GDPR PRIVACY NOTICE
Last updated: June 13, 2018
Bulletproof 360, Inc. (“Bulletproof” “we”, “us” or “our”), values your privacy. In this Privacy Notice (“Notice”), we describe the personal data that we collect from and about you on our websites, including Bulletproof.com, blog.bulletproof.com, and our other sites on which we post this Notice (collectively, the “Website”) whenever the processing of that personal data is governed by the GDPR. For the purposes of this Notice, personal data means any information relating to an identified or identifiable person. Bulletproof is the controller of any personal data collected from you on our website or elsewhere for the purpose of conducting or developing our business with you.
We collect personal data from you when you visit our Website and from third party sources, such as social networks. Principally we collect and process your personal data to provide you products and services that you request. We also collect and process your personal data in order to send you marketing communications. In some cases, we will use your personal data together with information (including personal data) collected from your device and from third parties in order to predict the products and services that most interest you. All of your personal information will be transferred and processed in the U.S., where we are located. In all cases, you have certain rights to control your personal data; you can read more about those rights by clicking here.
Collection of Information
We collect personal data and other information directly from you and about you when you visit our Website, use the services on our Website, or otherwise contact us.
Personal Data We Collect Directly From You: We collect personal data directly from you for instance when you:
- Sign up for an account with us;
- request information from us (including subscriptions and downloads);
- subscribe to our newsletters;
- purchase a product from us;
- participate in our forums, blogs, or similar community platforms;
- use social media embedded on our Website or otherwise interact with our Website.
The type of information that we collect from you depends on your particular interaction with our Website, and will include: your e-mail address, name, marital status, home or work address or telephone number. If you email us (or contact us otherwise), we may retain a record of such email (or other) communication (including attachments), including your email address, name, content of your email and our response. If you make a purchase from us, we also will collect your payment information (e.g., credit card information, billing name and address) in order to process the transaction. You also may choose to provide us with demographic information, such as your ZIP code, gender, preferences, interests and favorites.
Personal data requested on a form is required in order to fulfill your request or perform our contractual obligations to you. If you do not provide such personal data, we will be unable to respond to your request or perform our obligations to you.
Information We Collect Automatically: We, and our third party service providers, also automatically collect and record personal data and information about your use of our Website through cookies, web beacons, and other tracking technologies, including: your:
- IP address;
- browser type;
- domain names;
- access date and times;
- purchase history;
- operating system;
- referring website addresses;
- information from third parties.
We use this information primarily to maintain quality of the service, and to understand how you use our Website. We also may use this information to generate general statistics regarding use of this Website. We may combine this information with other information that we collect about you. We also collect information when you view content on or otherwise interact with our Website, even if you have not created an account. For more detailed information about the various tracking technologies we use and how they work, please see below.
Information We Collect from Social Networking Sites and other Third Parties: If you choose to log into our services through Facebook Connect, we will request your permission to collect from Facebook the following information about you: your e-mail address, name, profile picture, cover photo, friends, gender, networks (e.g., school), age range, language, country, and other information that you have chosen to make public. Please note that where you chose to provide social networks with your personal data and information, these third party social networks, not we, control how they use and share your information. We may append this information to other information that we collect about you. If you “like” us on Facebook, we also may collect your email address. If you want to disconnect social media links, please contact us as indicated in Contact. You should consult the networks’ respective privacy policies for information about their practices.
User Generated Content
We invite you to participate in our forums. If you choose to post a comment, your user name, city, and any other information that you choose to post will be visible to all visitors to the Website. We are not responsible for the privacy of any information that you choose to post to our Website, including in our blogs and forums, or for the accuracy of any information contained in those postings. Any information that you disclose becomes public information. We cannot prevent such information from being used in a manner that may violate this Notice, the law or your personal privacy. You may contact us at any time at firstname.lastname@example.org if you wish to remove or rectify the information you provided.
Cookies and Other Tracking Technologies
- Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged in to the Website. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Website.
- Persistent cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about visitor activity, which may be combined with other visitor information.
- Web beacons/clear GIFs. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, which are embedded invisibly on web pages. We or our service providers may use clear GIFs (also known as web beacons, web bugs or pixel tags), in connection with our Website to track the activities of visitors to our Website, help us manage content, and compile statistics about usage of our Website. We or our service providers may also use clear GIFs in HTML emails to our visitors, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
- Flash LSO. We may also use Flash Local Storage Objects (“Flash LSOs”) to store your website preferences and to personalize your visit. Flash LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable the acceptance of Flash LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.
Do Not Track
Our Site does not respond to Do Not Track signals and we (either directly or through third party service providers) may track your activities once you leave our Website. You may however disable certain tracking as discussed in this Notice (e.g., by disabling cookies).
You may opt-out of many third-party ad networks. The website www.youronlinechoices.eu provides information about how to turn off certain ads served by participating companies in the European Interactive Digital Advertising Alliance (“EDAA”). The website http://www.networkadvertising.org/optout_nonppii.asp provides information regarding this practice by Network Advertising Initiative (“NAI”) members, and your choices regarding having this information used by these companies, including how to “opt-out” of third-party ad networks operated by NAI members. You also may contact Direct Advertising Alliance (“DAA”) at http://www.aboutads.info/choices/ for information about opting out of targeted advertising and your choices regarding having information used by DAA member companies, including how to “opt-out” of third-party ad networks operated by DAA members. Opting out of one or more members or participating companies (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you, but it does not mean you will no longer receive any targeted content or ads on our Website or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your opt-out may no longer be effective. Additional information is available at the above links.
Our Website may contain links to third-party websites. Any access to and use of such linked third-party websites is not governed by this Notice but instead is governed by the privacy policies of those third-party websites.
