Blue Research upholds the highest standards possible of both ethical and professional conduct in the use of research technologies, data collection, analysis and reporting.
Code of Ethics
Over and above normal standards of research, our professional activities shall be conducted with particular respect for the individual’s right to privacy, both in terms of confidentiality of information collected during the marketing research process and prohibiting the use of individual data for unsolicited and unwanted contact.
Blue Research respects and is committed to protecting individuals privacy. It collects, processes and uses personal information (if any is provided) for the exclusive purpose of market research. It pledges to take reasonable steps to ensure that your Personal Information will only be used in ways that are in compliance with this Privacy Notice.
This Privacy Notice is in effect for any web page, mobile application, third party social media site, email list, onsite electronic data collection, generic information, and Personal Information collected and/or owned by Blue Research, no matter the method of collection (e.g., mail, facsimile, sign-up/sign-in page, survey, contest, promotion), including collection through this website and any online features, services, and/or programs offered (collectively, the “Data Collection Assets”). This Privacy Notice is not applicable to any other web page, mobile application, social media site, generic information, or Personal Information collected and/or owned by any entity other than Blue Research.
This Privacy Notice also applies to information collected by or for Blue Research through a means other than the Data Collection Assets. If the same information is collected through the Data Collection Assets and through a means other than the Data Collection Assets, the terms of this Privacy Notice shall apply.
Types of Information Collected
Blue Research may collect two types of information: personal information and usage information.
Personal Information: In order to participate in certain features, services and/or programs of the Data Collection Assets, you may be required to provide certain specific information, which we may collect including, among other similar types of information (collectively, “Personal Information”): (1) contact information (e.g., name, address, phone number, email address); (2) demographic information (e.g., date of birth, gender, marital status); (3) purchase information regarding products and services); and (4) your physical location.
Usage Information: We may obtain non-individualized, generic information about you when you participate in Data Collection Assets. This may include your (i) Internet Protocol (or IP) address, protocol and sequence information; browser language; browser type; domain name system requests; browsing history (including time spent at a domain, time and date of your visit); number of clicks; hypertext transfer protocol headers; application client and server banners; and operating system fingerprinting data (collectively, “Browsing Information”); and (ii) MAC address, device ID/UDID, or similar device-specific code used for advertising/marketing tracking purposes.
How Information Is Collected
Blue Research may collect Personal Information and Browsing Information about you from the following sources:
- information it receives from you, or on your behalf, through forms you complete, or if you contact Blue Research, for example to raise a query;
- information it receives from you through the Data Collection Assets, such as when participating in a survey or filling out the “Contact Us” form;
- information received from your computer or mobile device;
- information received from its clients, partners or service providers; and
- information received from other sources, as permitted by applicable laws, rules and regulations.
Your participation in any Data Collection Assets is entirely voluntary. You may be asked to provide Personal Information or to answer questions in order to participate. We may also transfer Personal Information to certain clients, advertising or marketing partners from whom you have requested to receive information.
Additional Ways that Information is Collected through the Data Collection Assets
Browser Log Files: Blue Research and its supplier servers can automatically log each visitor to the Data Collection Assets and collect and record certain Browsing Information about each visitor. The Browsing Information reveals nothing personal about the user and includes only the generic information described in the definition of “Browsing Information.” Blue Research does not collect and evaluate this information at the individual level.
Web Beacons: Some of its web pages and electronic communications may contain images, which may or may not be visible to you, known as Web Beacons. Web Beacons collect only limited information that includes a cookie number; time and date of a page view; and a description of the page on which the Web Beacon resides. These Web Beacons do not carry any Personal Information and are only used to track usage of and activities associated with the Data Collection Assets. See the “Third Party Opt Out” section below.
Unique Identifier: Blue Research or its clients and suppliers may assign you a unique internal identifier to help keep track of your future visits. This information can gather aggregate demographic information about visitors and use it to personalize the information you see on the Data Collection Assets. Blue Research keeps this information for its internal use, and this information is not shared with others.
Third Party Opt Out: Although Blue Research does not presently do so, in the future it may allow third-party companies to serve advertisements and/or collect certain anonymous information when you visit the Data Collection Assets. These companies may use non-personally identifiable information (including, but not limited to, click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to the Data Collection Assets in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or third party web beacon to collect this information, as further described above. Through these technologies, the third party may have access to and use such non-personalized information about your online usage activity.
