General Data Protection Regulation
Bluedot Innovation is committed to delivering cutting edge location technologies that usher in a new generation of customer engagement and experience. However, we believe that the advancement and adoption of such technologies do not have to come at the expense of the rights and privacy of consumers.
Bluedot’s technology has always incorporated “Privacy by Design” which ensures that protecting customer privacy is not just an afterthought, but rather that it is at the core of everything we do. As governments and other businesses change how they view, use and protect customer data, Bluedot will ensure that we not only meet but exceed best practices. We are dedicated to put the interests of individual consumers at the forefront of our work.
One of the most significant changes to how we treat private data is the General Data Protection Regulation or GDPR. This document outlines how GDPR affects the data that Bluedot collects and how Bluedot’s product is designed to align with GDPR requirements.
The General Data Protection Regulation is the regulatory framework by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
However, our customers, the ‘Data Controllers’ under GDPR, are responsible for the data rights of their end users (‘Data Subjects’) in the handling of their data.
Data Subject Rights
Bluedot is committed to make available methods for our customers to address GDPR requirements. The below is intended for Bluedot’s customers to take action upon receiving your end users consent settings.
Data Subjects (‘subject’ being the term for end users) can request the Data Controller to stop processing data.
As the Data Controller, data collection originates from integrating the Bluedot Point SDK into your mobile apps. The first step the SDK performs is authenticating your app by a method known as the Bluedot service. The app may explicitly stop the Bluedot service at any time, therefore immediately ceasing data collection.
Upon an app restarting, the Bluedot service should not be initiated for users whom have not consented to data collection.
In certain cases, Data Subjects may request to the Data Controller to have their known data exported. In compliance with the consumer’s rights in regards to Bluedot’s data collection, follow the guidelines below:
Bluedot’s device identifier is known as an Install Reference. Data Controllers can retrieve IDs for any devices that have opted out of data collection. To make a request, send a list of all install references in a flat file to email@example.com. Bluedot will then send the Data Controller company two files in JSON format, one for Rule Request logs and the other for Checkin/Checkout logs.
Known as “the right to be forgotten,” this right empowers Data Subjects to request that a Data Controller delete or remove their personal data.
Bluedot shall delete Customer Data known as an install reference. Data Controllers can retrieve the IDs on devices that have opted out and made this request. To request a deletion, send Install References in a flat file to firstname.lastname@example.org. Bluedot will confirm receipt of the request and notify Data Controller upon completion within 90 days.
Additionally, within ninety (90) days of termination or expiration of the Data Controller’s agreement with Bluedot, all Customer Data shall be removed.
For any questions about GDPR as it relates to your business and Bluedot, please email us.