BlueConic Privacy Policy

Effective October 1, 2023

This privacy policy (“Policy”) describes how the personally identifiable information (“Personal Information”) you may provide on the blueconic.com website (“Website” ) and any of its related offerings and services (collectively, “Services”) is collected, protected and used. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy is a legally binding agreement between you (“User”, “you” or “your”) and BlueConic and its affiliated entities (“BlueConic”, “we”, “us” or “our”). By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy and to comply with all applicable laws and regulations. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Collection of Personal Information

You may choose to provide us with Personal Information directly in a variety of situations. For example, you may choose to give us your name and contact information while on our Website so that we may communicate with you, process an order, provide you with certain documentation or service information, or do business with you as a customer, supplier, or other form of business partner. BlueConic is authorized to use your Personal Information only as necessary to provide these services to you. We collect and process Personal Information concerning clients and visitors to this Website and the BlueConic Services for the benefit of the business operations of BlueConic.

This collection of Personal Information is used by BlueConic to inform you about available information, documentation, services, and other products that may be relevant to you, and to develop and update website statistics further. We receive and store any Personal Information you knowingly provide to us when you publish content or complete any online forms on the Website. You can choose not to provide us with your Personal Information when using the Website, but then you may not be able to take advantage of some of the features on the Website.

Some of the information we collect is directly from you via the Website and Services. However, we may also collect Personal Information about you from other sources such as public databases and our joint marketing partners. We also gather certain Personal Information automatically and store it in log files. This information includes Internet Protocol (“IP”) addresses, browser type and language, internet service provider (“ISP”), referring and exit pages, operating system information, date/time stamps, and other similar data. We do not automatically link collected data stored in our log files to other information we collect about you.  

For details regarding the required technical collection and processing of Personal Information, including which technologies we employ for such collection and processing, see the section below titled “Cookies”.

Use and Processing of Collected Information

In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. Any of the Personal Information we collect from you may be used for the following purposes:

1. Send marketing and promotional communications.

2. Respond to inquiries and offer support.

3. Improve the user experience.

4. Post customer testimonials.

5. Run and operate the Website and Services.

Processing your Personal Information depends on how you interact with the Website and Services, where you are located in the world, and if one of the following applies: (i) you have given your consent for one or more specific purposes; (ii) provision of Personal Information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) processing is necessary for compliance with a legal obligation to which you are subject; (iv) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

We will not use this website to collect information regarding political views, race, religious beliefs, health, criminal-law data, or other similar matters. We may share or publish aggregate information that does not specifically identify you, such as statistical information about visitors to our websites or statistical information about how customers use our applications. We will share your Personal Information with third parties only in the ways that are described in this Policy, unless we obtain prior written permission from you, or unless otherwise required or permitted by law, such as to comply with a subpoena, or similar legal process, or when we reasonably believe that the disclosure is necessary to prevent or respond to fraud, defend our Website or applications against attacks, or protect the property and security of BlueConic, our customers and users, and/or the public.

Note that under certain law(s) and/or regulation(s), we may be allowed to process Personal Information until you object to such processing (by opting out), without having to rely on consent or any other of the legal bases above. In any case, we will be happy to clarify the specific legal basis that applies to the processing.

If BlueConic is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or changes in usage of your Personal Information, as well as any choices you may have regarding your Personal Information.

Retention and Security of Personal Information

The security of your Personal Information is important to us. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received, to protect your Personal Information from unauthorized access, use, and disclosure. Upon request, BlueConic will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting us at info@blueconic.com. We will respond to your request within a reasonable timeframe.

We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Transfer of Personal Information

Depending on your location, data transfers may involve transferring and storing your Personal Information in a country other than your own. When we transfer your Personal Information, we make sure that we take steps to  safeguard your information. In particular, BlueConic is committed to following the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and upholding the rights of individuals in the EU, UK and Switzerland.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit your request to info@blueconic.com.

Additional information regarding transfers of Personal Information can be found below.

Data Privacy Framework Program

BlueConic complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  BlueConic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Information received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  BlueConic has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern over this Policy.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

BlueConic is responsible for the processing of Personal Information it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF, and any subsequent transfers to a third party acting as an agent on its behalf. BlueConic complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles for all onward transfers of Personal Information from the EU, UK and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over BlueConic's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.  In certain situations, BlueConic may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, BlueConic commits to refer unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  These dispute resolution services are provided at no cost to you.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, BlueConic commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information.  Individuals in the EU, the UK and Switzerland with inquiries or complaints regarding our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact BlueConic at: info@blueconic.com.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit your request to info@blueconic.com.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

The Rights of Users

You may contact us using the contact information below at any time. Queries regarding this Policy, the accuracy of Personal Information that you provided to us via this Website, or requests to have outdated information deleted, may be processed via our Permissions Settings page on the Website. If you do not wish to receive any marketing information from us, you can make your request via the Permissions Settings or via email to info@blueconic.com.

