Last Updated: September 18th, 2018
- We collect personal information you provide to us and non-personal information collected automatically by various technologies that use our services.
- We use your information to improve our services and in connection with marketing the services.
- We strive to provide you with choices regarding our collection, use and disclosure of the information you provide to us.
- If you wish to access and/or change any personal information, you may log into your account or contact us.
- Our services are not intended for users under age 13 without a parent or guardian.
- We aim to keep your information only as long as we need it for legitimate business purposes and as permitted by applicable legal requirements.
- You should be aware that personal information collected through our services may be stored and processed in the United States or any other country in which Boldfish or its subsidiaries, affiliates, or service providers maintain facilities.
- Boldfish is certified compliant with the EU-U.S. Privacy Shield Framework.
- We take reasonable steps to ensure the safety of Personal Information.
- Certain data privacy rights are granted by the GDPR to individuals in the European Union.
Information We Collect and How We Collect Information
The information we collect from you falls into two categories: personally identifiable information (“Personal Information”) and non-personally identifiable information (i.e., information that cannot be used to identify who you are) (“Non-Personal Information”). Personal Information includes your name, telephone number, physical address, email address, company name, and company address. Non-Personal Information includes your IP address and browser type, the name of the website from which you entered our Site, and which pages you visit on our Site.
We process personal data as defined under data protection laws in various ways depending upon your use of the Services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interest in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy.
Below are the various ways in which we may collect Personal Information and Non-Personal information from you.
Information We Automatically Collect. We and third-party service providers acting on our behalf, which may include third-party analytics service providers and third-party advertisers, may incorporate technology such as “pixel tags”, “web beacons”, and “cookies” that allow us to track the actions of users of our Services automatically. For example, we may automatically collect information about your location, your internet connection, your browser, when you access the Services, the website address that linked you to our Site, the website that you visit after using our Services, and details of how you used our Services, such as how often you used our Services and which features of the Services you used.
Our analytics partners may collect your IP address, which is automatically assigned to your device by your Internet Service Provider. An IP address may be logged when you access the platform, along with the time of the visit. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location (on a city or region level) from your IP address.
Publicly Posted. If you post information on public areas of the Site (i.e. comments or blog), that information is visible to and may be collected, stored and used by anyone. By posting information, you agree that you have obtained all necessary consents to make such information public and that doing so will not violate any laws. If you remove information that you have made public through our Services, copies may remain viewable in cached and archived pages of our Services or if other users have copied or saved that information. We are not responsible for the actions of any third parties with whom you share Personal Information.
Information You Voluntarily Provide to Us. If you contact us by phone, email, instant message, live chat, social media, or by some other means, we may keep a record of your contact information (including your name, company name, email, address and phone number) and the correspondence. When we send you emails, we may also track whether you open them to determine how to deliver more helpful emails and improve our Services.
User Accounts. We will collect and store the information you provide to us if you create an account, such as your name, company name, company address, phone number and email address. You do not have to share this information with us, but without it you may not be able to access certain features or participate in certain aspects of the Services.
Financial Information. If you purchase our Services, you may be required to provide financial information, such as your credit card or bank account number, to a third-party payment processor. We do not collect or store such financial information and we are not responsible for the collection or storage of such information by third parties. We will, however, have access to certain information associated with your account should you purchase the Services, including the amount and date of the purchase.
Information Collected Through Use of the Services. If you use our Services, we may collect information about how you use and interact with the Services and the data and information that is collected or provided by you through or in connection with your use of the Services.
How We Use Your Information
We use Personal Data that you provide to us or that we collect about you in order to:
- Provide the Services’ functionality and fulfill your requests when we have a contractual relationship or a legitimate interest in doing so, including:
- To provide customer service to you.
- To respond to your inquiries and fulfill your requests.
- To complete your transactions, as applicable.
- To send administrative information to you, such as information regarding the Services and changes to our platform’s terms, conditions, and policies.
- Operate our business to comply with our legal obligations and to meet our legitimate interests in maintaining our business, including:
- To conduct data analysis and audits.
- To identify usage trends in the use of our Services and analyze the effectiveness of our communications.
- To detect, prevent, and investigate fraud, including (cyber) security monitoring and prevention.
- To enhance your online experience, including as a way to recognize you and welcome you to the Site or Apps.
- To review the usage and operations of our Site, and improve our content.
- To enhance, improve, or modify our Services.
- To operate and expand our business activities.
- To recognize your online activities over time and across different websites and devices.
- As applicable and with your consent where you have opted in, to contact you with information, newsletters, as well as marketing communications that we believe may be of interest to you from Boldfish or on behalf of our business partners and affiliates.
