Effective September 2, 2022
This Privacy Policy (“Privacy Policy”) describes the types of personal information that Blue Onion Labs, Inc., as well as any of its parents, affiliates, or subsidiaries, (“Blue Onion”, “us,” our” or “we”), may collect about you in the context of your use of, and access to our website(s) located at https://blueonionlabs.com and all other websites, mobile sites, services, applications, mobile applications, platforms, and other tools where these terms appear or are otherwise referenced (collectively the “Website”) and the features and functionality thereof (the “Service(s)”), the purposes for which we use the information, and the circumstances in which we may share such information.
When you visit the Website, we collect certain personal information about you. As used in this Privacy Policy, “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household.
COLLECTION OF PERSONAL INFORMATION
The categories below describe the personal information we collect about you and the sources from which we collect those categories of personal information.
USE OF PERSONAL INFORMATION
We may use your information for the following purposes:
• Sending you communications and administrative emails;
• Personalizing and tailoring the features, performance and support of the Website;
• Identifying you as a user on the Website;
• For the performance of a contract between you and us;
• Sending you promotional/marketing information, advertising, newsletters, offers or other information from us;
• Sending you promotional/marketing information, advertising, offers or other information from us related to our affiliate partners;
• Providing support related to your account or your use of or activity on the Website;
• Better understanding your interests and preferences to provide you with opportunities and functionality that we think would be of particular interest;
• Analyzing, benchmarking and conducting research on user data and interactions with the Website;
• Processing services, maintaining user accounts, resolving disputes, preventing fraud and verifying your identity;
• Monitoring, maintaining, administering and improving Website performance;
• Protecting your, our, or third parties’ networks, systems, property, or physical safety;
• Complying with requests from regulatory agencies, law enforcement, and other public and government authorities, as well as with relevant industry standards and policies;
• Enforcing our contracts, terms, and conditions or otherwise exercising our legal rights; defending ourselves from claims; and complying with laws and regulations that apply to us or third parties with whom we work;
• Aggregating the information collected via cookies and similar technologies to use in statistical analysis to help us track trends and analyze patterns, and conduct research and product development;
• Participating in any merger, acquisition, or other corporate transaction;
• Meeting our or third parties' audit and compliance requirements; or
• For any other purposes that we may specifically disclose at the time you provide or we collect your information.
Anonymized or Aggregated Information
We may also use data that we collect on an aggregate or anonymous basis (such that it does not identify any individual users) for various business purposes, where permissible under applicable laws and regulations.
How Long Your Personal Information Will Be Kept
We will keep your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we will keep your personal information for as long as is necessary:
• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
SHARING OF PERSONAL INFORMATION WITH OTHER ENTITIES
We may share personal information about you with other entities, including entities that provide services to us. We do not disclose your personal information collected through the Website to other entities, except as described in this Privacy Policy.
Applicable law requires that we identify the categories of personal information we share for business purposes. We disclose the following categories of personal information for business purposes: Personal identifiers, device and online identifiers, log information, information about your internet, browser, mobile devices, network activity, and location data.
We may share your information with the following types of entities or in the following situations:
Service providers: We engage service providers to facilitate our operation of the Website and provide the Services. These service providers analyze information about the Website and your use of the Website. Information disclosed for these purposes may include device and online identifiers, ISP information, session ID and /or session log data, information about your internet, browser, and network activity, and location data.
Legal authorities, emergency responders, and other legal requirements: We may disclose personal information to third parties as permitted by, or to comply with, applicable laws, regulations, or legal obligations, including but not limited to responding to a subpoena or similar legal process, protecting against fraud, cooperating with law enforcement or regulatory authorities, protecting and defending the rights or property of Blue Onion, preventing or investigating possible wrongdoing in connection with the Website/Services, protecting the personal safety of users of the service or the public, and protecting against legal liability. Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.
For Business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.
With other users: when you share personal information or otherwise interact in the public areas of the Website with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through, e.g., a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures, and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you, and view your profile.
Cookies and Other Tracking Technologies
We, our affiliates and/or other persons acting on our or their behalf use cookies and similar technology, such as web beacons (also known as clear GIFs or pixel tags), or similar technologies as they may develop over time to collect, use, and share information when you visit our online services or interact with us online, via email or through other electronic means.
Cookies are small pieces of data sent from a website and stored on a device. Cookies may enable us to capture and compile statistical information about how you use our online services, including information relating to your device’s IP address, the frequency of your visits, readership data (such as the average length of visits, which pages are viewed or shared during a visit or other interactions with our content, such as time spent viewing videos, PDFs read and links clicked), authentication information, acceptance or rejection of website terms, and periods of inactivity. To learn more about cookies, including information on what cookies have been set on your device and how cookies can be managed and deleted, visit https://www.allaboutcookies.org/
Our online services also use web beacons. Web beacons are invisible tags and may be placed on a webpage, in advertisements, or in an email or other message. They usually work in conjunction with cookies, registering when a particular device visits a particular page. For example, web beacons may count the number of individuals who visit our Website from a particular advertisement or who enroll in a service after viewing a particular advertisement.
