BombBomb, Inc. ("BombBomb") has developed this privacy notice ("Privacy Notice") to demonstrate our commitment to protecting the privacy of our users (a "User" or "you"). The Privacy Notice describes how BombBomb collects, uses, and shares personal information when you use the websites, https://www.bombbomb.com/, https://app.bombbomb.com/, or BombBomb mobile applications (collectively referred to as the "Website") or any services offered on the Website ("Services") and your choices with respect to how we use this information.
For purposes of this Privacy Notice, personal information means data that classifies as personal information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations. It does not include data excluded or exempted from those laws and regulations. Nothing in this Privacy Notice will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to us generally or in any specific context.
Please see BombBomb’s Terms and Conditions for other terms governing the use of this Website.
You should read this Privacy Notice carefully. We recommend printing and retaining a copy for your future reference. By accessing, browsing, or otherwise using the Website, you confirm that you have read, understood, and agreed with this Privacy Notice. If you do not agree to this Privacy Notice, you may not use this Website.
This Privacy Notice applies regardless of how the Website is accessed and will cover any technologies or devices by which we make the Website available to you.
We may provide you with additional privacy notices where we believe it is appropriate to do so. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data. This Privacy Notice supplements these other notices and is not intended to override them.
If you have any questions or concerns about our personal information policies or practices, you can contact us in the methods described below in the “How to Contact Us” section below.
Through your use of the Website or Services, we may collect personal information that identifies you as an individual or relates to you as an identifiable individual. While we do not require you to provide personal information in order to navigate the Website, we may need to collect personal information if you choose to engage in certain activities on our Website or use our Services. Below are the types of personal information that we collect.
We may collect the following information directly from you:
We may collect information about you from other Users. For example, if you subscribe to emails from a BombBomb User, that User may provide us with your contact information.
We or our third party providers automatically collect the following information through your use of the Website and Services:
“Cookies” are small pieces of information that are stored by your web browser software on your computer’s hard drive or temporarily in your computer’s memory. BombBomb or our third party provider place and store Internet cookies on a User’s hard drive. Cookies can save any of the types of information noted above. Cookies enable us to personalize the viewing experience of a User of this Website. When a User revisits this Website, BombBomb can recognize the User by the cookie and customize the User’s experience at this Website accordingly.
These are the different types of Cookies that we and our service providers use on the Website:
Some Cookies operate from the time you visit the Website until the end of that particular browsing session. These Cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser.
Some Cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These Cookies are called “persistent cookies” and the length of time they will remain on your device will vary from Cookie to Cookie. Persistent Cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Website, how your use of the Website may change over time, and the effectiveness of advertising efforts.
It may be possible to block Cookies by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the Website.
You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org.
We use a tool called “Google Analytics” to collect some information we listed above about your use of the Services. We use the information we get from Google Analytics to improve the Services. In order to collect this information, Google Analytics may set cookies on your browser or mobile device, or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to the Services to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Please review those and see Google’s Privacy & Terms for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here:
Google Analytics Opt-Out.
We also use Google API. Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy.
In addition to the use of cookies, BombBomb may use a third party provider such as “AdRoll” for behavioral advertising or retargeting. This service is compliant with GDPR and can anonymize EU IP Addresses.
There is currently no industry agreed-upon response to a Do Not Track signal. At this time, our Website does not respond differently based on a user’s Do Not Track signal.
We use the information we collect about you to provide the Services, to communicate with you, to provide technical support, and to improve our Services and customer relations. We do not share your information with third parties for purposes other than those outlined below.
We process your information for the following purposes as necessary to provide the Services to you and perform our contract with you:
We process your information for the following purposes as part of our legitimate interest in the improvement and marketing of our Services as well as in the security of our services. We apply appropriate safeguards to protect your information as described here:
We may share your personal information:
You have the following choices with respect to your personal information:
If you are a California user, you have certain rights with respect to the collection, use, transfer, and processing of your “personal information,” as defined by the California Consumer Privacy Act (“CCPA”). We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. To exercise any of the rights below, please contact us via the contact information below. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information.
