BombBomb, Inc. (“BombBomb”) has developed this privacy notice (“Privacy Notice”) to demonstrate our commitment to protecting the privacy of our users (a “User” or “you”). The Privacy Notice describes how BombBomb collects, uses, and shares personal information when you use the websites, https://www.bombbomb.com/, https://app.bombbomb.com/, or BombBomb mobile applications (collectively referred to as the “Website”) or any services offered on the Website (“Services”) and your choices with respect to how we use this information.
For purposes of this Privacy Notice, personal information means data that classifies as personal information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations. It does not include data excluded or exempted from those laws and regulations. Nothing in this Privacy Notice will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to us generally or in any specific context.
Please see BombBomb’s Terms and Conditions for other terms governing the use of this Website.
What is personal information?
Personal information is data created, obtained, or provided by you that is about you as an identifiable individual. Statistical, aggregated, or de-identified information is not personal information.
What is a third-party?
A third-party is an organization that provides services or products to BombBomb under contract or agreement.
Your Consent to This Privacy Notice
You should read this Privacy Notice carefully. We recommend printing and retaining a copy for your future reference. By accessing, browsing, or otherwise using the Website, you confirm that you have read, understood, and agreed with this Privacy Notice. If you do not agree to this Privacy Notice, you may not use this Website.
This Privacy Notice applies regardless of how the Website is accessed and will cover any technologies or devices by which we make the Website available to you.
We may provide you with additional privacy notices where we believe it is appropriate to do so. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data. This Privacy Notice supplements these other notices and is not intended to override them.
If you have any questions or concerns about our personal information policies or practices, you can contact us in the methods described below in the “How to Contact Us” section below.
What Types of Personal Information Does BombBomb Collect?
Through your use of the Website or Services, we may collect personal information that identifies you as an individual or relates to you as an identifiable individual. While we do not require you to provide personal information in order to navigate the Website, we may need to collect personal information if you choose to engage in certain activities on our Website or use our Services. Below are the types of personal information that we collect:
Information You Provide
We may collect the following information directly from you:
We need this information to provide you with the Services. If you do not provide this information, we would not be able to provide these Services to you.
The images will be used in your profile, but not used for BombBomb’s advertisements or marketing without your permission.
Also, please note, that comments made to public areas will be visible to the public, so you should never share personal information that you would like to keep private.
Information Provided by Third-Parties
We may collect information about you from other Users. For example, if you subscribe to emails from a BombBomb User, that User may provide us with your contact information.
Information We Collect Automatically
We, or our third-party providers, automatically collect the following information through your use of the Website and Services:
“Cookies” and Other Tracking Technologies
What are Cookies?
“Cookies” are small pieces of information that are stored by your web browser software on your computer’s hard drive or temporarily in your computer’s memory. BombBomb or our third-party provider, place and store Internet cookies on a User’s hard drive. Cookies can save any of the types of information noted above. Cookies enable us to personalize the viewing experience of a User of this Website. When a User revisits this Website, BombBomb can recognize the User by the cookie and customize the User’s experience at this Website accordingly. You can configure your browser to prevent cookies, but please note that disabling cookies may make some features or functionalities not work properly or become unavailable to you.
What Types of Cookies Do We Use and Why?
These are the different types of Cookies that we and our service providers use on the Website:
How Long Do Cookies Stay on My Device?
Some Cookies operate from the time you visit the Website until the end of that particular browsing session. These Cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser.
Some Cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These Cookies are called “persistent cookies” and the length of time they will remain on your device will vary from Cookie to Cookie. Persistent Cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Website, how your use of the Website may change over time, and the effectiveness of advertising efforts.
Managing Your Cookies
It may be possible to block Cookies by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the Website.
You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org.
We use Google Analytics to collect some information we listed above about your use of the Services. We use the information we get from Google Analytics to improve the Services. In order to collect this information, Google Analytics may set cookies on your browser or mobile device or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Learn more about how Google Analytics uses your data.
To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here: Google Analytics Opt-Out.
We also use Google API. Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy.
Targeting and Re-Targeting Permissions
Does the Website Respond to “Do Not Track” Signals?