“Clickstream” data (e.g., information regarding which of our Website pages you access, the frequency of such access, and your product and service preferences) may be collected by Blue Onion itself, or by our service providers, using cookies, web beacons, page tags, or similar tools that are set when you visit the Website or when you view an advertisement we may have placed on another website. Clickstream data and similar information may be shared internally within Blue Onion and used for administrative purposes to assess the usage, value, and performance of our online products and services; to improve your experience with the Website; and as otherwise permitted by applicable law or regulation. This information may be processed by us for the purposes described above, or on our behalf by other entities, solely in accordance with our instructions.
How We Use These Technologies
We, our service providers, and third-party business partners may use information collected from cookies, web beacons, and similar technologies for the following purposes:
to allow our online services to operate as you have requested;
to understand how our online services are accessed and used;
to recognize you when you return to our Website;
to assess the effectiveness of advertising and readership content;
to deliver marketing communications that may be of interest to you, including ads or offers tailored to you; and
for other purposes described above under “USE OF PERSONAL INFORMATION.”
We may combine the information that we collect through cookies, web beacons, and similar technologies with other personal information we have collected from you from both online and offline sources.
We may work with service providers to promote our products and services both on the Website and other websites. For example, if you visit a page on the Website or third-party websites that provides information about one of our products or services, a cookie may be placed on your browser or device that identifies the product or service you viewed. This information allows us, our service providers, and our third-party business partners to deliver more relevant and tailored content, such as ads for that particular product or service.
Other than service providers, we do not allow unaffiliated third parties to collect personal information about your activities on the Website. Nor do we serve ads promoting unaffiliated third-party products or services on the Website.
Managing Your Preferences
Many web browsers allow you to manage your preferences. You can set your browser to refuse cookies or delete certain cookies. Unless you have adjusted your browser setting so that it will reject cookies, our system may issue cookies when you access or use our online services. In the event you refuse to accept cookies by adjusting your browser setting, some or all areas of our online services may not function properly or may not be accessible.
You can also opt out of online targeted advertising by companies participating in the Digital Advertising Alliance by visiting https://www.aboutads.info/choices.
Do Not Track Policy
Most browsers can be set to send signals to third-party websites requesting them not to track the user’s activities. At this time, we do not respond to “do not track” signals. Consequently, our third-party service providers may indeed track and collect information about your online activities over time while navigating to, from, and on our online services, notwithstanding any “do not track” signals we may receive.
Our Security Procedures
Our goal is to protect your personal information submitted to us through our online services. We maintain reasonable physical, electronic, and procedural safeguards that comply with applicable law to guard nonpublic personal information about you against loss, misuse or unauthorized access, disclosure, alteration or destruction of the information you have provided to us through our online services. We have internal policies governing the proper handling of consumer information by personnel and requiring third parties that provide support or marketing services on our behalf to adhere to appropriate security standards with respect to such information. The security of your personal information is important to us, but please note that no method of transmission over the Internet, or method of electronic storage is perfectly secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Links to Other Websites
This Privacy Policy only applies to the use and disclosure of information we collect through our online services. Our online services may contain links to other websites belonging to third parties that are not affiliated with us. The inclusion of any link on our Website or otherwise in our online services does not imply our endorsement of the linked website or service. While we try to link only to websites that meet our standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites, or links posted on our online services. Information you disclose to other parties or through such sites is subject to the privacy and security practices and policies of those parties or websites. We disclaim all liability, to the extent permissible, with regard to your access to such linked websites. Access to any other websites is at your own discretion and we encourage you to read the privacy statements of each and every website or online services visited in order to learn how such third parties may treat your information.
Detailed Information on the Processing of Your Personal Information
Our third-party service providers have access to your personal information only to perform their tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Website
We use Google Cloud Platform to power our Website, you can read more about how Google uses your Personal Information here: https://policies.google.com/privacy.
We also use Salesforce Heroku to power our Website, you can read more about how Heroku uses your Personal Information here: https://www.salesforce.com/company/privacy/.
We also use Webflow to power our Website, you can read more about how Webflow uses your Personal Information here: https://webflow.com/legal/privacy.
We also use Medium to power our Website, you can read more about how Medium uses your Personal Information here: https://policy.medium.com/medium-privacy-policy-f03bf92035c9.
