Revised: 04/04/2018

Bluefin LLC (Bluefin) is committed to safeguarding your privacy online. Any personal information or e-mail addresses collected on our online application form are both secure and confidential. We will initiate contact only to provide you with requested information or to follow up on an application that was submitted.

Payments made by credit cards or ACH are always secure. Bluefin uses a highly secure encryption protocol assuring your card information is safely processed.

Overview

Bluefin is committed to providing you with excellent service for all of our products. Because we respect your right to privacy, we have developed this Privacy Statement to inform you about our privacy practices for the entire Bluefin site (which covers Bluefin.com).

Privacy is of great concern to most users of the Internet, and is a critical part of an enjoyable and satisfactory user experience. We at Bluefin are acutely aware of and sensitive to the privacy concerns of our subscribers and other visitors to our Web site. Whether you are a customer of our various products and services or a visitor to our site, we assure you that we do not collect personal information from you unless you provide it to us.

Personal Information

We do not collect any personal information from a visitor to our site unless that visitor explicitly and intentionally provides it. Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life. If you are simply browsing our site, we do not gather any personal information about you.

There are two ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:

E-mail Request for Information or Registrations for Guides or Seminars – We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides or seminars, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our products or services. To do so, we may request additional personal information from you, such as your name and telephone number, to help us satisfy your request.

Enrollment – If you choose to enroll for one of our products or services, we will request certain information from you. Depending on the type of product or service that you request, you may be asked to provide different personal information. For certain products and services, we may require your name, address, telephone number, e-mail address, credit card number, bank account information, IP address, and/or social security number. Other products and services may require different or supplemental information from you in order to apply. For a detailed listing of the type of personal information requested for our various products, please refer to the enrollment page for the particular product or service.

Statistical Information About Your Visit

When you visit our site, our computers may automatically collect statistics about your visit. This information does not identify you personally, but rather about a visit to our site. We may monitor statistics such as how many people visit our site, the user’s IP address, which pages people visit, from which domains our visitors come and which browsers people use. We use these statistics about your visit for aggregation purposes only. These statistics are used to help us improve the performance of our Web site.

Sending you responses and updates

We generally respond to any e-mail questions, requests for product or service information, and other inquiries that we receive. We may also retain this correspondence to improve our products, services, and Web site, and for other disclosed purposes. Frequently we retain contact information so that we can send individuals updates or other important information about our services and products. Occasionally these updates or other important information may be sent out by third parties on our behalf. We share personal information with certain third parties such as banks, processors, card networks, phone centers and other suppliers and vendors to provide the Bluefin services and to help us process the Bluefin services you may request. We may also share or permit access to personal information with persons we employ directly or as contractors or agents, partners, or affiliates at our direction, for purposes of administering our services, processing information, marketing our service and providing customer support. Bluefin may require such third parties to maintain confidentiality of your personal information. Any third party who contacts you in this capacity has executed a confidentiality agreement with us that contains a provision ensuring the privacy and security of any transferred information and limits the third party’s use of the shared information to sending updates or providing services on our behalf. In situations where you have supplied your information in connection with a question or request for information about a product or service offered by a Bluefin business partner, we may also send the information you have supplied to the Bluefin business partners that offer such products or services. Please be assured that the Bluefin business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you asked.

Bluefin collects information to allow customers to utilize its services, and to enable us to effectively support our customers. As a payment gateway, Bluefin transmits and may collect information related to credit card transaction data including full credit card track data, which may include full name, credit card number (PAN), expiry date, CVV security code, card type (e.g., credit, debit, etc.), service code, and discretionary data. Per PCI Data Security Standard requirements, Bluefin does not and will not store data defined as Sensitive Authentication Data (SAD), which includes CVV security code and PIN/PIN block, and will only transmit that data as part of the credit card authorization process.

Should Bluefin enter into an agreement with a third parties acting as a controller, Bluefin agrees that it will, to the best of its ability, require the third party controller to agree to the requirements listed here, as well as meet the then-minimum security standards of Bluefin including, but not limited to, PCI DSS compliance. Bluefin agrees to also require that, if entering into an agreement with a third-party controller, that the controlling entity be required to cease processing data that falls within scope of this privacy policy and/or take immediate steps to remediate should the determination be made that the entity is unable to abide by this policy.

Bluefin may be responsible for the appropriate onward transfer of personal data to third parties.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Bluefin complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. Bluefin has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

Bluefin’s participation in the Privacy Shield applies to all personal data that is subject to the Privacy Shield Principles and is received from the European Union, European Economic Area, and Switzerland. Bluefin will comply with the Privacy Shield Principles in respect of such personal data.

For purposes of this Notice, “Personal Data” means information that (i) is transferred from the EEA and Switzerland to the United States, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable job applicant, consumer, customer, supplier or other individual (excluding Bluefin employees), and (iv) can be linked to that job applicant, consumer, customer supplier or other individual. This Notice outlines our general policy and practices for implementing the Privacy Shield principles for Personal Data.

