Privacy Policy

Last Updated: July 3, 2018

The Scope of this Privacy Policy

This Privacy Policy (or the “Policy”) describes the policies that govern how BlueLabs Analytics, Inc. (“BlueLabs”) collects, uses, shares, and processes personal information.

Personal information that is collected from residents of certain countries is subject to additional or differing legal requirements. Information received from residents of British Columbia is governed not by the general terms of this Privacy Policy but by the "BC Privacy Policy" found below and incorporated herein.

Our Privacy Policy applies to personal information about identified individuals. It does not cover information that is aggregated, anonymous, or does not otherwise identify individuals.

The personal information that BlueLabs processes comes from our clients, from various public or private sources, or is collected by us from individuals directly. We apply our data science methods to the data sets that we have obtained from various sources, in order to build analytic models to predict political, civic, and other behavior, and to provide strategic guidance, aggregate information, and predictive models to our clients. In addition to our Privacy Policy, personal information that we obtain from our clients or from public or private sources is subject to the privacy policies of the entity that shared the information with us or that released or licensed the information to us, as applicable.

Our clients’ information is the sole property of our clients, and the rights we have with respect to our clients’ information are the rights that they grant to us. We use and share personal information that our clients share with us in the manner requested or authorized by our clients and consistent with the restrictions placed on that information by our clients.

We use and share personal information that we obtain from public sources in a manner that is consistent with the restrictions placed on that information by the entity that released it. We use and share personal information that we license from private sources in a manner that is consistent with the restrictions placed on that information by the entity that licensed it to us.

How We Use Information

Data science involves the use of complex analysis across large data sets to identify correlations and insights in the data. While we may help our clients identify desired audiences, the messages they convey to these audiences are their responsibility; our clients don’t speak for us and we don’t speak for our clients.

When we use personal information for our own purposes, we do so to improve our data science practices and our business; to maintain the accuracy of our information; to monitor and protect our business; to perform security screenings; to investigate, prevent, or take action relating to illegal activities or violations of our policies; and for other research, development, and analytical purposes.

We may use Non-Modeling Data in the following additional ways:
• to respond to inquiries;
• to contact individuals or, for example, to send them our newsletters or provide them with information about the Site or our services;
• to market our services;
• to track usage of the Site;
• to improve the Site;
• to help us better understand how users access and use the Site, and other administrative purposes;
• to display relevant advertising; or
• to comply with legal obligations.

Whenever we use any third-party owned data, we rely on that third party to tell us how their own privacy policies limit our use of personal information, consistent with our contracts with that third party. These third parties are responsible for determining the privacy and protection of their information, and any inquiries about the use of personal information by a third party should be directed to it.

Information We Collect About Individuals

Directly from a person: Information that we collect directly from individuals and then process using our data science methods (“Modeling Data”) includes information that they provide when they respond to surveys conducted by us or by our vendors on our behalf.

When we use personal information for our own purposes, we do so to improve our data science practices and our business; to maintain the accuracy of our information; to monitor and protect our business; to perform security screenings; to investigate, prevent, or take action relating to illegal activities or violations of our policies; and for other research, development, and analytical purposes.

We also may collect the following information directly from a person that we do not process using our data science methods (“Non-Modeling Data”): We may collect and store a person’s name and email address if they submit inquiries or comments to us or sign up to receive our newsletter. We may also store information that they provide through additional communications initiated by them, including phone calls, letters, emails and other electronic messages, or in other circumstances described in this Privacy Policy.

From third parties: This may include information about a person that we receive from our clients, obtain from public sources, or license from private sources. Examples of information we receive from our clients include information collected through a mobile application or other methods about a person’s visits, purchases, returns, deliveries, coupons, loyalty clubs, and so on. Examples of public sources of information include census information, voter registration records, real property records, court records, assessor information, tax rolls, telephone directories, and web directories and information.

We may combine information collected directly from a person and from third-party sources.

Automatically when a person visits our site or uses our services: We also may collect information that a person’s computer or mobile device provides in connection with their use of the BlueLabs.com website or BlueLabs’ other websites and mobile applications that link to or reference this Privacy Policy (collectively, the “Site”), such as browser type, type of computer or mobile device, browser language, IP address, mobile carrier, phone number, unique device identifier, requested and referring URLs, the content individuals view on our site or services, and the date and time of their access. Visitors may be able to disallow our use of certain location data through their device or browser settings. See the section below titled “Cookies and Tracking” for more information.