There is currently no industry agreed-upon response to a Do Not Track signal. At this time, our Website does not respond differently based on a user’s Do Not Track signal.
How BombBomb Uses Personal Information
We use the information we collect about you to provide the Services, to communicate with you, to provide technical support, and to improve our Services and customer relations. We do not share your information with third parties for purposes other than those outlined below.
We process your information for the following purposes as necessary to provide the Services to you and perform our contract with you:
We process your information for the following purposes as part of our legitimate interest in the improvement and marketing of our Services as well as in the security of our services. We apply appropriate safeguards to protect your information as described here:
How BombBomb Shares Personal Information
We may share your personal information:
Your Choices with Respect to Your Personal Information
You have the following choices with respect to your personal information:
Your privacy is important to us at BombBomb, Inc., and its affiliates and subsidiaries (“BombBomb,” “we,” “us,” or “our”), and we are committed to safeguarding, preserving, and respecting your privacy rights. If you are a California resident, you have certain rights with respect to the collection, use, transfer, and processing of your personal information, as defined by the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act (“CRPA”) and implementing regulations.
We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others.
The below examples are illustrative examples from the CCPA and do not reflect the specific pieces of information we collect.
In the previous 12 months, we have collected the following categories of personal information:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Duration of the relationship or as required by law
B. Personal Information
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
Duration of the relationship or as required by law
C. Protected Classification Characteristics Under California or Federal Law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial Information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Duration of the relationship or as required by law
E. Biometric Information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or Other Similar Network Activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation Data
Physical location or movements.
H. Sensory Data
Audio, electronic, visual, thermal, olfactory, or similar information.
Duration of the relationship or as required by law
I. Professional or Employment-Related Information
Current or past job history or performance evaluations.
J. Non-Public Education Information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences Drawn of the Consumer
Inferences drawn from personal information identified above to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
L. Sensitive Personal Information
Personal information that reveals (a) Social Security, driver’s license, state identification card, or passport number; (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credential allowing access to an account; (c) precise geolocation; (d) racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) genetic data.
Biometric information processed for the purpose of uniquely identifying a consumer, personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.
Some Sensitive Personal Information included in this category may overlap with other categories.
Duration of the relationship or as required by law
We collect your personal information directly from you, from your interaction with the Services, from publicly available sources, and from third parties which collect the personal information directly from you.
Your personal information is used for the following purposes:
In the preceding 12 months, we have disclosed the following personal information about consumers for business purposes:
In the preceding 12 months, we have shared for cross-contextual behavioral advertising the following the personal information in categories A (identifiers), B (personal), D (commercial), F (internet), G (geolocation), and K (inferences).
We do not have actual knowledge that we sell or share the personal information of consumers under sixteen (16) years of age.
You have the right to request that we disclose the personal information we collect, use, and disclose about you to third parties. There are two types of Rights to Know requests that you can make:
This information will be provided to you free of charge, unless we determine that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period.
There are certain exceptions to a consumer’s Right to Know. We will state in our response if an exception applies.
You have the right to request that we and our service providers delete any personal information about your which we have collected from you upon receipt of a verifiable request. This right is subject to certain exceptions. We will state in our response if an exception applies.
You have the right to opt-out of the sale or sharing of your personal information by a business subject to certain laws and regulations.
We recognize the Global Privacy Control. Your browser must be able to support the Global Privacy Control (“GPC”) for us to recognize your opt-out preference signal.
Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser blocks cookies, or if you view the page from a different browser or device, your opt-out choice may no longer be logged or recognized.
For more information, please visit our Your Privacy Choices page.
You have the right not to receive discriminatory treatment for exercising the privacy rights conferred by California law. We will not discriminate against you because you exercised any of your privacy rights, including, but not limited to, by: denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level of quality of goods or services to you; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. We will also not retaliate against any employee, applicant for employment, or independent contractor for exercising their rights under the CCPA.
If we maintain inaccurate personal information about you, then you have the right to request that we correct the inaccurate personal information upon receipt of a verifiable request. Taking into account the nature of the personal information and purposes of processing the personal information, you have the right to request that we correct inaccurate personal information about you, if applicable.