In the previous 12 months, BombBomb has collected the following categories of Personal information:
Category1 | Examples | Collected |
---|---|---|
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name. | YES |
B. Personal Information | A name, signature, address, telephone number, employer name. Some personal information included in this category may overlap with other categories. | YES |
C. Protected Classification Characteristics Under California or Federal Law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
D. Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric Information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or Other Similar Network Activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
G. Geolocation Data | Physical location or movements. | YES |
H. Sensory Data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or Employment-Related Information | Current or past job history or performance evaluations. | NO |
J. Non-Public Education Information | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences Drawn of the Consumer | Inferences drawn from personal information identified above to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
1Categories of personal information are as defined in Cal. Civ. Code. §1798.140(o)
The above examples are illustrative examples from the CCPA and do not reflect the specific pieces of information we collect.
We collect your personal information in categories A (identifiers) and B (personal) directly from you. We collect the personal information in category D (commercial) by keeping a log of your transactions. We collect the personal information in categories F (internet and other electronic network activity), G (geolocation), and K (inferences) based on your interactions with our website and mobile apps.
When acting as a service provider, BombBomb receives or has access to personal information collected by the business. BombBomb uses that personal information solely to provide the services to the business.
Your personal information is used for the following purposes:
When acting as a service provider, BombBomb uses the personal information it receives or has access to solely to provide the services to the business.
BombBomb shares your personal information within our corporate family, with analytics and service providers, and law enforcement (if necessary).
In the preceding 12 months, we have disclosed the following personal information about consumers for business purposes:
In the preceding 12 months, we have not sold Personal Information about minors.
In the preceding 12 months, we have not sold Personal Information about consumers.
Right to Know About Personal Information Collected, Disclosed, or Sold: You have the right to request that BombBomb disclose the personal information it collects, uses, and discloses about you to third parties. There are two types of Rights to Know requests that you can make:
This information will be provided to you free of charge, unless BombBomb determines that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period.
There are certain exceptions to a consumer’s Right to Know. BombBomb will state in its response if an exception applies.
Right of Deletion:You have the right to request that BombBomb and our service providers delete any personal information about yourself which BombBomb has collected from you upon receipt of a verifiable request. This right is subject to certain exceptions. BombBomb will state in its response if an exception applies.
Right to Opt-Out of the Sale of Personal Information (if applicable):You have the right to opt-out of the sale of your personal information by a business subject to certain laws and regulations.
BombBomb does not, and will not, sell any personal information of California consumers. BombBomb will update this Privacy Policy and comply with applicable laws and regulations in the event that it sells personal information of California consumers in the future.
Right to Non-Discrimination:You have the right not to receive discriminatory treatment for exercising the privacy rights conferred by California law. BombBomb will not discriminate against you because you exercised any of your privacy rights, including, but not limited to, by: denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level of quality of goods or services to you; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
You can submit your request by calling us at 866-209-4602. You may also submit a request via email at forgetme@bombbomb.com. Please note that you are required to submit a declaration as a part of this request. This declaration can be found here: Consumer Declaration and Authorized Agent Form
BombBomb must verify that the person requesting information or deletion is the California consumer about whom the request relates in order to process the request. To verify a California consumer’s identity, we may request up to three pieces of personal information about you when you make a request to compare against our records. We also request that you sign a declaration under the penalty of perjury from the consumer whose personal information is the subject of the request.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in your request to verify your identity and will delete any information you provide after processing the request. BombBomb reserves the right to take additional steps as necessary to verify the identity of California consumers where we have reason to believe a request is fraudulent.
You may choose a person or a business registered with the California Secretary of State that you authorize to act on your behalf to submit your requests (“Authorized Agent”). If you choose to use an Authorized Agent, BombBomb requires that you provide the Authorized Agent with written permission to allow them to submit your request and that you verify your identity directly with BombBomb. Failure to do so may result in BombBomb denying your request.
If you have any questions or concerns regarding your California Privacy Rights under this Privacy Policy, you may contact us as set forth in the “How to Contact Us” section below.
If you are an individual in a country in the European Union, you have the right to make requests to:
We describe these rights more fully below.
You have the right to obtain from us confirmation as to whether or not we are processing personal information about you and, if so, the right to be provided with the information contained in this Notice. You also have the right to receive a copy of the personal information undergoing processing.
You have the right to ask us to rectify any inaccurate personal information about you and to have incomplete personal data completed.
You have the right to ask us to place a restriction on our use of your personal information if one of the following applies to you:
You have the right to object to our use of your personal information where our reason for using it is based on our legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to you under a contract with us).
You can ask us to delete your personal information if:
However, this right is not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Do We Keep Your Personal Information?” section below.If you do exercise a valid right to have your personal information deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).
