Bluecore, Inc. Privacy Policy

Bluecore’s published Privacy Policy includes four (4) distinct privacy contexts including privacy guidance for:

Overview: Definitions, Scope and Applicable Regulatory Information

About this policy

This privacy policy (“Policy”) describes how Bluecore, Inc. (hereinafter collectively referred to as the “Company,” “Bluecore,” “we,” “us” or “our”) collect, use and share Personal Information of consumers, users of this website http://www.bluecore.com (the “Site”) and other Bluecore websites, Bluecore’s corporate clients and Bluecore employee, contractors and employment applicants. Bluecore reserves the right to change the provisions of this Policy at any time. We will alert you that changes have been made by indicating on the Policy the date it was last updated. We encourage you to review this Policy whenever you visit our Site to make sure that you understand how any Personal Information you provide will be used.

What is Personal Information?

As used herein, the term “Personal Information” means information that directly or indirectly helps identify an individual (such as a name, address, telephone number, e-mail address, or other account number), and information about that individual’s activities, such as information about his or her use of Bluecore sites, products or services, when directly linked to personally identifiable information. Personal Information also includes demographic information such as date of birth, gender, geographic area and preferences when such information is linked to other Personal Information that identifies you. Personal Information encompasses personal data as defined within the European Union’s General Data Protection Regulation (“GDPR” or “EU GDPR”).

Personal Information does not include “aggregate” information, which is data we collect about the use of the Site or about a group or category of products, services or users, from which individual identities, identifiable information or other Personal Information has been irreversibly removed. In other words, information about how you use a service may be collected, de-identified and then combined with information about how others use the same service. Aggregate data helps Bluecore understand trends and users’ needs so that we can better consider new features or otherwise tailor our offerings. This Policy in no way restricts or limits our collection and use of aggregate information.

Compliance Frameworks

Data Privacy Framework (DPF)

Bluecore complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Bluecore has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Bluecore has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Bluecore commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Bluecore at: privacy@Bluecore.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Bluecore commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. See Annex I of the DPF Principles for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Bluecore has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Bluecore shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Bluecore proves that it is not responsible for the event giving rise to the damage.

The Federal Trade Commission has jurisdiction over Bluecore’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Bluecore may disclose personal information in response to lawful requests by US public authorities, including to meet national security or law enforcement requirements.

Use, Retention and Storage of Personal Information

The duration for which Bluecore retains Personal Information depends on the purposes for which it is used. Bluecore will maintain Personal Information for as long as a user is a registered subscriber to Bluecore products, is a user that has supplied data processing consent to an active Bluecore client or partner, or for as long as Bluecore has a legal basis and business purpose to do so and, thereafter, for no longer than is required or permitted by law, or Bluecore’s Data Retention Policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide users with feedback or information that is requested. The information Bluecore collects will be stored and processed in servers in the United States. 

Security of Personal Information

Bluecore aims to protect the confidentiality, integrity and availability of data by taking reasonable steps given the context of the engagement in which data is provided to protect Personal Information from loss, misuse, interference, unauthorized access, disclosure, alteration, and destruction.

Bluecore adheres to a strict “data privacy by design” process that requires security and privacy diligence at all stages of the development, implementation, and operation of a product. This process ensures that the collection, use, storage, transmission or deletion of Personal Information is conducted in accordance with the GDPR, including data minimization, limited retention or appropriate data security. From the earliest stage of conception and development, risks are identified and documented and sound security measures are identified and encoded in the software as part of the service. The resulting security posture ensures adequate security is present within the entire product life cycle.

Use of Personal Information

When we process your personal information, we will only do so for the following reasons:

Bluecore may use your Personal Information to:

Sharing of Personal Information

Personal Information will only be shared with third parties in the following limited circumstances:

Your Privacy Rights

Children’s Privacy

Bluecore’s products and services are not targeted to or intended for children below the age of 13. If a user is not of sufficient age to enter legally binding agreements in the applicable jurisdiction, that user may not use Bluecore products unless necessary parental consent has been obtained. If it is believed that Bluecore has received information from a person protected under child protection laws where necessary parental consent was not obtained, please notify Bluecore immediately, and steps will be taken to securely remove that information.  Bluecore does not knowingly use Personal Information from children for any purpose except to deliver the products that are committed to Bluecore clients. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please notify us using the contact details below.

