Privacy is Bluedot Innovation’s core business. It follows the principle of ‘privacy by design’. This means the Bluedot Point location service has been designed from the ground up to lead the industry on privacy. Unlike other location services platforms, Bluedot Innovation doesn’t track end users or collect their personally identifiable information. All data is anonymized so end-users can’t be identified.
Bluedot actively seeks to protect the privacy and data of individual end users of mobile applications (“End Users”). To this end, we have implemented a range of industry-leading privacy safeguards (outlined below) as core elements in the design, development and operation of the Software, Services and Site.
Our Software, Services and Site have been designed so that we do not collect any personally identifiable information about the End User or track the movement of the End User.
Our clients and partners are entities or individuals, such as companies or application developers, that use the Software, Services and Site to develop, distribute and manage location-based platforms and mobile applications (“Client”, “Partner”, “You”, “Your”). Our Clients are not the End Users. We, however, recognize, respect and actively seek to protect the End User’s privacy.
Our approach to privacy protection has been developed in consultation with the former Australian Privacy Commissioner, Malcolm Crompton, and his firm, Information Integrity Solutions, a leading global consultancy on privacy and data protection.
1. “Privacy by Design” to protect the privacy of End Users
Bluedot has structured its data collection and storage model according to the principle of ‘Privacy by Design’. This ensures that the privacy and data protection of End Users are considered core objectives, with safeguards integrated in the design and development of a technology or product, rather than being applied after development is complete.
As a result, our data collection and storage model has been designed so that we do not collect any personally identifiable information about, or track the movement of, the End User.
When an End User begins using an application that contains or connects to Bluedot Software or Services, a randomized unique reference number (“Install Reference”) is issued to that particular instance of the downloaded application. The Install Reference is not connected to the personal information of an End User or their device.
If an End User is using multiple applications that use Bluedot Software or Services on the same device, then multiple, distinct, random Install References will be issued to ensure that the End User cannot be identified by associating the multiple applications they are using with a single overarching ID or reference number. We do not combine datasets for multiple Install References in order to prevent inferences or patterns emerging that could directly or indirectly identify an End User.
We do not continuously, periodically or intermittently track an identifiable End User or record their precise or general location. The location of a device with a random Install Reference is identified when that device performs an Action (e.g. sends a notification or plays a tone) upon its entry into a geographic area (known as a ‘Zone’, which comprises one or multiple related Geofences, Geolines or Beacons) that has been pre-defined by the Client or Partner for use in an application. The Client or Partner may also set particular Conditions that must be met for an Action to be triggered (e.g. entry into a Zone by the End-User within a pre-defined date and time range). We record the following data from the device at the point an Action is initiated:
- randomized Installation Reference associated with a particular instance of a downloaded application;
- geographic coordinates (usually longitude and latitude) associated with the location where the action was initiated;
- estimated accuracy with which the device is being located;
- date and time the action was initiated;
- speed the device was moving;
- make and model of the device;
- software platform (Android or iOS) and version of the operating system on the device;
- bearing and orientation of the device; and
- orientation of the device’s screen (i.e. landscape or portrait).
Once this final stage of anonymization has been carried out, the data is passed on to a separate analytics platform and all data that was originally recorded is permanently deleted from the servers that are not used for analytics.
2. The Client and Partners (not End User) information we receive or collect
You may browse the Site without a Bluedot account but an account must be created to use the Software or Services. We may collect the following information from our Clients and Partners (not the End User) when they create a Bluedot account:
- legal name of the Client or Partner, such as the registered name of the entity that owns the application;
- name and contact information of the representative acting on behalf of the Client or Partner;
- email address and password to access the Bluedot account; and
- industry, size, intended use of the Software and Service and other similar information.
The Client or Partner’s user name, password and Application ID created or issued during the registration process may be requested when logging in subsequently.
We reserve the right to periodically contact our Clients or Partners to confirm that the information held is correct and up to date.
