Privacy Policy
Effective Date / Last Updated: July 1, 2024
Introduction
This is the Privacy Policy for Bloomfire, Inc. (“Bloomfire”, “we”, “us”, “our”, etc.) and covers both our website, our communities, and our other, related products or services we provide (all, collectively, “Services”). It describes the personal information that we collect as part of the normal operation of our Services, and how we use and disclose this information. (For purposes of this privacy policy, “personal information” means any information relating to an identified or reasonably identifiable person.) This Policy does not apply to those persons whose personal information we process in the employment context, but we provide those individuals with a separate privacy notice specific to that processing.
If you are a California resident, please also see our additional California Privacy Notice below. Similarly, if you are a resident of the EU, UK, or Switzerland, please see our European Privacy information below.
What Information We Collect
We collect a variety of personal information to provide our Services and operate our business, including personal information. This personal information includes the following:
Personal Information we receive directly from you: This includes both information you provide to our Services or our Site. For example, we collect the following information:
- One or more email addresses by which we can communicate with you via email;
- Your responses to surveys and other prompts provided on our website;
- Your name and email in the process of account creation; you may also choose to provide your job role, biographical information, and profile picture although this information isn’t required to open an account;
- Your billing address, phone number, credit card information, and other information to create or maintain an account if necessary to pay for our Services; and
- Other information you choose to provide.
Personal Information we automatically collect from you: When you visit our Site or use our Services, we automatically collect aggregate information on what pages you visit, how your mouse moves, how you use our Site and/or Services, whether you read emails we send you, and your general geographic location, as indicated by your IP address and other technical connection information.
Personal Information we collect from our customers: We collect various information from our business customers, which include email addresses of the users they wish to enroll in their subscribed Services and any personal information contained within the training. Our customers are primarily employers, who then extend access to our Services to their employees. We do not have control and are not responsible over the specific contents of the trainings offered by our customers.
Information we collect from third-party sources: Advertisers, application providers, and other third parties provide us information in connection with tools we offer and through tools they use to collect information about you when you use our Services. The information they collect may be associated with your personal information and they may collect information about your online activities over time. They may use this collected information to provide you with interest-based advertising or other targeted content.
Please note that other parties may collect personal information about your online activities over time and across third-party websites when you use our website or services. We do not respond to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party websites or online services.
Bloomfire affirms that Google Workspace APIs are not utilized to develop, improve, or train generalized Artificial Intelligence (AI) or Machine Learning (ML) models. This commitment ensures that your data remains protected and is not used for any purposes beyond those explicitly stated.
How We Use Your Information
We may use the personal information we collect for a variety of purposes, including the following:
- To operate our business;
- To provide, maintain, analyze, customize, measure, secure, administer and improve our Services;
- To provide customer support and customer account administration;
- To process payments;
- To verify your identity and facilitate your sign-in to our Services;
- To communicate with you and to inform you about products and/or services that may interest you;
- To conduct contests, sweepstakes, rewards, and other promotions;
- To monitor and enforce our Terms of Use or similar terms;
- To comply with law and satisfy our regulatory compliance obligations;
- To respond to your requests, correspondence and complaints;
- To detect and prevent fraud and other prohibited, illicit or illegal activity, or to protect the rights and interests of yourself, ourselves, or third parties; and
- For other purposes permitted by law or to which you consent.
Please note that we may combine information we gather about you from different sources in order to accomplish any of the above tasks.
How We Disclose Your Information
Bloomfire may share the personal information we collect to support our Services or as permitted or required by applicable law, or as directly authorized by you. For example, we may disclose your personal information to:
- Third party vendors, service providers, and hosting partners who assist us in running our Site, providing Our Services, or otherwise run our business.
- Our professional advisors who provide legal, compliance, accounting, banking, or consulting services.
- Professional service firms and other service providers who assist us in complying with our legal obligations and protecting our or your interests, property, or legal rights as well as those of our customers and third parties.
- Law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar law enforcement request, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of this Privacy Notice or other applicable terms.
