BLUEFOX.IO PRIVACY POLICY
Last Updated: May 3, 2018


This Privacy Policy explains how information about you is collected by BlueFox IO, Inc. (“BlueFox.IO,” “we,” or “us”) in connection with our Services, and how we use and share this information. “Services” refers to (1) our BlueFox.IO sensor device (the “Sensor”), which our enterprise customers can use to help gauge aggregate visitor trends at physical locations, and (2) our websites (including www.bluefox.io), mobile apps and online services (“General Services”).

ƒWe may change this Privacy Policy from time to time. If we make changes, we will provide notice by revising the date at the top of this policy and posting to our websites and apps, and in some cases, we may provide additional notice (such as via our websites or mobile app or by sending an email notification to account holders).

BlueFox.IO and the EU-U.S. Privacy Shield / the Swiss-U.S. Privacy Shield

This Privacy Policy sets forth the privacy principles that BlueFox.IO follows with respect to personal information transferred from (1) the European Economic Area (EEA) (which includes the twenty-eight member states of the European Union (EU) plus Iceland, Liechtenstein, and Norway) to the United States and (2) Switzerland to the United States.

BlueFox.IO complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA/Switzerland (as applicable) to the United States. BlueFox.IO has committed to comply with all applicable Privacy Shield Principles in respect of such personal data and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.

If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. Privacy Shield program and the Swiss-U.S. Privacy Shield program, and to view our certification, please visit their website.

The U.S. Federal Trade Commission (FTC) has jurisdiction over BlueFox.IO’s compliance with the Privacy Shield framework, and BlueFox.IO is subject to the investigatory and enforcement powers of the FTC.

Our accountability for personal information that we receive under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Principles unless we prove that we are not responsible for the event giving rise to the damage.

The Sensor

This section of our Privacy Policy applies to the information we collect from the Sensor and how we use and share this information. In addition to this section of the policy, please also review the “Common Information Practices” section below, which applies to information we collect in connection with all Services, including the Sensor.

Information We Collect from the Sensor

Whenever a WiFi-enabled device (such as a smartphone, computer or tablet) comes close enough to a Sensor for the Sensor to detect the device, the Sensor may automatically collect the following information about that device:

MAC Address. This is an identification number that is automatically assigned by the device manufacturer. To help protect the privacy of the device owner, the Sensor creates an encrypted value of the MAC address (often called a “hash”), and then adds further random data to that value (often called a “salt”). This process occurs on the Sensor itself, and our servers only collect the resulting encrypted value and not the underlying MAC address. Unless compelled to by law, we will not attempt to re-identify the actual MAC address from this encrypted value. In addition, we will not attempt to re-identify individuals from raw or encrypted MAC addresses.
Other Information. The Sensor also collects the time and date in which the Sensor detects the device as well as the relative distance of the device from the Sensor. The Sensor may also be able to collect the brand (such as Apple or Samsung) of the device. The Sensor transmits this information to our servers along with the encrypted value of the MAC address mentioned above.


How We Use This Information

We use the information we collect from the Sensor to provide, maintain and improve our Services for our customers that install Sensors in their facilities, and to develop new products and services. For more information about our Services, please see our FAQ at www.bluefox.io/support.

How We Disclose This Information

We disclose the information we collect from a Sensor in aggregate form to our customers. Our customers will be able to see the number of devices detected by the Sensor, and other aggregate statistics related to the time or signal strength detected, but will not see any information about any one particular device (such as the encrypted value of the MAC address that we collect from the Sensor). As customers will not see information about particular devices, it follows that they will not see any information about individuals, even in an anonymized format. In addition to this aggregate sharing, we may also share the information we collect from Sensors as described in the “Common Information Practices” section below.

General Services

This section of our policy applies to the information we collect from the BlueFox websites, apps and related online services we provide in connection with those websites and apps (collectively, the “General Services”) and also when you otherwise interact with us, such as for customer support. For information about choices available to you in connection with the information practices described below, please see the “Your Choices” section below.

Collection of Information

Information You Provide to Us

We collect information you provide to us when you register for an account, sign up to receive updates, fill out a form, or when you communicate with us. The types of information we may collect include your name, address, mobile phone number, email address, username and password you create for your account, WiFi network name and password (i.e., to connect the Sensor to your location’s WiFi network), location size and any other information you choose to provide. We also integrate our website with a third-party service provider that collects payment information, such as credit card information, in order to process payments you may make via our website.

Information We Collect Automatically from our General Services

When you use our General Services, we automatically collect information about you, including as follows:

  • Log Information: We collect standard server logs in connection with your use of our Services, including the type of browser you use, access times, pages viewed, IP address and the web page you visited before navigating to our websites.
  • Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
  • Information Collected by Tracking Technologies: We and our service providers may use various technologies to collect information in connection with your use of our Services, including the following:
    • Cookies, which are small files that are sent to your computer or mobile device when you visit a website. Cookies allow our websites to recognize your browser and track your usage each time you visit;
    • Local storage, which stores data locally in your browser, including user preferences; and
    • Pixel tags, which are small blocks of code often used in connection with cookies. Pixel tags may be placed on our websites and emails, and allow us to track website usage and determine when emails have been opened and acted upon.
       

