What personally identifiable information do we collect?
We collect the e-mail addresses of those who communicate with us via e-mail and information volunteered by the consumer (such as survey information and/or site registrations). When you register for Blueboard we collect the following categories of personally identifiable information: your name, the name of your employer, your business email address, your phone number, and your option to contribute additional comments and/or subscribe to join our newsletter list.
How do we use the personally identifiable information we collect? And with whom do we share that information?
The information we collect is used to improve the content of our Web pages and the quality of our services, and is not shared with third parties or sold to other organizations for commercial purposes, except to provide products or services you've requested, when we have your permission, or under the following circumstances:
- We may share your personally identifiable information with others in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
- We will transfer the following categories of personally identifiable information to our rewards fulfillment partners in order for you to be able to redeem your rewards: Name, email, and phone number. Depending on the nature of the reward, additional information may be provided to our partners.
- We do not monitor the use third parties make of your personally identifiable information or impose on them any contractual obligations with regard to such use.
- All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
- We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronics Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
- Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:
1) You have given consent to the processing of your personal data for one or more specific purposes;
2) Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
3) Processing is necessary for compliance with a legal obligation to which we are subject;
4) Processing is necessary to protect the vital interests of you or of another natural person;
5) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
6) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Links to third-party websites
Blueboard uses third party vendors and hosting partners to provide, storage, and related technology required to run our services. Consequently, our third party vendors and hosting partners may have access to your personally identifiable information. Each of these third party vendors has committed to safeguard any personally identifiable information to which it has access. Beyond that, Blueboard has no control over what such vendors actually do with your personally identifiable information.
How long do we retain your personally identifiable information? What are our policies regarding purging such information?
We retain your personally identifiable information as long as your account is active. Your account becomes inactive and deleted when 1) your employer is no longer a client of Blueboard or, 2) when you make an individual request to delete your account. To make a request to delete your account, email firstname.lastname@example.org. When you delete your account, it, and all of the personally identifiable information associated with that account, is permanently deleted from Blueboard. It typically takes about one month to delete an account, but some information may remain in backup copies and logs for up to 90 days.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our site.
Can you delete, correct or make other changes to the personally identifiable information we collect? And if so, what are the procedures you must follow?
You can update your Personally Identifiable Information in the My Account section of your Employee dashboard.
Summary of your rights under GDPR.
Under the GDPR, you have:
1) The right to request access to, deletion of or correction of, your personal data held by us;
2) The right to complain to a supervisory authority;
3) The right to be informed of what data processing is taking place;
4) The right to restrict processing;
5) The right to data portability;
6) The right to object to processing of your personal data;
7) Rights with respect to automated decision-making and profiling.
Do we respond to "Do Not Track" requests?
Blueboard does not currently respond to, or comply with, "Do Not Track" requests.
Our website and our services are not designed to be accessed or used by children under 13 years of age. If we become aware that a registered user is under 13 years of age, we will delete that child's account and prevent him or her from accessing our services.
Blueboard has implemented web-standard SSL security measures to reasonably protect your account information.
Questions and contacts