Effective Date: December 1, 2021 | Last Reviewed: November 28, 2023

Coverage

This Privacy Policy covers our collection, use, and disclosure of information we collect through blueshift.com (“Site”) including our platform (“Platform”) at app.getblueshift.com (collectively known as “Services”), owned and operated by Blueshift Labs, Inc. (“Blueshift”, “we”, or “us”). Blueshift knows that you care how information about you is used and shared. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your personally identifiable data and personal information (“Personal Data”), as well as your rights in determining what we do with the information that we collect or hold about you. Blueshift is a third-party service provider and collects information under the direction of its clients, and has no direct relationship with individuals whose data its processes. We will not use or share your information with anyone except as described in this Privacy Policy. This Privacy Policy does not apply to information we collect offline. Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Website Terms of Service which is incorporated by reference. The use of information collected through our Services shall be limited to the purposes under this Privacy Policy and our Website Terms of Service.

Contacting Blueshift

If you have any questions about this Privacy Policy, if you have a complaint, or would like to contact our DPO, you may contact us at privacy@blueshift.com, or send mail to: Blueshift Labs, Inc. 433 California Street Suite 800 (8th Floor) San Francisco, CA 94104 EU/UK data subjects have the right to lodge a complaint with a supervisory authority concerning Blueshift’s data processing activities. VeraSafe has been appointed as Blueshift’s representative under the EU Network and Information Systems Directive (EU 2016/1148) in Ireland and, as the Directive has been transposed into the laws of the United Kingdom (UK), the UK. If you represent a competent authority or CSIRT, as such terms are defined under the Directive, VeraSafe may be contacted on matters regulated under the Directive, in addition to privacy@blueshift.com, by means of the below contact information. VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland Contact form: https://verasafe.com/public-resources/contact-data-protection-representative VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom Contact form: https://verasafe.com/public-resources/contact-data-protection-representative

How We Use and Collect Your Information

If you use our Services or communicate with us (by phone, chat, email, web forms, social media or other means of communication), you may be required to provide us certain information and Personal Data, in the following ways:

Personal Information

We receive and store any information you knowingly provide to us when you browse our website, submit information or contact us such as your name, email address, and browser information. If you become a client of ours, additional information will be obtained to provide you with the Services and process your payments.  Your provision of Personal Data may be required to use certain parts of our Platform Services, for example if you send us a support request. If you do not provide such Personal Data, you may not be able to access and use our Site and/or our Platform Services, or parts of it. In using our Services as our client, we will also receive and store any information you choose to provide us with respect to your customers (“End User Customers”). The End User Customer information (“End User Customer Information”) we receive and store typically includes names and email addresses of your customers along with any other information you choose to provide us. We may transfer personal information to companies that help us provide our Services; the provisions in this Policy and the service agreements cover transfers to such subsequent third parties such as credit card processors.

Cookies and Similar Technologies

When you use our Services, your browser may send us certain information about you as described below.

Log File Information:

Log file information is automatically reported by your browser each time you access a web page on our Services. When you access the Services, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. We may link this automatically collected data to personal information.

Cookies Information: 

We along with our partners, affiliates, and service providers use cookies. We may send one or more cookies — small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us learn about your behavior and usage patterns when you are on our Services. A cookie does not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the Services. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Services. Our partners, affiliates, and service providers use cookies to: (a) monitor the effectiveness of our Services and the offerings of our partners; (b) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (c) diagnose or fix technology problems; (d) and allow our business partners to deliver advertisements to you as described below. We do not control these third-party tracking technologies or how they may be used. Click here to learn more about how to change your browser settings and manage your cookies.

Clear Gifs:

We along with our partners, affiliates, and service providers use clear gifs. When you access our Services, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns of our users. No personal information from your Blueshift account is collected using these clear gifs. The information is used to enable more accurate reporting, improve the effectiveness of our Services, and make Blueshift better for our users and partners.

JavaScript: 

We along with our partners, affiliates, and service providers use JavaScript. JavaScript is a dynamic object-oriented computer programming language. JavaScript is used to understand user behavior on our website.

E-Tags: 

We along with our partners, affiliates, and service providers use E-Tags. E-Tag is a technology that is part of the standard HTTP protocol that allows our website to validate temporary storage (cache) of our pages and images. This ensures that you are viewing the latest version of our website since your last visit.

Third Party HTML5 (Local Storage): 

Our partners, affiliates, and service providers use Local Storage (LS) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSs.

