Privacy Policy

Effective 27 January 2022

Blerter is owned and operated by Blerter Limited, headquartered in New Zealand.

At Blerter we believe that privacy and security of your personal information is a basic human right and we work hard to protect your privacy. This policy is our way of letting you know what information we collect, why we collect it, how we use it and steps you can take to learn more about this. This policy should be read in conjunction with:

• Blerter Community Guidelines (blerter.com/community-guidelines)
• Blerter End User Terms (blerter.com/end-user-terms)
• And if you are a paid subscriber to Blerter, the Blerter Subscriber Terms (blerter.com/subscriber-terms)

This policy describes our practices in connection with information that we collect through our websites, mobile and web apps, APIs and backend platforms (together our “Service”). It also describes your data protection rights, including a right to object to some of our processing. 

The Policy does not apply to information collected by any third party, including through any third-party application, integration, use of our API or content (including advertising) that links to or is accessible from our Service.

1. Who is this Policy for?

Firstly, some definitions:

• EVENTS: are an organized gathering of people for the purposes of business, sport, entertainment and/or community activities.
• CUSTOMERS: Customers are organizations (such as companies, businesses, charities, trusts, government agencies or other entities) that Subscribe to use our Service in the planning and delivery of their events.

This policy applies to the following classification of individuals that interact with Blerter:

• USERS: Users are individuals that create a User Profile on the Blerter Service. They may also be employees, contractors, volunteers or associates of our Customers, including customer personnel that are authorized to access and use our Service pursuant to an active Blerter Subscription or temporary evaluation license. Additionally, Users include individuals who self-register to access our Service.
• ATTENDEES: Attendees are individuals who attend Events that are run by our Customers. Attendees don’t have a User Profile or login to use the Service but information about them may be loaded and stored in the Service by our Customers and their Users for the purposes of delivering the Event.   ]
• VISITORS: Individuals that interact with our Websites (for instance, to read about Blerter products and services, download a white paper, or sign up for an online demo), as well as those who attend Blerter marketing events, webinars and whom we meet at a tradeshow or learn about through a referral from third parties or other external sources.

2. What types of personal data do we collect?

When a User creates a profile in our Service they upload personal information that includes their name, email address, phone number, profile photo, and may optionally include information they upload such as a personal headline, about me description and 3rd party certifications such as first aid certificates.

If a User is directly connected to a Customer organization then their job title at that Customer is recorded, as well as various permissions they have on the Service based on this Customer connection. When a User is connected to an Event their membership of that Event is recorded.

If a User is an account holder for a Customer we may, depending on the Subscription payment method they select, record their credit card or other financial details and relevant billing and contact information for Subscription billing purposes only.

3. What types of personal data do our Customers collect? 

Our Service is flexible and allows our Customers to collect a variety of personal data from and about their Users and Attendees. Customers have access to information in the profiles of any User who is connected with their organization or events. 

For Attendees they may record free form information including name, organization, email address, phone number, emergency contacts and other information they need to record to ensure the safety and wellbeing of the Attendee, other Attendees, Users and people at an Event. This may include information they need to have to comply with the requirements of the Event such as ticket information, compliance with the needs of a sport or association the Attendee is participating in, health and safety information, or any information they are required to collect to comply with local laws and ordinances. Customers may also record information related to the health, safety, medical or security needs of Users or Attendees who are attended to by professional security or medical staff at the event. 

Our Service facilitates the handling of conversational, structured and unstructured information in many formats such as text, files photos and videos. These can be added by Users to streamline the delivery of the Event and Users may enter other personal information at any time through the Service.

Location Information

Our Service collects location information for Customers when Users interact with the Service. This can be entered manually by the User and/or gathered automatically by the Service during certain User interactions. Customers use this information to facilitate the smooth running of an Event, manage hazards and safety issues, deploy people and resources where needed and to respond to incidents to enhance the safety of everyone at the Event. 
Customers may also create a ‘geo-fence’ around their Event which the Service can use to prompt Users to Check in when they arrive at the Event location and to automatically check them out when they leave. The Service does not record a User’s location unless they are Checked in to an Event.
If you do not agree with our policies and practices, you may choose not to use our Service.

4. How do our Customers collect personal data? 

• When Users enter the information about themselves into the Service.
• When our Customers enter information about a User or Attendee into our Service for the legitimate purpose of delivering the Event.
• Automatically, as Users interact with our Service.

5. How do our Customers use personal data?

Our Customers use personal information to interact with their Users in the delivery of the Event. They use information about Users and Attendees for the purposes of event operational delivery and safety. They may provide this information to third parties, which may include law enforcement and first responders.