3. How you can access, correct or delete your information
You have the right to access, correct or request the deletion of information we hold about you. This may be done through the ‘Account Management’ function available in the Bluedot platform, Point Access, which is accessible on the Site. Such requests can also be made in writing to firstname.lastname@example.org or 95 Third St., 2nd Floor, San Francisco, CA, USA, 94103 or 11 Agnes Street, East Melbourne, Victoria, Australia, 3002. We will endeavor to respond to any requests within 10 working days.
4. How payment and billing information is collected, stored and used
The Client or Partner also provides payment and billing information (“Payment Information”) when creating a Bluedot account or updating billing details. Payment Information is directly provided to and stored by the payment gateway provider, Braintree Payments Inc. (“Braintree”), through its web service that is integrated into the Site. The payment process is carried out in accordance with our Billing Policy.
Payment Information is not persisted, stored or retained in any way by Bluedot.
5. How we use the Client and Partner (not End User) information we receive or
We use the Client and Partner information referred to above for the following purposes:
- provide, operate and maintain the Software, Services and Site;
- communicate with You about Your account or respond to Your requests or inquiries, tailor the information we send or display to You, and for similar service purposes;
- generate aggregate and anonymous reports for You about the usage of the Software and Services in or by Your application;
- process and issue bills, and charge payments for use of the Software and Service;
- provide You with information about our company or products that we believe may be of interest, including by sending promotional e-mails (from which You may opt out); and
- to improve the design and delivery of, and better understand how You use, our Software, Services and Site.
6. How we disclose Client and Partner (not End User) information
We will only disclose the Client and Partner information we collect or receive through our Software, Services and Site in the following instances:
- if required by law, legal process, governmental entity or other relevant authority;
- in the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of Bluedot or any of its affiliates;
- to our contractors or service providers to the extent required to provide services or perform functions on our behalf;
We may share aggregated and/or non-personally identifiable information with third parties for marketing, research or other similar purposes. We will not disclose the personally identifiable information of Clients and Partners to third parties for such purposes without Your consent.
Personally identifiable information on End Users is not collected by Bluedot and will therefore not be disclosed, including for any of the above purposes.
7. Visitors to the Site
By using our Sites or Services, You agree that we may collect cookies or other general information, such as the number of views and the length of time spent on the Site by visitors, in order to optimize the Site or Services and enhance your experience using our Site or Services.
Bluedot will never buy our sell their customers’ or site visitor’ data.
8. Third-party links
9. Marketing communications
We may send you emails from time-to-time about information that we believe may be of interest to you, including news, special offers or information about products or services. You may opt-out from receiving promotional emails at any time by following the link and instructions contained in these emails, or by requesting that such emails no longer be sent to You at email@example.com.
Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you e-mails about Your account or the Software and Services You use, or for other service purposes.
10. Consent to transfer information
If you are located outside of Australia, please note that the Client and Partner information we collect or receive may be transferred to and processed in Australia. By using our Site and Services, You consent to the transfer and processing of Your information in Australia. Please note, Australian data protection laws may not provide the same level of protection as other jurisdictions, such as the European Union. Your consent is voluntary. If, however, you do not consent, we will not be able to provide you with our Software or Services.
Bluedot takes the security of Client and Partner data seriously. We use a range of physical, technical and operational measures to secure the data we collect or receive from loss, misuse and unauthorized access, disclosure, alteration, and destruction, including, where appropriate, through password protection, encryption, and SSL.
Bluedot stores all Client and Partner-specific information, including usage data related to Bluedot accounts, within a secure hosted solution supplied by Amazon Web Services (AWS).
Please be aware that despite our best efforts, we cannot and do not guarantee the complete privacy, security, integrity or authenticity of information. The Internet provides the opportunity for unauthorized third parties to circumvent safeguards and illegally gain access to information.
Bluedot customers, the ‘Data Controllers’ under GDPR, are responsible for the data rights of their end users (‘Data Subjects’) in the handling of their data.
