Collection of Information. We collect your information, including Personal Information, in the course of providing the Blues Offerings to you. Here are the three ways that we collect your information:
- Information that You Provide. We collect information that you provide to us, including when you make a purchase, set up an account with us, directly communicate or interact with us (i.e. by electronic mail, telephone, or other means), or otherwise use the Blues Offerings.
- Automatically Collected Information. We may automatically collect certain information from the Blues Offering, including Network Information, geolocation data, and other technical information from your Blues Offering. We use the term “Network Information” to mean information collected about you that: (i) relates to your use of the cellular service provided by our Carrier; (ii) relates to your use of Blues Offerings; or (iii) is created by, derived from, or utilizes the Network or Network-related information, including (a) the Mobile Identification Number (“MIN”) issued by the Carrier to identify a Notecard-enabled device, (b) Network Access Identifier (“NAI”) information regarding applications on a Notecard-enabled device, and (c) location information including cell site information. This information allows Blues to recognize you and personalize your experience if you return to the Website using the same computer or mobile device, and to improve the Website and the other Blues Offerings.
Use of Information. We use your Personal Information to provide, operate, and improve Blues Offering, including, for the following purposes:
- Provide the Blues Offerings. We use your Personal Information to provide you with and deliver the Blues Offerings.
- Analysis and Improvement. We use your Personal Information for improving, measuring use of, analyzing performance of, fixing errors in, providing support for, and developing the Blues Offerings, including by (i) combining or aggregating any of the information collected through the Blues Offerings or elsewhere for generating and analyzing statistics about your use of the Blues Offerings and user demographics and traffic patterns and (ii) using anonymized data that may or may not be derived from Personal Information but does not personally identify you.
- Marketing and Notices. We may provide you with information about the Blues Offerings or required notices. In addition, we may use collected information for delivering marketing communications that may be of interest to you. Blues does not sell or share your Personal Information with other companies for purposes of their marketing goods or services to you that are unrelated to Blues. You have the right to request that we do not share your Personal Information with, or sell your Personal Information to, third parties, and we will honor such requests in accordance with applicable law. Please note that such a request may prevent you from benefitting from core features of the Blues Offerings. You also have the right to ask a Provider not to process your Personal Information for marketing purposes. If you do so, then we will cooperate with such Provider to accommodate your request.
- Security. We may use your Personal Information for safety and security purposes, including sharing of your information for such purposes, when it is necessary to pursue our legitimate interests in ensuring the security of the Blues Offerings, including detecting, preventing and responding to fraud, intellectual property infringement, violations of agreements with Blues or Providers, violations of law or other misuse of the Blues Offerings. We may also share your Personal Information when we believe, in good faith, that disclosure is necessary to protect our rights, the rights of other users of the Blues Offerings, the integrity of the Blues Offerings, or the safety of you or others.
- Comply with Legal Obligations. We may have a legal obligations to collect, use, retain, or process your Person Information. If those obligations exists, then we will use your Personal Information to satisfy such obligations.
- Communicating with You. We use your Personal Information to respond to your request and to communicate with you about regarding the Blues Offerings through various channels (such as email, phone, and chat).
- Other Purposes for Which we Seek Your Consent. We may seek for your consent to use your Personal Information for a purpose that we communicate to you.
- Third Party Service Providers. We may engage third party service providers to perform functions on our behalf, and these may include maintaining the Blues Offerings, collecting information, responding to and sending email or other messages, data analysis, and other functions useful to our business. Our Carrier is one such example of a third party service provider that performs functions on our behalf. [H&K1] Such third party service providers will have access to Personal Information to the extent needed to perform their function, but will not be permitted to use Personal Information for other purposes.
- Consultants. Blues may engage attorneys, accountants, and other consultants and subject matter experts to advise and assist it in connection with the Blues Offerings. Blues does not permit these consultants to use your Personal Information for purposes unrelated to their engagement with us.
- Other Disclosure. Blues may disclose Personal Information about you to others: (i) if Blues has your valid consent to do so; (ii) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (iii) to enforce any of the Blues, Carrier, or Provider terms and conditions or policies[H&K2] ; or (iv) as necessary to pursue available legal remedies or defend legal claims.
