Version 1.0
Last update: 01/04/2021

Blue Media Services's Privacy Policy (from now on 'BMS') is intended to clarify our company's data processing and privacy policy.

BMS is a technology company that provides retargeting services.

Our retargeting service consists of displaying products and or service ads according to the interest of a potential customer.

To provide this type of service, BMS uses an artificial intelligence algorithm that identifies the interests of a potential customer based on its browsing behavior and consumption patterns (research, interests, geographic location). Such data is collected without identifying thepotential customer.

By using such data, BMS's clients ("Advertisers") are able to offer media targeted to their end customer based on their browsing behavior. This means, Advertisers are able to display ads in banners located on internet pages, blogs and partner websites ("Publishers") which theircustomers usually visit.

When providing such service BMS's algorithm does not collect personally identifiable data, such as full name, gender, document numbers, mailing address and e-mail address. The data collected by BMS is solely related to user's behavior when such user is browsing through websites, as well as their preferences. This data is collected by assigning a random identifier to ensure user's anonymity.

A user's identifier is randomly assigned to identify a user's behavior pattern while preserving its anonymity. Due to the randomness of this process, it is not possible to identify personal data or revert the anonymization process.

In addition, the data collected related to the browsing patterns of a possible consumer is processed only by BMS. There is no third party or middleman in such data processing. Therefore, privacy is one of BMS's principles.

This is also why we prioritize transparency and accessibility. The terms of our relationship are available and understandable to our customers, partners and website visitors.

BMS offers a retargeting service to its Advertisers, as described above.

BMS renders an internet advertising service, called retargeting. For this purpose, users' navigation data is collected when they enter one of our partner's website. Such data collection is carried out by using tags - a set of programming code added to a partner's website. Such tags work behind the browsing environment, without the user's knowledge. In this process, it is important to note that no personally identifiable data is collected.

From there on the user may be impacted by a partner's ad, through BMS's retargeting services. The goal is to nudge the user to return to a partner's website to purchase the product or service that the user has shown interest in the partner website.

BMS does not collect personally identifiable data when a user accesses any Publisher's or Advertiser's website. That means BMS does not collect any data that makes it possible to identify a user while browsing a website.

Os dados pessoais de usuários somente serão coletados pela BMS mediante consentimento, exceto nosdemais casos previstos nesta Política de Privacidade e nos casos de exigências legais.

Os dados coletados pela BMS são considerados como "dados anonimizados" pela Lei e, durante o processode tratamento dos referidos dados, não há possibilidade de reversão do processo de anonimização, ou seja,não é possível identificar o titular desses dados em razão dos procedimentos de Segurança da Informaçãoadotados pela Blue e indicados nesta Política de Privacidade.

User's personal data will only be collected by BMS upon consent, except for other cases provided for in this Privacy Policy or by legal requirement.

Through tags (set of programming code added to a Publisher or Advertiser's website background), BMS collects data related to an user's browsing activity, such as:

• From which website the user came from;
• For how long the user stays on each page of the partner's website;
• What was the last page visited in the partner's website before its abandonment;
• If a user has visited a product, we collect the visited product identifiers (IDs);
• If a user added products to a shopping cart, we collect such product's IDs; and
• If a user makes a purchase, we collect the IDs of the purchased products, the total amount of that sale and the transaction ID.

The data collected serves to enable us to display extremely relevant ads to users who have expressed an interest in making a purchase on the website of one of BMS's partners. The algorithms used by BMS rates each step in a purchase journey with a different level of importance to perform the ad display service. The closer the user gets to the end of a purchase process, the more relevant the ad will be to them.

Product identifiers (IDs) allow BMS to link products of interest to a user with similar products in terms of category and price. Such process is made to offer products with a high probability of interest to the user through online advertising.

All data collected is stored for 180 days in BMS's encrypted servers provided by AWS (Amazon Web Services) cloud computing services. BMS has no physical servers to store data. For this reason, access to the servers is done only through password and is protected by encryption.

User's browsing data is used by the artificial intelligence algorithms of BMS's retargeting service.

In addition to the anonymous collection of data, such data is used in an aggregate way to direct content according to the preferences that a set of users presented through the identifiers randomly assigned to them by BMS's algorithm. Therefore, there is no individualization of users during the retargeting activity.

Due to such process BMS's employees do not have access to a specific user's browsing data nor perform any analysis on such data. The browsing data is used by the artificial intelligence algorithm to perform a classification process and then assign each identifier of a product to the identifier of a user who has expressed interest in that product.

All data collected is stored in encrypted servers, protected by password and accessed only by BMS's technical responsible (CTO) or BMS professionals with a technical clearance level, whose access is also controlled by the company's CTO. All servers are stored in the cloud and are used as a service offered by AWS (Amazon Web Services).

Such data remains stored for a maximum of 180 days. After this period such data is permanently deleted from the servers. From the moment data is deleted from the servers BMS's retargeting service is unable to target new ads to a user unless that user returns to one of BMS's Advertiser partner's website. In the event a user returns to an Advertiser's website, the storage process is renewed and follows the same pattern described in this paragraph all over again.

