Effective September 2, 2022
COLLECTION OF PERSONAL INFORMATION
The categories below describe the personal information we collect about you and the sources from which we collect those categories of personal information.
USE OF PERSONAL INFORMATION
We may use your information for the following purposes:
• Sending you communications and administrative emails;
• Personalizing and tailoring the features, performance and support of the Website;
• Identifying you as a user on the Website;
• For the performance of a contract between you and us;
• Sending you promotional/marketing information, advertising, newsletters, offers or other information from us;
• Sending you promotional/marketing information, advertising, offers or other information from us related to our affiliate partners;
• Providing support related to your account or your use of or activity on the Website;
• Better understanding your interests and preferences to provide you with opportunities and functionality that we think would be of particular interest;
• Analyzing, benchmarking and conducting research on user data and interactions with the Website;
• Processing services, maintaining user accounts, resolving disputes, preventing fraud and verifying your identity;
• Monitoring, maintaining, administering and improving Website performance;
• Protecting your, our, or third parties’ networks, systems, property, or physical safety;
• Complying with requests from regulatory agencies, law enforcement, and other public and government authorities, as well as with relevant industry standards and policies;
• Enforcing our contracts, terms, and conditions or otherwise exercising our legal rights; defending ourselves from claims; and complying with laws and regulations that apply to us or third parties with whom we work;
• Aggregating the information collected via cookies and similar technologies to use in statistical analysis to help us track trends and analyze patterns, and conduct research and product development;
• Participating in any merger, acquisition, or other corporate transaction;
• Meeting our or third parties' audit and compliance requirements; or
• For any other purposes that we may specifically disclose at the time you provide or we collect your information.
Anonymized or Aggregated Information
We may also use data that we collect on an aggregate or anonymous basis (such that it does not identify any individual users) for various business purposes, where permissible under applicable laws and regulations.
How Long Your Personal Information Will Be Kept
We will keep your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we will keep your personal information for as long as is necessary:
• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
SHARING OF PERSONAL INFORMATION WITH OTHER ENTITIES
Applicable law requires that we identify the categories of personal information we share for business purposes. We disclose the following categories of personal information for business purposes: Personal identifiers, device and online identifiers, log information, information about your internet, browser, mobile devices, network activity, and location data.
We may share your information with the following types of entities or in the following situations:
Service providers: We engage service providers to facilitate our operation of the Website and provide the Services. These service providers analyze information about the Website and your use of the Website. Information disclosed for these purposes may include device and online identifiers, ISP information, session ID and /or session log data, information about your internet, browser, and network activity, and location data.
Legal authorities, emergency responders and other legal requirements: We may disclose personal information to third parties as permitted by, or to comply with, applicable laws, regulations, or legal obligations, including but not limited to responding to a subpoena or similar legal process, protecting against fraud, cooperating with law enforcement or regulatory authorities, protecting and defending the rights or property of Blue Onion, preventing or investigating possible wrongdoing in connection with the Website/Services, protecting the personal safety of users of the service or the public, and protecting against legal liability. Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.
For Business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company.
With Business partners: We may share your information with our business partners to offer you certain products, services or promotions.
With other users: when you share personal information or otherwise interact in the public areas of the Website with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through, e.g., a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you and view your profile.
Cookies and Other Tracking Technologies
Cookies are small pieces of data sent from a website and stored on a device. Cookies may enable us to capture and compile statistical information about how you use our online services, including information relating to your device’s IP address, the frequency of your visits, readership data (such as the average length of visits, which pages are viewed or shared during a visit or other interactions with our content, such as time spent viewing videos, PDFs read and links clicked), authentication information, acceptance or rejection of website terms, and periods of inactivity. To learn more about cookies, including information on what cookies have been set on your device and how cookies can be managed and deleted, visit https://www.allaboutcookies.org/
Our online services also use web beacons. Web beacons are invisible tags and may be placed on a webpage, in advertisements, or in an email or other message. They usually work in conjunction with cookies, registering when a particular device visits a particular page. For example, web beacons may count the number of individuals who visit our Website from a particular advertisement or who enroll in a service after viewing a particular advertisement.
“Clickstream” data (e.g., information regarding which of our Website pages you access, the frequency of such access, and your product and service preferences) may be collected by Blue Onion itself, or by our service providers, using cookies, web beacons, page tags, or similar tools that are set when you visit the Website or when you view an advertisement we may have placed on another website. Clickstream data and similar information may be shared internally within Blue Onion and used for administrative purposes to assess the usage, value and performance of our online products and services; to improve your experience with the Website; and as otherwise permitted by applicable law or regulation. This information may be processed by us for the purposes described above, or on our behalf by other entities, solely in accordance with our instructions.
