Blues Offerings Privacy Policy

Blues

September 2020

This Privacy Policy (this “Privacy Policy”) describes the ways in which Blues Inc. and its affiliates and subsidiaries (collectively, “Blues,” “we,” “our,” and “us”) collect and use your information, including Personal Information, in relation to Blues products (such as the Notecard and Notehub), services, and other experiences that reference this Privacy Policy (collectively, the “Blues Offerings”). We use the term “Personal Information” to mean any information that identifies you as an individual or is otherwise defined as personal information (or similar) under applicable law.

  1. This Privacy Policy.
    1. Application of this Privacy Policy. Except as set out in Section 1.3 (Exclusions from this Privacy Policy), this Privacy Policy applies to users of the Blues Offerings. We use the term “you” to refer to users of the Blues Offerings. If you are an employee of an entity that uses Blues Offerings, then this Privacy Policy applies to you in your capacity as a representative of such entity.
    2. Additional Terms Applicable to Certain Blues Offerings. If any Blues Offerings have additional or different terms from this Privacy Policy on how we collect or use your information, then, to the extent applicable, we will provide you with a privacy notice setting out additional data or privacy information prior to your access or use of such Blues Offerings.
    3. Exclusions from this Privacy Policy. This Privacy Policy does not apply to the following:
    4. Blues Website. Any information collected or used in relation to Blues website (located at https://blues.io/) is subject to a separate privacy policy located here: [_].
    5. Provider Services. We also host and operate the Blues Offerings on behalf of third party providers (each, a “Provider”) that provide their services to you (“Provider Services”). Except as set out in Section 2.3 (Information we Collect from Other Sources), this Privacy Policy does not apply to: (i) information or the “content” processed, stored, or hosted by our customers using Provider Services that we do not collect directly or on behalf of a Provider, or (ii) any products, services, websites, or content that are offered by third parties (including Providers) or have their own privacy notice. An example of a Provider is our provider of cellular services for the Blues Offerings, AT&T Mobility 11, LLC d/b/a AT&T or AT&T Mobility (and its service providers) (collectively, the “Carrier”), whose privacy notice is available here: https://about.att.com/csr/home/privacy/full_privacy_policy.html (the “AT&T Privacy Policy”). For the avoidance of doubt, we are not responsible for the use of your information by a Provider (which shall be subject to the applicable Provider’s privacy policy and other applicable terms).
    6. Your Consent. You consent to this Privacy Policy by using a Blues Offering, or by otherwise indicating your consent via a click-through or similar method.
    7. Changes to this Privacy Policy. We reserve the right to revise this Privacy Policy (including any additional privacy notices provided pursuant to Section 1.2 (Additional Terms Applicable to Certain Blues Offerings)) from time to time, and will revise this Privacy Policy, for example, to comply with changes in applicable law. If we make material revisions to this Privacy Policy, we will notify you by email, by the method we used to notify you of any additional or different terms applicable to your use of the Blues Offerings, or by another appropriate method. Your continued use of a Blues Offering will constitute your acceptance of the revised Privacy Policy.
  2. Collection of Information. We collect your information, including Personal Information, in the course of providing the Blues Offerings to you. Here are the three ways that we collect your information:
    1. Information that You Provide. We collect information that you provide to us, including when you make a purchase, set up an account with us, directly communicate or interact with us (i.e. by electronic mail, telephone, or other means), or otherwise use the Blues Offerings.
    2. Automatically Collected Information. We may automatically collect certain information from the Blues Offering, including Network Information, geolocation data, and other technical information from your Blues Offering. We use the term “Network Information” to mean information collected about you that: (i) relates to your use of the cellular service provided by our Carrier; (ii) relates to your use of Blues Offerings; or (iii) is created by, derived from, or utilizes the Network or Network-related information, including (a) the Mobile Identification Number (“MIN”) issued by the Carrier to identify a Notecard-enabled device, (b) Network Access Identifier (“NAI”) information regarding applications on a Notecard-enabled device, and (c) location information including cell site information. This information allows Blues to recognize you and personalize your experience if you return to the Website using the same computer or mobile device, and to improve the Website and the other Blues Offerings.
    3. Information We Collect from Other Sources. In addition to the Network Information that we collect about you, our Carrier may also provide us with Network Information that it collects about you pursuant to the AT&T Privacy Policy. We may also collect information about you from other sources, including Providers and publicly available sources.
