Last Updated: September 15, 2020
The BlueFox Sensor
The BlueFox Sensor
Information We Collect from the Sensor
Whenever a WiFi-enabled device (such as a smartphone, computer or tablet) comes close enough to a Sensor for the Sensor to detect the device, the Sensor may automatically collect the following information about that device:
MAC Address. This is an identification number that is automatically assigned by the device manufacturer. To help protect the privacy of the device owner, the Sensor creates an encrypted value of the MAC address (often called a “hash”), and then adds further random data to that value (often called a “salt”). This process occurs on the Sensor itself, and our servers only collect the resulting encrypted value and not the underlying MAC address. Unless compelled to by law, we will not attempt to re-identify the actual MAC address from this encrypted value. In addition, we will not attempt to re-identify individuals from raw or encrypted MAC addresses.
In addition, we make use of a well-studied probabilistic data structure to represent ensembles of salted and hashed MAC addresses without having to record them individually. The resulting value derived from the obfuscation process creates a value that has enough data to recognize the value as unique but not enough data to reconstruct the MAC address. A filter is incremented to indicate whether the device has been recognized prior or is new.
Because those filters are groups that cannot be converted back into salted and hashed MAC addresses, they provide an additional layer of anonymization with respect to smartphone devices. These probabilistic data representations enable BlueZoo to provide its customers with an estimate of repeat visitors without identifying specific individual visitors.
All of what has been exposed thus far applies to regular BlueFox Workflows. In some specific cases, either due to applicable regulations or client's requirements, an Alternative Workflow (AW) can be set up and used. In this AW, no unique identifier of a smartphone is sent to the BlueFox Cloud. In particular, the salted and hashed MAC address of the detected smartphones are not sent to the BlueFox Cloud.
Other Information. The Sensor also collects the time and date in which the Sensor detects the device as well as the relative distance of the device from the Sensor. The Sensor may also be able to collect the brand (such as Apple or Samsung) of the device. The Sensor transmits this information to our servers along with the encrypted value of the MAC address mentioned above.
How We Use This Information
We use the information we collect from the Sensor to provide, maintain and improve our Services for our customers that install Sensors in their facilities, and to develop new products and services. For more information about our Services, please see our FAQ at www.bluefox.io/support.
How We Disclose This Information
We disclose the information we collect from a Sensor in aggregate form to our customers. Our customers will be able to see the number of devices detected by the Sensor, and other aggregate statistics related to the time or signal strength detected, but will not see any information about any one particular device (such as the encrypted value of the MAC address that we collect from the Sensor). As customers will not see information about particular devices, it follows that they will not see any information about individuals, even in an anonymized format. In addition to this aggregate sharing, we may also share the information we collect from Sensors as described in the “Common Information Practices” section below.
This section of our policy applies to the information we collect from the BlueFox websites, apps and related online services we provide in connection with those websites and apps (collectively, the “General Services”) and also when you otherwise interact with us, such as for customer support. For information about choices available to you in connection with the information practices described below, please see the “Your Choices” section below.
Collection of Information
Information You Provide to Us
We collect information you provide to us when you register for an account, sign up to receive updates, fill out a form, or when you communicate with us. The types of information we may collect include your name, address, mobile phone number, email address, username and password you create for your account, WiFi network name and password (i.e., to connect the Sensor to your location’s WiFi network), location size and any other information you choose to provide. We also work with a third-party service provider that collects payment information, such as credit card information, in order to process payments you may make in connection with our Services.
Information We Collect Automatically from our General Services
When you use our General Services, we automatically collect information about you, including as follows:
Information From Other Sources
We may also collect information about you from other companies. For example, if you connect your BlueFox account with a third-party service by logging into that service via our General Services, we may collect information about you and your use of that service in accordance with the authorization procedures determined by that service.
Use of Information
We may combine the information we collect under this section of the Policy and use this information to:
Disclosure of Information
We may disclose the information we collect under this section of the Policy as follows:
Advertising and Analytics Services Provided by Others
Our General Services may offer social sharing features and other integrated tools (such as the Facebook “Like” button), which let you share actions you take on our General Services with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
You may access and update your account profile information by logging into your BlueFox account via our General Services.
You may opt-out of receiving promotional communications from us by following the instructions in those messages or notifications. Please note that if you opt-out, we may still send you transactional or relationship messages, such as those about software updates or your account (including about billing).
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.
What types of cookies do we use?
How to manage cookies
You can find help on how to control or remove cookies on this third party information page. This page helps you manage cookies on the most common browsers such as Chrome, Firefox, Safari, Opera, and Internet Explorer browsers. However, in a few cases, some of our website features may not function as a result.
Common Information Practices
This section describes common information practices that apply across all Services, including to information we collect from the Sensor, General Services or when you otherwise interact with us.
Disclosure of Information
We may disclose the information we collect as follows:
Transfer of Information to the U.S. and Other Countries
We are headquartered in the United States and the information we collect is governed by U.S. law. By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries, where you may not have the same rights as you do under local law. Where this is the case, we will take appropriate measures to protect your personal identifiable information.
BlueZoo has put in place appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA and Switzerland. BlueZoo’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers.
BlueZoo respects the privacy of everyone that engages with our products and services, and we are committed to being transparent about our privacy processes and policies. If you have questions concerning the transfer of information, please contact firstname.lastname@example.org.
EU and Swiss Individuals
Citizen rights under the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) strengthens the EU citizen’s right to control the personal data that is collected about them. The end-consumer, often called « data subject », can exercise 8 rights concerning his/her personal data.
1. The right of access which means the right to know whether data concerning him/her are being processed and if so, to access it (GDPR Article 15).
2. The data right to rectification. When personal data are inaccurate, then controllers need to correct them (GDPR Article 16).
3. The right to erasure (also called « right to be forgotten ») which means that under certain circumstances, the data subject can request that it’s data is deleted. (GDPR Article 17).
4. The right to the restriction of processing. Simply said, the right of the data subject to limit the processing of his/her personal data (GDPR Article 18).
5. The right to be informed. Data subjects have the right to clear and correct information. Furthermore, GDPR Article 19 states that if personal data that have undergone an action as a consequence of one of the other, just mentioned data subject rights, the controller must inform recipients who got these data, where feasible. And then the data subject also has a right to know where his/her data has been accessible.
6. The right to data portability. If the data has been collected in automated means and with the consent of the data subject or in the circumstances of a contract that has been concluded between the data subject and the data controller, the data subject can ask that his/her data shall be transferred to another data controller (GDPR Article 20).
7. The right to object. This right means that data subjects can say they don’t want the personal data processing to be done or going on (GDPR Article 21).
8. The data subject’s right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (GDPR Article 22).
Customer data protection has always been a top priority for all of us here at BlueZoo. If you want to exercise one of these rights, please send us a message (we will also need a proof of identity) to email@example.com and we will come back to you within a month.
Manage capacity and prevent overcrowding in any physical space with our Social Distancing solution.