Introduction
BumOne, a service of Hashtag Dialing Codes, LLC, places great importance on security of your personal data and only partners with vendors that adhere to the strictest security and data protection standards. BumOne has implemented technical and organizational security measures to guarantee the security of your personal data. Information is stored on secure networks and access is restricted to those employees and partners who are entitled to access our systems.
This policy (the “Data Protection and Privacy Policy”) explains which personal data concerning you, we collect when you visit our website (the “Website”) or app (the “App”) when and why we collect the personal data, how we use them, the conditions of our disclosure to third parties, as well has how we secure the stored personal data.
Please read the Data Protection and Privacy Policy thoroughly in order to understand how we process your personal data.
The Data Controller:
BumOne
45 Cobblestone Drive
Hudson, New Hampshire 03051 USA
If you have any questions or concerns about BumOne’s personal data practices or your privacy rights, you may contact us at gdpr@BumOne.org.
In accordance with the European Union (EU) General Data Protection Regulation (“GDPR”), BumOne has appointed a representative within the EU for all contact with European Authorities:
Business for Social Responsibility NORDIC ApS
Vester Voldgade 6 - 8, 2nd to the right
DK-1552 Copenhagen V
Denmark
I. Executive Summary
As a global organization, BumOne complies with data protection legislation and guidelines in all countries where it has locations. BumOne usually works only with IT vendors who participate in and have certified compliance with the EU–U.S. Privacy Shield Framework and are committed to subjecting all personal data received from EU member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles, or have taken other measures to comply with GDPR as mentioned below, under chapter VII. To learn more about the Privacy Shield Framework, you may visit the U.S. Department of Commerce’s Privacy Shield List.
BumOne also complies with the EU ePrivacy Directive, including the requirement for website operators to obtain users’ consent prior to creating Cookies. See BumOne’s Cookie Policy for more details.
II. How We Collect and Use Your Personal Data
BumOne collects personally identifiable information in the following ways:
Member and Client Data
When a company joins as a member of BumOne or subscribes to our BumOne Mailing list, we collect business contact data in the form of the following data from you:
-
First and last name
-
Job title
-
Company
-
Work email address
-
Phone number
-
Area of interest (e.g. sustainability, climate etc.)
-
Town/city/state
-
Country
All personal data collected will only be used to process your membership application and to send you product information and occasional special offers or announcements from selected BumOne partners, if you have subscribed to the BumOne Mailing List. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of BumOne services.
We rely on fulfillment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of member and client data.
Website Visitors’ and App Users’ Data
In general, website visitors do not need to provide personalized information to BumOne. We do collect "aggregate data," that is, group data with no personal identifiers. We use this aggregate data to help us understand how the site is being used and to improve its usability. We also use it to enhance the quality and availability of products and services we offer.
We also, with explicit permission, use aggregate data from online surveys you choose to fill out for research and publication purposes.
If personal data is provided, and retained, it is only name, email, and phone number, which allow BumOne to contact the visitor at his or her organization. BumOne solely holds the information and engages in no contact-sharing program with other organizations.
Many websites create Cookies (small text files) when a user visits a website, and these Cookies are used to analyze aggregate user behavior on a website. In compliance with the EU ePrivacy Directive,
BumOne websites ask permission of the visitor prior to setting Cookies. Should the visitor agree,
BumOne’s server will only collect the following information:
-
The visitor’s IP address (including the domain name associated with the IP address, i.e. using reverse look-up).
-
The date and time of the visit to the website.
-
The pages visited on the website.
-
The browser being used.
In addition, where this is available, BumOne will also collect:
-
The country from which the visitor is accessing the website (only the ending is saved, e.g., since this indicates the relevant country).
-
The language of the browser being used.
-
The website from which the visitor is accessing the BumOne website.
-
The search word used (if the site is accessed via a search engine).
-
The type of connection and operating system.
We only use this data to improve the visitor’s website experience. Please review our Cookie Policy to learn more about how we use Cookies.
When it comes to Cookies, we rely on consent given as the lawful basis under GDPR Article 6(1)(a).
Inquiries
When you send an inquiry to us through our contact form, we use the personal data that you have stated in the contact form to answer you. Any personal data received from you will not be used for any other purpose without your prior consent and knowledge and will not be disclosed.
We rely on a legitimate interest as the lawful basis under GDPR Article 6(1)(f) for the processing of data in connection to inquiries.