- Our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
- Companies or other entities in connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business.
- Other parties for other legal purposes, such as to enforce our terms and conditions, or to exercise or defend legal claims.
Sub-processors
To support delivering Bloomfire services, we use third party service providers to assist us with data processing activities. A complete list can be found here: Sub-processors
Sweepstakes, Promotions, and Contests
We occasionally offer promotions in the form of gift cards and gift card raffles, in return for participation in surveys, visiting the site, and etc. The specific terms of a promotion are provided in that promotion. You have the right to withdraw from any promotion or contest we offer at any time.
Cybersecurity and Destruction of Your Personal Information
Bloomfire strives to protect your personal information. We use technical measures designed to protect your information such as encryption to protect your personal information, particularly your payment details. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us.
Personal Information of Legal Minors
Our Site and Services are only intended and designed for use by adults over the age of eighteen years old. If you are a parent or guardian of a legal minor who has discovered that your minor child has been using the Site and/or the Services, please inform us using the contact information below.
International Transfer of Personal Data
Although we have offices and hosting facilities located in the United States of America, we do not, to the best of our knowledge, transfer personal information collected and used on our Services into the United States from the European Union or Canada. Instead, we host our Services in the European Union and Canada for customers located in those jurisdictions.
Please note that, where our customers are transferring data across international borders, they are responsible for ensuring that those data transfers are subject to an adequate level of data protection. For more details on a specific customer’s international data transfer practices, please consult that customer’s relevant privacy notice(s).
Please note that our Site is hosted in the United States.
Opt-Out of Marketing Emails
If you wish to opt-out of our marketing emails, you can easily unsubscribe using the ‘unsubscribe’ or ‘opt-out’ links found at or near the bottom of the marketing email or by contacting us at optout@bloomfire.com. Please note that we may still use your email address for non-marketing or administrative purposes (such as notifying you of major system updates, customer service needs, or items for which you have requested communication).
Changes to this Policy
We may update this Privacy Policy from time to time in order to clarify or inform you of changes to our practices. The Effective Date at the top of this Privacy Notice reflects the last time it was revised. Changes to this Privacy Policy will be effective once they are posted unless otherwise indicated.
Please periodically review this Privacy Policy to keep yourself informed regarding how we currently collect, use, and disclose your personal information.
Your Privacy Rights
You may have rights relating to your the personal information under the law of the jurisdiction in which you live. If you live in the State of California or in the United Kingdom, Switzerland, or European Union, please refer to the sections below that are specific to privacy rights in those jurisdictions.
Your rights may include rights such as: (1) the right to access your personal information; (2) the right to correct inaccuracies in your personal information; (3) the right to request deletion of your personal information; and (4) the right to obtain a portable copy of your personal information. To request to exercise your rights, please submit a request by contacting us through any of the means outlined below.
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.
To exercise your rights, you can contact us as set forth below. Your request must:
- Include your first and last name, e-mail address, and a description of your request;
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
It is also helpful for your request to include a telephone number where we can contact you with questions about your request. We also do not respond to the opt-out preference signals because we do not sell personal information, share personal information for cross-contextual behavioral advertising purposes, or engage in profiling for decisions that produce legal or similarly significant effects.
Appeal process. You may appeal our decision with respect to your request to exercise your legal rights with regard to your personal information. To submit such an appeal, you may contact us using the contact information below. You must include sufficient information to allow us to reasonably verify your identify, reference the date and time of your previous request to exercise your legal rights, and explain why you believe our decision was insufficient or improper. We will ordinarily respond to your appeal in accord with the timelines set forth in applicable law.
Contact Information
If you have questions or concerns regarding the security or privacy of your personal information, please use the contact information below:
Sanjay Jain
Data Protection Officer
dataprotection@bloomfire.com
Attn: DPO
Bloomfire, Inc.
P.O. Box 270388
Littleton, CO 80127
USA
California Privacy Notice
The following privacy notice applies to residents of the US state of California.
