Bluedot Privacy Policy

TERMS | BILLING | PRIVACY | SUPPORT

Privacy is Bluedot Innovation’s core business. It follows the principle of ‘privacy by design’. This means the Bluedot Point location service has been designed from the ground up to lead the industry on privacy. Unlike other location services platforms, Bluedot Innovation doesn’t track end users or collect their personally identifiable information. All data is anonymized so end-users can’t be identified.

This is the Privacy Policy of Bluedot Industries Pty. Ltd. and Bluedot Industries, Inc. (“Bluedot”, “Company”, “us”, “we”, “our”), wholly owned subsidiaries of Bluedot Innovation, Inc. This Privacy Policy explains how we collect, use and disclose data and information on, or in relation to, the web sites owned by Bluedot, including www.bluedot.io, www.bluedot.io and www.bluedot.com.au and other subsidiary or related sites (“Site”), the Bluedot Point SDK and other supporting or future software products offered by Bluedot (“Software”), the supporting web service, associated Application Programming Interfaces (APIs), Bluedot Places, Point White Label and other services or materials provided by us (collectively “Services”). The Privacy Policy is subject to, and incorporates by reference, our Terms and Conditions. We therefore recommend this Privacy Policy be read in conjunction with the Terms and Conditions. Your use of the Software, Services and/or Site will be deemed to be your agreement to abide by all of the terms set out below.

Bluedot actively seeks to protect the privacy and data of individual end users of mobile applications (“End Users”). To this end, we have implemented a range of industry-leading privacy safeguards (outlined below) as core elements in the design, development and operation of the Software, Services and Site.

Our Software, Services and Site have been designed so that we do not collect any personally identifiable information about the End User or track the movement of the End User.

Our clients and partners are entities or individuals, such as companies or application developers, that use the Software, Services and Site to develop, distribute and manage location-based platforms and mobile applications (“Client”, “Partner”, “You”, “Your”). Our Clients are not the End Users. We, however, recognize, respect and actively seek to protect the End User’s privacy.

Our approach to privacy protection has been developed in consultation with the former Australian Privacy Commissioner, Malcolm Crompton, and his firm, Information Integrity Solutions, a leading global consultancy on privacy and data protection.

Please note this Privacy Policy does not apply to the collection, use or disclosure of data or personal information by our Clients and Partners. We do not control or take responsibility for their privacy policies, such as those related to applications downloaded by End Users. For that reason, Clients and Partners may not use the Software nor the Hosted Service to transmit, communicate or store Personal Information of Users including, but not limited to names, addresses (home or business), telephone numbers, and financial information.

We, however, offer to refer our Clients and Partners to Information Integrity Solutions to carry out a Privacy Impact Assessment on their business or application to ensure compliance with applicable privacy requirements or, preferably, international best practice in this area. We also recommend that End Users review the privacy policy of applications they download to understand how data is collected, used and disclosed by Clients and Partners.

1. “Privacy by Design” to protect the privacy of End Users

Bluedot has structured its data collection and storage model according to the principle of ‘Privacy by Design’. This ensures that the privacy and data protection of End Users are considered core objectives, with safeguards integrated in the design and development of a technology or product, rather than being applied after development is complete.

As a result, our data collection and storage model has been designed so that we do not collect any personally identifiable information about, or track the movement of, the End User.

When an End User begins using an application that contains or connects to Bluedot Software or Services, a randomized unique reference number (“Install Reference”) is issued to that particular instance of the downloaded application. The Install Reference is not connected to the personal information of an End User or their device.

If an End User is using multiple applications that use Bluedot Software or Services on the same device, then multiple, distinct, random Install References will be issued to ensure that the End User cannot be identified by associating the multiple applications they are using with a single overarching ID or reference number. We do not combine datasets for multiple Install References in order to prevent inferences or patterns emerging that could directly or indirectly identify an End User.

We do not continuously, periodically or intermittently track an identifiable End User or record their precise or general location. The location of a device with a random Install Reference is identified when that device performs an Action (e.g. sends a notification or plays a tone) upon its entry into a geographic area (known as a ‘Zone’, which comprises one or multiple related Geofences, Geolines or Beacons) that has been pre-defined by the Client or Partner for use in an application. The Client or Partner may also set particular Conditions that must be met for an Action to be triggered (e.g. entry into a Zone by the End-User within a pre-defined date and time range). We record the following data from the device at the point an Action is initiated:

  • randomized Installation Reference associated with a particular instance of a downloaded application;
  • geographic coordinates (usually longitude and latitude) associated with the location where the action was initiated;
  • estimated accuracy with which the device is being located;
  • date and time the action was initiated;
  • speed the device was moving;
  • make and model of the device;
  • software platform (Android or iOS) and version of the operating system on the device;
  • bearing and orientation of the device; and
  • orientation of the device’s screen (i.e. landscape or portrait).