Surveys
In order to ensure that the services we offer meet your requirements, we may ask for your feedback in form of surveys and polls. Any feedback received from you will only be used for the purpose of improving our services and will not be disclosed.
We rely on your consent as the lawful basis under GDPR Article 6(1)(a) for the processing of data in connection with surveys.
eCommerce
BumOne’s use of ecommerce is limited to registration for a limited number of events each year. Individuals within companies provide their corporate information to register for an event. We use the data collected in order to process billing and orders for products/services you choose to purchase on our website.
We rely on fulfillment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of eCommerce Data.
III. Personal Data Collected From Third Parties
In some cases, we collect your personal data from third parties:
We receive a limited amount of data via lead generation programs. Contacts can change email preferences at any time and opt-out by following the links included in BumOne emails for this purpose.
IV. Payment Information
When you purchase services from us, we request you to state your payment card details (name on card, billing address [street address/city/state/country], card type [e.g. Visa], card number, expiration date, security code). We are using a secure third party to manage transactions and ecommerce payment processing.
Your payment information will be stored as long as the third party is entitled or obliged to store it pursuant to legislation.
V. Duration of Storage
We will store your personal data until these are no longer necessary for us to process. In certain situations, it may be difficult to envisage an exact period, but the below paragraphs list our periods for the processing of your personal data.
Member and Client Data
-
We store member company data and contact information of member companies for the duration of the membership with us and for a period of time thereafter to allow members to recover accounts if they decide to renew, to analyze the data for our own operations, and for historical and archiving purposes associated with our history as a membership organization. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data protection officer at gdpr@BumOne.org.
-
Client data, i.e. data collected due to your subscription to our mailing list, will be erased as soon as possible after your deregistration to the mailing list.
Inquiries
-
Stored until six months after completion of processing of your inquiry.
Surveys
-
Stored up to five years after receipt. To the extent possible, we will store your feedback in an anonymous form, and we have a long duration of storage in order to measure our own performance over time.
In general, if we have reason to store your personal data as part of the protection of our legitimate interests, including, for example, legal disputes, we reserve our right to store your personal data for an extended period and minimum until the legal dispute has been determined.
VI. Transfer of Your Personal Data
We do not rent or sell personally identifiable information with other individuals or organizations.
However, we may transfer your personal data to third parties when it is necessary in order to provide you with our service. Third parties shall mean:
-
Undertakings in the BumOne Group
-
Business partners
-
Security-cleared data processors/subcontractors, who are assisting us or the group with IT or other services
When we transfer your personal data to business partners, you should be aware that they might have stored personal data concerning you collected by other means, e.g. if you have been in contact with them in another context.
We also transfer your personal data to the above or other third parties if we are obliged to do so according to legislation or in order to protect our or the group’s interests in legal disputes.
VII. For EU Citizens
File Storage and Security
BumOne partners with a security-cleared data processor to store files and data on secure servers. This data processor has self-certified under the EU-U.S. Privacy Shield Framework and thereby guarantees an appropriate standard of data protection and operates to an appropriate standard of data security.
All data is accessed via secure connections in the United States.
In spite of our efforts to establish a secure environment for the website, you should be aware that no information is completely secure on the internet. Therefore, you should always take the necessary safeguards on your own equipment.
Your Rights
You have the right of access to the personal data we are processing concerning you, as well as to have your personal data updated, rectified, or erased, or to obtain a copy of your personal data. All requests shall be made in writing to gdpr@BumOne.org.
Transfer of Personal Data to Third Countries
BumOne partners with various IT vendors and from time to time. This will result in a transfer of personal data to a third country or international organization.
In order to ensure a sufficient level of security for such transfer in accordance with the GDPR,
BumOne has chosen to work only with vendors that:
-
have certified compliance with the EU-U.S. Privacy Shield Framework, or
-
have entered into Standard Contractual Clauses with BumOne.
A copy of the Standard Contractual Clauses can be obtained by contacting gdpr@BumOne.org.
Complaints
If you want to lodge a complaint over our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the national Data Protection Authority.
VIII. Changes
We recognize that data protection and privacy is an ongoing responsibility, so we reserve our right to make changes to this Data Protection and Privacy Policy from time to time as we undertake new personal data practices or adopt new privacy policies, etc. If such changes are substantial, we will notify you via email, provided that we have your email address.