Collection of Personal Information
The following table lists the categories of personal information that we have collected in the last 12 months.
| Category under the California Consumer Privacy Act | Specific Description |
|---|---|
| Identifiers | Your name and email address, survey responses, and any personal information contained within trainings submitted by our customers to our Services. |
| Customer records | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information. |
| Protected classifications | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
| Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| Usage data | Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement. Page views, mouse movements, site visits before and after our Services, email open rate, and other usage information (in aggregate); IP address and other, related connection information. |
| Sensory data, such as audio, video and electronic data | Includes audio, electronic, visual, thermal, olfactory, or similar information, such as thermal screenings and CCTV footage (e.g., collected from visitors to our offices for health and safety purposes), photographs and images (e.g., that you provide us) and records of calls, webinars and video conferences. We may collect the above information as contained within training submitted by our customers to our Services. |
| Biometric Information | Includes iris and retina scans, fingerprints, voice recordings, facial recognition, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. |
| Geolocation Information | Includes data derived from a device and that is intended to locate a customer within a geographic area. |
| Professional-or-employment-related information | Your job role, employment-related biographical information; personal information contained within trainings submitted by our customers to our Services. |
| Education Information | Information that is not publicly available personally identifiable information‚ as defined in the California Family Educational Rights and Privacy Act, including education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
| Inferences | Inferences regarding the use of the Site and popularity of the content on it or sent via email. |
Disclosure of Personal Information for a Business Purpose
The following table lists the categories of personal information that we have collected in the last 12 months.
| Category under the California Consumer Privacy Act | Specific Description | Disclosed for a Business Purpose in the Last 12 Months | |
|---|---|---|---|
| Yes/No | Categories of Third Parties | ||
| Identifiers | Your name and email address, survey responses, and any personal information contained within trainings submitted by our customers to our Services. | Yes | Sales and Marketing Tool, Service Providers |
| Customer records | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information. | Yes | Service Providers |
| Protected classifications | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes | Service Providers |
| Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes | Service Providers |
| Usage data | Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement. Page views, mouse movements, site visits before and after our Services, email open rate, and other usage information (in aggregate); IP address and other, related connection information. | Yes | Sales and Marketing Tool, Ad Network, Data Analytics Provider, Service Providers |
| Sensory data, such as audio, video and electronic data | Includes audio, electronic, visual, thermal, olfactory, or similar information, such as thermal screenings and CCTV footage (e.g., collected from visitors to our offices for health and safety purposes), photographs and images (e.g., that you provide us) and records of calls, webinars and video conferences. We may collect the above information as contained within training submitted by our customers to our Services. | Yes | Data Analytics Provider, Service Providers |
| Biometric Information | Includes iris and retina scans, fingerprints, voice recordings, facial recognition, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | Yes | Service Providers |
| Geolocation Information | Includes data derived from a device and that is intended to locate a customer within a geographic area. | Yes | Service Providers |
| Professional-or-employment-related information | Your job role, employment-related biographical information; personal information contained within trainings submitted by our customers to our Services. | Yes | Social Network, Data Broker, Sales and Marketing Tool, Service Providers |
| Education Information | Information that is not publicly available personally identifiable information‚ as defined in the California Family Educational Rights and Privacy Act, including education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | Yes | Service Providers |
| Inferences | Inferences regarding the use of the Site and popularity of the content on it or sent via email. | Yes | Sales and Marketing Tool, Ad Network, Data Analytics Provider |
Sale of Personal Information
As is common practice among businesses that operate Internet websites, we may also have disclosed certain identifiers, information about the use of our websites and apps, and inferences drawn about you to our social media, advertising, and analytics partners for monetary or other valuable consideration in the last 12 months. These disclosures may qualify as “sales” of personal information under California law. This enables us to identify broad demographic trends, target advertising to your interests, and perform analytics to understand our audience and improve our services. We do not sell the personal information of individuals who we know to be under 16 years of age.