Once this final stage of anonymization has been carried out, the data is passed on to a separate analytics platform and all data that was originally recorded is permanently deleted from the servers that are not used for analytics.

2. The Client and Partners (not End User) information we receive or collect

You may browse the Site without a Bluedot account but an account must be created to use the Software or Services. We may collect the following information from our Clients and Partners (not the End User) when they create a Bluedot account:

  • legal name of the Client or Partner, such as the registered name of the entity that owns the application;
  • name and contact information of the representative acting on behalf of the Client or Partner;
  • email address and password to access the Bluedot account; and
  • industry, size, intended use of the Software and Service and other similar information.

The Client or Partner’s user name, password and Application ID created or issued during the registration process may be requested when logging in subsequently.

We reserve the right to periodically contact our Clients or Partners to confirm that the information held is correct and up to date.

3. How You can access, correct or delete your information

You have the right to access, correct or request the deletion of information we hold about you. This may be done through the ‘Account Management’ function available in the Bluedot platform, Point Access, which is accessible on the Site. Such requests can also be made in writing to hello@bluedot.io or 95 Third St., 2nd Floor, San Francisco, CA, USA, 94103 or 11 Agnes Street, East Melbourne, Victoria, Australia, 3002. We will endeavor to respond to any requests within 10 working days.

4. How payment and billing information is collected, stored and used

The Client or Partner also provides payment and billing information (“Payment Information”) when creating a Bluedot account or updating billing details. Payment Information is directly provided to and stored by the payment gateway provider, Braintree Payments Inc. (“Braintree”), through its web service that is integrated into the Site. The payment process is carried out in accordance with our Billing Policy.

Payment Information is not persisted, stored or retained in any way by Bluedot.

The transfer of Payment Information to Braintree is carried out through secure SSL methods and held by Braintree in accordance with PCI DSS requirements. You may wish to review Braintree’s Payment Services Agreement and Privacy Policy. We also collect information about Your use of the Software, Services and Site, including billing history, level of usage and other similar information.

5. How we use the Client and Partner (not End User) information we receive or
collect

We use the Client and Partner information referred to above for the following purposes:

  • provide, operate and maintain the Software, Services and Site;
  • communicate with You about Your account or respond to Your requests or inquiries, tailor the information we send or display to You, and for similar service purposes;
  • generate aggregate and anonymous reports for You about the usage of the Software and Services in or by Your application;
  • process and issue bills, and charge payments for use of the Software and Service;
  • effectuate or enforce a transaction or agreement with account holders, including our Terms and Conditions and this Privacy Policy;
  • provide You with information about our company or products that we believe may be of interest, including by sending promotional e-mails (from which You may opt out); and
  • to improve the design and delivery of, and better understand how You use, our Software, Services and Site.

Notwithstanding anything else in this Privacy Policy, we will only use aggregate, non-identifying information for marketing, advertising, research or other similar purposes.

6. How we disclose Client and Partner (not End User) information

We will only disclose the Client and Partner information we collect or receive through our Software, Services and Site in the following instances:

  • if required by law, legal process, governmental entity or other relevant authority;
  • to protect or enforce our rights or property, such as those outlined in our Terms and Conditions and this Privacy Policy;
  • in the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of Bluedot or any of its affiliates;
  • to our legally related affiliates and subsidiaries, for purposes consistent with this Privacy Policy; and
  • to our contractors or service providers to the extent required to provide services or perform functions on our behalf;

We may share aggregated and/or non-personally identifiable information with third parties for marketing, research or other similar purposes. We will not disclose the personally identifiable information of Clients and Partners to third parties for such purposes without Your consent.

Personally identifiable information on End Users is not collected by Bluedot and will therefore not be disclosed, including for any of the above purposes.

7. Visitors to the Site

By using our Sites or Services, You agree that we may collect cookies or other general information, such as the number of views and the length of time spent on the Site by visitors, in order to optimize the Site or Services and enhance your experience using our Site or Services.

8. Third-party links

Our Site may contain links to third party websites, such as those of partners or service providers. Any access to and use of third party websites is governed by their respective privacy policies. We are not responsible for the development, implementation or management of the privacy policies of third-party websites. This Privacy Policy only applies to the Software, Site, and Services offered directly by Bluedot.