We encourage you to review the privacy statements of websites you choose to link to from this Website so that you can understand how those other websites collect, use and share your information. We are not responsible for the privacy statements or other content on websites other than this Website.
Reasons and Lawful Grounds for Use of Your Personal Data
Whenever we process your personal data, it is justified by a ‘lawful ground’. The lawful grounds and reasons why we process Personal Data are as follows:
Lawful ground - To perform a contract with you or take pre-contractual steps at your request:
- to provide our services to you;
- for order fulfillment purposes;
- to communicate with you, including via email, about your use of our services or administrative information, such as notifying you about changes in our terms or notice;
- to respond to your inquires and for other customer service purposes;
- to carry out our obligations and enforce our rights arising from contracts entered into between you and Bulletproof, including for billing and payment collection.
Lawful ground – Our legitimate interests:
- to provide you with news and newsletters, special offers, and marketing promotions, including via email;
- to contact you about products or information we think may interest you, and for other marketing, advertising, and promotional purposes;
- to serve you with personalized and tailored content on our Website;
- to display interest-based advertising to you, to improve our advertising and measurement systems so we can show you relevant ads, and to measure the effectiveness and reach of ads and services;
- to engage with you if you log in through Facebook Connect or “like” us, by posting to your wall;
- to better understand how visitors access and use our Website and services, both on an aggregated and individualized basis; to respond to visitor desires and preferences; to track the success of our communications and marketing; and for other research and analytical purposes;
- to protect our employees, property and operations or those of any of our affiliates;
- to protect our rights and interests, and/or that of our affiliates, and the rights and interests of other visitors to our Website, as well as to enforce our Terms of Service;
- to pursue available remedies or limit the damages that we may sustain;
- to keep business records (such as tax and accounting);
- to comply with applicable US legal obligations;
- to respond to requests from US government authorities;
- to protect privacy, safety or property.
When the lawful ground is our legitimate interests, those interests are to process Website visitor data to conduct, develop and grow our business activities with customers, visitors and with others, and to improve our services and profitability, while limiting the use of personal data to those purposes that strictly support the conduct and development of our business as described in this Notice.
Lawful ground – When we are required to comply with an EU law:
- to keep business records;
- to respond to requests from public and government authorities;
- to protect privacy, safety or property.
We may share your information, including your personal data, with the following entities and in the following situations:
- Affiliates. With our parent company, affiliates, or subsidiaries for research and marketing, including marketing our product as well as their own products and services, and other purposes consistent with this Notice.
- Partners. From time to time, we may offer promotions with other entities, and we may share your contact information with the other entity for the purpose of the joint promotion, with your consent where required.
- Service Providers. With companies that provide services to help us with our business activities such as shipping your order or offering customer service, performing Website analytics, assisting us with marketing and advertising, and evaluating the success of our marketing/advertising campaigns. For example, we may share information (such as the number of daily visitors to a particular web page, or the size of an order placed on a certain date) with advertising partners and other third parties to assist us in determining relevant advertising.
- Unaffiliated Third Parties. We also may share your information with non-affiliated third parties, including for their own marketing purposes, with your consent where required .
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the acquiring company.
- In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order or other legal process, such as in response to a subpoena.
- To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Service.
- Aggregate and Anonymized Information. We may share aggregate or anonymized information about visitors with third parties for marketing, advertising, research or similar purposes. For example, if we display advertisements on behalf of a third party, we may share aggregate demographic information with that third party about the visitors to whom we displayed the advertisements.
Transfers of Personal Data
We are located in the US, and your personal data will be transferred to the US in order to perform the terms of our agreement with you. The US does not benefit from a decision of the European Commission finding that it provides adequate protection to personal data, so we have unilaterally adopted European Commission approved Standard Contractual Clauses (2004 version) and we will abide by both the data exporter and data obligations set forth in those Clauses. When your personal data is transferred to our third party service providers in the US, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. You have a right to obtain details of the safeguards applied to your personal data when transferred to the US, including a copy of the Standard Contractual Clauses that we have adopted, by contacting: email@example.com.
- Right to Withdraw Consent - where we rely upon consent as the lawful ground for our processing, you have the right to withdraw your consent at any time. For example, if you wish to opt-out of receiving electronic marketing communications, you can change your settings in your account on the website, use the 'unsubscribe' link provided in our emails or otherwise contact us directly and we will stop sending you such communications.
- Right of Access, Rectification and Erasure - you have the right to request access to and obtain a copy of any of your personal data that we may hold, to request that we rectify any inaccurate data relating to you and to request the deletion of your personal data under certain circumstances. You can see and update most of this data yourself by accessing your account online, or also by contacting us directly at firstname.lastname@example.org.
- Data Portability - where we are relying as the lawful ground for processing upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal data is processed by automated means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to Restriction of Processing - you have the right to restrict our processing of your personal data (that is, allow only its storage) where:
- you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the personal data;
- where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defense of legal claims; or
- where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.
Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
- Right to Lodge a Complaint - you also have the right to lodge a complaint with your supervisory authority should you consider that the processing of your personal data infringes applicable data protection law.
Please contact us at email@example.com if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal data.
Please note that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal data.
We have taken certain steps to help protect the information we collect about you from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
We encourage you to take steps to protect your information against unauthorized access to your account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Our Website is not designed for children under eighteen (18) years of age and we do not knowingly collect their personal data. If we discover that a child under eighteen (18) has provided us with personal data, we will delete such information from our systems. If you are under the age of 18 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify Bulletproof, and we will delete all such personal data.
If you have any questions about security on this Website or wish to exercise your data subject rights, you can contact us at any time, free of charge at firstname.lastname@example.org.
Notice of Privacy Statement Changes
We may update this Notice to reflect changes to our privacy practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or post the updated Notice prominently on this Website. We encourage you to periodically review this page for the latest information on our privacy practices.