How We Use These Technologies
We, our services providers, and third party business partners may use information collected from cookies, web beacons, and similar technologies for the following purposes:
to allow our online services to operate as you have requested;
to understand how our online services are accessed and used;
to recognize you when you return to our Website;
to assess the effectiveness of advertising and readership content;
to deliver marketing communications that may be of interest to you, including ads or offers tailored to you; and
for other purposes described above under “USE OF PERSONAL INFORMATION.”
We may combine the information that we collect through cookies, web beacons and similar technologies with other personal information we have collected from you from both online and offline sources.
We may work with service providers to promote our products and services both on the Website and other websites. For example, if you visit a page on the Website or third-party websites that provides information about one of our products or services, a cookie may be placed on your browser or device that identifies the product or service you viewed. This information allows us, our service providers, and our third-party business partners to deliver more relevant and tailored content, such as ads for that particular product or service.
Other than service providers, we do not allow unaffiliated third parties to collect personal information about your activities on the Website. Nor do we serve ads promoting unaffiliated third party products or services on the Website.
Managing Your Preferences
You can also opt out of online targeted advertising by companies participating in the Digital Advertising Alliance by visiting https://www.aboutads.info/choices.
Do Not Track Policy
Most browsers can be set to send signals to third party websites requesting them not to track the user’s activities. At this time, we do not respond to “do not track” signals. Consequently, our third party service providers may indeed track and collect information about your online activities over time while navigating to, from and on our online services, notwithstanding any “do not track” signals we may receive.
Our Security Procedures
Our goal is to protect your personal information submitted to us through our online services. We maintain reasonable physical, electronic, and procedural safeguards that comply with applicable law to guard nonpublic personal information about you against loss, misuse or unauthorized access, disclosure, alteration or destruction of the information you have provided to us through our online services. We have internal policies governing the proper handling of consumer information by personnel and requiring third parties that provide support or marketing services on our behalf to adhere to appropriate security standards with respect to such information. The security of your personal information is important to us, but please note that no method of transmission over the Internet, or method of electronic storage is perfectly secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Links to Other Websites
Detailed Information on the Processing of Your Personal Information
Our third-party service providers have access to your personal information only to perform their tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We use Google Cloud Platform to power our Website, you can read more about how Google uses your Personal Information here: https://policies.google.com/privacy.
We also use Salesforce Heroku to power our Website, you can read more about how Heroku uses your Personal Information here: https://www.salesforce.com/company/privacy/.
We also use Webflow to power our Website, you can read more about how Webflow uses your Personal Information here: https://webflow.com/legal/privacy.
We also use Medium to power our Website, you can read more about how Medium uses your Personal Information here: https://policy.medium.com/medium-privacy-policy-f03bf92035c9.
We use Google Analytics to help us understand how our customers use our Website and to optimize the service and user experience. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page, as amended from time to time, at https://policies.google.com/privacy?hl=en. We also encourage you to review the Google's policy for safeguarding your data, amended from time to time, at https://support.google.com/analytics/answer/6004245. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use PostHog to help us understand how our customers use our Website and to optimize the service and user experience. For more information on the privacy practices of service provider, please visit its policy at https://posthog.com/privacy.
We use FullStory to help us understand how our customers use our Website and to optimize the service and user experience. For more information on the privacy practices of service provider, please visit its policy at https://www.fullstory.com/legal/privacy-policy.
We use Sentry as an open-source error tracking solution provided by Functional Software Inc. Your use of the Website may be subject to additional terms and services, which you should review.
We use YouTube to host and serve content on our Website. You can read more about how YouTube uses your Personal Information here: https://policies.google.com/privacy?hl=en-US
We may use third party partnership ecosystem platform tool supplier to manage our partnership relationships with service providers. Third party services that we use for this or may use Crossbeam or Partner Stack. For more information about these services and their privacy policies, please visit their websites:
Partner Stack: https://partnerstack.com/policies#privacy-policy
We may use third party email marketing service providers to manage and send emails to you. We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. Third party services that we used or may use in the future include:
Intuit MailChimp: For more information about these services and their privacy policies, please visit their website. (https://www.intuit.com/privacy/statement/)
Twilio Send Grid: For more information about these services and their privacy policies, please visit their websites. (https://www.twilio.com/legal/privacy)
HubSpot: For more information about these services and their privacy policies, please visit their websites. (https://legal.hubspot.com/privacy-policy)
Postmark: For more information about these services and their privacy policies, please visit their websites. (https://postmarkapp.com/privacy-policy)
As described above, we use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We may use the following providers for such advertising and you can learn more about these providers’ privacy policies or opt out of targeted advertising from these providers by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
PROTECTING CHILDREN’S PRIVACY ONLINE
Our online services are not directed to or intended for individuals under 18 years of age.
California residents should be aware that this section does not apply to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations, the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994; or other information subject to a California Consumer Privacy Act (CCPA) exception.