You can opt out of certain online behavioral services through any one of the ways described below (you do not need to go to each opt-out site, one is sufficient). After you opt out, you will continue to receive advertisements, but those advertisements will no longer be as relevant to you.
- You can opt out via the Network Advertising Initiative industry opt-out at www.networkadvertising.org.
- You can opt out via the Consumer Choice Page at www.aboutads.info.
- You can opt out via the IAB UK’s industry opt-out at www.youronlinechoices.com.
Note: If you opt out as described above, you should not delete your cookies. If you delete your cookies, you will need to opt out again.
Use of Personal Information
The Personal Information that Blue Research collects may be used for five main purposes:
- to enable the features of the Data Collection Assets, including, but not limited to: (a) operating any competitions or promotions in which you may participate; (b) providing services to you; (c) conducting online surveys; and (d) delivering rewards, coupons and offers to you;
- to improve the Data Collection Assets by determining which products, features and services, if any, are most popular. Blue Research may analyze your information and usage information to enable it and its affiliates to provide services to you and develop new features, functionality, and services and otherwise for our internal business purposes;
- to personalize your experience on the Data Collection Assets;
- to communicate with you and to inform you about its and third parties’ products and services. It and/or any of our third party service providers may send you and keep you updated with information about existing and new services, products, and special offers, by email, telephone, mail or by means of any other contact details you provide to it or its affiliates, or to such third party service providers. Blue Research may use your Personal Information in a way that does not identify you in connection with our advertising and promoting our services and products.
When Information Is Disclosed
In addition to the other times or occasions on which Blue Research might disclose Personal Information about you, it might also disclose Personal Information and/or Browsing Information when required by law or in the good-faith belief that such disclosure is necessary to: (1) comply with legal processes and applicable law; (2) enforce this Privacy Notice; (3) take precautions against liability and to respond to any claim that any material, document, image, graphic, logo, design, audio, video, and any other information provided to, from or on the Data Collection Assets by you violates the rights of third parties; (4) assist government enforcement agencies; or (5) protect our rights, property, or safety or the rights, property, or personal safety of its visitors and the public.
Blue Research uses reasonable precautions to keep the information that is disclosed to it secure. It may provide Personal Information and Browsing Information to its subsidiaries, affiliated companies, and other businesses or persons for the purposes of processing such information on its behalf and promoting the goods and services of its trusted business partners, some or all of which may store some or all of your information on servers outside of the United States. Blue Research requires that these parties agree to process such information in compliance with our Privacy Notice or in a similar, industry-standard manner, and it uses reasonable efforts to limit their use of such information and to use other appropriate confidentiality and security measures. The use of your information by one of its trusted business partners may be subject to that party’s own privacy notice.
Blue Research may share Browsing Information with third parties to demonstrate the usage patterns for advertisements, content, functionality, promotions, and/or services on the Data Collection Assets and/or on third party websites.
Blue Research reserve the right to transfer your Personal Information, as well as any information about or from you, in connection with the merger, sale or other disposition of all or part of our business and/or assets. It cannot make any representations regarding the use or transfer of your Personal Information or other information that we may have in the event of our bankruptcy, reorganization, insolvency, receivership, or an assignment for the benefit of creditors, and you expressly agree and consent to the use and/or transfer of your Personal Information or other information in connection with a sale or transfer of some or all of our assets in any of the above described proceedings. Furthermore, Blue Research cannot and will not be responsible for any breach of security by any third parties or for any actions of any third parties that receive any of the information that is disclosed to it.
Passwords and Security
For certain features available through the Data Collection Assets, Blue Research may require the use of encryption technologies provided for your protection and/or account. It uses reasonable precautions to protect the privacy of your username, password, and account information.
You, however, are ultimately responsible for protecting your username, password, and account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You agree to: (a) immediately notify Blue Research of any unauthorized use of your username or password, and/or any other breach of security; and (b) ensure that you log out from your account at the end of each session. While it may provide certain encryption technologies and use other reasonable precautions to protect your confidential information and provide suitable security, Blue Research does not and cannot guarantee or warrant that any information transmitted through the Internet is secure, or that such transmissions are free from delay, interruption, interception, or error.
