BlueWhale Research, Inc. and its affiliates (collectively, “BlueWhale Research,” “us” or “we”) are committed to protecting and respecting your privacy. Please read the following carefully to understand our practices regarding the collection, use and disclosure of, any personal information or personal data (as such terms are understood under applicable law) we collect from you or you provide to us when you visit our websites listed below or when we communicate with you in connection with our business.
I. Information we collect and how we use it
1. Information you give us. We collect information that you provide to us during telemarketing telephone calls or when you otherwise communicate with us, including through use of our chatbot. This information may include your name, title at work, name and address of the company you work for and your work telephone number and email address. You are not obligated to provide us with any personally identifiable information at any time.
2. Information we collect about you. Like most companies, we automatically collect the following information each time you visit any our Sites:
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Sites (including date and time), products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number; and
We may use standard Internet technology, such as web beacons (also called clear GIFs or pixel tags) and other similar technologies, to deliver or communicate with cookies and track your use of our Sites. We also may include web beacons in e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer and measure the overall effectiveness of our online content, advertising campaigns, and the products and services we offer through the Sites.
3. Information we receive from other sources (“Third Party Sources”). We work closely with third party personalization and intent data providers to help us to only call those persons we believe to be highly likely to be interested in the offers that we make using the telephone on behalf of our customers. To the extent permitted by applicable law, we may also receive or collect information about you from other sources, including public sources, and add it to the information you have provided to us. In most cases we will ask you to validate this information if its accuracy is important.
4. Additional information. If you contact us with a complaint or query, we may keep a record of that correspondence to ensure we provide good customer service. We may also ask you to complete surveys about our products and services that we use for research purposes, although you do not have to respond to them. You may also withdraw your consent to having your personal information used for such purposes.
Information that you provide to us over the telephone will only be delivered to the applicable customer and client’s customer (in fulfillment of our telemarketing services agreements) with your permission which you are free to withhold or withdraw at any time.
If you do not want your information to be disclosed to a telemarketing campaign sponsor, simply decline the request of our telemarketing agent to use your information for this purpose. We will identify the campaign sponsor during the telemarketing telephone call. We will also give you the information needed for this contact upon request.
During the past twelve (12) months, we have collected the following personal information:
Category of Personal Information
Type of Personal Information Collected
Your name, company name and address, title, business phone, business email address.
Directly from you during telemarketing telephone calls or otherwise when you communicate with us or the applicable campaign sponsor by registering on a landing page we notify you of via email
Third Party Sources.
Your name, email address, and any other information you provide.
Directly from you when you complete the contact form or use a chatbot made available on any of our Sites.
Your IP address.
Indirectly from you when you visit our Sites or open our emails.
Customer records information
Characteristics of protected classes or groups under California or federal law
Internet or other similar network activity information
Indirectly from you when you visit our Sites.
The date and time you opened our email.
Indirectly from you when you visit our Sites or open our email.
Your IP address.
Indirectly from you when you visit our Sites or open our emails.
Professional or employment-related information
Your title and employment position/role.
Directly from you during telemarketing telephone calls or when you otherwise communicate with us.
Third Party Sources.
II. Purpose of processing your personal information
The legal basis for us processing your personal information as described above will typically be one of the following:
because it is necessary to fulfill a contract that we have in place with you;
for our or our telemarketing campaign sponsor’s legitimate business interests or business purpose;
your consent; or
where the processing is necessary for compliance with our legal obligations.
We do not collective sensitive personal information for providing our services but if we do, we will only process such personal information where we have obtained your explicit consent for the purposes for which it is collected by us.
III. What We Provide to Third Parties
We may disclose your personal information to third parties: (a) in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets at all times in compliance with applicable laws, (b) if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our users will be one of the transferred assets at all times in compliance with applicable laws, or (c) if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
We may also disclose your personal information to third parties: (a) to enforce any part of the agreements between you and us or our customers or our client’s customers or to investigate potential breaches; or (b) to protect the rights, property or safety of us or our customers or our client’s customers, or others; or (c) with your permission, for the purpose you have permitted.
IV. Where Data is Stored
Your data will be stored in secure Cloud based data servers in encrypted form or temporarily in our secure call centers around the world. Personal data, once transferred to another jurisdiction, may therefore be available to government authorities under lawful orders and laws applicable there. To the extent EU data protection laws apply to the transfer of your personal data outside of the European Economic Area, you consent to us transferring your personal data outside the European Economic Area. We will ensure that there is a valid transfer mechanism in place in relation to such transfer. For the purposes of this paragraph, a valid transfer mechanism shall include any mechanism approved by the European Commission as ensuring adequate protection for personal data that is transferred outside the European Economic Area. We will use reasonable security measures to protect your personal information against unauthorized access. BlueWhale has implemented security measures that contain administrative, technical and physical controls that are designed to safeguard your personal information. For example, we use industry standard encryption technology to secure sensitive personal information when it is being collected and transmitted over the Internet as well as firewalls, site monitoring and intrusion detection software.
We may also use your contact details to provide you with information about our products and services which may be of interest to you. If you do not want us to use your information in this way, we will give you the opportunity to opt-out of receiving any such marketing communications at the point where you provide us with your contact details and in each subsequent marketing communication that we send to you. Please note that if you opt out from receiving marketing communications, we may still contact you about service-related issues, such as where we make any changes to this policy.