The following table lists the categories of personal information that we have sold or shared with third parties for cross-contextual behavioral advertising purposes in the past twelve months
| Category under the California Consumer Privacy Act | Specific Description |
|---|---|
| Usage data | Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement. Page views, mouse movements, site visits before and after our Services, email open rate, and other usage information (in aggregate); IP address and other, related connection information. |
| Sensory data, such as audio, video and electronic data | Includes audio, electronic, visual, thermal, olfactory, or similar information, such as thermal screenings and CCTV footage (e.g., collected from visitors to our offices for health and safety purposes), photographs and images (e.g., that you provide us) and records of calls, webinars and video conferences. We may collect the above information as contained within training submitted by our customers to our Services. |
| Professional-or-employment-related information | Your job role, employment-related biographical information; personal information contained within trainings submitted by our customers to our Services. |
| Inferences | Inferences regarding the use of the Site and popularity of the content on it or sent via email. |
To understand more about the purposes for which we collect personal information, see “How We Use Your Information.” To learn more about the source from which we collect information about you, please see “What Information We Collect“.
Your Rights
If you are a California resident, California law permits you to request that we disclose certain information about our collection and use of your personal information including:
- the “right to know,” meaning the right to request any or all of the following:
- the specific pieces of personal information we collected about you;
- the categories of personal information we collected;
- the categories of sources used to collect the personal information;
- the business or commercial purposes for collecting your personal information; and
- the categories of third parties with whom we have shared your personal information
- the right to request deletion of your personal information that we collected
- the right to have someone you authorize make a request on your behalft
- the right to opt-out of “sale” (as that term is defined in the CCPA) or the sharing of personal information for cross-contextual behavioral advertising purposes
- the right to make a request for the correction of errors or inaccuracies in your personal information
- the right to restrict the processing of sensitive personal information (please note, however that we do not collect or process sensitive personal information in connection with the Services)
- the right not to be discriminated against for exercising any of these rights
Appeal process
You may appeal our decision with respect to your request to exercise your legal rights with regard to your personal information. To submit such an appeal, you may contact us using the contact information below. You must include sufficient information to allow us to reasonably verify your identify, reference the date and time of your previous request to exercise your legal rights, and explain why you believe our decision was insufficient or improper. We will ordinarily respond to your appeal in accord with the timelines set forth in applicable law.
Opting out of the Sale or Sharing of Personal Information
You may also opt out of the sale of your personal information by visiting our “Do Not Sell My Personal Information” page or by activating the Global Privacy Control in your web browser.
Exercising Your Other Rights
You may exercise these rights by:
- contacting us via this form,
- by emailing us at dataprotection@bloomfire.com.
Please note that, although you have the right to request that we restrict our processing of sensitive personal information to only that which is necessary to deliver our products and services to you, we already limit our processing of sensitive personal information in this way. If you have any questions or requests relating to this topic, please contact us using the information provided below.
Please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your right to the deletion of your information. In connection with such verification, we may ask you to provide your name, email address, and the Bloomfire customer with whom you are associated. We may also ask you to confirm your identity via an associate email account. We may limit our response to your exercise of the above rights as permitted by law.
You may designate an authorized agent to make a request to know or request to delete on your behalf. An agent may be an individual, or a business entity registered with the California Secretary of State. To designate an authorized agent, you must provide the agent with written permission to submit the request. We may still require you to verify your identity directly as permitted by law. We may refuse a request if the agent does not provide adequate proof of their authorization.
We may not discriminate against you for exercising any of the above rights as available to you under California law. This means that we may not deny you services, or charge you different prices or rates for services or provide you with a different level or quality of services (or suggest that we will do so), in response to such a request made under California law. However, as permitted by law, we may charge different prices or rates, or provide a different level or quality of services, where that difference is reasonably related to the value provided to us by your personal information.
Please note that we do not have any control over any personal information about you uploaded by one of our customers into our Services. To have that information removed, please contact the uploading customer.
European Privacy Notice
The following privacy notice applies to residents of the European Economic Area, the United Kingdom, and Switzerland.