Employment Opportunity Information Collection
For individuals interested in job opportunities, the Data Collection Assets currently or may in the future allow prospective employees to request additional job opportunity information. The Data Collection Assets may be used to collect Personal Information from prospective employees for human resources recruitment purposes. By submitting any of the foregoing information, you consent to its dissemination to, and use by, Blue Research and our affiliates. The foregoing also applies to job application inquiries that you may transmit to it other than through the Data Collection Assets.
Information from Children
Blue Research does not collect Personal Information from any person that it knows to be under the age of thirteen (13). Specifically, the Data Collection Assets are not intended or designed to attract children under the age of thirteen (13). You affirm that you are more than eighteen (18) years of age, or an emancipated minor, or possess legal parental or guardian consent, and are fully able and competent to enter into the terms, conditions, obligations, affirmations, representations, and warranties set forth in this Privacy Notice, and to abide by and comply with this Privacy Notice.
For the avoidance of confusion, Blue Research may collect Personal Information about children in connection with administering and operating its services, including, but not limited to, information collected as part of a survey administered using its services, and nothing herein shall limit or otherwise restrict its ability or practices with respect to such collection about children.
Privacy Outside the Data Collection Assets
The Data Collection Assets may contain links to other websites, including, but not limited to, Facebook, Pinterest, Twitter and Instagram, and contain advertisements of third parties. Blue Research is not and cannot be responsible for the privacy practices or the content of any of those websites. Please check with those websites in order to determine their privacy policies and your rights under them.
Other than under agreements with certain reputable organizations and companies, and except for third party service providers (as described in this Privacy Notice), Blue Research does not share any of the Personal Information that you provide to it with any of the websites to which the Data Collection Assets link, although it may share aggregate, non-personally identifiable information with those other third parties. Please check with those websites in order to determine their privacy policies and your rights under them.
European Union Users
If you are visiting Blue Research from the European Union, please note that Blue Research may collect, transfer, and continue to use your Personal Information outside the European Union for any of the purposes described in this Privacy Notice. By using the Data Collection Assets and providing it with your Personal Information, you consent to Blue Research’s collection, transfer, and continued use of your Personal Information in accordance with this Privacy Notice.
Blue Research takes reasonable efforts to ensure that information collected through the Data Collection Assets is not lost, misused or altered inappropriately by administering security measures. However, all information accessible and/or transferred over the Internet can potentially be accessed by unauthorized parties; therefore, it cannot guarantee the security of your data transmitted to the Data Collection Assets.
Choices with Your Personal Information
Whether you submit any Personal Information to Blue Research is entirely up to you. You are under no obligation to provide Personal Information.
You may choose to prevent it from disclosing or using your Personal Information under certain circumstances (“opt out”). You may opt out of any disclosure or use of your Personal Information for purposes that are incompatible with the purpose(s) for which it was originally collected or for which you subsequently gave authorization by notifying Blue Research by one of the methods at the end of this Privacy Notice, or by following the procedures set forth in an electronic communication from Blue Research, if applicable. There are some uses from which you cannot opt out, such as to provide products or services that you have requested from Blue Research.
Please note that opting out of the disclosure and use of your Personal Information as a prospective employee may prevent you from being hired as an employee to the extent you are using the Data Collection Assets to apply for an open position.
Access and Correction
Please contact Blue Research in the manner specified at the end of this Privacy Notice to access your Personal Information in its possession and correct inaccuracies of that information in its records. Blue Research asks individuals to identify themselves and the information requested to be accessed and amended before processing such requests, and it may decline to process requests in limited circumstances, as permitted by applicable privacy legislation.
Your California Privacy Rights
Under California’s “Shine the Light” law, California residents who provide certain personally identifiable information in connection with obtaining products or services for personal, family, or household use are entitled to request and obtain from Blue Research (once a calendar year) information about the customer information it shared (if any) with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which it shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities, if any).
To obtain this information, please send an email message to firstname.lastname@example.org with “Request for California Privacy Information” in the subject line and in the body of your message. Blue Research will provide the requested information to you at your email address in response.
Please be aware that not all information sharing is covered by the “Shine the Light” requirements, and only information on covered sharing will be included in its response.
