Last Update: [08/2018]
BST complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area and Switzerland to the United States. BST has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view BST’s certification, please visit https:// www.privacyshield.gov. Additionally, BST may protect information through other legally valid methods, including international data transfer agreements.
This Policy applies to all BST’s operating divisions, subsidiaries, affiliates, and branches, including its U.S. affiliates certified under the Privacy Shield and any additional subsidiary, affiliate, or branch of BST that we may subsequently form.
3. TRANSPARENCY/NOTICE—TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
When you visit our Site and complete one of our online forms, we collect and use information about you that when on its own or in combination with other identifiers can be used to contact or identify you, such as your name, email address, business postal address or phone number (“Personal Information”). We obtain information from you in order to provide and improve our Services, to engage in transactions with you, to administer your inquiries, to assist you and other users in administering their relationship with us, to enable users to enjoy and easily navigate the Site, to better understand your needs and interests, to fulfill requests you may make, to provide or offer software updates and product announcements, and to provide you, only via our Site, with further information and offers from us or Third-Parties that we believe you may find useful or interesting.
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 TYPES OF PERSONAL INFORMATION WE COLLECT
BST collects Personal Information regarding its current, prospective, and former clients, customers, users, visitors, guests, and Employees (collectively “Individuals”).
- Account Information. If you create an account to use the Services (an “Account”), we will collect certain Personal Information from you, such as your name and email address, to allow us to authenticate your access when you log on the Services. You will be responsible for the confidentiality and use of your Account log-in and password. You are not permitted to share your Account log-in or password with any other person or persons. You are responsible for all activities that occur under your Account, whether or not you know about them.
- Non-Identifying Information. Certain information that is not considered Personal Information because it cannot be used by itself to identify you (the “Non-Identifying Information”) would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other BST users to attempt to provide you with a better experience, to improve the quality and value of the Services and to analyze and understand how our Services are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
- Marketing and Promotional Information. We also use your Personal Information to contact you with BST newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or visit our communications preference center.
- Third-Party Customer Information. In the course of using our Services, you may provide us with Personal Information that you have obtained from your own customers, clients or prospects. We will use this information insofar as necessary or appropriate in order to perform the Services, and we may use Third-Party Service Providers (defined below) to assist us in rendering the Services and in the other ways and subject to the limitations as described in the section below titled “Service Providers”.
- Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. For example, if you access our Services through a Third-Party application, such as an App Store or SNS, we may collect information about you from that Third-Party application that you have made public via your privacy settings. Information we collect through App Stores or SNS accounts may include your name, your SNS user identification number, your SNS user name, location, sex, birth date, email, profile picture, and your contacts on the SNS. This supplemental information allows us to verify information that you have provided to BST and to enhance our ability to provide you with information about our business, products, and Services.
3.2 HOW BST USES YOUR INFORMATION
We acquire, hold, use, and Process Personal Information about Individuals for a variety of business purposes, including:
- To Provide Products, Services, or Information Requested. BST may use information about you to fulfill requests for products, Services, or information, including information about potential or future Services, including to:
- Generally manage Individual information and Accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of BST’s Services;
- Contact you to answer requests for customer support or technical support;
- Allow you to register for events.
- Administrative Purposes. BST may use Personal Information about you for its administrative purposes, including to:
- Measure interest in BST’s Services;
- Develop new products and Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual Accounts and activities on BST’s Services and systems, and, in BST’s discretion, changes to any BST policy;
- Send email to the email address you provide to us to verify your Account and for informational and operational purposes, such as Account management, customer service, or system maintenance;
- Process payment for products or services purchased;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Marketing BST Products and Services. BST may use Personal Information to provide you with materials about offers, products, and Services that may be of interest, including new content or services. BST may provide you with these materials by phone, postal mail, facsimile, or email, as permitted by applicable law. Such uses include:
- To tailor content, advertisements, and offers;
- To notify you about offers, products, and services that may be of interest to you;
- To provide Services to you and our sponsors;
- For other purposes disclosed at the time that Individuals provide Personal Information; or
- Otherwise with your consent.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes, as further described in Section 6 below.
- Research and Development. BST may use Personal Information to create non-Identifying Information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. From time to time, BST may perform research (online and offline) via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns, and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous Individual and aggregate data for research and analysis purposes.
- Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third-Parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on BST’s or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions in Section 6 below.
- Anonymous and Aggregated Information Use. BST may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access BST’s Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and BST may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within BST and with Third-Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
- Sharing Content with Friends or Colleagues. BST’s Services may offer various tools and functionalities. For example, BST allows you to provide information about your friends through our referral services, such as “Tell a Friend.” Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by BST or any other Third Parties for any other purpose.
- Other Uses. BST may use Personal Information for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
3.3 COOKIES, PIXEL TAGS/WEB BEACONS, ANALYTICS INFORMATION, AND INTEREST-BASED ADVERTISING
When you visit the Services, our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, operating system, or the website from which you are visiting, pages or features of our Services that you visit, the time spent on those pages, information you search for, access times and dates, and other statistics. We use this information to monitor and analyze use of the Services and for the Services’ technical administration, to increase our Services’ functionality and user-friendliness, and to better tailor it to our users’ needs and preferences. We do not treat Log Data as Personal Information or use it in association with other Personal Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other Non-Identifying Information
- Most web browsers automatically accept Cookies, but you can usually modify your browser setting to decline Cookies, if you prefer. If you choose to decline Cookies, you may not be able to fully experience the interactive features of the BST webpages you visit. You cannot decline Cookies used in the App because they are necessary for App user authentication.
- BST keeps track of the webpages you visit within the Site, in order to determine what portion of the BST Site is the most popular or most used. This data is used to deliver customized content and promotions within the Site to customers whose behavior indicates that they are interested in a particular subject area.