If we process Sensitive Personal Information, we will only do so for the purposes specifically authorized by California law and in a manner that is necessary and proportionate for those purposes. As such, we do not perform any processing for which a Right to Limit request is available.
You can submit your request through our Data Subject Request page or by toll-free phone at 866-209-4602.
To ensure the protection of your personal information, we must verify that the individual submitting a request to know, request to delete, or request to correct is the consumer to whom the request relates prior to processing the request. To verify a California consumer’s identity, we may request up to three pieces of personal information about you when you make a request to compare against our records. We may also request that you sign a declaration under the penalty of perjury from the consumer whose personal information is the subject of the request.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in your request to verify your identity and will delete any information you provide after processing the request. We reserve the right to take additional steps as necessary to verify the identity of California consumers where we have reason to believe a request is fraudulent.
BombBomb, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
BombBomb, Inc. acts in accordance with the Accountability for Onward Transfer Principle which explains that to transfer personal information to a third party acting as a controller BombBomb must comply with the Notice and Choice Principles. The Recourse, Enforcement and Liability Principle explains that, in the context of an onward transfer, BombBomb, Inc. has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. BombBomb, Inc. shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
You may choose a person or a business registered with the California Secretary of State that you authorize to act on your behalf to submit your requests (“Authorized Agent”). If you choose to use an Authorized Agent, we require that you provide the Authorized Agent with written permission to allow them to submit your request and that you verify your identity directly with us. Failure to do so may result in BombBomb denying your request.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, BombBomb, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Personal information that you provide while in the European Union may be transferred to the United States. If we transfer personal information from the European Union to the United States, the transfer will be done pursuant to binding corporate rules, standard data protection clauses, or your consent. We will also take additional security measures, such as encrypting the data in transit, to further safeguard your personal information.
BombBomb has further committed to refer unresolved complaints to JAMs, an alternative dispute resolution provider located in the United States.
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMs are provided at no cost to you. For residual disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. How Long Do We Keep Your Information?
We retain your personal information as long as we are providing the Services to you. We retain your personal information after we cease providing Services to you, even if you delete your account, to the extent necessary to comply with our legal and regulatory obligations, for the purpose of fraud monitoring, detection and prevention, to comply with our tax, accounting, and financial reporting obligations; or where we are required to retain the data by our contractual commitments to our partners. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law. Even if you delete your account and we delete your information from our systems, keep in mind that the deletion by our third-party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time. We will securely store any personal information persisting in backup and isolate it from any further processing until deletion is possible. For any privacy or data-protection-related questions, please write email@example.com.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, BombBomb, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF should first contact BombBomb, Inc. at: Compliance@BombBomb.com.
What Does BombBomb Do to Keep this Website Secure?
BombBomb has implemented several security features throughout the Website designed to prevent the unauthorized disclosure of or access to personal information. For example, BombBomb grants access to any stored personal information BombBomb may collect on its Users only to authorized personnel. Moreover, when a User registers on-line or accesses his or her account information through this Website, BombBomb offers the User the ability to use a secure server. The secure server encrypts all information a User inputs before it is sent to BombBomb.
Please be advised, however, that although BombBomb has endeavored to create a secure and reliable Website for its Users, the confidentiality of any communication or material transmitted to/from BombBomb via this Website or email cannot be guaranteed.
Our Commitment To Children’s Privacy
This Website is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. In the event we learn we have collected personal information from a child under age 13 without verification or parental consent, we will immediately delete that information. If you believe that we might have any information from or about a child under 13, please contact us using the information provided in the “How to Contact Us” section below.
What About Third Party Websites?
To the extent that the Website contains hyperlinks to third party websites, Users should be aware that these third party websites are not controlled by BombBomb and, therefore, are not subject to this Privacy Notice. Users should check the privacy policies of these individual websites to see how their personal information will be utilized by the proprietors of those third party websites.
This Privacy Notice may change from time to time. We will post any changes to the Privacy Notice on this page.
How to Contact Us
Should you have other questions or concerns about these privacy policies, please feel free to contact us at:
90 South Cascade Avenue, #510
Colorado Springs, CO 80903
 Categories of personal information are as defined in Cal. Civ. Code. § 1798.140(v).