(a) Information You Provide to Us: We collect any information you enter on our site, or that you give us in any other way. You can choose not to provide certain information, but you may not be able to take advantage of our services and features.
(b) Automatic Information: When you visit a website, you disclose certain information, such as your Internet Protocol (IP) address and the time of your visit. This site, like many other sites, records this basic information about visits to our site.
(c) “Cookies”: Cookies are pieces of information that are transferred to your computer from a web server. Most browsers are set up to accept cookies, but you can change your settings to have your browser notify you when you receive a new cookie or to refuse to accept cookies.
The information we collect is used for administering our business activities. Blüm may also use your personal information for marketing and promotional services. Occasionally we may use the information to notify you about changes to our website, new services, or special offers.
T The privacy and protection of your information is important to us. We do not make any personal information available to third parties without your permission.
Your access to some services and content is password protected. We advise that you do not disclose your password to anyone. In addition, we recommend you sign out of password-protected services at the end of your session.
Information about our users is important to us. We will not disclose any individually identifiable information to any third party without first receiving that user’s permission.
We use security software to protect the confidentiality of your personal information. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information. Our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorized persons.
This website does not provide services or sell products to children under the age of 21. If you are under 21, you may use this website only with the involvement of a parent or guardian.
You can request access to all your personally identifiable information by sending an e-mail to firstname.lastname@example.org.
This domain complies with user opt-outs from tracking via the “Do Not Track” or “DNT” header. When this domain receives Web requests from a user who enables DNT by actively choosing an opt-out setting in their browser or by installing software that is primarily designed to protect privacy (“DNT User”), we will take the following measures with respect to those users’ data, subject to the Exceptions, also listed below:
(a) End User Identifiers: If a DNT User has logged in to our service, all user identifiers, such as unique or nearly unique cookies, “supercookies” and fingerprints are discarded as soon as the HTTP(S) response is issued. Data structures which associate user identifiers with accounts may be employed to recognize logged in users per Exception (f) below, but may not be associated with records of the user’s activities unless otherwise excepted. If a DNT User is not logged in to our service, we will take steps to ensure that no user identifiers are transmitted to us at all.
(b) Log Retention: Logs with DNT Users’ identifiers removed (but including IP addresses and User Agent strings) may be retained for a period of 10 days or less, unless an Exception (below) applies. This period of time balances privacy concerns with the need to ensure that log processing systems have time to operate; that operations engineers have time to monitor and fix technical and performance problems; and that security and data aggregation systems have time to operate. These logs will not be used for any other purposes.
(c) Other Domains: If this domain transfers identifiable user data about DNT Users to contractors, affiliates or other parties, or embeds from or posts data to other domains, we will either ensure that the recipient’s policies and practices require the recipient to respect the policy for our DNT Users’ data OR obtain a contractual commitment from the recipient to respect this policy for our DNT Users’ data.
NOTE: if an “Other Domain” does not receive identifiable user information from the domain because such information has been removed, because the Other Domain does not log that information, or for some other reason, these requirements do not apply. “Identifiable” means any records which are not Anonymized or otherwise covered by the Exceptions below.
(d) Periodic Reassertion of Compliance: At least once every 12 months, we will take reasonable steps commensurate with the size of our organization and the nature of our service to confirm our ongoing compliance with this document, and we will publicly reassert our compliance.
(e) User Information: If we are required by law to retain or disclose user identifiers, we will attempt to provide the users with notice (unless we are prohibited or it would be futile) that a request for their information has been made in order to give the users an opportunity to object to the retention or disclosure. We will attempt to provide this notice by email, if the users have given us an email address, and by postal mail if the users have provided a postal address.
If the users do not challenge the disclosure request, we may be legally required to turn over their information. We may delay notice if we, in good faith, believe that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.