Consent

You may withdraw your consent to process your personal information at any time. If you do so, you may be unable to use some of the Sites. You may “opt out” of receiving marketing or promotional communications from us by following the instructions in those communications. If you opt out, we may still send you non-promotional service emails, such as essential communications about your account or our ongoing business relations.

You can contact us directly at privacy@bluecore.com or by writing to us at 222 Broadway

16th Floor, New York, NY 10038, USA to exercise your privacy rights.

To control the loading of scripts and cookies and any associated data sharing that takes place on the Site, you can use the tool accessible here:

Individuals in the US

Some states grant you certain rights and control over your information. Those rights may include:

Opting out of the sale or sharing of your personal information. We do not sell your personal information for money. However, we partner with a variety of companies, including ad networks, to improve the Site and to share personal information used to market services to you by these third parties. These transfers can be deemed a sale under some data privacy laws.

You may opt out of the sale of your personal information or the sharing to a third party for targeted advertising by contacting us using the methods above.

Verification Process and Required Information. All requests must be verified. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity. If we cannot verify your identity based on the information provided, a request for a copy of your data will be treated as a request for information and if we cannot verify your identity, a request to delete personal information may be treated as a request to opt-out of the sale of personal information.

If you wish to appeal a decision regarding your rights, please contact us at privacy@bluecore.com.

Authorized Agent. You may designate an authorized agent to make a request on your behalf. An Authorized Agent must have written documentation of their authority to act on your behalf, such as a Power of Attorney.

Individuals in Europe

If you are in the EEA, UK or Switzerland, you have the following rights:

Lodging a Complaint. If you believe that we have not complied with applicable data protection laws you have the right to lodge a complaint with the local data protection authority. The EU Commission provides a list of supervisory authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The UK Information Commissioner’s Office can be contacted at https://ico.org.uk/global/contact-us/.

How to Request Action on Personal Information

With respect to Personal Information gathered within any of the four contexts included below, an individual who seeks access or who seeks to correct, amend, or delete inaccurate Personal Information, or limit the processing or sharing of their Personal Information, should contact privacy@bluecore.com.

In such a request, please make clear: (i) what Personal Information is concerned; and (ii) which of the above rights (i.e. opt out, restrict, object, access, correct, or delete) you would like to enforce.  For your protection, Bluecore may only implement requests with respect to the Personal Information associated with the email address that was used to send the request, and Bluecore may need to verify the identity of the user behind a request before taking action. Bluecore will comply with privacy-related requests as soon as reasonably practicable and in any event, within 30 days of the request. Please note that Bluecore may need to retain certain information for recordkeeping purposes and/or to complete any transactions that began prior to requesting such change or deletion.

Individuals submitting requests should refrain from providing additional Personal Information such as address, phone number, government identifiers, photos or any type of personal documentation.  Any such data does not need to accompany the request for action.

With respect to Personal Information gathered through a third party, access and other similar rights will be managed by that third party and governed by such third party’s privacy policy.

Context 1: Visitors to Bluecore.com and other Bluecore, Inc. owned and operated websites

Data Collected by Bluecore, Inc. websites

We may collect your Personal Information, specifically your email address, in a variety of ways, including:

Cookies

Bluecore may process Personal Information using “cookies.” Cookies are small data files stored on your hard drive by a website. Cookies help us make our Site and your visit better. We use cookies to see which parts of our Site people use and like and to count visits to our Site.

For a full list of cookies served on the Bluecore website, please click here.

Web Beacons

Bluecore may process Personal Information using digital images called web beacons on our Site or in emails. Web beacons are used to manage cookies, count visits, and to learn what marketing works and what does not. Web beacons are also used to determine if a user opens or acts on a Bluecore email message.