Customers also have access to information (including personal data and Service usage data) related to how Users and Attendees interact with the Service. In such instances, the Customers act as data controllers towards the User and Attendee, under the European Economic Area (“EEA”) data protection laws.  Therefore, Blerter cannot and does not take responsibility for the privacy practices of Customers.

The information practices of our Customers are governed by their privacy policies. We encourage Users and Attendees to review Customers’ privacy policies to understand their practices and procedures.

6. Does Blerter use or sell personal data collected by our Customers?

Blerter does not use personal data of Users or Attendees for any purposes other than to provide the services that our Customers have contracted us to provide through our Service and any related consulting, training or support services, as noted below, or as required by law. Blerter does not sell the personal data of our Customers, Users or Attendees.

7. How does Blerter collect and process personal data from our Customers and Users and Attendees?

We collect personal data from our Customers in order to facilitate communication and delivery of the Service that our Customers are interested in or contract us to provide. For example, we may collect Customer contact information, whether through the execution of a contract, use of our services, a form on our website, an interaction with our sales or customer support team, signing up for an event, or a response to one of our surveys or marketing emails. We may also collect credit card information (e.g. credit card number and expiration date, billing address, etc.) or other customary bank information needed for billing and payment purposes.

We may record Customer telephone calls made to our Customer Success team for legitimate business interests related to providing Customer support, compliance with laws, training, and quality assurance. We retain such recordings until 180 days after the date of recording.

We collect Customer usage information about how our Customers and Users interact with our Service. This includes which webpages or app screens they visit and use, what they click on, when they perform certain actions, what language preference they have, what type of Events they run, what they Subscribe to, and so on.

We process Customers’, Users’ and Attendees’ personal data in the following manner:

• To disclose to our subsidiaries and affiliates for the purpose of providing services to our Customers and their Users.
• To disclose to contractors, service providers, and other third parties as reasonably necessary or prudent, to provide, maintain and support our Service for our Customers and their Users, such as, for example, payment processors and data center or Web hosting providers. Blerter does not share, sell or trade any information with such third parties for promotional purposes.
• To deliver the Service that our Customer has contracted us to provide. Some examples include:
  • When a User registers on our Service we will use their provided email address to send them information and announcements relating to the Service.
  • When a User is connected to an Event, we will use their provided email address or other contact information to send them information relating to the Event.
  • When a User uses their social media credentials to log into our Service we will share the information required to facilitate that login with their social media account provider. The information we share will be governed by the social media site’s privacy policy.
• To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all Blerter’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Blerter about our Customers, Users and Attendees is among the assets transferred.
• For our internal business purposes that include administering access and use of our Service, data analysis, securely identifying Customers and Users upon logging onto the Service, enhancing or modifying our Service, determining the effectiveness of our promotional campaigns, billing for Services, and operating our business.
• As we believe to be necessary or appropriate:  (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.
• For other purposes when Users provide explicit consent.

We aggregate and anonymize information about (i) Customers and Users, and (ii) the use of our Service in order to improve our Service and to create benchmark and other business intelligence products. None of the aggregated and anonymized information contains personal data (i.e. does not identify any individual). 

8. What is the legal basis for Blerter to process personal data from the EEA?

For individuals that are from the European Economic Area (EEA), our legal basis for collecting and using their personal information will be our legitimate interest where the processing is in our, or a third party's, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. These interests are to provide individuals with access to the Service and features of the Service; to send them information they have requested; to ensure the security of our Service by trying to prevent unauthorized or malicious activities; or to enforce compliance with our terms of use, contracts and other policies. In some EEA countries, we are relying on consent as a legal basis for using data for marketing purposes.

9. How long does Blerter store personal data collected by our Customers?

Unless otherwise provided in our contract with our Customer, we will remove personally identifiable information from our Customer’s data 12 months after the termination of our contract with them.

Because our Users may work with many different Customers over time and their profile is not connected with a single Customer contract, we retain User Profile information until a User asks us to remove it.

10. How can a User access, correct or remove their personal data?

In various countries, including countries in the EEA, upon their request, Users have the right to access their personal data and, if necessary, have it amended, removed or restricted. Users can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent (see the Blerter contact section below). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Users also have the right to complain to a supervisory authority for data protection in the country where they live, or where they work – although we hope that we can assist with any queries or concerns you have about our use of your personal data.

Other than User Profile information and information users enter outside of an Event, Blerter processes User data under the direction of our Customers and has no direct control or ownership of the personal data we process for Customers. Customers are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to Blerter for processing purposes. Any User that seeks to access, correct or delete data, other than User Profile information, should direct their query to the Customer. If the Customer requests Blerter to remove the personal data of a User to comply with data protection regulations, Blerter will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.  

11. How can a Customer access, correct, or remove their personal data?

Customers have the same rights to access, correct or remove their personal data as do Users.