How We Share Personal Information

Our services provide individual-level data insights to our clients, and so our services directly involve sharing personal information and insights gained from personal information with our clients. To the extent that we transfer personal information to a client that we obtained from sources other than that client, we ensure that the client enters into appropriate contractual covenants with us to provide the same level of protection of personal information that we provide, and to agree to the same limits on use and sharing of personal information that apply to our own use and sharing of personal information.

We may rely on third-party service providers to provide technologies or services for us in connection with our data science services or a person’s use of the Site, such as administration of services, communications and hosting services, advertising and media purchase services, network security, technical and customer support, tracking and reporting functions, quality assurance testing, and other functions. We may share information from or about a person with these third-party service providers so that they can perform their services. These third-party service providers may share information with us that they obtain from or about a person in connection with providing their services.

We may also share personal information in responding to requests from law enforcement officials, government bodies or judicial authorities, in addressing matters of personal or public safety, national security, litigation, investigations (including data security incident investigations), and other legal matters where the information is pertinent. In the event of a sale, transfer, or reorganization of BlueLabs, or of some of our assets or lines of business, or in the context of related business negotiations, we may also share personal information with the relevant parties. We also use personal information for historical, statistical, and business planning purposes.

We may also remove personally identifying information to create anonymous information that we may share with any third parties.

Data Security

We follow generally accepted industry standards to protect personal information when it is stored or processed by BlueLabs. We have implemented security safeguards to protect personal information regardless of the format in which it is held, against loss or theft, unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. We use safeguards that are appropriate to the sensitivity of the information.

BlueLabs uses security measures to ensure that personal information is being appropriately protected including, by way of example, the following: 1. Physical measures such as locked filing cabinets, drawers and offices, and restricted access to offices;
2. Organizational measures such as limiting access on a “need to know” basis and requiring service providers to provide comparable security measures; and
3. Technological measures such as the use of fine-grained access control, strong passwords, encryption, and internet firewalls. When disposing of or anonymizing personal information, BlueLabs will use appropriate security measures to ensure that personal information is not inappropriately used.
When disposing of or anonymizing personal information, BlueLabs will use appropriate security measures to ensure that personal information is not inappropriately used.

BlueLabs will, on a regular basis, review and update security policies and controls as technology changes to ensure ongoing personal information security.

No method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect personal information, we cannot guarantee its absolute security.

Data Retention

We retain personal information that we collect for as long we need the information in connection with our data science services or in order to facilitate use of the Site, and for a reasonable time thereafter. We retain personal information that we receive from third parties for the period required by their terms of use. In some cases, individuals can request that we remove their personal information collected, as described in the section below titled “Choice and Control”.

Choice and Control

BlueLabs is committed to providing individuals with access to their personal information. If a person believes that BlueLabs may be processing information about them and wish to have access to that information, we can provide them with that information or at least an explanation of why we cannot do so in the particular context, such as when only our client or vendor has the right to provide such access, or if responding to the request would be unreasonably expensive. As described above, much of the personal information that we analyze belongs to third parties, and BlueLabs does not have the right to provide anyone with access to that personal information, except as allowed by the third-party owner. Depending on the privacy policies of the third party that owns the personal information, a person may be able to review, modify, or request the removal of personal information by contacting that third party.

If a person sends us a request to review, modify, or remove their personal information, and that information is owned by a third party, we will let them know the appropriate third party to whom they should direct their inquiry.

If a person sends BlueLabs a written request to review their personal information, and that information is owned by BlueLabs, we will generally make available their information for their review, so long as they provide sufficient detail to allow us to identify the personal information being sought and provide sufficient information in order for us to verify their identity before providing them with their personal information. If a person sends us a request to remove their personal information, and that information is owned by us, we will remove their information from our database, after verifying their identity. In addition, in the case of personal information owned by Blue Labs and collected by us or our vendors via telephone surveys, we comply with applicable legal requirements regarding appropriate use of information collected from persons registered with the National Do Not Call Registry.