- Security. We have implemented reasonable measures to protect your information from unauthorized access, use or disclosure. The Blues Offerings and its operators maintain administrative, technical and physical safeguards designed to protect the collected information. For example, Notecards incorporate the device-level security features and the data-in-motion security protections set out in the Blues documentation, and these are designed to prevent unauthorized access to or use of the Notecard and the data exchanged with other Blues Offerings. Other Blues Offerings may have additional safeguards designed to protect collected information, such as, by way of limited example, symmetric keys. However, no information or communication system can be 100% secure, so Blues cannot guarantee the absolute security of your information. In addition, you are responsible for implementing commercially reasonable security safeguards consistent with customary industry practices to prevent unauthorized access to, or use of Blues Offerings. Blues is not responsible for the security of information that you transmit over networks that Blues does not control, including the Internet and wireless networks.
- Retention; Reviewing or Correcting Information. Blues retains information (including associated Personal Information) in accordance with applicable law and its data retention policies. If you believe that we have incorrect information about you (including incorrect Personal Information), you have the right to request access to this information and to correct inaccuracies by sending a written request to Blues using the contact information provided in Section 11 (Contact Information). Please understand that we will not change or delete information if the information is necessary for the Blues Offerings, or necessary for compliance with applicable law. Please note that Blues may be unable to collect information that is controlled by a Provider.
GDPR. Blues will process your Personal Information in compliance with the EU General Data Protection Regulation (“GDPR”) if you are a resident of the European Union and if the GDPR applies to our relationship with you (each an “EU data subject”). For information collected by Blues (that is not collected on behalf of a Provider), Blues is the data controller, as defined under GDPR, for all other information, including information submitted to or collected by the Provider or via any Provider Services, Blues is the data processor, also as defined under GDPR. In accordance with GDPR, we will provide EU data subjects with applicable rights, which may include the following:
- Right of confirmation;
- Right of access;
- Right to rectification;
- Right to erasure;
- Right of restriction of processing;
- Right to data portability;
- Right to object;
- Right to withdraw data protection consent; and
- Right to lodge a complaint with a supervisory authority.
Notice of Privacy Rights to California Residents. The following provisions of this Section 7 (Notice of Privacy Rights to California Residents) apply if you are a California resident. If you submit a request to a Provider that is related to your privacy rights as a California resident, then we will cooperate with such Provider in accommodating your request.
- Shine the Light Law. California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personal Information to third parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personal Information to third parties for their direct marketing purposes.
- California Consumer Privacy Act Disclosure. The California Consumer Privacy Act (the “CCPA”) provides various rights to individuals and households with respect to the collection and use of Personal Information that we have collected about California residents. We use the term “resident” to refer to a California resident to whom the CCPA applies. Among other rights under the CCPA, as further set out in this Section, a resident has the right to request that we (i) disclose to the resident Personal Information that we have about such resident (including Personal Information about such resident that is sold), and (ii) subject to certain exceptions, delete Personal Information that we have about such resident. A resident may request a copy of the following using the mechanism set out in Section 7.3 (Submission of a Consumer Request): (a) the categories of Personal Information we collected about such resident; (b) the categories of sources from which the Personal Information is collected; (c) the business or commercial purpose for collecting or selling the Personal Information; (d) the categories of third parties with whom we share Personal Information; and (e) the specific pieces of Personal Information we have collected about such resident. A resident may submit a request for such information no more than twice in any twelve (12) month period, and our disclosure of such requested information shall only cover the twelve (12) month period preceding our receipt of such request. Additionally, a resident may request that we delete such resident’s Personal Information using the mechanism set out in Section 7.3 (Submission of a Consumer Request). A resident’s rights as to such deletion requests are set out in Section 5.3 (Retention).
- Submission of a Consumer Request. We are in the process of implementing a web-based form and toll-free number for residents to submit requests to us to access or delete their Personal Information. In the interim, please submit such requests to the email address provided in Section 11 (Contact Information). We will respond to your request within forty-five (45) days or as otherwise permitted by applicable law.
- Feedback. We want to encourage your feedback. If you have a suggestion or concerns you would like us to address, please contact us using the contact information provided in Section 11 (Contact Information). Certain states may provide you with additional avenues for lodging complaints. Please check with your state’s consumer protection authority.
- Third-Party Websites. Communications from Blues may contain links to websites operated by third parties. You acknowledge and agree that Blues is not responsible for the collection and use of your information by such websites that are not under our control. Blues encourages you to review the privacy policies of each website you visit.
- Children’s Information. The Blues Offerings are not directed to, nor does Blues knowingly collect information from, children under the age of 13 in connection with the Blues Offerings. If you become aware that your child or any child under your care has provided information without your consent, please contact Blues immediately using the contact information provided in Section 11 (Contact Information).
- Further Resources. If you wish further information concerning privacy policies in general, you should visit the following site: http://www.ftc.gov/privacy/index.html.