  3. Use of Information. We use your Personal Information to provide, operate, and improve Blues Offering, including, for the following purposes:
    1. Provide the Blues Offerings. We use your Personal Information to provide you with and deliver the Blues Offerings.
    2. Analysis and Improvement. We use your Personal Information for improving, measuring use of, analyzing performance of, fixing errors in, providing support for, and developing the Blues Offerings, including by (i) combining or aggregating any of the information collected through the Blues Offerings or elsewhere for generating and analyzing statistics about your use of the Blues Offerings and user demographics and traffic patterns and (ii) using anonymized data that may or may not be derived from Personal Information but does not personally identify you.
    3. Marketing and Notices. We may provide you with information about the Blues Offerings or required notices. In addition, we may use collected information for delivering marketing communications that may be of interest to you. Blues does not sell or share your Personal Information with other companies for purposes of their marketing goods or services to you that are unrelated to Blues. You have the right to request that we do not share your Personal Information with, or sell your Personal Information to, third parties, and we will honor such requests in accordance with applicable law. Please note that such a request may prevent you from benefitting from core features of the Blues Offerings. You also have the right to ask a Provider not to process your Personal Information for marketing purposes. If you do so, then we will cooperate with such Provider to accommodate your request.
    4. Security. We may use your Personal Information for safety and security purposes, including sharing of your information for such purposes, when it is necessary to pursue our legitimate interests in ensuring the security of the Blues Offerings, including detecting, preventing and responding to fraud, intellectual property infringement, violations of agreements with Blues or Providers, violations of law or other misuse of the Blues Offerings. We may also share your Personal Information when we believe, in good faith, that disclosure is necessary to protect our rights, the rights of other users of the Blues Offerings, the integrity of the Blues Offerings, or the safety of you or others.
    5. Comply with Legal Obligations. We may have a legal obligations to collect, use, retain, or process your Person Information. If those obligations exists, then we will use your Personal Information to satisfy such obligations.
    6. Communicating with You. We use your Personal Information to respond to your request and to communicate with you about regarding the Blues Offerings through various channels (such as email, phone, and chat).
    7. Other Purposes for Which we Seek Your Consent. We may seek for your consent to use your Personal Information for a purpose that we communicate to you.
  4. Sharing Information. Although your information is important to our business, we are not in the business of selling your Personal Information. We share Personal Information as described below and between our affiliates and subsidiaries. In all cases, we take reasonable efforts to ensure that any entity that we share your Personal Information with has privacy practices at least as protective as those in this Privacy Policy and applicable law.
    1. Third Party Service Providers. We may engage third party service providers to perform functions on our behalf, and these may include maintaining the Blues Offerings, collecting information, responding to and sending email or other messages, data analysis, and other functions useful to our business. Our Carrier is one such example of a third party service provider that performs functions on our behalf. [H&K1] Such third party service providers will have access to Personal Information to the extent needed to perform their function, but will not be permitted to use Personal Information for other purposes.
    2. Consultants. Blues may engage attorneys, accountants, and other consultants and subject matter experts to advise and assist it in connection with the Blues Offerings. Blues does not permit these consultants to use your Personal Information for purposes unrelated to their engagement with us.
    3. Business Transfer. Blues may also transfer your Personal Information to an affiliate, a subsidiary or a third party in the event of any reorganization, merger, acquisition or sale, joint venture, assignment, transfer or other disposition of all or any portion of Blues’ business, assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that Blues transfers Personal Information to will not be permitted to process your Personal Information other than as described in this Privacy Policy without providing you notice and, if required by applicable laws, obtaining your consent.
    4. Other Disclosure. Blues may disclose Personal Information about you to others: (i) if Blues has your valid consent to do so; (ii) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (iii) to enforce any of the Blues, Carrier, or Provider terms and conditions or policies[H&K2] ; or (iv) as necessary to pursue available legal remedies or defend legal claims.
  5. Storage.
    1. Jurisdiction. Information collected will be stored in, processed in and subject to the laws of the United States, which may not provide the same level of protection for your information as your home country, and may be available to the United States government or its agencies under a lawful order made in the United States. By accepting this Privacy Policy, you consent to such transfer to, storage in and processing within the United States.
    2. Security. We have implemented reasonable measures to protect your information from unauthorized access, use or disclosure. The Blues Offerings and its operators maintain administrative, technical and physical safeguards designed to protect the collected information. For example, Notecards incorporate the device-level security features and the data-in-motion security protections set out in the Blues documentation, and these are designed to prevent unauthorized access to or use of the Notecard and the data exchanged with other Blues Offerings. Other Blues Offerings may have additional safeguards designed to protect collected information, such as, by way of limited example, symmetric keys. However, no information or communication system can be 100% secure, so Blues cannot guarantee the absolute security of your information. In addition, you are responsible for implementing commercially reasonable security safeguards consistent with customary industry practices to prevent unauthorized access to, or use of Blues Offerings. Blues is not responsible for the security of information that you transmit over networks that Blues does not control, including the Internet and wireless networks.