Here are some other ways a person can control BlueLabs’ use of their personal information:

• Opt Out of Promotional Email Communications. A person may opt out of promotional emails, including newsletters, that they receive directly from us by clicking on the unsubscribe link in the email. Please note that we are unable to remove individuals from third party e-mail lists. If a person previously added their contact information to the mailing list of one of our clients or partners, including vendors who conduct surveys on our behalf, and later withdraw their permission, they will have to contact that third party (or use an opt-out link provided in an email communication from that third party) to request removal from their mailing list.
• Opt Out of Interest-Based Advertising. We may use third-party service providers, such as Google’s AdSense and AdWords, to help us provide advertisements that are tailored a person based on interests that they have expressed on our site or elsewhere (“Interest-Based Ads”). Any advertisements served by these third-party service providers and their affiliated companies may be controlled using cookies. These cookies allow these providers to display ads based on a person’s visits to this site. Any tracking done by these providers through cookies and other mechanisms is subject to their own privacy policies. Some browser settings allow individuals to limit or remove the Interest-Based Ads delivered to them.

Please note that even if a person opts out of receiving marketing communications from us, we may still send them communications about their account or any products or services they have purchased from us, and we will still respond to their inquiries and requests for information.

Cookies and Tracking

We and our service providers use cookies and other mechanisms to track information about use of our site and services. We or our service providers may combine this information with other information we collect about a person.

• Cookies. We or our service providers may use cookies to track visitor activity on our site and services. A cookie is a text file that a website transfers to a device for record-keeping purposes. We or our service providers may use cookies to track user activities on our site and services, such as the web pages they view and time they spend on those pages. The help section on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our site and users of our services who disable cookies may not be able to browse certain areas of the site or services.
• Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in functionality to cookies, which are embedded invisibly on web pages. We or our service providers may use clear GIFs (also known as web beacons, web bugs, pixel tags, or action tags, among other names), in connection with our site to perform functions like tracking the activities of visitors to our site, helping us manage content, and compiling statistics about usage of our site or services. We or our service providers may also use clear GIFs in emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
• Embedded Scripts. We use embedded scripts, which is code designed to collect information about how visitors interact with a website, such as the website which linked them to our site.
• • Third-Party Analytics. We use service providers, such as Google Analytics, to evaluate the use of our site and our services. We or our service providers use automated devices and applications to evaluate use of our site and services. We or our service providers use these tools to help us improve our site, services, performance, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or Flash locally shared objects, to perform their services.

Our Privacy Commitments to Employment Applicants

If a person submits an application for employment with BlueLabs, we collect information, including personal contact information, education and work history, as well as Social Security numbers in order to process and consider their application. We will not sell personal information from employment applications to unaffiliated third-parties for marketing purposes. The information on applications may be shared with background check services, our affiliates, and used for certain regulatory, compliance, security, and legal purposes. We may de-identify and anonymize personal information and use such anonymous information for internal purposes, such as to review our hiring practices and talent acquisition efforts.

Minors

We do not collect personal information from any person we know to be under the age of 13, and we will delete any personal information collected that we later know to be from a person under the age of 13. Our site and services are not targeted to children under 13 years of age. If you believe a child under the age of 13 has disclosed personal information to us, please contact us at info@bluelabs.com and specify the customer and information you believe to be from the child under 13.

Changes to This Privacy Policy

We may revise this Privacy Policy from time to time, and if so we will post the revised Privacy Policy on the Site. Be sure to check the effective date of the Privacy Policy.

Contacting Us About our Privacy Policy

Please let us know if you have any questions, concerns, disputes, or issues. We are always open to dialogue to resolve issues. If your concerns cannot be resolved, we can enter into appropriate third-party neutral dispute resolution. If you need to reach us about a privacy or data protection issue, please contact us at info@bluelabs.com.

Challenging Compliance: Questions and Complaints

At any time, individuals may seek information about BlueLabs’ privacy policies and practices by contacting BlueLabs’ Privacy Officer, Chris Wegrzyn, at info@bluelabs.com.