We use Google Analytics to help us understand how our customers use our Website and to optimize the service and user experience. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page, as amended from time to time, at https://policies.google.com/privacy?hl=en. We also encourage you to review Google's policy for safeguarding your data, amended from time to time, at https://support.google.com/analytics/answer/6004245. You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use PostHog to help us understand how our customers use our Website and to optimize the service and user experience. For more information on the privacy practices of service provider, please visit its policy at https://posthog.com/privacy.
We use FullStory to help us understand how our customers use our Website and to optimize the service and user experience. For more information on the privacy practices of service provider, please visit its policy at https://www.fullstory.com/legal/privacy-policy.
We use Sentry as an open-source error-tracking solution provided by Functional Software Inc. Your use of the Website may be subject to additional terms and services, which you should review.
We use YouTube to host and serve content on our Website. You can read more about how YouTube uses your Personal Information here: https://policies.google.com/privacy?hl=en-US
Partnership Platform
We may use third-party partnership ecosystem platform tool suppliers to manage our partnership relationships with service providers. Third-party services that we use for this may use Crossbeam or Partner Stack. For more information about these services and their privacy policies, please visit their websites:
Crossbeam: https://www.crossbeam.com/legal/privacy-policy/
Partner Stack: https://partnerstack.com/policies#privacy-policy
Email Marketing
We may use third-party email marketing service providers to manage and send emails to you. We may use your personal information to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. Third-party services that we used or may use in the future include:
Intuit MailChimp: For more information about these services and their privacy policies, please visit their website. (https://www.intuit.com/privacy/statement/)
Twilio Send Grid: For more information about these services and their privacy policies, please visit their websites. (https://www.twilio.com/legal/privacy)
HubSpot: For more information about these services and their privacy policies, please visit their websites. (https://legal.hubspot.com/privacy-policy)
Postmark: For more information about these services and their privacy policies, please visit their websites. (https://postmarkapp.com/privacy-policy)
Payments
We may use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information. For more information about these services and their privacy policies, please visit their websites:
Stripe: https://stripe.com/privacy
Behavioral Advertising
As described above, we use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We may use the following providers for such advertising and you can learn more about these providers’ privacy policies or opt out of targeted advertising from these providers by using the links below:
Meta:
https://www.facebook.com/privacy/policy
https://www.facebook.com/settings/?tab=ads
Google:
https://policies.google.com/privacy?hl=enUS
https://www.google.com/settings/ads/anonymous
LinkedIn:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/mypreferences/d/categories/privacy
https://www.linkedin.com/mypreferences/d/categories/ads
Twitter (X):
https://twitter.com/en/privacy
https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads
Tik Tok:
https://www.tiktok.com/legal/privacy-policy-us?lang=en
https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt out portal at: http://optout.aboutads.info/.
PROTECTING CHILDREN’S PRIVACY ONLINE
Our online services are not directed to or intended for individuals under 18 years of age.
CALIFORNIA RESIDENTS
California residents should be aware that this section does not apply to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), and its implementing regulations, the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994; or other information subject to a California Consumer Privacy Act (CCPA) exception.
Your Rights under the CCPA
Under this Privacy Policy, and by law if you are a resident of California, you may have the following rights:
The right to notice. You must be properly notified which categories of personal information are being collected and the purposes for which the personal information is being used.
The right to access / the right to request. The CCPA permits you to request and obtain from us information regarding the disclosure of your personal information that has been collected in the past 12 months by us or its subsidiaries to a third party for the third party's direct marketing purposes.
The right to say no to the sale of personal information. You also have the right to ask us not to sell your personal information to third parties.
The right to know about your personal information. You have the right to request and obtain from the Company information regarding the disclosure of the following:
• The categories of personal information collected
• The sources from which the personal information was collected
• The business or commercial purpose for collecting or selling the personal information
• Categories of third parties with whom we share personal information
• The specific pieces of personal information we collected about you
The right to delete personal information. You also have the right to request the deletion of your personal information that have been collected in the past 12 months.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer rights, including by:
• Denying goods or services to you
• Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
• Providing a different level or quality of goods or services to you
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your CCPA Data Protection Rights
In order to exercise any of your rights under the CCPA, and if you are a California resident, you can email us at privacy@blueonionlabs.com.
California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third-party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized agent to exercise certain of the rights listed above on your behalf by providing the authorized agent with power of attorney pursuant to the California Probate Code. If an authorized agent submits a request on your behalf, we will contact you to verify that they represent you.
Blue Onion will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.
Do Not Sell My Personal Information
We do not sell personal information. However, the third-party service providers we partner with (for example, our advertising partners) may use technology on the Website that "sells" personal information as defined by the CCPA law. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the Do Not Sell My Personal Information link on our Website or by emailing us at privacy@blueonionlabs.com.
Website
You can opt out of receiving ads that are personalized as served by our service providers by emailing us at privacy@blueonionlabs.com. Please note that any opt out is specific to the browser you use. You may need to opt out on every browser on every device that you use.