Disclosure of Your Information
We may disclose your Personal Information and Non-Personal Information to service providers or other third parties, such as vendors, technical agents, subcontractors and consultants, to perform certain business-related functions that help make the Services and our offerings available and functional, including, but not limited to, design services, installation services, web site hosting, data analysis and metrics services, maintenance and technical services, customer service and support, email delivery services, infrastructure services and to help us in our marketing efforts, including managing and delivering contextual and tailored advertisements.
We may also use the information we collect to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria. We do not actively share Personal Information with third-party advertisers for their direct marketing purposes unless you give us your consent. In addition, we may disclose your Personal Information and Non-Personal Information to a buyer or other successor as part of a merger, acquisition, change of control or other similar business transfer, to government body or other third party if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, or in specific other cases with your consent.
We may disclose aggregated user statistics and other data with our affiliates, agents and current or prospective business partners. This aggregate information does not personally identify you.
The Services may allow you to post information to various third-party services or platforms, such as social networking services like Instagram, Twitter and Facebook. You acknowledge that if you choose to use this feature, your friends, followers and subscribers on these third-party services or platforms will be able to view such activity. The use of the information by such social networking websites will be governed by their privacy policies, and we do not control their use of the shared data.
Required Disclosures of Information. Boldfish will disclose your information where required to do so by law, if subject to a subpoena or other legal proceeding or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms or to protect the security or integrity of our Services; and/or (c) to exercise or protect the rights, property, or personal safety of Boldfish, our users or others.
Disclosures During a Change of Control. We may buy or sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Your information such as customer names and email addresses, and other User information related to our Services may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Choices About How We Collect, Use and Disclose Your Information
We strive to provide you with choices regarding our collection, use and disclosure of the information you provide to us. The mechanisms listed below aim to provide you with control over such collection, use and disclosure:
Marketing Communication. If you do not want us to send you marketing or promotional communications, you can opt-out by clicking the “unsubscribe” link in any such promotional emails, checking the relevant box located on the form on which we collect your data or emailing us at firstname.lastname@example.org.
Cookies. You have the option to accept or disable cookies at any time through your browser. You may refuse to accept browser cookies by activating the appropriate setting on your browser. If you choose to disable your cookies, your user experience may be limited.
Google Analytics. You can opt out of tracking by Google Analytics by using Google’s Ads Settings or going to https://tools.google.com/dlpage/gaoptout/. You may also opt out of Google marketing products, but please note that this does not opt you out of being served generic ads.
Mobile Analytics. If you are using our Apps, we use Mobile Device IDs, instead of cookies, to recognize you. We use the Mobile Device IDs and other mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. These Mobile Device IDs are only tracking and collecting Non-Personal Information. The software may record information such as how often you use the Services, the events that occur within the Apps, aggregated usage, performance data, and where the Apps were downloaded from.
Location Data. We may collect the physical location of your device by using, for example, satellite, cell phone tower, GPS or WiFi signals. We use your device’s physical location to provide you with location-based services and content. You may be able to allow or deny such collection and/or use through your device settings or the App’s privacy controls.
Third-Party Advertising. If you are interested in more information about tailored advertising and your choices to prevent third parties from delivering tailored web advertisements, you may visit the following websites: http://www.networkadvertising.org/choices/ or http://www.aboutads.info/choices/. These opt-out tools are provided by third parties. We do not control or operate these tools or the choices that advertisers and others provide through these tools. Please note that you may still receive advertisements from third parties within our Services even if you opt out of tailored advertising but they will not be based on your activity across unrelated web sites.
Do Not Track Signals. Third parties may keep track of your browsing activities across third party websites. California Business & Professions Code Section 22575(b) provides that California residents are entitled to know how we respond to “Do Not Track” browser signals. Certain web browsers enable users to activate a “Do Not Track” signal but we do not currently respond to the “Do Not Track” signal or other similar mechanisms.
Notice to California Residents. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a calendar year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please send an email to email@example.com.
If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided and include the email address associated with your account and a statement that you reside in California. We will make sure that the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from our systems.
To request any other changes or information about our collection, use or disclosure of your information, please email us at firstname.lastname@example.org.
Accessing and Correcting Your Information
If you wish to access, update, correct or delete any Personal Information in our possession that you have previously submitted via the Services, you may log into your account and make updates. If you wish to make changes not available through your account settings, please contact us at email@example.com. We do not guarantee that any Personal Information can be removed completely.