VI. Data Services and Email Deployment
We provide customer lists and other information to select third party companies who provide specialized services, such as email message deployment, email verification, email marketing, merge-purge (identifying and removing duplicate addresses) of lists, postal mailing, subscription fulfillment, customer service and telemarketing, research, statistical analysis, and other data processing. These companies work on our behalf and do not ever own, or take over ownership of, the lists or other data sent to them. We strive to protect personal information disclosed to these companies by contractual agreements requiring that they adhere to confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by BlueWhale itself.In order to comply with the Federal CAN-SPAM Act of 2003, we also may provide lists of customers who have opted-out of email promotion for BlueWhale Research products to other companies, so they can be suppressed from mailings those companies send on BlueWhale Research’s behalf. In addition, if you unsubscribe from a mailing we send to our own list on behalf of a third party, your removal instruction may also be supplied to the third party and added to their own suppression file.
In order to comply with CASL, the Canadian Anti-Spam Law of 2014, BlueWhale Research never uses email, text, or social media Commercial Electronic Messages with contacts in Canada. We will make telephone contacts in Canada and if specifically authorized by the Canadian contact complete the transaction with email based delivery.
VII. BlueWhale Research Publications, Events, Other Sites and Other Services
If you are a BlueWhale Research customer, you can also expect to receive relevant email and postal offers for other BlueWhale Research publications, events, Sites and services.
BlueWhale Research has implemented reasonable technical and organizational security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be entirely secure, and BlueWhale Research assumes no liability for any damage suffered by you caused by the interception, alteration, or misuse of information during transmission.
BlueWhale Research is for professionals and usage by children is not permitted without the express permission of your parent or guardian. The safety of children is very important to us. If we know one of our users is under the age of 16, we will only use their personal information to respond directly to notify their parents or guardian, or seek parental consent.
XI. Your Rights and Access to Information
EU, UK, and Swiss Residents
If you are a European Union, UK or Swiss resident, applicable data protection laws (which may include the EU’s General Data Protection Regulation or “GDPR”) may provide you with certain rights with regards to our processing of your personal information.
To the extent established under applicable law, if you are a Canadian, European Union, UK or Swiss resident you may have the right:
to access, review, and update your personal information;
to restrict our processing of your personal information;
to request that we provide you a copy of, or access to, your personal information in structured, commonly used and machine-readable format (or that we transfer your personal information to another controller, when technically feasible);
to withdraw your consent when our processing of your personal information is based on your consent (and not another legitimate basis);
to request that we delete all of your personal information (subject to certain limitations); and
to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. Before you do this, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
Note that we will only be able to directly process the above requests in situations where we are the “data controller” under the GDPR, which refers to the entity that controls the relevant personal information and its processing. This includes some situations where you provided the relevant information directly to us. However, in many cases we are instead the “data processor” or “sub-processor” under the GDPR, and are processing personal information on behalf of our customer or our client’s customer, who provided the information to us or on whose behalf we are collecting your personal information, and our customer or client’s customer acts as the “data controller” under the GDPR. In those situations where we are acting as the data processor or sub-processor, we will refer your request to the applicable data controller instead.
California Privacy Rights
California law (including the California Consumer Privacy Act or “CCPA”) entitles California residents to certain additional protections regarding personal information. For purposes of this section alone, “personal information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Please be aware, however, that under the CCPA personal information does not include:
Publicly available information from government records;
Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to a California resident;
Information excluded from the CCPA’s scope, such as:
Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994; or
Information relating to job applicants, employees, contractors and other personnel of BlueWhale Research or its affiliates.
If you are a California resident, you have the right to request:
information regarding your personal information we have collected in the past 12 months (including the categories of personal information we have collected, the categories of sources of such information, and the business or commercial purposes for collecting or, if applicable, selling such information);
notice of whether we have disclosed or sold your personal information to third parties in the past 12 months (and if so, what categories of information we have disclosed or sold, and what categories of third parties we have disclosed or sold it to);
a copy of your personal information collected by us in the past 12 months; and
that your personal information be deleted.
We will not discriminate against you if you choose to exercise any of these rights. To make any of the above requests, please contact us as set forth at the end of this Article. We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise the right to know and/or the right to deletion, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity. In certain instances, we may be permitted by law to decline some or all of your requests.
Note that we will only be able to directly process the above requests in situations where we are the “business” under the CCPA, which refers to the entity that determines the purpose and means of information processing. This includes some situations where you provided the relevant information directly to us. However, in many cases we are instead a “service provider” under the CCPA, and are processing personal information on behalf of our customer or our client’s customer, who provided the information to us or on whose behalf we are collecting your personal information, and our customer or our client’s customer acts as the “business” under the CCPA. In those situations where we are acting as a service provider, we will refer your request to the applicable business instead.
XII. Data Protection Representative in the European Union
We have appointed Privacy Representation Ltd. as the representative in the EU for data protection matters for BlueWhale Research Inc. While you may also contact BlueWhale Research Inc, if you are located in the European Economic Area (EEA), you may contact Privacy Representation Ltd. on matters related to our processing of Personal Data in the EEA. To contact Privacy Representation Ltd, please use these coordinates:
XIII. Data Protection Representative in the United Kingdom
We have appointed UK Privacy Services Ltd. as the representative in the UK for data protection matters for BlueWhale Research Inc. While you may also contact BlueWhale Research Inc, if you are located in the United Kingdom, you may contact UK Privacy Services Ltd. on matters related to our processing of Personal Data in the UK. To contact UK Privacy Services Ltd., please use these coordinates:
UK Privacy Services Ltd. Kemp House, 160 City Road, London, EC1V 2NX [email protected]
Version 1.2, September 27, 2021