9. Marketing communications

We may send you emails from time-to-time about information that we believe may be of interest to you, including news, special offers or information about products or services. You may opt-out from receiving promotional emails at any time by following the link and instructions contained in these emails, or by requesting that such emails no longer be sent to You at hello@bluedot.io.

Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you e-mails about Your account or the Software and Services You use, or for other service purposes.

10. Consent to transfer information

If you are located outside of Australia, please note that the Client and Partner information we collect or receive may be transferred to and processed in Australia. By using our Site and Services, You consent to the transfer and processing of Your information in Australia. Please note, Australian data protection laws may not provide the same level of protection as other jurisdictions, such as the European Union. Your consent is voluntary. If, however, you do not consent, we will not be able to provide you with our Software or Services.

11. Hosting

Bluedot takes the security of Client and Partner data seriously. We use a range of physical, technical and operational measures to secure the data we collect or receive from loss, misuse and unauthorized access, disclosure, alteration, and destruction, including, where appropriate, through password protection, encryption, and SSL.

Bluedot stores all Client and Partner-specific information, including usage data related to Bluedot accounts, within a secure hosted solution supplied by Amazon Web Services (AWS).

Please be aware that despite our best efforts, we cannot and do not guarantee the complete privacy, security, integrity or authenticity of information. The Internet provides the opportunity for unauthorized third parties to circumvent safeguards and illegally gain access to information.

12. GDPR

Bluedot customers, the ‘Data Controllers’ under GDPR, are responsible for the data rights of their end users (‘Data Subjects’) in the handling of their data.

12.1 Data Subject Rights

Bluedot is committed to make available methods for our customers to address GDPR requirements.   The below is intended for Bluedot’s customers to take action upon receiving your end users consent settings.

12.2 Restrict Processing

Data Subjects (“subject” being the term for end users) can request the Data Controller to stop processing data.

12.3 Bluedot Implementation

As the Data Controller, data collection originates from integrating the Bluedot Point SDK into your mobile apps.  The first step the SDK performs is authenticating your app by a method known as the Bluedot service.  The app may explicitly stop the Bluedot service at any time, therefore immediately ceasing data collection.

See developer documentation for Android and iOS to disable the Bluedot service.
Upon an app restarting, the Bluedot service should not be initiated for users whom have not consented to data collection.

12.4 Data Portability

In certain cases, Data Subjects may request to the Data Controller to have their known data exported.   In compliance with the consumer’s rights in regards to Bluedot’s data collection, follow the guidelines below:

Bluedot Implementation
Bluedot’s device identifier is known as an Install Reference.  Data Controllers can retrieve IDs for any devices that have opted out of data collection. To make a request, send a list of all install references in a flat file to help@bluedot.io.   Bluedot will then send the Data Controller company two files in JSON format, one for Rule Request logs and the other for Checkin/Checkout logs.

12.5 Right to Erasure

Known as “the right to be forgotten,” this right empowers Data Subjects to request that a Data Controller delete or remove their personal data.
Bluedot Implementation
Bluedot shall delete Customer Data known as an install reference.  Data Controllers can retrieve the IDs on devices that have opted out and made this request. To request a deletion, send Install References in a flat file to help@bluedot.io.   Bluedot will confirm receipt of the request and notify Data Controller upon completion within 90 days.

Additionally, within ninety (90) days of termination or expiration of the Data Controller’s agreement with Bluedot, all Customer Data shall be removed.

13. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. The date this Privacy Policy was last revised can be viewed in the ‘Last Updated Date’ below. You should check periodically to review our current Privacy Policy. Your use of any of Software, Services and Site constitutes Your agreement to and understanding of the Privacy Policy, as in effect at the time of Your use. If we make any changes to this Privacy Policy that materially affect our practices or the protection of personal information, we will provide notice by highlighting the change on the Site or, where practical, by emailing account holders.

14. How to contact us and the dispute resolution process

Please contact Bluedot on hello@bluedot.io general inquiries, notifications or complaints related to this Privacy Policy. We are committed to handling any notifications or questions regarding this Privacy Policy in an effective, transparent and timely manner. Complaints should initially be sent to Bluedot so that we are able to rectify breaches or errors. Should we not handle your complaint in a satisfactory manner, the complaint may be passed on to the relevant Californian Government (United States) or Victorian Government (Australia) corporate dispute resolution program for mediation. If a resolution is not achieved, the complaint may be passed on to the appropriate legal authority in each jurisdiction to consider the matter.

BLUEDOT PRIVACY POLICY V4.0 – LAST UPDATED DATE: 22 MAY 2018