If you have a question or a complaint about BlueLabs’ privacy practices, you should direct that complaint, concern, or question in writing to the Privacy Officer designated under this Privacy Policy. BlueLabs has implemented an Inquiry/Complaint Handling Policy to receive and respond to your inquiry or concern or complaint about the policies and practices relating to the handling of your personal information.

If you provide a written complaint, concern or question to BlueLabs, BlueLabs will advise you of the complaint procedure. BlueLabs will also conduct a review into your concern or complaint. If BlueLabs concludes that a complaint is justified, BlueLabs will take appropriate measures which may include amending its policies and practices. BlueLabs will inform you of the outcome of its review regarding your question or complaint.

If you are not satisfied with the resolution proposed by BlueLabs, you will be advised as to the appropriate procedure to elevate your concern.

British Columbia Privacy Rights

Personal information that BlueLabs receives from residents of British Columbia, Canada, is subject to the provisions of British Columbia’s Personal Information Protection Act (“PIPA”), and may be subject to comparable provincial or federal privacy law in Canada. This section of our Privacy Policy (this “BC Privacy Policy”) describes additional privacy policies that govern how BlueLabs collects, uses, and discloses the personal information that is collected from residents of British Columbia.

As used in this BC Privacy Policy, “personal Information” means information about an identifiable individual, but does not include the name, position, name or title, business telephone number, business address, business e-mail or business fax number of the individual. It also does not include the work product information of the individual.

This BC Privacy Policy outlines the principles and practices BlueLabs will follow in order to protect personal information for residents of British Columbia. BlueLabs will ensure the accuracy, confidentiality and security of personal information, and will follow the legal requirements to allow individuals to request access to and correction of their personal information.

If you are not satisfied with the resolution proposed by BlueLabs, you will be advised as to the appropriate procedure to elevate your concern.

I. SCOPE
This BC Privacy Policy does not impose any limits on the collection, use or disclosure of personal information that:
• is covered by one of the exceptions in Sections 12, 15 and 18 of PIPA to collection, use and disclosure of personal information without consent;
• was collected prior to January 1, 2004, where the personal information is used and disclosed in order to fulfill the same reasonable purposes for which it was collected;

This BC Privacy Policy does not apply to personal information if the Freedom of Information and Protection of Privacy Act applies or the federal Access to Information and Privacy Act applies to the personal information.

II. DEFINITIONS
As used in this BC Privacy Policy, the following terms have the following meanings:

“Collection” means the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.

“Consent” means voluntary agreement to the collection, use, or disclosure of personal information for reasonable purposes, which are made known to the individual. Consent can be express or implied. Express consent can be oral or given in writing, but is always unequivocal. Implied consent is consent that can be reasonably inferred from the action or inaction of an individual.

“Disclosure” means making personal information available outside BlueLabs.

“Use” means the treatment, handling, management, and retention of personal information within BlueLabs.

“Personal information” means information about an identifiable individual, excluding the individual’s contact information or their work product information.

“Contact information” means information to enable an individual, at a place of business, to be contacted and includes the name, position, name, or title, business telephone number, business address, business e-mail, or business fax number of the individual.

“Work product information” means information prepared or collected by an individual or group of individuals as part of the individual’s or group’s responsibilities or activities related to the individual’s or group’s employment or business, but does not include personal information about an individual who did not prepare or collect the personal information.

III. ACCOUNTABILITY
BlueLabs is accountable for the protection of the personal information under its control and has designated as its Privacy Officer, Chris Wegrzyn.

IV. COLLECTING PERSONAL INFORMATION
Unless the purposes for collecting the personal information are obvious, and a person voluntarily provides their personal information for that obvious purpose, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection. BlueLabs’ work empowers organizations to make the most of their outreach resources through individual-level, data-driven targeting and optimization.
During the course of carrying out this work with political entities, BlueLabs may collect personal information. We will only collect this information by fair and lawful means and where it is necessary to, fulfill the following purposes:

• We will collect personal information by telephone survey for the purposes of building analytic models to predict political and civic behavior.

V. CONSENT
BlueLabs will obtain consent to collect, use, or disclose personal information except where as noted in this BC Privacy Policy, we are authorized or required to do so without consent.

Consent can be provided orally, in writing, or electronically, or it can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious to a reasonable person and a person voluntarily provides their personal information for that purpose.

