Blahbox Privacy Policy

Effective: Jan  10, 2019

This policy covers how we use your personal information. We take your privacy seriously and will take all measures to protect your personal information.

Any personal information received will only be used to fill your order. We will not sell or redistribute your information to anyone.

This privacy statement explains our collection, use, and disclosure of personal information. This privacy statement applies to Blahbox. References to our “products” in this statement include our websites, apps, software, and services. Our website is owned and operated by Blahbox, Inc.  with its office located at 651 North Broad Street Suite 206 Middletown, United States.

This statement applies to our products that display or reference this statement, but it does not apply to any products that display or reference a different privacy statement.

PERSONAL INFORMATION WE COLLECT

We collect and process personal information about you with your consent and/or as necessary to perform our contractual obligations, provide our services, meet our legal obligations, protect the security of our systems, or fulfill other legitimate interests.

Information you provide directly. If you are a customer or partner of Blahbox, we typically collect the personal information necessary to carry out our relationship with you, such as your name and contact information. We collect billing and payment information where appropriate, and retain only the last four digits of the credit card, as well as authorization or validation tokens. As a Blahbox customer, you may also choose to provide additional information about your own customers (“visitors”) using our API.

Information we collect automatically. When you visit our website, as further described in the Cookies and Similar Technologies section below, or when you use our products, some information is collected automatically. For example, our web servers automatically log your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the website you visited before our site, and your activity on our website. We also collect information about your visitors necessary to provide the Blahbox service, such as visitor IP address, user agent, current page information, and identifiers used by third party service providers such as Segment and Google. We may derive additional information about you and your visitors from the information provided, such as a location based on IP address.

Third-party sources. We also obtain information from third-party data sources. Additionally, we may obtain data from other sources such as:

• Data brokers from which we purchase demographic data to supplement the data we collect;
• Applications and services, such as social networks, that make users’ information available to others;
• Service providers that help us determine your device’s location based on its IP address to customize certain products to your location;
• Partners with which we offer co-branded services or engage in joint marketing activities; and
• Publicly-available sources, such as open government databases or other data in the public domain.

We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data.

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to enter into a contract or for certain services or features to function correctly, you will not be able to take full advantage of our offerings.

COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to operate our websites and online services and to help collect data. Cookies are small text files placed on your device to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.

We use cookies to store your preferences and settings, enable you to sign-in, combat fraud, analyze how our products perform, and fulfill other legitimate purposes.

Our web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those websites, and gather usage and performance data. We also include web beacons in our email messages or newsletters to determine whether you open and act on them.

Our websites may include web beacons and cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. In other cases, it is because our web pages contain content or ads from third parties, such as videos, news content, or ads delivered by other ad networks. Because your browser connects to those third parties’ web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services.

The third-party analytics providers we use include: Google Analytics (https://support.google.com/analytics/answer/6004245?hl=en), Amplitude.com (https://amplitude.com/privacy), and Customer.io (https://customer.io/gdpr.html). Many third-party analytics providers allow you to opt-out from their collection or use. For more information, click on the links above.

You can also use browser controls to limit how the websites you visit are able to use cookies. Instructions for blocking or deleting cookies may be available in each browser’s privacy or help documentation. Please be aware that if you choose to block cookies, certain website features that depend on cookies may no longer function. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.

OUR USE OF PERSONAL INFORMATION

We use personal information collected through our products for purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal information to:

• login to our dashboard and configure Blahbox, update billing, add users or run reports;
• provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products;
• operate our business, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity;
• understand you and your preferences to enhance your experience and enjoyment using our Services;
• provide customer support and respond to your questions;
• send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
• communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other about our products and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications); and
• display advertising to you (see the Cookies section of this privacy statement for information about your advertising choices)

In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent and personalized experience.

OUR SHARING OF PERSONAL INFORMATION

We share personal information with your consent or as necessary to complete your transactions or provide the products you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.