BMS only keeps data required by law or by any authority competent to make such a request.

The servers used by BMS are distributed in 4 regions of the world, namely Brazil, United States, Germany, and Singapore. All servers in each location have other identical corresponding servers, for the purpose of redundancy. The exchange of information occurs only within the environment of the servers themselves so that there is no data processing carried out in other jurisdictions besides Brazil.

Through such structure, information that is recurrently used remains in the location of the service provided, in order to minimize the latency in the response of requests made by any user to these servers.

All collected information is stored and treated within an environment with maximum security.The entire environment is encrypted, password protected and controlled directly by thecompany's technical responsible (CTO). Additionally, these servers have redundancy features sothat there is no loss of data in case of collapse or any other threat situation.

The browsing data collected during the retargeting process is stored in our servers, followingstrict encryption control. Only the technician responsible for the company (CTO) has access tothese servers. Such data remains stored for a maximum of 180 days.

Access to any of the databases mentioned above is done through passwords and with a personresponsible for each of the information storage and processing platforms.

We only accept as Advertisers / Publishers companies that commit to a minimum standard of privacy.  

This means that our Advertisers or Publishers:  

(i) must have a privacy policy, which is requested whenever BMSs enters into a contract with an Advertiser or Publisher;  

(ii) may not use any BMS product or service to violate users' privacy rights;  

(iii) may not use or process personal or sensitive data without prior consent of the holders of such personal data or without any other legal basis that legitimates such action.

We use some internal cookies to address, assign an identifier and store a user's browsing datain our environment, such as:

ckid
This cookie is an identifier (ID) provided by the user's internet browser and is used to pair theuser with relevant products in marketing campaigns.

hash
Is an identifier (ID) generated in a randomized process that ensures the impossibility of identifying a user, precisely to maintain his anonymity. The ID is generated through the ckid.

BMSID
Is an identifier (ID) generated to ensure that a user does not receive an ID more than once to avoid duplication in the system, even if he leaves the internet browser (browser) and manages another browsing session.
‍

Cookies save certain browsing information. Thus, when a user visits a BMS partner website again, it will recognize your browser and will be able to maintain your previously set options and preferences, especially in relation to your preferences when searching for products and services on the internet.

Once we put our tags within the environment of a partner website, such partner is responsible for notifying the use of cookies to its users.

If the user rejects the use of Cookies, our tags will not be triggered, and anonymous information of that user will not be collected. Thus, our retargeting service will not work for that user in terms of its navigating behavior in the partner's website.

Thus, the user will no longer receive ads related to their buying behavior.

If you do not want ads targeted by BMS to appear during your navigation on the internet, you can access the link https://www.bluems.com/optout/ to disable the service and prevent cookies from targeting your browsing information.

Data deletion will only occur when there is an explicit request from a personal data subject, provided BMS has collected its personal data. As a business rule due to a privacy by design principle (privacy from the origin and conception of the product), BMS does not collect personal data. The data stored from internet users are anonymized by the process explained at the beginning of this policy.
‍
Therefore, no identifiable data is stored by BMS and there is no possibility of identifying a user by using BMS's services. Therefore, the rules of the Brazilian General Data Protection Law do not apply to users who somehow provide anonymous data to BMS.

If a personal data subject wants to make any request, check existing own personal data, request for changes or deletion of personal data, such subject may request such access directly to an Advertiser or Publisher who is a BMS customer. The holder of personal data may also request BMS to confirm the existence of the collection and processing of personal data and, if confirmed, the corresponding change and / or deletion.

Any personal data request made directly to BMS must be made through the following link: https://www.bluems.com/dataremoval. A personal data collection and processing will not be performed due to the use of the retargeting product of BMS, but for any other business reason that leads to a collection and processing of a subject's personal data.

BMS may change this Privacy Policy at any time. Each version of the Privacy Policy will contain the effective date and version at the beginning of the document to ease user identification. You can also request an old version of the privacy policy for consultation.

Any changes to the Privacy Policy will be communicated to users and, to continue using the services provided by BMS, this Policy must be accepted by users.

Any situation regarding personal data should be communicated to gabriella@ggac.com.br

Gabriella Pontes Garcia
gabriella@ggac.com.br

This Privacy Policy is governed by the laws of the Federative Republic of Brazil. Any dispute arising from this Privacy Policy or BMS's service will be resolved under the jurisdiction of the Court of the District of São Paulo, State of São Paulo, Brazil. Any other jurisdiction is deemed excluded, regardless of any privilege it may have or acquire. Any dispute will be resolved in the Portuguese language and in São Paulo, State of São Paulo, Brazil.

BLUE MEDIA SERVICES LTDA
‍
Rua Alvorada nº 1289, conjunto 1211
‍
Vila Olímpia, São Paulo - SP
‍
CNPJ 37.746.861/0001-23
‍
Telefone:(11) 3846-6784
‍
© 2022 Copyrights by BMS - All rights reserved.