To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: www.privacyshield.gov. For more information regarding our Privacy Shield certification, please see: www.privacyshield.gov/list.

Privacy Shield Principles

Purpose of Collection and Use of Personal Data

We will provide individuals with notice of our data collection and processing practices in this Privacy Policy, describing what personal information we collect, the purpose and use of personal information, the categories of third parties with whom we may share such information (and the purposes for which we do so), the individual’s right to access such information, the choices and means through which the individual may limit the use and disclosure of personal information.  Where we process personal information on behalf of a third party which you have a direct relationship, we will work with them to help them provide appropriate notice to you.

Choice

Bluefin shares Personal Data with its service providers and among Bluefin’s subsidiaries and affiliates. With respect to Personal Data we share with other third parties, we provide job applicants, consumers, customers, suppliers and others located in the EEA and Switzerland with an opportunity to opt-out of such sharing. Click here if you would like to opt-out. We do not use Personal Data for purposes incompatible with the purposes for which the information was originally collected without notifying the relevant consumers, customers, suppliers and others of such uses and offering an opportunity to opt-out.

In addition, we may disclose Personal Data (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials based on an enforceable government request or as may be required under applicable law, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

Onward Transfer of Personal Data

Onward Transfers (Transfer to Third Parties). Bluefin may transfer personal information to certain third parties. Where we transfer personal information to a third party, will take reasonable and appropriate steps to ensure the third party processes personal information for limited and specified purposes and in a manner consistent with Bluefin’s Privacy Shield obligations. Where the transfer is to a third-party agent acting on our behalf, Bluefin may be liable if such third parties fail to meet those obligations, and we are responsible for the event giving rise to the damage.

Access to Personal Data

Bluefin provides job applicants, consumers, customers, suppliers and others with reasonable access to the Personal Data maintained about them. We also provide a reasonable opportunity to correct, amend or delete that information where it is inaccurate. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. To obtain access to Personal Data, job applicants, consumers, customers, suppliers and others may contact Bluefin as specified in the “Inquiries and Complaints” section of this Policy.

Security

Bluefin takes take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have implemented appropriate physical, electronic and managerial procedures to help safeguard and secure personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity

Bluefin takes reasonable steps to ensure that Personal Data collected by Bluefin is relevant for the purposes for which it is to be used and that the information is reliable for its intended use and is accurate, complete and current. We depend on our job applicants, consumers, customers, suppliers and others to update or correct their Personal Data whenever necessary.

Your Rights to Access, to Limit Use, and to Limit Disclosure

EU and Swiss individuals have the right to reasonable access to the personal information about you that we hold. On request, we will also take reasonable steps to correct, update, amend or delete any information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to your privacy in the case in question or where the rights of third parties would be violated. Where we process personal information on behalf of a third party, we will direct any individual requests for access or to limit use or disclosure to the third party, and we will work with such third party in complying with such requests in accordance with applicable law and our obligations under Privacy Shield.

Bluefin acknowledges the individual’s right to access the personal data we hold about them.  Individuals wishing to review, amend, or correct their personal data may do so by

contacting the merchant that accepted the individual’s payment card in payment for goods or services. As a payment processor, Bluefin provides its merchants access to customer transactional data, but only in truncated formats in an effort to protect customer data from potential breach or compromise. Bluefin receives customer data through the normal credit card transaction payment process, and transmits, stores and processes transactional data to perform its services. Customers do not have access to the Bluefin transaction processing system due to the security and regulatory requirements required of payment

processors. Providing customers access to their data introduces a disproportionate risk to both Bluefin and the customer data, and therefore Bluefin does not offer access to this highly sensitive data.

Jurisdiction and Enforcement

As part of our participation in Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission.

Compelled Disclosure

If we are required by law to disclose certain information to local, state, federal, national or international government or law enforcement authorities, we will do so. Please be aware that Bluefin may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Inquiries, Complaints, and Recourse

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Bluefin commits to resolve complaints about your privacy and our collection or use of your personal information.

European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Bluefin at: legal@bluefin.com

If you believe Bluefin maintains your personal data in one of the services within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to legal@bluefin.com. Bluefin will respond within 45 days.

Bluefin has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

The services of BBB EU Privacy Shield are provided at no cost to you. If neither Bluefin nor BBB EU Privacy Shield resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel. Also, Bluefin’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

We will never sell your contact information. If you have questions about this policy, please contact us.

Email

Bluefin may use your email address to communicate with you about orders you have placed, accounts you maintain or inquiries you have made about our products and services. In addition, we may send you email communications for customer satisfaction purposes or to inform you of special offers we believe will be of interest to you based on your profile. These emails will contain an unsubscribe link, which will enable you to opt out of receiving future mailings at any time, should you choose to do so.

Revisions to this Privacy Policy

Bluefin has the discretion to update and revise this Privacy Policy at any time. When we do, we will also revise the updated date at the top of the page, and any such changes will become effective when we post the revised Privacy Policy. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. Your use of our products or services following these changes means that you accept the revised Privacy Policy.