Version 1.0
Last update: 01/04/2021

BMS PRIVACY POLICY

General Information

Blue Media Services's Privacy Policy (from now on “BMS”) is intended to clarify our company's data processing and privacy policy.

BMS is a technology company that provides retargeting services.

Our retargeting service consists of displaying products and or service ads according to the interest of a potential customer.

To provide this type of service, BMS uses an artificial intelligence algorithm that identifies the interests of a potential customer based on its browsing behavior and consumption patterns (research, interests, geographic location). Such data is collected without identifying the potential customer.

By using such data, BMS’s clients ("Advertisers") are able to offer media targeted to their end customer based on their browsing behavior. This means, Advertisers are able to display ads in banners located on internet pages, blogs and partner websites ("Publishers") which their customers usually visit.

When providing such service BMS's algorithm does not collect personally identifiable data, such as full name, gender, document numbers, mailing address and e-mail address. The data collected by BMS is solely related to user’s behavior when such user is browsing through websites, as well as their preferences. This data is collected by assigning a random identifier to ensure user's anonymity.

A user's identifier is randomly assigned to identify a user’s behavior pattern while preserving its anonymity. Due to the randomness of this process, it is not possible to identify personal data or revert the anonymization process.

In addition, the data collected related to the browsing patterns of a possible consumer is processed only by BMS. There is no third party or middleman in such data processing. Therefore, privacy is one of BMS’s principles.

This is also why we prioritize transparency and accessibility. The terms of our relationship are available and understandable to our customers, partners and website visitors.

Service

BMS offers a retargeting service to its Advertisers, as described above.

How our service works

BMS renders an internet advertising service, called retargeting. For this purpose, users' navigation data is collected when they enter one of our partner’s website. Such data collection is carried out by using tags - a set of programming code added to a partner’s website. Such tags work behind the browsing environment, without the user's knowledge. In this process, it is important to note that no personally identifiable data is collected.

From there on the user may be impacted by a partner's ad, through BMS's retargeting services. The goal is to nudge the user to return to a partner's website to purchase the product or service that the user has shown interest in the partner website.

Data collection and use of personal data

BMS does not collect personally identifiable data when a user accesses any Publisher’s or Advertiser’s website. That means BMS does not collect any data that makes it possible to identify a user while browsing a website.

User’s personal data will only be collected by BMS upon consent, except for other cases provided for in this Privacy Policy or by legal requirement.

Legal Basis: Section. 7, item I Brazilian Law No 13.709/19

What data do we collect from users?

Through tags (set of programming code added to a Publisher or Advertiser’s website background), BMS collects data related to an user’s browsing activity, such as:

  • From which website the user came from;
  • For how long the user stays on each page of the partner’s website;
  • What was the last page visited in the partner’s website before its abandonment;
  • If a user has visited a product, we collect the visited product identifiers (IDs);
  • If a user added products to a shopping cart, we collect such product’s IDs; and
  • If a user makes a purchase, we collect the IDs of the purchased products, the total amount of that sale and the transaction ID.

Why do we collect these data?

The data collected serves to enable us to display extremely relevant ads to users who have expressed an interest in making a purchase on the website of one of BMS's partners.
The algorithms used by BMS rates each step in a purchase journey with a different level of importance to perform the ad display service. The closer the user gets to the end of a purchase process, the more relevant the ad will be to them.


Product identifiers (IDs) allow BMS to link products of interest to a user with similar products in terms of category and price.
Such process is made to offer products with a high probability of interest to the user through online advertising.

For how long and where will this data be kept at BMS?

All data collected is stored for 180 days in BMS’s encrypted servers provided by AWS (Amazon Web Services) cloud computing services. BMS has no physical servers to store data. For this reason, access to the servers is done only through password and is protected by encryption.

How BMS’s employees handle data

User’s browsing data is used by the artificial intelligence algorithms of BMS’s retargeting service.

In addition to the anonymous collection of data, such data is used in an aggregate way to direct content according to the preferences that a set of users presented through the identifiers randomly assigned to them by BMS’s algorithm. Therefore, there is no individualization of users during the retargeting activity.

Due to such process BMS’s employees do not have access to a specific user’s browsing data nor perform any analysis on such data. The browsing data is used by the artificial intelligence algorithm to perform a classification process and then assign each identifier of a product to the identifier of a user who has expressed interest in that product.

Data storage

All data collected is stored in encrypted servers, protected by password and accessed only by BMS's technical responsible (CTO) or BMS professionals with a technical clearance level, whose access is also controlled by the company's CTO. All servers are stored in the cloud and are used as a service offered by AWS (Amazon Web Services).

Such data remains stored for a maximum of 180 days. After this period such data is permanently deleted from the servers. From the moment data is deleted from the servers BMS's retargeting service is unable to target new ads to a user unless that user returns to one of BMS’s Advertiser partner’s website. In the event a user returns to an Advertiser’s website, the storage process is renewed and follows the same pattern described in this paragraph all over again.

BMS only keeps data required by law or by any authority competent to make such a request.

