European Union

GDPR

Company Introduction

We are a US-based company with headquarters in Lincoln, Nebraska. We provide software for collaborative meeting management and maximizing growth of business teams, through various software programs and our websites located at https://www.bloomgrowth.com and https://app.bloomgrowth.com (“Site”) (collectively, “Services”).

Since you come first, naturally your privacy and the security of your personally identifiable information (“Personal Data”) are critically important to us. This privacy notice (“Notice”) will explain how we collect, process and control your Personal Data when you visit our Site and when you communicate with us, in addition to explaining your privacy rights to you.

By using our Site or our Services, you agree to the terms and conditions contained in this Notice and our Site’s Terms of Use (hyperlink) and/or any other agreement we may have with you. If you do not agree to any of these terms and conditions, you should not use this Site, any of our software, or engage our Services in any way.

Personal Data Collected

We collect the following pieces of Personal Data:

• Contact Information: name, company name, email, billing address, and billing preferences.
• Username: In order to provide our Services, we ask that you create an account. Upon account creation, we capture and secure your username.
• Information You Provide to Us. This includes any voluntary information you provide when making informed decisions on our Site. We use this information to provide our Services to you and help communicate effectively with you. We need the information that we collect for fulfillment of your order. This will include welcome emails, billing and service announcements, and other similar communications. You may not opt out of service-related announcements unless you are requesting to no longer use our Site or Services, because not receiving them may affect the quality of the Services we deliver to you. We also use the information we collect from you to provide adequate customer education, support, announcement of critical changes and updates, including customizable notifications that you may choose to enable or disable.
• Testimonials. If you have provided us with any testimonials, you permit us to use them on the Site. Prior to receiving such testimonials, we will ask for your consent to collect the testimonial and to post it on our Site. You may request that we remove a testimonial at any time by contacting us at the email listed in the “Contact Us” section of this Notice.
• Log Data. “Log Data” is data that is automatically recorded by your browser whenever you visit a website. Log Data may include your IP address, browser type, information about which web-pages you visit, the search terms you use, and advertisements on which you click. If you object to our collection of any of this information, then you should not visit our Site or use our Services. You may request that we delete Log Data, or all Personal Data, by emailing us at the email address listed in the “Contact Us” section of this Notice. We are unable to remove Log Data that is necessary for security and historical needs. If you request that we completely purge your Personal Data and all information from our systems, you will no longer be able to use our Services. The process takes approximately thirty (30) days. Once the process is complete, your Personal Data will no longer be in our systems. However, if you sign up for our Services in the future, your information will again be captured and stored in our systems.

We log analytics and usage on an aggregate basis as you utilize our Service to refine and improve your experience. Web logs generally include internet protocol (IP) addresses, browser information, internet service provider (ISP), referral pages, system information, timestamps, pages viewed, and time spent on particular pages. While IP addresses are tied to personally identifiable information, other analytic data is typically treated as an aggregation of all user activities, and is not personally identifiable, as it does not directly or indirectly reveal your identity. Further, we do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. Also, we do not knowingly direct our Site or our Services to collect Personal Data from children under the age of 13.

From time to time we will use the information to reach out to you with news and offers that may be relevant to our business relationship. We will obtain your consent to contact you prior to sending you any such offers. If you provide your consent, you may withdraw that consent at any time by emailing us at the address listed in the “Contact Us” section of this Notice, and we will discontinue sending these notifications. If you would like to opt-out of emails, please use the “Usubscribe” link at the bottom of most non-transactional emails.

• Cookies, Web Beacons, and Similar Technologies. We use “Cookie” technology to collect additional data regarding Site usage and to improve the functionality of our Site and Service. Cookies are small data files that are transferred to your computer’s hard drive. You may choose to reject cookies in your browser at your own risk, and you may still access our Site and utilize our Services. However, the rejection of cookies may limit your ability to access features or other specific parts of your site. Please see our Cookie Policy for further information about the types of Cookies and technologies we use.

Purpose of Collecting Personal Data

If you fail to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case, at that time.

“Sale” or Sharing of Personal Data

We do not sell your Personal Data without your permission. However, we do share some Personal Data in the following limited circumstances: (1) when it is required by law, (2) when it is necessary to provide Services, (3) if we sell our company, or undergo a change of control, or (4) if you have provided a testimonial or other endorsement.

We will share Personal Data as required by law to comply with investigations, court orders, or legal processes, and to respond to illegal activities, suspected fraud, threats to physical safety of any person, and violations of our Terms of Service.