Your Rights under the CCPA
The right to notice. You must be properly notified which categories of personal information are being collected and the purposes for which the personal information is being used.
The right to access / the right to request. The CCPA permits you to request and obtain from us information regarding the disclosure of your personal information that has been collected in the past 12 months by us or its subsidiaries to a third-party for the third party's direct marketing purposes.
The right to say no to the sale of personal information. You also have the right to ask us not to sell your personal information to third parties.
The right to know about your personal information. You have the right to request and obtain from the Company information regarding the disclosure of the following:
• The categories of personal information collected
• The sources from which the personal information was collected
• The business or commercial purpose for collecting or selling the personal information
• Categories of third parties with whom we share personal information
• The specific pieces of personal information we collected about you
The right to delete personal information. You also have the right to request the deletion of your personal information that have been collected in the past 12 months.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer rights, including by:
• Denying goods or services to you
• Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
• Providing a different level or quality of goods or services to you
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your CCPA Data Protection Rights
In order to exercise any of your rights under the CCPA, and if you are a California resident, you can email us at firstname.lastname@example.org.
California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized agent to exercise certain of the rights listed above on your behalf by providing the authorized agent with power of attorney pursuant to the California Probate Code. If an authorized agent submits a request on your behalf, we will contact you to verify that they represent you.
Blue Onion will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.
Do Not Sell My Personal Information
We do not sell personal information. However, the third party service providers we partner with (for example, our advertising partners) may use technology on the Website that "sells" personal information as defined by the CCPA law. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the Do Not Sell My Personal Information link on our Website or by emailing us at email@example.com.
You can opt out of receiving ads that are personalized as served by our service providers by emailing us at firstname.lastname@example.org. Please note that any opt out is specific to the browser you use. You may need to opt out on every browser on every device that you use.
Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
• "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices
• "Limit Ad Tracking" on iOS devices
You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.
"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)
Our Website does not respond to Do Not Track signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track signals by visiting the preferences or settings page of Your web browser.
Your California Privacy Rights (California's Shine the Light law)
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their personal information with third parties for the third parties' direct marketing purposes. If you'd like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us by email at email@example.com.
Colorado law gives Colorado consumers the right to (i) access, correct, delete, or obtain a copy of their personal information in a portable format, and (ii) to request that a company not sell their personal information. If you are a Colorado consumer and wish to exercise these rights, please submit your request by emailing us at firstname.lastname@example.org.
Nevada law gives Nevada consumers the right to request that a company not sell their personal information. If you are a Nevada consumer and wish to exercise these rights, please submit your request by emailing us at email@example.com.
Virginia law gives Virginia consumers the right to (i) access, correct, delete, or obtain a copy of their personal information in a portable format, (ii) to request that a company not sell their personal information, (iii) to opt-out of the processing of their personal information for any targeted advertising, and (iv) not be discriminated against for exercising any of the data privacy rights granted. If you are a Virginia consumer and wish to exercise these rights, please submit your request by emailing us at firstname.lastname@example.org.
Legal Basis for Processing Personal Information under GDPR
We may process personal information under the following conditions:
• Consent - you have given your consent for processing personal information for one or more specific purposes.
• Performance of a contract - provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
• Legal obligations - processing personal information is necessary for compliance with a legal obligation to which we are subject.
• Vital interests - processing personal information is necessary in order to protect your vital interests or of another natural person.
• Public interests - processing personal information is related to a task that is carried out in the public interest or in the exercise of official authority vested in Blue Onion
• Legitimate interests: processing personal information is necessary for the purposes of the legitimate interests pursued by the Blue Onion
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of your personal information and to enable you to exercise your rights under the GDPR.
• Request access to your personal information. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us by email at email@example.com to assist you. This also enables you to receive a copy of the personal information we hold about you.
• Request correction of the personal information that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
• Object to processing of your personal information. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal information on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request erasure of Your personal information. You have the right to ask us to delete or remove personal information when there is no good reason for us to continue processing it.
• Request the transfer of Your personal information. We will provide to you, or to a third-party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please not that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw Your consent. You have the right to withdraw your consent on using your personal information. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Website.
Exercising of Your GDPR Data Protection Rights
You may exercise your rights of access, rectification, cancellation and opposition by contacting us by email at firstname.lastname@example.org. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, if You are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.
Contacting Our GDPR Data Protection Officer
We have designated a Data Protection Officer whom you have the right to contact with regard to all issues related to processing of your personal information and to the exercise of your rights under the GDPR. You may contact our Data Protection Officer by email at email@example.com.
EEA data subjects may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under the GDPR.
OUR OTHER PRIVACY POLICIES OR NOTICES
By email: firstname.lastname@example.org
Blue Onion Labs Inc.
ATTN: Privacy Compliance Officer
800 Third Avenue, Suite A #1592
New York, NY 10022