You may request that we transfer some of the personal information you have provided to you or another service provider in electronic copy. This applies to personal information we are processing to service a contract with you and to personal information we are processing based on your consent.
If you have any concerns or complaints regarding our processing of your personal information, please contact us as described in the “How to Contact Us” section below and we will do our best to answer any question and resolve any complaint to your satisfaction.If, for whatever reason, you feel we do not meet the standards you expect of us, you are also entitled to make a complaint to your local supervisory authority. The EU Commission has list of supervisory authorities here.
If you are in a country in the European Union, you may be entitled to an explanation of the legal bases we rely on to process your personal information. The legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it, which is discussed below.
We may process your personal information based on your consent such as when you purchase a service or ask us to send you certain kinds of marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
We may process your personal information if doing so is necessary for our legitimate interests and your rights as an individual do not override those legitimate interests. For example, when we process your personal information to carry out fraud prevention activities and activities to increase network and information security, identify usage trends, determine the effectiveness of promotional campaigns, expand our business activities and improve our services and the content and functionality of our Website.
We may process your personal information to administer and fulfill contractual obligations to you.
We may process your personal information to comply with legal obligations to which we are subject. This may include any requirement to produce audited accounts, any legal obligation to share information with law enforcement agencies, public or governmental authorities, and to comply with legal process.
If you bring a claim against us or we bring a claim against you, we may process your personal information in relation to that claim.
We may act as the Data Controller of some of the personal information collected from residents of the European Union. In other circumstances, we may act as a Data Processor and process information about you on behalf of another Data Controller. If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us using the “How to Contact Us” section below.
You may view a list of third party personal information processors we work with here.
Personal information that you provide while in the European Union may be transferred to the United States. If we transfer personal information from the European Union to the United States, the transfer will be done pursuant to binding corporate rules, standard data protection clauses, or your consent. We will also take additional security measures, such as encrypting the data in transit, to further safeguard your personal information.
Additionally, BombBomb abides by and has certified adherence to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as set forth by the U.S. Department of Commerce. The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
For more information on the Privacy Shield frameworks, and to view the scope of BombBomb’s certification, please visit https://www.privacyshield.gov/. BombBomb has further committed to refer unresolved Privacy Shield complaints to JAMs, an alternative dispute resolution provider located in the United States.
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.
The services of JAMs are provided at no cost to you. For residual Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We retain your personal information as long as we are providing the Services to you. We retain your personal information after we cease providing Services to you, even if you delete your account, to the extent necessary to comply with our legal and regulatory obligations, for the purpose of fraud monitoring, detection and prevention, to comply with our tax, accounting, and financial reporting obligations; or where we are required to retain the data by our contractual commitments to our partners. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law. Even if you delete your account and we delete your information from our systems, keep in mind that the deletion by our third party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time. We will securely store any personal information persisting in backup and isolate it from any further processing until deletion is possible. For any privacy or data-protection-related questions, please write compliance@bombbomb.com.
BombBomb has implemented a number of security features throughout the Website designed to prevent the unauthorized disclosure of or access to personal information. For example, BombBomb grants access to any stored personal information BombBomb may collect on its Users only to authorized personnel. Moreover, when a User registers on-line or accesses his or her account information through this Website, BombBomb offers the User the ability to use a secure server. The secure server encrypts all information a User inputs before it is sent to BombBomb.
Please be advised, however, that although BombBomb has endeavored to create a secure and reliable Website for its Users, the confidentiality of any communication or material transmitted to/from BombBomb via this Website or e-mail cannot be guaranteed.
This Website is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. In the event that we learn that we have collected personal information from a child under age 13 without verification or parental consent, we will immediately delete that information. If you believe that we might have any information from or about a child under 13, please contact us using the information provided in the “How to Contact Us” section below.
To the extent that the Website contains hyperlinks to third party websites, Users should be aware that these third party websites are not controlled by BombBomb and, therefore, are not subject to this Privacy Notice. Users should check the privacy policies of these individual websites to see how their personal information will be utilized by the proprietors of those third party websites.
This Privacy Notice may change from time to time. We will post any changes to the Privacy Notice on this page.
Should you have other questions or concerns about these privacy policies, please feel free to contact us at:
BombBomb, Inc.
90 South Cascade Avenue, #700
Colorado Springs, CO 80903
compliance@bombbomb.com
866-209-4602