Identity of Controller
Where Bloomfire determines the purposes and means of processing your data (e.g., when you visit our website), it acts as a ‘data controller.’ In particular, the data controller is:
Bloomfire, Inc.
P.O. Box 270388
Littleton, CO 80127
USA
Note that we provide services to our business customers on behalf of those businesses. When our business customers upload personal information to our platform, they act as a ‘data controller’ and you should refer to their privacy notice(s) to understand their data use and your rights.
Legal Basis for Processing
We process your personal information to provide our website and support our services as described above in this Privacy Policy. This processing reflects the following legal bases:
- Your consent;
- That the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others; or
- The processing is necessary for our legitimate interests, including the purposes described above in our notice.
Note that the provision of your name and email address is required to open a new account on our Services and our Site. If you do not provide us with this information, we cannot provide our Services to you. We share personal information with the categories of recipients described in our notice above.
Automated Decision-Making
We do not use automated decision-making to make decisions regarding how we treat our users or otherwise impacting their rights.
Your Rights
If you live in the European Union or Economic Area, the United Kingdom, Switzerland or Brazil, you have certain rights over your personal data where Bloomfire acts as a data controller. These rights are:
- The right to access your personal information in our possession and receive a copy of it in a portable format;
- The right to receive certain information about how we use your personal information;
- The right to correct inaccuracies in your personal information;
- The right to have your personal information in our possession erased, subject to certain, specific exceptions provided for by law;
- The right to object to our processing of your personal information on grounds described below;
- The right to withdraw your consent to our processing of your personal information, where that processing is based upon your consent; and
- The right to restrict the processing of your personal information in the circumstances listed below.
You have the right to object to our processing of your personal information where the processing is for marketing purposes or the processing is for our scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest. If you make such an objection, we will cease to process your personal information unless we can demonstrate compelling, legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of our own legal claims.
You also have the right to restrict the processing of your personal information where:
- You contest the accuracy of the personal information, for the period while we verify such accuracy;
- The processing is unlawful;
- We no longer need the personal information for the establishment, exercise, or defense of our legal claims; and
- You have objected to the processing carried out in the public interest or for our legitimate interests, but only while the verification of that objection is pending.
Where processing has been restricted on these bases, we may continue to store your personal information. However, we will only otherwise process it with your consent; for the establishment, exercise, or defense of our own legal claims; for the protection of the rights of another natural or legal person or for other reasons of important public interest.
You may exercise these rights by emailing optout@bloomfire.com. Upon receiving your request, we will confirm our receipt of it and endeavor to verify your identity by providing your name, email address, and the Bloomfire customer with whom you are associated. Following successful verification of your identity, we will fulfill the provided request if we are capable of doing so or provide you with an explanation as to why we cannot fulfill it.
Please note that may limit our response to your EU rights as permitted by law and we do not control personal information about you uploaded by one of our customers into our Services. To exercise rights with respect to such data, please contact the uploading customer.
Right to Complain to Data Protection Authority
If you believe that our processing of your personal information infringes data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the country where you reside or where you work. Most supervisory authorities allow you to file a complaint on their website or, where they do not, their website contains detailed instructions on how to file a complaint. For specifics, please review the website of the supervisory authority with whom you intend to file a complaint.
Data Retention
All personal information is maintained according to our corporate retention schedule. Your personal information will not be stored for longer than necessary for the purposes for which they were collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We will take into account the length of time your personal data is required to:
- Continue to develop, tailor, upgrade, and improve our Services;
- Maintain business records for analysis and/or audit purposes;
- Comply with record retention requirements under the law;
- Defend or bring any existing or potential legal claims; or
- Address any complaints regarding the Services.
Start working smarter with Bloomfire
See how Bloomfire helps companies find information, create insights, and maximize value of their most important knowledge.
Take a self guided Tour
See Bloomfire in action across several potential configurations. Imagine the potential of your team when they stop searching and start finding critical knowledge.