Do Not Track Requests
Additionally, because Blue Research may collect your Personal Information from time to time, California’s Online Privacy Protection Act requires it to disclose how we respond to “do not track” requests and other similar mechanisms. Currently, its policy is that it does not recognize “do not track” requests from Internet browsers and similar devices.
EU General Data Protection Regulation (GDPR)
Blue Inc. (DBA Blue Research®) makes every effort possible to comply with the EU General Data Protection Regulation (GDPR). Blue Research strongly supports this initiative as outlined below.
GDPR expects organizations to stay in control of their data to ensure that it is accessed and processed by authorized users only when appropriate. The control requirements are covered in Articles 5, 25, and 32.
According to GDPR organizations must:
- Only process data for authorized purposes
- Ensure data accuracy and integrity
- Minimize subjects’ identity exposure
- Implement data security measures
GDPR puts security at the service of privacy. Security obligations are covered in Articles 6, 25, 28, and 32. To preserve subjects’ privacy, organizations must implement:
- Data protection by design and by default
- Security as a contractual requirement with their partners and service providers
- Encryption or pseudonymization
- Security measures that respond to their risk assessment
- Safeguards if they are to keep data for additional processing
Even after data is collected, individuals still have a claim to, and a certain amount of control over, that data. ‘Right to Erasure’ is covered in Articles 17 and 28. GDPR requires organizations to completely erase data from all repositories when:
- A data subject revokes their consent (‘Right to be forgotten’)
- A partner organization requests data deletion
- A service or agreement comes to an end
When an individual revokes consent to their data, an organization recalls data they’ve shared, or at the end of a service’s term, organizations will need to completely erase the concerned data. This is a difficult requirement because simply deleting data doesn’t fully remove it from disk. To fully comply, organizations can encrypt data and then delete the key. This data deletion method renders data completely and permanently unreadable.
Risk Mitigation & Due Diligence
Organizations must assess risks to privacy and security, and demonstrate they’re taking appropriate steps to keep privacy safe in light of their findings. These obligations are outlined in Articles 2, 24 and 28. To mitigate risks and perform due diligence, organizations must:
- Conduct a full risk assessment
- Implement measures to ensure and demonstrate compliance
- Proactively help partners and customers comply
- Demonstrate full data control
When an organization contracts with a partner or third-party service, they do not relinquish their responsibility to the data’s security. In fact, organizations will be contractually obligated to help each other with security and mitigate risks. Because encryption attaches security directly to the data, it assures the data’s safety and keeps the principal organization in control even after it’s out of the organization’s sights.
When a security breach threatens the rights and privacy of a data subject, organizations need to notify customers and their supervisory authority. Breach notification obligations are outlined in Articles 33 and 34. Under GDPR, organizations are obligated to:
- Notify their supervisory authority within 72 hours
- Describe the data breach’s consequences
- Communicate the breach directly to data subjects
If a breach exposes unprotected data, organizations will need notify the supervisory authority for their region and the affected customers. However, if data is encrypted and key management best practices followed, organizations can avoid these notification obligations. Notification is only a requirement when the rights and freedoms of the data subject are at risk.
Your Consent To This Privacy Notice
By using the Data Collection Assets, you consent to the collection and use of your information (including Personal Information) by Blue Research as specified above or as it otherwise sees fit, in compliance with this Privacy Notice, unless you inform it otherwise by means of the procedure identified below. If Blue Research decides to change this Privacy Notice or some part of it, it will make an effort to post those changes on this web page so that you will always be able to understand what information it collects, how it uses that information and under what circumstances it may disclose that information to others. Your use of the Data Collection Assets following such publication of any amendment of this Privacy Notice will signify your assent to and acceptance of its revised terms for all previously collected information and information collected from you in the future. Blue Research may use comments, information or feedback that you may submit in any manner that it may choose without notice or compensation to you.
If you have additional questions or comments of any kind, or if you see anything on the Data Collection Assets that you think is inappropriate or incorrect, please let Blue Research know by email or by sending your comments or requests to:
2400 5th Avenue, Suite 435
San Diego, CA 92101
Attn: Data Collection Assets
Copyright © 2019 Blue Inc. All Rights Reserved.
Effective as of: December 1, 2018