takes the security of personal data seriously and has implemented appropriate technical and organisational measures to protect it against loss, unauthorised access, disclosure, alteration or destruction. These measures include, among others:
- Encryption at rest and in transit — all personal data in storage and in transmission is protected using state-of-the-art encryption (HTTPS/SSL; encrypted backups);
- Access controls — strict role-based access policies, password vaults, OAuth 2.0 and Active Directory authentication; access to personal data is limited to authorised personnel on a need-to-know basis;
- Incident management — a defined security and privacy incident management policy and process is in place, including a breach notification procedure with a maximum 48-hour reporting window to customers;
- Backups — regular encrypted backups are maintained (incremental, differential and full), stored on separate Azure Blob servers;
- Audits — regular technical and organisational security audits are performed on systems used to process personal data;
- Azure infrastructure — all data is hosted on Microsoft Azure, which is certified to ISO/IEC 27001:2013 and subject to annual audits;
- Resilience — critical systems are deployed redundantly with defined recovery procedures and business continuity plans.
If you have reason to believe that your data is not being adequately protected, or if you suspect misuse, please contact us at privacy@blicker.ai.
11. Your Rights
As a data subject under the GDPR, you have the following rights with respect to personal data Blicker holds about you in its capacity as controller:
| Right |
Description |
| Right of access (Art. 15) |
You may request a copy of the personal data Blicker holds about you |
| Right to rectification (Art. 16) |
You may request correction of inaccurate or incomplete personal data |
| Right to erasure (Art. 17) |
You may request deletion of your personal data, subject to applicable retention obligations |
| Right to restriction (Art. 18) |
You may request that Blicker restricts the processing of your data in certain circumstances |
| Right to data portability (Art. 20) |
You may request a structured, machine-readable copy of personal data you have provided to us, for transfer to another provider |
| Right to object (Art. 21) |
You may object to processing based on legitimate interests, including profiling |
| Right to withdraw consent |
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing |
How to Exercise Your Rights
Send your request to: privacy@blicker.ai
Please include sufficient information to allow us to verify your identity. We may ask you to confirm your identity by means of reasonable verification — we will not routinely request copies of identity documents, but we may do so in cases of doubt. We will respond within four weeks of receiving a valid request.
For requests relating to meter data processed on behalf of a business customer: please contact your utility or energy provider directly, as they are the controller of that data.
Right to Lodge a Complaint
If you believe your rights have not been upheld, you have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens
https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons
12. Cookies and Similar Technologies
Blicker uses cookies and similar technologies on its websites and web-based products (including Kite). The following types of cookies are used:
| Type |
Purpose |
Consent required? |
| Strictly necessary / functional |
Essential to the operation of the website and platform (e.g. session management, security tokens, login state) |
No — these cannot be disabled without affecting functionality |
| Analytical (privacy-friendly) |
Used to understand how visitors use the platform; configured to not identify individual users where possible |
No — where analytics are configured to be non-privacy-invasive |
| Bot detection (Cloudflare Turnstile) |
Used on Kite and web forms to distinguish human users from automated bots; processes browser signals and interaction patterns without setting persistent tracking cookies |
No — operates without consent-gated cookies |
Blicker does not use tracking cookies for advertising or cross-site profiling purposes.
You can manage or disable cookies through your browser settings. Note that disabling strictly necessary cookies may affect the functioning of our services.
13. Children
Blicker's services are intended for business users and are not directed at children. We do not knowingly collect personal data from individuals under the age of 16 without verifiable parental or guardian consent.
If you believe we have inadvertently collected data about a minor, please contact us at privacy@blicker.ai and we will delete it promptly.
14. Changes to This Statement
Blicker may update this privacy statement from time to time to reflect changes in our services, applicable law, or data processing practices. The most current version is always available at www.blicker.ai/privacy. Material changes will be communicated to active customers and users in advance, where possible.
The version date at the top of this document indicates when the statement was last revised.
15. Contact
For questions, requests, or concerns about this privacy statement or Blicker's data processing practices:
Blicker B.V.
Attn: Privacy — V. Westerwoudt
Stationsplein 45
3013 AK Rotterdam
The Netherlands
Email: privacy@blicker.ai
Phone: +31 10 340 29 07
Website: www.blicker.ai
Blicker B.V. | Stationsplein 45, 3013 AK Rotterdam | www.blicker.ai | Version April 2026
