Blueboard is an employee recognition and incentives platform powered by hand-curated experiences that make it easy to give meaningful employee rewards, incentives and gifts. At Blueboard, we believe great experiences matter and these great experiences include the protection and security of clients’ data. In addition, as a good net-citizen, Blueboard is committed to protecting our corporate brand and meeting all of our regulatory obligations.
You can read about Blueboard’s Information Security Program at www.blueboard.com/security.
Personally Identifiable Information (PII)
What personally identifiable information do we collect?
We collect the e-mail addresses of those who communicate with us via e-mail and information volunteered by the consumer (such as survey information and/or site registrations). When you register for Blueboard, we collect the following categories of personally identifiable information: your name, the name of your employer, your business email address, your phone number, and your option to contribute additional comments and/or subscribe to join our newsletter list.
How long do we retain your personally identifiable information? What are our policies regarding purging such information?
We retain your personally identifiable information as long as your account is active. Your account becomes inactive and deleted when 1)your employer is no longer a client of Blueboard or, 2) when you make an individual request to delete your account. To make a request to delete your account, email firstname.lastname@example.org. When you delete your account, it, and all of the personally identifiable information associated with that account, is permanently deleted from Blueboard. It typically takes about one month to delete an account, but some information may remain in backup copies and logs for up to 90 days, or as necessary to comply with law.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our site.
How do we use the personally identifiable information we collect? And with whom do we share that information?
The information we collect is used to improve the content of our Web pages and the quality of our services, and is not shared with third parties or sold to other organizations for commercial purposes, except to provide products or services you've requested, when we have your permission, or under the following circumstances:
- We may share your personally identifiable information with others in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
- We will transfer the following categories of personally identifiable information to our rewards fulfillment partners in order for you to be able to redeem your rewards: Name, email, and phone number. Depending on the nature of the reward, additional information may be provided to our partners.
- We do not monitor the use third parties make of your personally identifiable information or impose on them any contractual obligations with regard to such use.
- All personal data is stored securely in accordance with the EU General DataProtection Regulation (Regulation (EU) 2016/679) (GDPR).
- We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronics Communications(EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
- UnderGDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:
- o You have given consent to the processing of your personal data for one or more specific purposes;
- o Processing is necessary for the performance of a contract to which you are a party or in order to take steps atthe request of you prior to entering into a contract;
- o Processing is necessary for compliance with a legal obligation to which we are subject;
- o Processing is necessary to protect the vital interests of you or of another natural person;
- o Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- o Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Can I request deletion, correction, or other changes to the PII that Blueboard has collected?
The PII Blueboard holds on its users is, in most cases,provided by employers who have provided Blueboard with this information for thepurposes of fulfilling our agreement with the employer to provide employeerewards. You can update many componentsof your PII in the My Account section of your Employee dashboard. If you are unable to update the necessaryinformation from the Employee dashboard, or if you would like to requestdeletion of your personal information, please contact your employer whoprovided the information to us to request that it be changed, updated ordeleted. You may also send your request to email@example.com,however, in most cases, we are required to simply contact your employer forapproval to change, update or delete the information.
Compliance with Local Privacy Regulations
What are my rights under the California ConsumerPrivacy Act (CCPA)?
Under the California Consumer Privacy Act (“CCPA”) you are entitled to certain rights such as access to your specific personal information, details about our processing of your personal information, and the right to delete your information. Blueboard does not sell your personal information as defined under CCPA.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. To provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. Requests related to the CCPA may be submitted directly to firstname.lastname@example.org. However, as with other requests to change, update or delete your information, we may be bound to first contact the employer who provided this information to us.
What are my rights under the EU General Data Protection Regulation (GDPR)?
Under the GDPR, you have:
- 1) The right to request access to, deletion of or correction of, your personal data held by us;
- 2) The right to complain to a supervisory authority;
- 3) The right to be informed of what data processing is taking place;
- 4) The right to restrict processing;
- 5) The right to data portability;
- 6) The right to object to processing of your personal data;
- 7) Rights with respect to automated decision-making and profiling.
Does Blueboard respond to "Do Not Track" requests?
Blueboard does not currently respond to, nor comply with,"Do Not Track" requests, except as required by law.
Links to third-party websites
Blueboard uses third party vendors and hosting partners toprovide storage, and related technology required to run our services.Consequently, our third party vendors and hosting partners may have access toyour personally identifiable information. Each of these third party vendors hascommitted to safeguard any personally identifiable information to which it hasaccess. Beyond that, Blueboard has no control over what such vendors actuallydo with your personally identifiable information.
Our website and our services are not designed to be accessed or used by children under 13 years of age. If we become aware that a registered user is under 13 years of age, we will delete that child's account and prevent him or her from accessing our services.
Questions and contacts