Accountability for Onward Transfer. In order to transfer personal information to a third party acting as a controller, we comply with the Notice and Choice Principles. We also enter into a contracts with all third-party controllers that we provide any such data that may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the Company if it makes a determination that it can no longer meet this obligation. When such a determination is made, the third party controller will cease processing or take other reasonable and appropriate steps to remediate.
When transferring personal data to a third party acting as an agent, Boldfish: (i) transfers such data only for limited and specified purposes; (ii) ascertains that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) takes reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) requires the agent to notify the Company if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), takes reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provides a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
Third Parties; Links to Third Party Sites
Children Under the Age of 13
Our Services are intended for users who are 18 years of age and older or users accompanied by a parent or guardian. If you are under the age of 13, you are not permitted to submit any Personal Information to us. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
You acknowledge that Boldfish may establish general practices and limits concerning use of the Services, including without limitation the maximum period of time that data or other content will be retained by the Services and the maximum storage space that will be allotted on Boldfish’s servers on your behalf. You agree that Boldfish has no responsibility or liability for the deletion or failure to store any data or other content maintained or uploaded by the Services. You acknowledge that Boldfish reserves the right to change these general practices and limits at any time, in its sole discretion. We will endeavor to give you notice of any such change where required by applicable law.
Storage and Processing in Other Jurisdictions
Personal Information collected through the Services may be stored and processed in the United States or any other country in which Boldfish or its subsidiaries, affiliates, or service providers maintain facilities. If you are located in the European Union or other jurisdictions with laws governing data collection and protection that differ from U.S. law, you acknowledge that we may transfer Personal Information to a country or jurisdiction that has different data protection laws than the data protection laws of the country in which you reside and you expressly consent to the transfer of information, including Personal Information, to the United States or any other country in which Boldfish or its subsidiaries, affiliates or service providers maintain facilities.
Data subject’s rights
You have rights in respect of your personal data.
Right of access. You have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the email@example.com. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
Right to rectification. You have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact firstname.lastname@example.org. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/
Right to erasure. This right, often referred to as the right to be forgotten, allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact email@example.com. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
Right to restrict processing. You have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact firstname.lastname@example.org. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/
Right to data portability. You have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact email@example.com. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/
Right to object. You have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling) and (ii) direct marketing (including profiling).
- Legitimate interests/legal task. Your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.
- Direct marketing. You have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.
If you want to exercise this right, please contact firstname.lastname@example.org. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/
The Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). The Federal Trade Commission Act is the primary statute of the Commission. Under this Act, as amended, the Commission is empowered, among other things, to (a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress and the public. A number of other statutes listed here are enforced under the FTC Act. To learn more about the Federal Trade Commission Act, please visit: https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act.
Furthermore, it is possible under certain conditions, for the individual to invoke binding arbitration pursuant to the Recourse, Enforcement and Liability Principle. The binding arbitration option applies to certain “residual” claims as to data covered by the EU-U.S. Privacy Shield. The purpose of this option is to provide a prompt, independent, and fair mechanism, at the option of individuals, for resolution of claimed violations of the Principles not resolved by any of the other Privacy Shield mechanisms, if any. To learn more about the Recourse, Enforcement and Liability Principle, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In compliance with the Privacy Shield Principles, The Company commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BOLDFISH, LLC at Support@goboldfish.com
The Company has further committed to refer unresolved Privacy Shield complaints to the services of AAA for dispute resolution under Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.bbb.org/EU-privacy-shield/file-a-complaint/ for more information or to file a complaint. The services of EU Privacy Shield are provided at no cost to you.
Our organization commits to cooperate with EU data protection authorities (DTAs) and complies with the advice given by such authorities with regard to human resources data transferred from the EU in the context of our client-service relationship.
We take reasonable steps to protect the Personal Information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We use a VPN connection to protect your data. Full-tunneling VPN connection routes and encrypts all requests through the VPN to Boldfish. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Information to us via the Internet. In the event that personal information is compromised as a breach of security, Boldfish will promptly notify our customers in compliance with applicable law.
Information Applicable to EU Users
The General Data Protection Regulation or “GDPR” gives certain rights to individuals in the European Union in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:
- Right of Access – the right to be informed of and request access to the personal data we process about you;
- Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete;
- Right to Erasure – the right to request that we delete your personal data;
- Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data;
- Right to Object:
- The right, at any time, to object to us processing your personal data on
- grounds relating to your particular situation;
- The right to object to your personal data being processed for direct marketing purposes;
- Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
- Right not to be subject to Automated Decision-making – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
If you wish to exercise any of the above rights, please contact us at email@example.com.