International data transfer

The servers used by BMS are distributed in 4 regions of the world, namely Brazil, United States, Germany, and Singapore. All servers in each location have other identical corresponding servers, for the purpose of redundancy. The exchange of information occurs only within the environment of the servers themselves so that there is no data processing carried out in other jurisdictions besides Brazil.
Through such structure, information that is recurrently used remains in the location of the service provided, in order to minimize the latency in the response of requests made by any user to these servers.

Data Security

All collected information is stored and treated within an environment with maximum security. The entire environment is encrypted, password protected and controlled directly by the company's technical responsible (CTO). Additionally, these servers have redundancy features so that there is no loss of data in case of collapse or any other threat situation.

The browsing data collected during the retargeting process is stored in our servers, following strict encryption control. Only the technician responsible for the company (CTO) has access to these servers. Such data remains stored for a maximum of 180 days.

Access to any of the databases mentioned above is done through passwords and with a person responsible for each of the information storage and processing platforms.

Rules for Advertisers and Publishers

We only accept as Advertisers / Publishers companies that commit to a minimum standard of privacy.
This means that our Advertisers or Publishers:

(i) must have a privacy policy, which is requested whenever BMSs enters into a contract with an Advertiser or Publisher;

(ii) may not use any BMS product or service to violate users' privacy rights;

(iii) may not use or process personal or sensitive data without prior consent of the holders of such personal data or without any other legal basis that legitimates such action.

Cookie Policy

We use some internal cookies to address, assign an identifier and store a user's browsing data in our environment, such as:

ckid

this cookie is an identifier (ID) provided by the user's internet browser and is used to pair the user with relevant products in marketing campaigns.

hash

is an identifier (ID) generated in a randomized process that ensures the impossibility of identifying a user, precisely to maintain his anonymity. The ID is generated through the ckid.

BMSID   

is an identifier (ID) generated to ensure that a user does not receive an ID more than once to avoid duplication in the system, even if he leaves the internet browser (browser) and manages another browsing session.

Benefits of using Cookies?

Cookies save certain browsing information. Thus, when a user visits a BMS partner website again, it will recognize your browser and will be able to maintain your previously set options and preferences, especially in relation to your preferences when searching for products and services on the internet.

What happens if Cookies are not accepted?

Once we put our tags within the environment of a partner website, such partner is responsible for notifying the use of cookies to its users.

If the user rejects the use of Cookies, our tags will not be triggered, and anonymous information of that user will not be collected. Thus, our retargeting service will not work for that user in terms of its navigating behavior in the partner’s website.

Thus, the user will no longer receive ads related to their buying behavior.

I don't want ads!

If you do not want ads targeted by BMS to appear during your navigation on the internet, you can access the link https://www.bluems.com/optout/ to disable the service and prevent cookies from targeting your browsing information.

Erase Personal Data

Data deletion will only occur when there is an explicit request from a personal data subject, provided BMS has collected its personal data. As a business rule due to a privacy by design principle (privacy from the origin and conception of the product), BMS does not collect personal data. The data stored from internet users are anonymized by the process explained at the beginning of this policy.

Therefore, no identifiable data is stored by BMS and there is no possibility of identifying a user by using BMS’s services. Therefore, the rules of the Brazilian General Data Protection Law do not apply to users who somehow provide anonymous data to BMS.

Legal Basis: Section 12 in Brazilian Law No. 13.709/1

If a personal data subject wants to make any request, check existing own personal data, request for changes or deletion of personal data, such subject may request such access directly to an Advertiser or Publisher who is a BMS customer. The holder of personal data may also request BMS to confirm the existence of the collection and processing of personal data and, if confirmed, the corresponding change and / or deletion.

Any personal data request made directly to BMS must be made through the following link: https://www.bluems.com/dataremoval. A personal data collection and processing will not be performed due to the use of the retargeting product of BMS, but for any other business reason that leads to a collection and processing of a subject’s personal data.

Amendments

BMS may change this Privacy Policy at any time. Each version of the Privacy Policy will contain the effective date and version at the beginning of the document to ease user identification. You can also request an old version of the privacy policy for consultation.

Any changes to the Privacy Policy will be communicated to users and, to continue using the services provided by BMS, this Policy must be accepted by users.

Personal data requests

Any situation regarding personal data should be communicated to dpo@bluems.com

Responsible (DPO):

Gabriella Pontes Garcia

dpo@bluems.com

Disputes

This Privacy Policy is governed by the laws of the Federative Republic of Brazil. Any dispute arising from this Privacy Policy or BMS’s service will be solved by the jurisdiction of the Court of the District of São Paulo, State of São Paulo, Brazil. Any other jurisdiction is deemed excluded, however privileged it may be or may become. Any dispute will be solved in Portuguese language and in São Paulo, State of São Paulo, Brazil.

Contact Details:

BLUE MEDIA SERVICES LTDA

Rua Alvorada nº 1289, conjunto 1211

Vila Olímpia, São Paulo - SP

Tax ID (CNPJ) 37.746.861/0001-23

Telephone:(11) 3846-6784