Do Not Track

Bluecore’s websites respond to “do not track” settings in browsers.

Information choices and changes

Bluecore marketing emails include instructions on how to “opt-out,” or you can send an email at info@bluecore.com to unsubscribe. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you. You can request to change contact choices, opt-out of our sharing with others, and update your Personal Information at that same email address.

Bluecore may send SMS messages using a third party named Sinch. You can opt out of these messages at any time by replying STOP. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent, which information will not be shared with any third parties, provided that the foregoing does not apply to sharing (1) with vendors, consultants and other service providers who need access to such information to carry out work on our behalf (and who will not use such information for their own purposes); (2) if we believe disclosure is required by any applicable law, rule, or regulation or to comply with law enforcement or legal process; and (3) if the user consents to our sharing of such information.

Bluecore is committed to complying with Canada’s privacy legislation with regards to its communications with third parties. This includes the  Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Canada’s Anti-Spam Legislation (“CASL”).

To control the loading of scripts and cookies and any associated data sharing that takes place on the SIte, you can use the tool accessible here:

Context 2: Customers of Bluecore’s corporate clients, and/or visitors to websites utilizing Bluecore’s product and services

Lawfully Processing Your Data

Bluecore acts as a Service Provider or Data Processor on behalf of its corporate clients’ processing of their customers and website visitors’ Personal Information.

Collection of Information

Bluecore collects Personal Information from individuals when the user browses a website of one of its clients, or when a client shares historical information about a user.  This may include:

 Web Browser Data

Bluecore also records information from your web browser. The information received depends on the settings on the web browser. Please review the settings on the web browser to learn how to change the browser settings to enable or disable relevant tracking and data collection mechanisms.

Cookie and Related Technologies

Bluecore tracks users by their email address and 1st party cookie ID. Bluecore maps all on-site behaviors and email engagement activity to the email address and cookie ID in order to create a single unified user view. Bluecore can collect as much data as is generated by user activity. Bluecore may also ingest purchase history, email database and its clients’ customer data to enhance the product’s performance.   Bluecore uses service providers / data processors to process the Personal Information it collects. These include Google, ExaVault, SendGrid, JustUno and Facebook.

Data Collected by Bluecore products and services

The Personal Information typically collected by Bluecore consists of:

In some cases, a Bluecore client provides additional Personal Information directly to Bluecore. Bluecore’s Terms of Service stipulate that clients cannot upload Sensitive Data.

Sensitive Data

Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Location Data

If a user accesses a website containing Bluecore technology via a smart phone, mobile device or computer to access a website, Bluecore may collect information about physical location such as the geography of an IP address and billing/postal code.

How Data is Used

Bluecore processes data on behalf of its clients to help organizations find, message, and gain insights for their customers.

As permitted by law, Bluecore may disclose Personal Information when disclosure is appropriate to:

If a third party has acquired the Bluecore business or specific assets, your Personal Information will be transferred to that company, unless prohibited by law.

SMS Messaging

Bluecore’s clients may send SMS messages using a third party named Sinch. You can opt out of these messages at any time by following the instructions provided in the SMS message. No mobile information will be shared by Bluecore with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent, which information will not be shared with any third parties, provided that the foregoing does not apply to sharing (1) with vendors, consultants and other service providers who need access to such information to carry out work on our behalf (and who will not use such information for their own purposes); (2) if we believe disclosure is required by any applicable law, rule, or regulation or to comply with law enforcement or legal process; and (3) if the user consents to our sharing of such information.