Any Customer that seeks to access, correct or remove data, can do so by submitting a request to privacy@blerter.com. Blerter will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.

We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.

12. How does Blerter use cookies and similar technologies?

Cookies and Web Beacons

We use cookies or similar automatic data collection technologies as individuals interact with our Service to collect certain information about their equipment, browsing actions and patterns, including:

• Details of their visits to our Service, such as the date and time they access our Service, length of time they spend on our Service, websites that linked to our Service or websites linked from our Service, the resources, functionality and content that they access, upload and use on the Service.
• Information about their computer and internet connection, such as their IP Address, computer type, screen resolution, language, Internet browser type and version.

Below are the technologies we use for automatic data collection.

• Browser Cookies.  A cookie is a small file placed on a computer hard drive.  Web browsers can be configured to restrict or entirely block cookies, to configure cookie notification settings and/or to delete cookies already present on the browser or device.  Information on how to do this is provided by the web browser’s help/reference section. Limiting or restricting certain types of cookies may prevent a Customer or Users from using certain portions of our Service, depending on how the browser settings are configured.  For example, our web application cannot function successfully if cookies are disabled in the web browser. Unless the browser setting has been adjusted so that it will refuse cookies, our system will issue cookies when the browser interacts with our Service.  For more information about cookies and how to disable them, see www.allaboutcookies.org. 
• Session Cookies and Persistent Cookies.  A "session" cookie lasts for a single browser session only and is deleted when the user closes the web browser. Session cookies allow website operators to link the actions of a user during a browser session.  A "persistent" cookie remains on the user’s device (even while powered off) until it expires or is deleted.  A persistent cookie will be reactivated when a user returns to the website which posted the cookie. We use persistent cookies to help customize your web experience when you return to a web page or our website.

Neither of these cookies can read or access other cookies or any data from a user’s hard drive. Further, neither of these cookies alone will personally identify a user; however, a cookie will recognize a user’s individual web browser or device through an IP Address, browser version, operating system and other information, and individuals who log in to their Blerter accounts will be individually identifiable to the Service using session cookies.

• Web Beacons.  Pages in our Service and our e-mails will contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs).  Web beacons differ from cookies in that the information is not stored on your hard drive, but invisibly embedded on web pages or in email.  Web beacons permit us to track online movements of web users, for example: to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).  This enables us to provide a website experience more tailored to our users’ preferences and interests.

At this time, we do not respond to browser ‘do not track’ signals, as we await a uniform standard put forth by regulators or the privacy industry.  Blerter earnestly considers an individual’s independent right to determine how their personal data is processed and continues to monitor developments in this area.

Advertising

We use third parties (such as LinkedIn, Google AdRoll, YouTube) to serve advertisements that may be of interest to you on other websites. For more information and the ability to control your preferences, please visit:

• http://preferences-mgr.truste.com
• http://www.networkadvertising.org/managing/opt_out.asp and
• http://www.aboutads.info/
• https://policies.google.com/privacy/partners

If you are located in Switzerland or the European Union, please click here.

13. Third Party Analytics Providers 

We use third party analytics providers, including Google, Mixpanel, HubSpot and others, to collect information about the usage of our Service and enable us to improve how our Service works.  The information allows us to see the overall patterns of usage on the Service, helps us record any difficulties you have with the Service, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance.  These third-party providers use cookies and other, similar technologies to collect information about the usage of our Service and to report website trends to us, without storing any personal data on external third-party analytics provider platforms.  See below for more information, or to opt out of these practices:

• You may opt-out of Google Analytics by clicking here.  
• You may opt-out of Mixpanel’s practices by visiting https://mixpanel.com/optout/
• You may opt-out of HubSpot communications via the link on any email you receive from us via HubSpot. For more information visit: https://legal.hubspot.com/privacy-policy

14. How does Blerter process data from Visitors?

Blerter processes Visitor data separately and distinctly from the way we process Customer and User data. By visiting our websites, attending Blerter marketing events or providing us with your personal information, Visitors consent to the collection, processing and storage of their personal information as described in this section.

Visitor Personal Data Collected

Blerter collects personal data including name, title, postal address, e-mail address, telephone number, social media account ID, company information (including financial and billing information when purchasing Blerter services), survey responses, message board posts, chat messages, contest entries and promotional enquiries. We use this information to provide you with additional details about our services, conduct research, provide whitepapers or to contact you after your visit.
We also collect personal data from third party sources, such as public databases, joint marketing partners, and social media platforms.  For example, if a Visitor elects to connect her social media account to her account for our websites, certain personal data from the social media account will be shared with us, which may include personal data that is part of the Visitor’s profile or her friends’ profiles.