Advertising

We may partner with third parties to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt-out of interest-based advertising click here or if located in the European Union click here. Please note you will continue to receive generic ads.

Job Applications

Blueshift processes the Personal Data provided in the context of a job application for the purpose of processing the application.

Legal basis for Collecting Personal Data

Blueshift processes Personal Data on the following legal basis:

  • your consent to such processing;
  • for the performance of a contract between Blueshift and you or to take steps prior to entering into such a contract;
  • our legitimate interest for the performance of a contract between Blueshift and your employer (our business partner), or to take steps prior to entering into a contract between Blueshift and your employer (our business partner);
  • our legitimate interest, where – in all circumstances – Blueshift will limit such processing to what is necessary for its purpose and includes following:
    • transfers of employee/ business partner data for admin purposes within the Blueshift;
    • product development and enhancement– where the processing enables us to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our clients, and to better understand how people interact with our Services;
    • communications, marketing and intelligence – including processing data for direct marketing purposes and to determine the effectiveness of our promotional campaigns and advertising;
    • fraud detection and prevention (crime prevention);
    • industry watch-lists and industry self-regulatory schemes;
    • enhancement of our cybersecurity, including improving the security of our network and information systems; and general corporate operations and due diligence;
  • compliance with our legal obligations.

Sharing of Your Personal Data

Blueshift will not rent or sell your personal information to others.  We may store personal information in locations outside the direct control of Blueshift (for instance, on servers or databases co-located with hosting providers). Any personal information you elect to make publicly available on the Services, such as posting comments on our blog page, will be available to others online. If you remove information that you have made public on our Services, copies may remain viewable in cached and archived pages of the Services, or if other users have copied or saved that information. To request the removal of your personal information from our blog or community forum, contact us at privacy@blueshift.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We may share your Personal Data collected from you as described in this Privacy Policy with third-party service providers who need to access the Personal Data in order to perform Services on behalf of Blueshift, in connection with customer or technical support, marketing (including providing analytics services on our behalf), recruiting, operations, account management, and general business purposes on our behalf. The third-party service providers are limited to using the Personal Data solely to provide the Services to us and are bound by contractual obligations to keep Personal Data confidential and to use it only for the purposes for which we disclose it to them.  We may transfer personal information to companies that help us provide our Services; the provisions in this Privacy Policy and the service agreements cover transfers to such subsequent third parties such as credit card processors. Blueshift does not sell Personal Data, where the word ‘sell’ is used as it is defined in the California Consumer Privacy Act (CCPA). We display personal testimonials of satisfied clients on our website in addition to other endorsements. If we do so, it will be with your consent. If you wish to update or delete your testimonial, you can contact us at privacy@blueshift.com. In certain situations, Blueshift may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Blueshift will disclose your information where required to do so by law such as to comply with a subpoena or legal process, or if we reasonably believe that such action is necessary to (a) comply with the law or in response to a reasonable requests of law enforcement; (b) to enforce our Website Terms of Service or to protect the security or integrity of our Services; and/or (c) in good faith to exercise or protect the rights, property, or personal safety of Blueshift, our users or others. We may buy or sell/divest/transfer Blueshift (including any shares in Blueshift), or any combination of its products, services, assets and/or businesses. Your information such as client names and email addresses, and other user information related to our Services may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Your Rights to Your Personal Data

We respect your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event, we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such requests, please email us at privacy@blueshift.com. Please note that for Personal Data about you that we have obtained or received for processing on behalf of our clients which are separate, unaffiliated entity–which determined the means and purposes of processing, all such requests should be made to that entity directly. We will honor and support any instructions they provide us with respect to your personal information. You may at any time withdraw any consent that you have provided to us to process your information, by contacting us at privacy@blueshift.com.

Marketing Preference / Opt-Out

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or you can contact us at privacy@blueshift.com. We will also send you Services-related email announcements on rare occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt-out of these emails, which are not promotional in nature.

Storage and Processing

Information collected through our Services may be stored and processed in the United States or any other country in which Blueshift or its subsidiaries, affiliates or service providers maintain facilities. Blueshift may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world.

How We Protect Your Information

Blueshift is concerned with protecting your privacy and data. The security and confidentiality of your personal information is very important to us We have implemented commercially reasonable technical and organizational safeguards to appropriately protect your personal information against accidental, unauthorized, or unlawful access, use, loss, destruction or damage.   When you enter sensitive information (such as credit card number) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Services, you can contact us at privacy@blueshift.com.

