Blueshift Labs, Inc.
Effective Date: December 1, 2021
TRUSTe LLC Independent GDPR Privacy Practices Compliance Validation Findings Summary
Open PDF »
Blueshift Labs, Inc.
433 California Street
Suite 600 (6th Floor)
San Francisco, CA 94104
EU/UK data subjects have the right to lodge a complaint with a supervisory authority concerning Blueshift’s data processing activities.
VeraSafe has been appointed as Blueshift’s representative under the EU Network and Information Systems Directive (EU 2016/1148) in Ireland and, as the Directive has been transposed into the laws of the United Kingdom (UK), the UK. If you represent a competent authority or CSIRT, as such terms are defined under the Directive, VeraSafe may be contacted on matters regulated under the Directive, in addition to email@example.com, by means of the below contact information.
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
How We Use and Collect Your Information
If you use our Services or communicate with us (by phone, chat, email, web forms, social media or other means of communication), you may be required to provide us certain information and Personal Data, in the following ways:
We receive and store any information you knowingly provide to us when you browse our website, submit information or contact us such as your name, email address, and browser information. If you become a client of ours, additional information will be obtained to provide you with the Services and process your payments.
Your provision of Personal Data may be required to use certain parts of our Platform Services, for example if you send us a support request. If you do not provide such Personal Data, you may not be able to access and use our Site and/or our Platform Services, or parts of it.
In using our Services as our client, we will also receive and store any information you choose to provide us with respect to your customers (“End User Customers”). The End User Customer information (“End User Customer Information”) we receive and store typically includes names and email addresses of your customers along with any other information you choose to provide us.
We may transfer personal information to companies that help us provide our Services; the provisions in this Policy and the service agreements cover transfers to such subsequent third parties such as credit card processors.
Cookies and Similar Technologies
When you use our Services, your browser may send us certain information about you as described below.
Log File Information: Log file information is automatically reported by your browser each time you access a web page on our Services. When you access the Services, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. We may link this automatically collected data to personal information.
Click here to learn more about how to change your browser settings and manage your cookies
Clear Gifs: We along with our partners, affiliates, and service providers use clear gifs. When you access our Services, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns of our users. No personal information from your Blueshift account is collected using these clear gifs. The information is used to enable more accurate reporting, improve the effectiveness of our Services, and make Blueshift better for our users and partners.
E-Tags: We along with our partners, affiliates, and service providers use E-Tags. E-Tag is a technology that is part of the standard HTTP protocol that allows our website to validate temporary storage (cache) of our pages and images. This ensures that you are viewing the latest version of our website since your last visit.
Third Party HTML5 (Local Storage): Our partners, affiliates, and service providers use Local Storage (LS) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSs.
Blueshift processes the Personal Data provided in the context of a job application for the purpose of processing the application.
Legal basis for Collecting Personal Data
Blueshift processes Personal Data on the following legal basis:
- your consent to such processing;
- for the performance of a contract between Blueshift and you or to take steps prior to entering into such a contract;
- our legitimate interest for the performance of a contract between Blueshift and your employer (our business partner), or to take steps prior to entering into a contract between Blueshift and your employer (our business partner);
- our legitimate interest, where – in all circumstances – Blueshift will limit such processing to what is necessary for its purpose and includes following:
- transfers of employee/ business partner data for admin purposes within the Blueshift;
- product development and enhancement– where the processing enables us to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our clients, and to better understand how people interact with our Services;
- communications, marketing and intelligence – including processing data for direct marketing purposes and to determine the effectiveness of our promotional campaigns and advertising;
- fraud detection and prevention (crime prevention);
- industry watch-lists and industry self-regulatory schemes;
- enhancement of our cybersecurity, including improving the security of our network and information systems; and general corporate operations and due diligence;
- compliance with our legal obligations.
Sharing of Your Personal Data
Blueshift will not rent or sell your personal information to others.
We may store personal information in locations outside the direct control of Blueshift (for instance, on servers or databases co-located with hosting providers). Any personal information you elect to make publicly available on the Services, such as posting comments on our blog page, will be available to others online. If you remove information that you have made public on our Services, copies may remain viewable in cached and archived pages of the Services, or if other users have copied or saved that information. To request the removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Blueshift does not sell Personal Data, where the word ‘sell’ is used as it is defined in the California Consumer Privacy Act (CCPA).