In addition, we also share personal information with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal information to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal information they receive from us for any other purpose. We may also disclose personal information as part of a corporate transaction such as a merger, transfer, divestiture, or sale of all or a portion of our business or assets.

Finally, we will access, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary to:

• comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
• protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
• operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
• protect our rights or property, including enforcing the terms governing the use of the products.

CHOICE AND CONTROL OF PERSONAL INFORMATION

Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal information about you that we hold, contact us at privacy@Blahbox.com. However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates. If you are a visitor to the website or service of a Blahbox customer, you should first contact them to request access to, or correction or deletion of, any such personal information.

Communications preferences. You can choose whether you wish to receive promotional communications from us by email, physical mail, and telephone. If you receive promotional email, in-app messages, chat messages  from us and would like to stop, you can do so by following the directions in that message. These choices do not apply to mandatory service communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.

Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. See the Cookies section of this privacy statement for more details.

Advertising and analytics. Our third-party analytics and advertising partners typically provide options to opt-out of certain information collection or use. See the Cookies section of this privacy statement for more details.

Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.

EUROPEAN DATA PROTECTION RIGHTS

If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data:

• You can request access to, and rectification or erasure of, personal information;
• If any automated processing of personal information is based on your consent or a contract with you, you have a right to transfer or receive a copy of your personal information in a usable and portable format;
• If the processing of personal information is based on your consent, you can withdraw consent at any time for future processing;
• You can to object to, or obtain a restriction of, the processing of personal information under certain circumstances; and
• For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests, contact us at privacy@Blahbox.com or review https://blahbox.net/legal/eu-privacy-summary/ for more details on contact options. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

RETENTION OF PERSONAL INFORMATION

We retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, to meet our legal compliance obligations, we maintain minimal account information for 7 years. This includes the email of the user who signed up for Blahbox, and the billing information including invoices at our payment processor. For all other data we delete as soon as practicable. For example, we purge all web access logs in no more than 90 days, including records of visitors who did not start a chat conversation.

LOCATION OF PERSONAL INFORMATION

The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States of America. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.

We transfer personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

If you are a European individual and have a question or complaint related to our handling of your personal data please contact us as indicated at the bottom of this privacy statement.

FOR EU AND SWISS DATA THAT IS TRANSFERRED INTO THE UNITED STATES

We also comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks with respect to the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles, and we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal information on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage. Our controlled U.S. subsidiaries, as identified in our self-certification submission, also adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

Blahbox complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

We acknowledge the right of EU and Swiss individuals to access their personal data under the Privacy Shield. For more information on how to gain access of your data please refer to the section above headed,

CONTROL OF PERSONAL INFORMATION.

Note that we may be required to share personal data of EU and/or Swiss individuals in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

If you have a question or complaint related to our participation in the EU-U.S. or Swiss-U.S. Privacy Shield please contact us as indicated at the bottom of this privacy statement. For any complaints related to the Privacy Shield frameworks that cannot be resolved with us directly, you may refer the unresolved matter to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/for more information and to file a complaint. The services of Council of Better Business Bureaus are provided at no cost to you. Finally as a last resort and under limited circumstances, a binding arbitration option is available before a Privacy Shield Panel for those EU and/or Swiss individuals with residual complaints.

SECURITY OF PERSONAL INFORMATION

We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction. All traffic and data is encrypted in transit and we leverage IBM Cloud for hosting Blahbox infrastructure. Access to internal systems are tightly controlled and only those people that require access are given access. Services only expose the ports that are necessary. We monitor logs for abuse and misuse. All backups are encrypted and purged after a short amount of time.

CHANGES TO THIS PRIVACY STATEMENT

We will update this privacy statement when necessary to reflect changes in our products, how we use personal information, or the applicable law. When we post changes to the statement, we will change the “Last Updated” date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.

HOW TO CONTACT US

If you have a privacy concern, complaint, or a question for Blahbox or our data protection officer, please contact us at privacy@blahbox.net.