Consent may also be implied where a person is given notice and a reasonable opportunity to opt out of their personal information being used or disclosed and they do not opt out.

Subject to the personal information being necessary to provide the service or product or where the withdrawal of consent would frustrate the performance of a legal obligation, a person can withhold or withdraw their consent from BlueLabs to use their personal information for particular purposes. If a person chooses to withdraw their consent to the collection, use, and disclosure of their personal information, BlueLabs will advise them of the consequences of the withdrawal.

VI. USING AND DISCLOSING PERSONAL INFORMATION
BlueLabs will only use or disclose personal information where it is necessary to fulfill the purposes for which it was collected, or for a purpose reasonably related to those purposes.

BlueLabs may disclose personal information where required or authorized by law, without consent.

To the extent that we enter into contracts or other arrangements with third parties, which involve the transfer of personal information, we will ensure that the third party enters into appropriate covenants with us to provide the same level of protection over personal information that BlueLabs provides.

In some cases, BlueLabs may seek consent for the use and disclosure of personal information after it has been collected, but before it is used or disclosed, for example, where BlueLabs wants to use personal information for a purpose not previously identified to that person.

BlueLabs does not, as a condition of supplying products or services, require individuals to consent to collection, use, or disclosure of personal information beyond what is necessary to provide the product or service.

BlueLabs does not attempt to obtain consent for collecting, using, or disclosing personal information by providing false or misleading information regarding the purposes for the collection, use, or disclosure of personal information or by using deceptive or misleading practices. BlueLabs will not sell, rent, or lease personal information to third parties unless we have obtained a person’s explicit consent to do so.

VII. RETAINING PERSONAL INFORMATION
If BlueLabs uses personal information to make a decision that directly affects a person, BlueLabs will retain that personal information for at least one year, so that they have a reasonable opportunity to request access to it.

Subject to the above, BlueLabs will retain personal information only as long as necessary to fulfill the identified purposes, or to fulfill a legal or business purpose.

VIII. ENSURING ACCURACY OF PERSONAL INFORMATION
BlueLabs will make reasonable efforts to ensure that personal information is accurate and complete if it will likely use it to make a decision that directly affects that person, or if BlueLabs is likely to disclose it to another organization.

BlueLabs will not routinely update personal information. To the extent that a person believes that the personal information they provided to BlueLabs may no longer be accurate or complete, they may advise BlueLabs to update its records. A request to update personal information must be made in writing, by phone or email, and provide sufficient detail to identify the personal information and the correction being sought. Requests to update or correct personal information should be forwarded to BlueLabs at info@bluelabs.com.

If a person successfully demonstrates to BlueLabs that their personal information is inaccurate or incomplete, BlueLabs will correct the personal information as required.

IX. SECURING PERSONAL INFORMATION
See the “Data Security” section above in our overall Privacy Policy for data security policies that apply also to personal information collected from residents of British Columbia.

From time to time, personal information may be disclosed outside of Canada, where it may be subject to the lawful access requirements of the jurisdiction.

X. PROVIDING ACCESS TO PERSONAL INFORMATION
Individuals have a right to access the personal information that is held by BlueLabs. This right is subject to exceptions which are set out in PIPA.

In order to obtain access to personal information, a person must make a written request that provides sufficient detail to allow BlueLabs to identify the personal information being sought.

Individuals may be required to provide sufficient personal information to identify themselves in order to enable BlueLabs to verify their identity before providing their personal information. They may also be asked more specific questions about the type and amount of personal information that they are seeking.

BlueLabs will make the information available within 30 working days. If BlueLabs is seeking an extension in order to respond to a request, BlueLabs will provide written notice of the extension.

In responding to a person’s access request, BlueLabs will provide them their personal information that is under its control, information about the ways in which the personal information has been and is being used by BlueLabs, and the names of the individuals and organizations to whom the personal information has been disclosed by BlueLabs.

If BlueLabs refuses in whole or in part to provide a person access to their personal information, we will notify them in writing. The notification will include providing them the reasons for the refusal, in particular, the exceptions in PIPA upon which we are relying, and will advise them of any recourse which is available to them as a result of BlueLabs’ refusal.