We display personal testimonials of satisfied clients on our website in addition to other endorsements. If we do so, it will be with your consent. If you wish to update or delete your testimonial, you can contact us at email@example.com.
In certain situations, Blueshift may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Blueshift will disclose your information where required to do so by law such as to comply with a subpoena or legal process, or if we reasonably believe that such action is necessary to (a) comply with the law or in response to a reasonable requests of law enforcement; (b) to enforce our Website Terms of Service or to protect the security or integrity of our Services; and/or (c) in good faith to exercise or protect the rights, property, or personal safety of Blueshift, our users or others.
We may buy or sell/divest/transfer Blueshift (including any shares in Blueshift), or any combination of its products, services, assets and/or businesses. Your information such as client names and email addresses, and other user information related to our Services may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Your Rights to Your Personal Data
We respect your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event, we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such requests, please email us at firstname.lastname@example.org.
Please note that for Personal Data about you that we have obtained or received for processing on behalf of our clients which are separate, unaffiliated entity–which determined the means and purposes of processing, all such requests should be made to that entity directly. We will honor and support any instructions they provide us with respect to your personal information.
You may at any time withdraw any consent that you have provided to us to process your information, by contacting us at email@example.com.
Marketing Preference / Opt-Out
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or you can contact us at firstname.lastname@example.org.
We will also send you Services-related email announcements on rare occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt-out of these emails, which are not promotional in nature.
Storage and Processing
Information collected through our Services may be stored and processed in the United States or any other country in which Blueshift or its subsidiaries, affiliates or service providers maintain facilities. Blueshift may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world
How We Protect Your Information
Blueshift is concerned with protecting your privacy and data. The security and confidentiality of your personal information is very important to us We have implemented commercially reasonable technical and organizational safeguards to appropriately protect your personal information against accidental, unauthorized, or unlawful access, use, loss, destruction or damage.
When you enter sensitive information (such as credit card number) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Services, you can contact us at email@example.com.
Advertising Choice and Control
Information Related to Data Collected through the Platform Service
End-User Choice and Access
We collect information for our clients; if you are an End User Customer of one of our clients and would no longer like to be contacted by our clients that use our Services, please contact them directly. We may transfer personal information to companies that help us provide our Services. Transfers to subsequent third parties are covered by the service agreements with our clients. An End User Customer who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query with our client(s) that use our Services directly. If our clients request that we remove such data, we will respond to your request within a reasonable time.
If you are a Blueshift client, you can review, and correct, update or delete inaccuracies to the information about you that Blueshift keeps on file by logging into your Blueshift account. Alternately, you can contact us directly at firstname.lastname@example.org. We will respond to your request to access within a reasonable time.
We respect your rights and control over your personal data. You may exercise any of the following rights by logging into your Blueshift account, or emailing us at email@example.com. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.
Right of Access – the right to be informed of and request access to the personal data we process about you;
Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete;
Right to Erasure – the right to request that we delete your personal data;
Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data;
Right to Object – the right, at any time, to object to us processing your personal data on grounds relating to your particular situation; the right to object to your personal data being processed for direct marketing purposes; and
Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.
Our Retention of your Personal Data
We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so. We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. Blueshift may also retain your Personal Data during the period needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
Protecting the privacy of young children is especially important. For that reason, Blueshift does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to access or use the Services or to provide any personal information to Blueshift. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Links to Other Websites
Social Media Widgets
EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield
Notwithstanding the fact that it has been held to no longer provide a valid mechanism for transfers of Personal Data from the EU to the U.S., Blueshift continues to participate in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. Blueshift is committed to subjecting all personal information received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List www.privacyshield.gov/list.
Blueshift is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Blueshift complies with the Privacy Shield Principles for all onward transfers of personal information from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Blueshift is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Blueshift may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/welcome, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Notice to Users Outside of the United States of America (Transfers)
Additionally, transfers of personal data from the European Union to the United States of America are made using the EU Commission’s Standard Contractual Clauses pursuant to the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 in accordance with applicable law. Please contact us for more information about this, or if you want to obtain a Data Processing Agreement and a copy of the Standard Contractual Clauses used.