Advertising Choice and Control

As described in this Privacy Policy, third parties may use cookies and similar tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements by clicking here (or if located in the European Union click here). Please note that you will continue to see advertisements, but they will no longer be tailored to your interests.

Information Related to Data Collected through the Platform Service End-User Choice and Access

We collect information for our clients; if you are an End User Customer of one of our clients and would no longer like to be contacted by our clients that use our Services, please contact them directly. We may transfer personal information to companies that help us provide our Services. Transfers to subsequent third parties are covered by the service agreements with our clients. An End User Customer who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query with our client(s) that use our Services directly. If our clients request that we remove such data, we will respond to your request within a reasonable time. Client Access If you are a Blueshift client, you can review, and correct, update or delete inaccuracies to the information about you that Blueshift keeps on file by logging into your Blueshift account. Alternately, you can contact us directly at privacy@blueshift.com. We will respond to your request to access within a reasonable time. We respect your rights and control over your personal data.  You may exercise any of the following rights by logging into your Blueshift account, or emailing us at privacy@blueshift.com.  Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.   Right of Access – the right to be informed of and request access to the personal data we process about you; Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete; Right to Erasure – the right to request that we delete your personal data; Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data; Right to Object – the right, at any time, to object to us processing your personal data on grounds relating to your particular situation; the right to object to your personal data being processed for direct marketing purposes; and Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.

Our Retention of your Personal Data

We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so. We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. Blueshift may also retain your Personal Data during the period needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

Children’s Privacy

Protecting the privacy of young children is especially important. For that reason, Blueshift does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to access or use the Services or to provide any personal information to Blueshift. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at privacy@blueshift.com.

Notification Procedures

It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business-related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on the Services, as determined by Blueshift in its sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt-out of certain means of notification as described in this Privacy Policy.

Links to Other Websites

We are not responsible for the practices employed by websites or services linked to or from the Services, including the information or content contained therein. Please remember that when you use a link to go from the Services to another website, our Privacy Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link or advertisement on our website, are subject to that third party’s own rules and policies.

Social Media Widgets

Our website includes social media features, such as a Facebook button and widgets, the Twitter button, or interactive mini-programs that run on our website. These features may collect your IP address, track which pages you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing these features.

Changes to Our Privacy Policy

If we change our privacy policies and procedures materially, we will post those changes on the Services to keep you aware of what information we collect, how we use it, and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on this page. When we change the policy in a material manner we will let you know via prominent notice on our Web site, prior to the change becoming effective and update the ‘effective date’ at the top of this page.

Participation in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

Blueshift participates in the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) administered by the U.S. Department of Commerce. Blueshift commits to comply with the DPF Principles with respect to Personal Data Blueshift receives from the EU, United Kingdom and Switzerland in reliance on the DPF. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Blueshift is responsible for the processing of personal data it receives under the DPF, and subsequently transfers to a third party acting as an agent on its behalf and for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

In compliance with the DPF Blueshift commits to resolve complaints about our collection or use of your personal information. EU, Swiss and/or  UK individuals with inquiries or complaints regarding our Privacy policy should first contact us at: privacy@blueshift.com

Blueshift has further committed to cooperate with and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), and the UK Information Commissioner’s Office (ICO), and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF.

Finally, as a last resort and under limited circumstances, if your DPF complaint cannot be resolved through the above channels, EU, UK and Swiss individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

The Federal Trade Commission has jurisdiction over Blueshift’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Notice to Users Outside of the United States of America (Transfers)

Any information you enter on this Site or that we collect through our Services may be transferred outside of the country in which you are located, to the United States of America, which does not offer an equivalent level of protection to that required in other countries, such as the European Union. In particular, you are advised that the United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. The European Union’s General Data Protection Regulation (“GDPR”) allows for transfer of personal data from the European Union to a third country in certain situations. By agreeing to the Website Terms of Service and this Privacy Policy, you agree and consent to the transfer of all such information to the United States of America which may not offer an equivalent level of protection to that required in other countries, particularly the European Union, and to the processing of that information by Blueshift on servers located in the United States of America as described in this Privacy Policy. Additionally, transfers of personal data from the European Union to the United States of America are made using the DPF  or the EU Commission’s Standard Contractual Clauses pursuant to the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 in accordance with applicable law. Please contact us for more information about this, or if you want to obtain a Data Processing Agreement and a copy of the Standard Contractual Clauses used.