    3. Retention; Reviewing or Correcting Information. Blues retains information (including associated Personal Information) in accordance with applicable law and its data retention policies. If you believe that we have incorrect information about you (including incorrect Personal Information), you have the right to request access to this information and to correct inaccuracies by sending a written request to Blues using the contact information provided in Section 11 (Contact Information). Please understand that we will not change or delete information if the information is necessary for the Blues Offerings, or necessary for compliance with applicable law. Please note that Blues may be unable to collect information that is controlled by a Provider.
  6. GDPR. Blues will process your Personal Information in compliance with the EU General Data Protection Regulation (“GDPR”) if you are a resident of the European Union and if the GDPR applies to our relationship with you (each an “EU data subject”). For information collected by Blues (that is not collected on behalf of a Provider), Blues is the data controller, as defined under GDPR, for all other information, including information submitted to or collected by the Provider or via any Provider Services, Blues is the data processor, also as defined under GDPR. In accordance with GDPR, we will provide EU data subjects with applicable rights, which may include the following:
    • Right of confirmation;
    • Right of access;
    • Right to rectification;
    • Right to erasure;
    • Right of restriction of processing;
    • Right to data portability;
    • Right to object;
    • Right to withdraw data protection consent; and
    • Right to lodge a complaint with a supervisory authority.
  7. Notice of Privacy Rights to California Residents. The following provisions of this Section 7 (Notice of Privacy Rights to California Residents) apply if you are a California resident. If you submit a request to a Provider that is related to your privacy rights as a California resident, then we will cooperate with such Provider in accommodating your request.
    1. Shine the Light Law. California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personal Information to third parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personal Information to third parties for their direct marketing purposes.
    2. California Consumer Privacy Act Disclosure. The California Consumer Privacy Act (the “CCPA”) provides various rights to individuals and households with respect to the collection and use of Personal Information that we have collected about California residents. We use the term “resident” to refer to a California resident to whom the CCPA applies. Among other rights under the CCPA, as further set out in this Section, a resident has the right to request that we (i) disclose to the resident Personal Information that we have about such resident (including Personal Information about such resident that is sold), and (ii) subject to certain exceptions, delete Personal Information that we have about such resident. A resident may request a copy of the following using the mechanism set out in Section 7.3 (Submission of a Consumer Request): (a) the categories of Personal Information we collected about such resident; (b) the categories of sources from which the Personal Information is collected; (c) the business or commercial purpose for collecting or selling the Personal Information; (d) the categories of third parties with whom we share Personal Information; and (e) the specific pieces of Personal Information we have collected about such resident. A resident may submit a request for such information no more than twice in any twelve (12) month period, and our disclosure of such requested information shall only cover the twelve (12) month period preceding our receipt of such request. Additionally, a resident may request that we delete such resident’s Personal Information using the mechanism set out in Section 7.3 (Submission of a Consumer Request). A resident’s rights as to such deletion requests are set out in Section 5.3 (Retention).
    3. Submission of a Consumer Request. We are in the process of implementing a web-based form and toll-free number for residents to submit requests to us to access or delete their Personal Information. In the interim, please submit such requests to the email address provided in Section 11 (Contact Information). We will respond to your request within forty-five (45) days or as otherwise permitted by applicable law.
  8. Feedback. We want to encourage your feedback. If you have a suggestion or concerns you would like us to address, please contact us using the contact information provided in Section 11 (Contact Information). Certain states may provide you with additional avenues for lodging complaints. Please check with your state’s consumer protection authority.
  9. Third-Party Websites. Communications from Blues may contain links to websites operated by third parties. You acknowledge and agree that Blues is not responsible for the collection and use of your information by such websites that are not under our control. Blues encourages you to review the privacy policies of each website you visit.
  10. Children’s Information. The Blues Offerings are not directed to, nor does Blues knowingly collect information from, children under the age of 13 in connection with the Blues Offerings. If you become aware that your child or any child under your care has provided information without your consent, please contact Blues immediately using the contact information provided in Section 11 (Contact Information).
  11. Contact Information. If you have any questions about this Privacy Policy or the collection or use of information about you, please contact Blues using the following information: [_].
  12. Further Resources. If you wish further information concerning privacy policies in general, you should visit the following site: http://www.ftc.gov/privacy/index.html.
  13. Effective Date. The effective date of this Privacy Policy is September [_], 2020.