12.1 Data Subject Rights
Bluedot is committed to make available methods for our customers to address GDPR requirements. The below is intended for Bluedot’s customers to take action upon receiving your end users consent settings.
12.2 Restrict Processing
Data Subjects (“subject” being the term for end users) can request the Data Controller to stop processing data.
12.3 Bluedot Implementation
As the Data Controller, data collection originates from integrating the Bluedot Point SDK into your mobile apps. The first step the SDK performs is authenticating your app by a method known as the Bluedot service. The app may explicitly stop the Bluedot service at any time, therefore immediately ceasing data collection.
See the developer documentation for Android and iOS to disable the Bluedot service. Upon an app restarting, the Bluedot service should not be initiated for users who have not consented to data collection.
12.4 Data Portability
In certain cases, Data Subjects may request to the Data Controller to have their known data exported. In compliance with the consumer’s rights in regards to Bluedot’s data collection, follow the guidelines below:
Bluedot Implementation Bluedot’s device identifier is known as an Install Reference. Data Controllers can retrieve IDs for any devices that have opted out of data collection. To make a request, send a list of all install references in a flat file to firstname.lastname@example.org. Bluedot will then send the Data Controller company two files in JSON format, one for Rule Request logs and the other for Checkin/Checkout logs.
12.5 Right to Erasure
Known as “the right to be forgotten,” this right empowers Data Subjects to request that a Data Controller delete or remove their personal data.
Bluedot Implementation Bluedot shall delete Customer Data known as an install reference. Data Controllers can retrieve the IDs on devices that have opted out and made this request. To request a deletion, send Install References in a flat file to email@example.com. Bluedot will confirm receipt of the request and notify Data Controller upon completion within 90 days.
Additionally, within ninety (90) days of termination or expiration of the Data Controller’s agreement with Bluedot, all Customer Data shall be removed.
13. California Consumer Privacy Act of 2018 (“CCPA”)
This section applies only to California residents. It describes how we collect, use and share personally identifiable data (PID) of California residents in operating our business, and their rights with respect to that personally identifiable data (PID).
Bluedot is complying with the California Consumer Privacy Act of 2018 (“CCPA”), as privacy is at the core of our business. Bluedot’s technology has always incorporated “Privacy by Design” which ensures that protecting End User privacy is not just an afterthought, but rather that it is at the core of everything we do. Our Services have been designed so that we do not collect any personally identifiable data (PID) about the End User.
For purposes of this section, “personal information” refers to how the law defines those terms in article 1798.140 (o) (1-2) of the CCPA legislation:
Personal information is “non-public information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household” and includes a range of specific information types including “geolocation data”.
For a complete breakdown of this definition, including exclusions such as “publicly available information”, please refer to CCPA legislation on the California Legislative Information website.
13.1 How we collect CCPA Personal Information
While Bluedot has no direct relationship with the End User, our Customers use our Services to collect, use, and disclose geolocation data. This data is anonymized within our Services.
13.2 How we use CCPA Personal Information
Customers use our Services to collect, use, and disclose geolocation data, however, we do not sell your personal information.
Bluedot Customers, use our Services and the associated geolocation data for a range of reasons including, but not limited to, communications, marketing messages, profile preferences, in-app games or experiences, and service delivery or pick-up. To learn more about how geolocation is used you should direct a request to our Customer.
13.3 Your Privacy Rights
If you are a California resident, you may exercise the following rights.
- Right to Know and Access: You can request information about how we have collected and used your Personal Information during the past 12 months.
- Right to Delete: You can ask us to delete the Personal Information that we have collected from you.
- Nondiscrimination: You are entitled to exercise the rights described above free from discrimination.
To exercise your rights under the CCPA or for any other requests related to privacy or your personal information, please reach out to us at firstname.lastname@example.org. In the instance of a request, we may ask you to verify your identity and may also work in collaboration with our Customer.
15. How to contact us and the dispute resolution process