Information From Other Sources

We may also collect information about you from other companies. For example, if you connect your BlueFox.IO account with a third-party service by logging into that service via our General Services, we may collect information about you and your use of that service in accordance with the authorization procedures determined by that service.

Use of Information

We may combine the information we collect under this section of the Policy and use this information to:

  • Provide, maintain, deliver and improve our General Services;
  • Send you technical notices and support and administrative messages;
  • Communicate with you about products, services, promotions, events and other news and information we think will be of interest to you;
  • Monitor and analyze trends, usage and activities in connection with our Services; and
  • Detect and prevent fraudulent transactions via our websites, and protect the rights and property of BlueFox.IO and others.
     

Disclosure of Information

We may disclose the information we collect under this section of the Policy as follows:

  • When you use interactive areas of our General Services, like our blog or other online forums, certain information you choose to share may be displayed publicly, such as your username, actions you take and any content you post; and
  • As described in the “Disclosure of Information” section below under “Common Information Practices.
     


Advertising and Analytics Services Provided by Others

We may allow others to provide analytics services and serve advertisements on our behalf across the Internet and in applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the General Services and other websites and apps, including your IP address, web browser, device identifiers, mobile network information, pages viewed, time spent on pages or in apps, and links clicked, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our General Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.

Social Sharing Features

Our General Services may offer social sharing features and other integrated tools (such as the Facebook “Like” button), which let you share actions you take on our General Services with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

Your Choices

Account Information

You may access and update your account profile information by logging into your BlueFox account via our General Services.

Promotional Communications

You may opt out of receiving promotional communications from us by following the instructions in those messages or notifications. Please note that if you opt out, we may still send you transactional or relationship messages, such as those about software updates or your account (including about billing).

Cookies and Local Storage

Most web browsers are set to accept cookies and local storage by default. If you prefer, you can usually choose to set your browser to remove browser cookies or clear local storage. Please note that if you choose to remove or reject these technologies, this could affect the availability and functionality of our Services.

 

Common Information Practices

This section describes common information practices that apply across all Services, including to information we collect from the Sensor, General Services or when you otherwise interact with us.

Disclosure of Information

We may disclose the information we collect as follows:

  • With vendors that perform services on our behalf;
  • In response to a request for information if we believe disclosure is in accordance with or required by, any applicable law, regulation or legal process;
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of BlueFox or others (including to prevent actual or potential fraud);
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
  • Between and among BlueFox.IO and its current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or
  • With your consent or at your direction. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
     


Transfer of Information to the U.S. and Other Countries

We are based in the United States and the information we collect is governed by U.S. law. By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries, where you may not have the same rights as you do under local law. Where this is the case, we will take appropriate measures to protect information about you in accordance with this Privacy Policy and, if applicable, in accordance with the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield.

 

EU and Swiss Individuals

Privacy Shield

In accordance with the Privacy Shield Principles, BlueFox.IO commits to resolve complaints about our collection or use of your personal information.  EU or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BlueFox.IO directly via its Privacy Officer at privacy@bluefox.io.

As further described in the Privacy Shield Principles, for any EU individuals with complaints that cannot be resolved with BlueFox.IO directly, BlueFox.IO commits to working with EU data protection authorities (DPAs) to reach a final resolution, as required by law. Please contact us to be directed to the appropriate DPA contacts.

For Swiss individuals, BlueFox.IO commits to cooperate with the Swiss Data Protection and Information Commissioner and to comply with the information and advice provided by the Commissioner in relation to unresolved complaints.

As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to EU and Swiss individuals in order to address residual complaints not resolved by any other means. For additional information on this topic, please visit this link

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) strengthens the EU citizen’s right to control the personal data that is collected about them. The end-consumer, often called « data subject », can exercise 8 rights concerning his/her his personal data.

1. The right of access which means the right to know whether data concerning him/her are being processed and if so, to access it (GDPR Article 15).
2. The data right to rectification. When personal data are inaccurate, then controllers need to correct them (GDPR Article 16).
3. The right to erasure (also called « right to be forgotten ») which means that under certain circumstances, the data subject can request that it’s data is deleted. (GDPR Article 17).
4. The right to the restriction of processing. Simply said, the right of the data subject to limit the processing of his/her personal data (GDPR Article 18).
5. The right to be informed. Data subjects have the right to clear and correct information. Furthermore, GDPR Article 19 states that if personal data that have undergone an action as a consequence of one of the other, just mentioned data subject rights, the controller must inform recipients who got these data, where feasible. And then the data subject also has a right to know where his/her data has been accessible.
6. The right to data portability. If the data has been collected in automated means and with the consent of the data subject or in the circumstances of a contract that has been concluded between the data subject and the data controller, the data subject can ask that his/her data shall be transferred to another data controller (GDPR Article 20).
7. The right to object. This right means that data subjects can say they don’t want the personal data processing to be done or going on (GDPR Article 21).
8. The data subject’s right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (GDPR Article 22).
Customer data protection has always been a top priority for all of us here at BlueFox.IO. If you want to exercise one of these rights, please send us a message (we will also need a proof of identity) to privacy@bluefox.io and we will come back to you within a month.

Contact Us

If you have any questions about this Privacy Policy, in general, or about BlueFox.IO’s use of information, please contact us at privacy@bluefox.io.