You may exercise certain rights regarding your Personal Information processed by us. In particular, you have the right to do the following: 

1. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Information; 

2. You have the right to object to the processing of your Personal Information if the processing is carried out on a legal basis other than consent; 

3. You have the right to learn if Personal Information is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Personal Information undergoing processing; 

4. You have the right to verify the accuracy of your Personal Information and ask for it to be updated or corrected; 

5. You have the right, under certain circumstances, to restrict the processing of your Personal Information, in which case, we will not process your information for any purpose other than storing it; 

6. You have the right, under certain circumstances, to obtain the erasure of your Personal Information from us; and

7. You have the right to receive your Personal Information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another party without any hindrance. This provision is applicable provided that your Personal Information is processed by automated means and that the processing is based on your consent, on a contract which you are part of, or on pre-contractual obligations thereof.

Right to Object to Processing

If we process your Personal Information for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this Policy.

Data Protection Rights for the European Economic Area

If you are a resident of the European Economic Area (“EEA”), you have certain data protection rights and BlueConic aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us at: info@blueconic.com. In these circumstances, you have the following data protection rights:

You have the right to request access to your Personal Information stored by BlueConic.

1. You have the right to request that we correct any Personal Information you believe is inaccurate. You also have the right to request us to complete the Personal Information you believe is incomplete.

2. You have the right to request the erasure of your Personal Information under certain conditions of this Policy.

3. You have the right to object to our processing of your Personal Information.

4. You have the right to seek restrictions on the processing of your Personal Information. When you restrict the processing of your Personal Information, we may store it but will not process it further.

5. You have the right to be provided with a copy of the Personal Information we have on you in a structured, machine-readable and commonly used format. You also have the right to withdraw your consent at any time where BlueConic relied on your consent to process your Personal Information.

6. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

California Privacy Rights

In addition to the rights as explained in this Policy, California residents who provide Personal Information (as defined in the statute) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the Personal Information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain this information please contact us at info@blueconic.com.

You may opt out of “sales” of Personal Information and “sharing” of Personal Information for purposes of cross-context behavioral advertising. Where required, we also honor requests to opt out of submitted via privacy preference signals recognized under applicable law, such as the Global Privacy Control (“GPC”). For more information on the GPC and how to use a browser or browser extension incorporating the GPC signal, see https://globalprivacycontrol.org/.

How to Exercise Your Rights

Any requests to exercise your rights can be directed to BlueConic through the contact details provided in this Policy. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you.

Privacy of Children

We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Website and Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Website and Services, please contact us. 

Cookies

The Website and Services use “cookies” to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. We may use cookies to collect, store, and track information for statistical purposes to operate the Website and Services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. 

Cookies and Third Parties

BlueConic also uses or allows third parties to serve cookies to help us with market research, improving website functionality, and monitoring compliance. Similarly, when you use one of the share buttons on the BlueConic website, a cookie may be set by the service you have chosen to share content through.

The Website and its applications may include buttons, widgets, tools or content that link to other company services, for example, a Facebook “Like” button or the share button. We may collect information about your use of these features.

The permission for the use of these third party cookies is also controlled by the permission settings dialog that is provided on the Website. Once the permission has been granted, BlueConic does not control the dissemination of these third party cookies. You should check the relevant third party website for more information about these cookies.

Information Security

We secure Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Therefore, while we strive to protect your Personal Information, you acknowledge that:

(i) There are security and privacy limitations of the Internet which are beyond our control;

(ii) The security, integrity, and privacy of any and all information and data exchanged between you and the Website cannot be guaranteed; and

(iii) Any such Personal Information and data may be viewed or tampered with in transit by a third party, despite best efforts.

Data Breach

In the event we become aware that the security of the Website and Services has been compromised or users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, or send you an email.

Changes and Amendments

We reserve the right to modify this Policy or its terms relating to the Website and Services from time to time at our discretion and will notify you of any material changes to the way in which we treat Personal Information. When we do, we will revise the updated date on this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided. Any updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different from what was stated at the time your Personal Information was collected.

Acceptance of this Policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

Enforcement of Policy

BlueConic undertakes to verify compliance with this Policy not less than once per year and in connection with BlueConic’s annual review and internal compliance measures. BlueConic will use its best commercial efforts to ensure that compliance with this Policy is maintained and that this Policy is accurate, comprehensive, and continues to conform to applicable law. We encourage you to raise and discuss any issues or concerns with BlueConic’s Data Privacy Officer directly via info@blueconic.com. Our DPO will address and resolve such complaints regarding the use of data and noncompliance with our Policy.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, BlueConic commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

BlueConic provides information regarding the following through policies and trainings:

1. BlueConic is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

2. The possibility, under certain conditions, for the individual to invoke binding arbitration.

3. The requirement for BlueConic to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

4. BlueConic’s liability in cases of onward transfers to third parties.

With respect to complaints related to this Policy that cannot be resolved through our internal process, we agree to abide by the dispute resolution procedures established by the Data Privacy Framework.

Contacting BlueConic

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via info@blueconic.com.