(f) Exceptions: DData from DNT Users collected by this domain may be logged or retained only in the following specific situations:
DNT Users are opting out from tracking across the Web. It is possible that for some feature or functionality, we will need to ask a DNT User to “opt back in” to be tracked by us across the entire Web. If we do that, we will take reasonable steps to verify that the users who select this option have genuinely intended to opt back in to tracking. One way to do this is by performing scientifically reasonable user studies with a representative sample of our users, but smaller organizations can satisfy this requirement by other means. Where we believe that we have opt back in consent, our server will send a tracking value status header “Tk: C” as described in section 6.2 of the W3C Tracking Preference Expression draft: http://www.w3.org/TR/tracking-dnt/#tracking-status-value
If a DNT User actively and knowingly enters a transaction with our services (for instance, clicking on a clearly-labeled advertisement, posting content to a widget, or purchasing an item), we will retain necessary data for as long as required to perform the transaction. This may for example include keeping auditing information for clicks on advertising links; keeping a copy of posted content and the name of the posting user; keeping server-side session IDs to recognize logged in users; or keeping a copy of the physical address to which a purchased item will be shipped. By their nature, some transactions will require data to be retained indefinitely.
iii. TECHNICAL AND SECURITY LOGGING:
If, during the processing of the initial request (for unique identifiers) or during the subsequent 10 days (for IP addresses and User Agent strings), we obtain specific information that causes our employees or systems to believe that a request is, or is likely to be, part of a security attack, spam submission, or fraudulent transaction, then logs of those requests are not subject to this policy. If we encounter technical problems with our site, then, in rare circumstances, we may retain logs for longer than 10 days, if that is necessary to diagnose and fix those problems, but this practice will not be routinized and we will strive to delete such logs as soon as possible.
We may retain and share anonymized datasets, such as aggregate records of readership patterns; statistical models of user behavior; graphs of system variables; data structures to count active users on monthly or yearly bases; database tables mapping authentication cookies to logged in accounts; non-unique data structures constructed within browsers for tasks such as ad frequency capping or conversion tracking; or logs with truncated and/or encrypted IP addresses and simplified User Agent strings.
“Anonymized” means we have conducted risk mitigation to ensure that the dataset, plus any additional information that is in our possession or likely to be available to us, does not allow the reconstruction of reading habits, online or offline activity of groups of fewer than 5000 individuals or devices.
If we generate anonymized datasets under this exception we will publicly document our anonymization methods in sufficient detail to allow outside experts to evaluate the effectiveness of those methods.
From time to time, there may be errors by which user data is temporarily logged or retained in violation of this policy. If such errors are inadvertent, rare, and made in good faith, they do not constitute a breach of this policy. We will delete such data as soon as practicable after we become aware of any error and take steps to ensure that it is deleted by any third-party who may have had access to the data.
(g) Additional Definitions: “Fully Qualified Domain Name” means a domain name that addresses a computer connected to the Internet. For instance, example1.com; www.example1.com; ads.example1.com; and widgets.example2.com are all distinct FQDNs.
“Supercookie” means any technology other than an HTTP Cookie which can be used by a server to associate identifiers with the clients that visit it. Examples of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or tricks to store information in caches or etags. “Risk mitigation” means an engineering process that evaluates the possibility and likelihood of various adverse outcomes, considers the available methods of making those adverse outcomes less likely, and deploys sufficient mitigations to bring the probability and harm from adverse outcomes below an acceptable threshold.
“Reading habits” includes amongst other things lists of visited DNS names, if those domains pertain to specific topics or activities, but records of visited DNS names are not reading habits if those domain names serve content of a very diverse and general nature, thereby revealing minimal information about the opinions, interests or activities of the user.
Except as noted in Section 12, parties do not collect personally identifiable information about an individual consumer’s online activities on our Site.
If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. To request a notice, please submit your request to Blüm, Attn: Blüm Privacy Team, 578 W Grand Ave, Oakland, CA 94612, USA. Please allow up to 45 days for a response. Submission Methods: Online Web Form