We may share your Personal Data, including Contact Information and technical data with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as Site design, sending email communications, fraud detection and prevention, customer care, in-app offerings, or performance analytics. Our contracts with these third parties require them to maintain the confidentiality of the Personal Data we provide to them, only act on our behalf and under our instructions, and not use Personal Data for purposes other than the product or service they are providing to us or on our behalf. If we sell, merge or transfer any part of our business, we may be required to share your Personal Data. If so, you will be asked if you’d like to stop receiving promotional information following any change of control.

Other than situations we described above, we will provide you with notice and the opportunity to choose when your Personal Data may be shared with third parties. We display endorsements of our customers along with other testimonial information. This will only be done with your consent, and you may choose to retract your consent at any time by contacting us.

We may provide aggregate information about usage patterns and related Site information to affiliates and partnering third parties. We provide information as needed to manage our own advertising and marketing campaigns. This information is not Personal Data, unless provided so in this Notice.

Other websites

We may link to other websites that have different privacy notices than this Notice. This may include social media features or widgets that we display on our Site. These links and features are hosted and governed by their respective providers’ privacy notices. We do not have access or control over their privacy notices or use of technology, cookies, and submitted information. We suggest that you review all privacy notices before volunteering information to any website you visit.

The California Consumer Privacy Act (“CCPA”) defines “sale” broadly. Thus, if you are a California resident, please refer to the California Page, for further information, and your rights concerning your Personal Data.

Do Not Track

“Do Not Track” (“DNT”) technology is a feature that browsers provide to their customers that allows customers to allow or prevent websites from collecting information about their browsing activities. We may track our customers across third party websites to provide targeted advertising and do not respond to DNT signals.

Security of Personal Data

We have established appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized manner, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business “need to know”. They will only process your Personal Data at our direction and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

To effectuate our data security regime, we constantly evaluate our Information Protection Policies (IPP) as we improve our security and confidentiality operations with employee training and operational safeguards. This insures safe business practices to limit employee access to confidential information, and insures only authorized persons may access Personal Data for procedural and transactional processes only.

With regard to technology, we encrypt sensitive information using Secure Socket Layer technology (SSL), and related protocol HTTPS and other industry standards to protect your Personal Data. As there are many different attack methods between our Service and your computer, we cannot guarantee absolute security. We advise using caution whenever sending us confidential information or Personal Data and we will, to the best of our ability, provide secure channels to do so.

Length of Time We Store Personal Data

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data (see “Legal Rights of Data Subjects” section). In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

International Data Transfers

Our headquarters are in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to the U.S. Personal Data only with your consent, to perform a contract with you, or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your Personal Data and to use it only in a manner consistent with your relationship with us and the practices described in this Notice.

Where we transfer your Personal Data to a third party service provider based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US, or we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.

Legal Rights of Data Subjects

If you are an EEA resident (“Data Subject”), you have certain rights with respect to your Personal Data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.

• Access, Correction or Deletion. You may request access to, correction of, or deletion of your Personal Data. We store your Personal Data for as long as your account remains active. We store other Personal Data for as long as necessary to carry out the purposes for which it was collected. Please note that even if you request all your Personal Data be deleted, certain aspects may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us); exercise, establish or defend legal claims; and to protect against fraudulent or abusive activity.
• Objection. You may object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
• Restriction. You have the right to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Portability. You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw Consent. If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
• File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data.

To file a request or take action on one of your rights, please contact us at the contact details provided in the “Contact Us” section of this Notice. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, in rare instances, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you have a concern about our processing of Personal Data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

• For individuals in the EEA:
  https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK:
  https://ico.org.uk/global/contact-us/

For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Updates to Our Privacy Notice

We may update the Terms of Service and this Notice from time to time. We reserve the right to amend this Notice at any time, and will notify you by posting the amended Notice on the Site. We may also email you to give you notice of material changes to this Notice. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms that govern the use of the Site and our Services.

You agree that any dispute over privacy or the terms contained in this Notice will be governed by the laws of the State of Illinois, and litigated in any court of competent jurisdiction in Cook County, Illinois. Further, by accessing our Site and using our Services, you consent to jurisdiction in Illinois.

Contact Us

If you have any questions or wish to register a complaint in relation to this Notice or the manner in which your Personal Data is used by us, please contact us by any of the following means:

By Email: compliance@bloomgrowth.com

Legal Address:
1201 Infinity Court
Lincoln, NE, 68512

Mailing Address (By U.S. Mail or overnight courier):
Attn: Chief Privacy Compliance Officer
PO Box 37
Sheldon, IL, 60966-0037

Toll Free: 855-647-6869
Local: (402) 378-9545