Context 3: Corporate clients utilizing Bluecore’s products and services

Bluecore is committed to helping its brands successfully comply with privacy and data protection legislation, such as the EU GDPR and EU countries’ implementation of the ePrivacy Directive.  For end-user data, Bluecore’s corporate clients act as Data Controllers under the GDPR, whereas Bluecore acts as a Data Processor.  The core element of this distinction extends from the direct consumer relationship that Bluecore’s clients have with their customers.  Bluecore, via contractual agreement with its clients, acts under direct instruction to process customer data on behalf of its clients.  For this reason, Bluecore clients must give their end-users in the EU a mechanism to freely and affirmatively consent, to the enabling of non-essential cookies, tags and web beacons, such as behavioral tracking, before these components become active on their websites. Implied consent and opt-out permission models are not permitted within the EU.

Bluecore’s clients must maintain a valid inventory of consent from the users of their websites and communicate any changes in the state of individual user consent to downstream Data Processors, including Bluecore, Inc.  The consent must be clearly inclusive of all downstream Data Processors and clearly state the legal basis for collection and transfer of Personal Information.

End-users can exercise their data protection rights with any organization processing their Personal Information.  If an individual contacts Bluecore clients with requests requiring the export, deletion or correction of an end-user’s data or consent this notice should be communicated to privacy@bluecore.com.  Likewise, should end-users contact Bluecore directly with data related requests, these communications will be passed to applicable Bluecore clients (and any applicable sub-processors) via their advertised privacy activity intake mechanism.

Partnering on security is critical. Bluecore has granted access via username and password for access to certain parts of its Site or services.  Each user is responsible for keeping access credentials confidential. It is required that users of the Bluecore services not share access credentials with anyone, including members of their own organization.  Each user of the system must have a unique set of credentials. To protect the security of partner data or consumer data, Bluecore may suspend use of a Site or service, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password-protected and/or secure area of the Site or services is restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Bluecore may collect and process Client, Vendor or Business Partner Data when you conduct business with Bluecore on behalf of a Client or prospective client, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party. Customer, Vendor or Business Partner Data means information relating to an identified or identifiable natural person that Bluecore receives on behalf of a client or prospective client, or from or on behalf of a vendor, supplier, consultant, professional adviser or any other third parties that do business with Bluecore, whether or not such natural person is also a Website user. Examples of Client, Vendor or Business Partner Data include:

Context 4: Employee, Contractor and Applicant Data at Bluecore, Inc.

Bluecore is committed to protecting information collected from employees, contractors, temporary workers and employment candidates.  This applies to Personal Information provided to Bluecore by individuals applying for employment and employees, contractors and temporary employees during employment.

Data Collected

Bluecore collects Personal Information based on individual employment responsibilities, citizenship and location of employment.   Personal Information collected includes but is not limited to: name, address, government identification number (i.e., social security number, national identification number, tax payer identification number, driver’s license, etc.), date of birth, phone number, email address, gender, race, ethnicity, health and disability information, criminal history, resume information including but not limited to educational background, employment history, areas of expertise, job type preferences, and other related information.

How Data is Used

Bluecore uses data collected on employees, contractors, temporary workers and employment candidates for the following purposes:

The use of Personal Information includes storing, recording, transferring, summarizing, sharing and destroying Personal Information as necessary under the circumstances or as required by law. Bluecore will not process Personal Information in a way that is inconsistent with the purposes for which it was collected.

Disclosure of Data

Bluecore will not disclose or otherwise distribute Personal Information without an individual’s permission except under the following circumstances:

Accessing and Updating Data

Bluecore will use reasonable efforts to correct any reported factual inaccuracies in Personal Information.  Associates should notify HR immediately about changes to an individual’s legal name, address, dependents, beneficiaries under a benefits plan, and other such status changes.  Personnel may request a copy of Personal Information stored by Bluecore at any time.

Contact information

Bluecore welcomes your comments or questions about this Policy. You may contact Bluecore at the following email address: info@bluecore.com, or by mail at this address:

Bluecore, Inc.

Attn: Privacy

222 Broadway

16th Fl

New York, NY 10038

United States

Bluecore’s Data Protection Officer can be contacted at the following email address: privacy@bluecore.com.

Changes to this Policy

Bluecore may change this Policy at its discretion.  Any updates will result in a change to the last updated date below.

This Policy was last updated on August 30, 2023.