Additionally, we collect personal data from cookies and similar technologies to collect information about the pages Visitors view, links Visitors click on, Visitors’ web browser information, Visitors’ IP address and other actions Visitors may take when accessing our websites.

Blerter’s Use of Visitor Personal Data Collected

Blerter processes Visitor personal data to:

• Analyze how our websites are accessed;
• Personalize your browsing experience and present products or features that may be more applicable to you;
• Identify website technical problems;
• Discover, investigate and remediate fraudulent or illegal activity;
• Transmit notices related to product, service, or policy changes;
• Respond to your product and service enquiries;
• Send you information such as product announcements, newsletters, whitepapers, relevant offers, and upcoming promotions or events (where required, dependent on jurisdiction, we will seek and obtain your explicit consent before sending marketing emails);
• Plan and host Blerter corporate events, host online forums and social networks in which Visitors may participate;
• Analyze, evaluate and identify new prospects;
• Create tailored advertising, sales and promotional programs; and
• Bill customers for our services and assess the financial capability of prospective customers to afford Blerter’s solutions.

If you wish to remove yourself from communications about Blerter, please send us an email at: privacy@blerter.com.

Storing of Visitor Personal Data

Where we process Visitor personal data for marketing purposes or with Visitor consent, we process the data until the Visitor asks us to stop. It typically takes up to 30 days to implement your request. Blerter will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where Blerter services are marketed and provided. We also keep a record of when Visitors have asked us not to send direct marketing or to process Visitor data indefinitely so that we can respect the Visitor’s request in the future.

Sharing of Visitor Data

We may share information with third party service providers contracted to provide services on our behalf as well as third parties who resell our services.

We may also engage with business partners to jointly offer products, services or other programs, such as webinars or whitepapers, and from time to time, we may share personal data if you purchase or show interest in any jointly-offered products or services.

We will only share personal data of Visitors who attend a Blerter marketing event with third parties if a) the Visitor explicitly consents, b) the Visitor permits their badge to be scanned, or c) it is permissible under applicable law.

Access, correct or delete Visitor data

Visitors have the same rights to access, correct or delete their personal data as do our Customers.

Any Visitor that seeks to access, correct or delete data, can do so by submitting a request to privacy@blerter.com. We will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Visitor about the legal obligations that prevent us from fulfilling the request.  

We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.

15. Do we process information of children under the age of 13?

Our Service is not intended for or to be used by children under 13 years of age. We do not directly solicit or collect personal data from children under 13.  If you are under 13, do not (i) use or provide any information on our Services or on or through any of its features, (ii) register to use our Service, (iii) use any of the interactive or public comment features of our Service or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you will use.

Our Customers may collect information on children under 13 as part of the data they collect for the delivery of their Event and for health and safety reasons. We encourage our Customers to remove the personally identifying information at the conclusion of their Event and to have in place adequate policies and processes for handling this information.

16. Where do we transfer the data we process?

Blerter is an Aotearoa New Zealand company and adheres to Aotearoa New Zealand Privacy laws (see #18 below) which the EU has deemed to provide adequate privacy protections for EU citizens.

EU-U.S. and Swiss-U.S. Privacy Shield

However, where we store and/or process data within the United States, we use the Google Cloud Platform infrastructure. Google have certified that they adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Blerter is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, in reliance on the Privacy Shield Frameworks to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit https://www.privacyshield.gov.

Blerter is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  Blerter complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

Cross-Border Transfers other than to the E.U. or Switzerland

Personal data may be accessed by Blerter personnel providing services in any country where we have facilities or in which we engage IT service providers, including New Zealand and the United States.

How do we secure the data we process?

We use a variety of organizational, technical and administrative measures to protect personal data within our organization.  We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at privacy@blerter.com.

17. How do you contact US or our Data Protection Officer?

For details about the DPO’s role or any privacy questions related to Blerter’s Privacy Policy, please contact the us at privacy@blerter.com.  You should also feel free to contact us regarding details of our implementation of our privacy program at: Blerter Limited
PO Box 9821, Newmarket, Auckland 1149, Aotearoa New Zealand.

18. What privacy laws do we comply with?

As an Aotearoa New Zealand company, we are subject to and comply with the New Zealand Privacy Act 2020, along with any other guidelines, policy statements or rules issued by the Office of the New Zealand Privacy Commissioner / Te Mana Mātāpopo Matatapu. We also guided by and comply with the principles of the General Data Protection Regulation (EU GDPR) and the California Consumer Privacy Act (USA-CA CCPA). 

19. How do we publicize changes to our Privacy Policy?

We will update this Privacy Policy to reflect changes to our information practices and update this on our website and within the Service. We may also notify you by in-app message within the Service or by email if we believe the changes are significant enough to warrant disturbing you with yet more messages.