Mobile Devices
Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
• "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices
• "Limit Ad Tracking" on iOS devices
You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.
"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)
Our Website does not respond to Do Not Track signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track signals by visiting the preferences or settings page of Your web browser.
Your California Privacy Rights (California's Shine the Light law)
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their personal information with third parties for the third parties' direct marketing purposes. If you'd like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us by email at privacy@blueonionlabs.com.
COLORADO RESIDENTS
Colorado law gives Colorado consumers the right to (i) access, correct, delete, or obtain a copy of their personal information in a portable format, and (ii) to request that a company not sell their personal information. If you are a Colorado consumer and wish to exercise these rights, please submit your request by emailing us at privacy@blueonionlabs.com.
NEVADA RESIDENTS
Nevada law gives Nevada consumers the right to request that a company not sell their personal information. If you are a Nevada consumer and wish to exercise these rights, please submit your request by emailing us at privacy@blueonionlabs.com.
VIRGINIA RESIDENTS
Virginia law gives Virginia consumers the right to (i) access, correct, delete, or obtain a copy of their personal information in a portable format, (ii) to request that a company not sell their personal information, (iii) to opt out of the processing of their personal information for any targeted advertising, and (iv) not be discriminated against for exercising any of the data privacy rights granted. If you are a Virginia consumer and wish to exercise these rights, please submit your request by emailing us at privacy@blueonionlabs.com.
INTERNATIONAL USERS
Our online services are United States-based and are controlled, operated and administered by Blue Onion from its offices within the United States of America, and are made available to you on an unsolicited basis, without any marketing or promotion regarding these online services to you from Blue Onion or its personnel. This Privacy Policy is provided in accordance with and subject to applicable U.S. law. If you decide to continue to access our online services from your location outside the United States, you hereby agree that your use of those services is subject to this Privacy Policy and your personal information will be transferred to or processed within the United States.
GDPR Privacy
Legal Basis for Processing Personal Information under GDPR
We may process personal information under the following conditions:
• Consent - you have given your consent for processing personal information for one or more specific purposes.
• Performance of a contract - provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
• Legal obligations - processing personal information is necessary for compliance with a legal obligation to which we are subject.
• Vital interests - processing personal information is necessary in order to protect your vital interests or of another natural person.
• Public interests - processing personal information is related to a task that is carried out in the public interest or in the exercise of official authority vested in Blue Onion
• Legitimate interests: processing personal information is necessary for the purposes of the legitimate interests pursued by the Blue Onion
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of your personal information and to enable you to exercise your rights under the GDPR.
You have the right under this Privacy Policy, and by law if you are within the European Economic Area (“EEA”), to:
• Request access to your personal information. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us by email at privacy@blueonionlabs.com to assist you. This also enables you to receive a copy of the personal information we hold about you.
• Request correction of the personal information that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
• Object to processing of your personal information. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal information on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request erasure of Your personal information. You have the right to ask us to delete or remove personal information when there is no good reason for us to continue processing it.
• Request the transfer of Your personal information. We will provide to you, or to a third-party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please not that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw Your consent. You have the right to withdraw your consent on using your personal information. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Website.
Exercising of Your GDPR Data Protection Rights
You may exercise your rights of access, rectification, cancellation and opposition by contacting us by email at privacy@blueonionlabs.com. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, if You are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.
Contacting Our GDPR Data Protection Officer
We have designated a Data Protection Officer whom you have the right to contact with regard to all issues related to processing of your personal information and to the exercise of your rights under the GDPR. You may contact our Data Protection Officer by email at privacy@blueonionlabs.com.
EEA data subjects may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under the GDPR.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or supplement this Privacy Policy at any time. Therefore, we recommend that you review this Privacy Policy, updated and posted on this Website, regularly for changes. The effective date of this Privacy Policy, as stated above, indicates the last time this Privacy Policy was revised.
Your continued use of our online services after we have changed the Privacy Policy signifies your acceptance of the revised terms. This Privacy Policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information related to your use of the Website. Under certain circumstances (i.e., with respect to material changes to this Privacy Policy), we may also elect to notify you through additional means, such as by posting a notice on the Website or sending you an email. The revised Privacy Policy will be effective immediately upon posting to our Website.
OUR OTHER PRIVACY POLICIES OR NOTICES
This Privacy Policy provides a general statement of the ways in which Blue Onion protects your personal information when you access and use this Website. You may, however, in connection with specific products or services offered by Blue Onion, be provided with separate privacy policies or notices that describe the privacy practices associated with your use of those products or services.
CONTACT US
If you have any questions about this Privacy Policy, you can contact us:
By email: privacy@blueonionlabs.com
By mail:
Blue Onion Labs Inc.
ATTN: Privacy Compliance Officer
800 Third Avenue, Suite A #1592
New York, NY 10022