- A “Web Beacon” (also known as a Web bug, pixel tag or clear GIF) is a tiny graphic with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
- We collect certain information that your mobile device sends when you use our Services, like your device type and available memory, user settings (including language/region settings and time zone), and the operating system of your device, as well as information about your use of our Services.
- When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
- Analytics. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Our uses of such Technologies fall into the following general categories:
- Advertising or Targeting Related. We may use first-party or Third-Party Cookies and Web Beacons to deliver content, including ads relevant to your interests, on our Site or on Third-Party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
If you would like to opt out of the Technologies we employ on our Site, Services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.
3.4 THIRD-PARTY WEBSITES AND SOCIAL MEDIA PLATFORMS
The Site may contain links to other websites and other websites may reference or link to our Site or other Services. These other domains and websites are not controlled by us, and BST does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
BST’s Services may include publicly accessible blogs, community forums, or private messaging features. The Site and our other Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their Cookies may be set on your device when using our Site or other Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by Third-Parties for any number of purposes.
4. HUMAN RESOURCES DATA
BST collects Personal Information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals.
We acquire, hold, use and Process Human Resources Data for a variety of business purposes including:
- Workflow management, including assigning, managing and administering projects;
- Human Resources administration and communication;
- Background checks, where permitted by applicable laws;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- Job grading activities;
- Performance and employee development management;
- Organizational development and succession planning;
- Benefits and personnel administration;
- Absence management;
- Helpdesk and IT support services;
- Regulatory compliance;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Litigation evaluation, prosecution, and defense;
- Diversity and inclusion initiatives;
- Restructuring and relocation;
- Emergency contacts and services;
- Employee safety;
- Compliance with statutory requirements;
- Processing of Employee expenses and travel charges; and
- Acquisitions, divestitures, and integrations.
5. ONWARD TRANSFER—BST MAY DISCLOSE YOUR INFORMATION
5.1 INFORMATION WE SHARE
- Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data with Third-Parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
- Service Providers. We may employ and/or partner with Third-Party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform services related to the Services (including but not limited to maintenance services, database management, web analytics and improvement of the Services’ features) or to assist us in research, demographic profiling and analyzing how our Services are used (each, a “Service Provider”). These Third-Parties have access to your Personal Information only to perform these tasks on our behalf.
- Compliance with Laws and Law Enforcement. BST cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of BST or a Third-Party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity.
- Privacy Shield. With respect to onward transfers to Agents under Privacy Shield, Privacy Shield requires that BST remain liable should its Agents Process Personal Information in a manner inconsistent with the Privacy Shield Principles.
- Displaying to Other Users. The content you post to the Site may be displayed on the Site. Other users of the Site may be able to see some information about you, such as your name if you submit a review. We are not responsible for privacy practices of the other users who will view and use the posted information.
5.2 INTERNATIONAL DATA TRANSFERS
You agree that all Personal Information collected via or by BST may be transferred, Processed, and stored anywhere in the world, including but not limited to, the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. If you are a user accessing the Services from the European Union, Asia, or any other region, please note by providing your personal data you explicitly consent to the storage of your Personal Information in these locations.
6. OPT-OUT (RIGHT TO OBJECT TO PROCESSING)
6.2 EMAIL AND TELEPHONE COMMUNICATIONS
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
6.3 MOBILE DEVICES
BST may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. BST may also collect location-based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.
6.4 HUMAN RESOURCES DATA
With regard to Personal Information that BST receives in connection with the employment relationship, BST will use such Personal Information only for employment-related purposes as more fully described above. If BST intends to use this Personal Information for any other purpose, BST will notify the Individual and provide an opportunity to opt out of such uses.
6.5 “DO NOT TRACK”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.
6.6 COOKIES AND INTEREST-BASED ADVERTISING
As noted above, you may stop or restrict the placement of Cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that Cookie-based opt outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, or http://www.youronlinechoices.eu/ and www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here.
7. RIGHTS OF ACCESS, RECTIFICATION, ERASURE, AND RESTRICTION
Although BST makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which BST is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If BST determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, BST will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
8. DATA RETENTION
9. SECURITY OF YOUR INFORMATION
By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.
10. INTERNATIONAL USERS
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to Processing of your data globally. By providing your Personal Information, you consent to any transfer and Processing in accordance with this Policy.
11. REDRESS/COMPLIANCE AND ACCOUNTABILITY
If you are an EU or Swiss citizen and feel that BST is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact BST at the contact information provided above.
In addition, BST has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program and, with respect to Employee and human resources data, has committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. For more information and to submit a complaint regarding Individual data to JAMS, a dispute resolution provider which has locations in the United States and EU, visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
Such independent dispute resolution mechanisms are available to citizens free of charge. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over BST’s compliance with the Privacy Shield.
12. OTHER RIGHTS AND IMPORTANT INFORMATION
- New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt out. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, BST will endeavor to comply with the law or contract.
13.2 CALIFORNIA PRIVACY RIGHTS
This Policy shall be implemented by BST and all its operating divisions, subsidiaries and affiliates. BST has put in place mechanisms to verify ongoing compliance with Privacy Shield Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures.
The following capitalized terms shall have the meanings herein as set forth below.
- “Agent” means any Third-Party that Processes Personal Information pursuant to the instructions of, and solely for, BST or to which BST discloses Personal Information for use on its behalf.
- “Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of BST or its subsidiaries worldwide.
- “Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
- “Privacy Shield” means the seven (7) principles of the Privacy Shield Framework: (1) notice, (2), choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
- “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
- “Third-Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, BST or BST’s Agents.