Blue Umbrella Limited, Unit 4, 16/F, Eastern Harbour Centre, 28 Hoi Chak Street, Quarry Bay, Hong Kong (“Blue Umbrella,” “we,” “our,” or “us”) takes your privacy seriously. We want you to know how we collect, use, share, and protect your personal data.
This Privacy Statement tells you:
1. What this Privacy Statement covers
2. What personal data we collect
3. Purposes for which we use the personal data we collect
4. How we share the personal data we collect
5. How we protect the personal data we collect
6. Your ability to review or modify personal information or unsubscribe from notices; Retention of your personal information
7. How we handle personal information when we act as a processor
8. Databank services
10. Information specific to the European Economic Area (EEA) and Swiss users
11. Changes to this Privacy Statement
Blue Umbrella has designated a Privacy Officer who is responsible for our compliance with this Privacy Statement. Our Privacy Officer may be contacted via email at firstname.lastname@example.org.
1. WHAT THIS PRIVACY STATEMENT COVERS
This Privacy Statement applies to www.blueumbrella.com and www.bluedd.com (“Web Site”) and Blue Umbrella’s practices for handling personal information when we act as controller of personal information provided to Blue Umbrella over the Internet by viewing or using the Web Site or that we otherwise collect from or about you. Blue Umbrella will collect, store, and use personal information only in compliance with this Privacy Statement and applicable law (which may include, as applicable, Hong Kong’s Personal Data (Privacy) Ordinance, cap. 486).
In Section VII. below, we describe how we handle personal information provided by Blue Umbrella’s clients, and their third parties using Blue Umbrella’s online third party compliance solution that is accessible only through an access-restricted portion of the Web Site (“Service”). Blue Umbrella acts as a processor on behalf of our clients when processing personal information to provide the Service, including when we administer compliance questionnaires, conduct a due diligence investigation, and prepare a due diligence report (a “Due Diligence Report”) summarizing the results of that investigation, as described in more detail in Section VII. below. As part of the Service and at our clients’ request, we may offer the ability (i) for Client’s Third Parties (as defined below) to complete a self registration form via an open page; and (ii) for client authorized users to complete the business case landing page without login requirement. In those instances, Blue Umbrella acts as a processor on behalf of our clients. To obtain information about how our clients process personal information, please see their respective privacy policies. In certain cases, our clients may agree to let us share Due Diligence Reports as part of our databank services described in Section VIII. below (“Databank Services”). When we share Due Diligence Reports as part of our Databank Services, we act as a controller for our own account of the personal data included in the Due Diligence Reports.
Please carefully read this Privacy Statement to understand how we will treat the information you provide while visiting this Web Site and that we may otherwise collect from or about you. This Privacy Statement also describes your choices regarding the use of your personal information, including how you can access, update and correct your personal information. Please note however that when we process personal information to provide the Service, the choices available to you are described in our clients’ respective privacy policies, and not this Privacy Statement. This Privacy Statement may change from time to time. Please check the Privacy Statement each time you use the Web Site for the most current information.
We may obtain your consent to collect, use or disclose personal information. In some cases applicable law does not require your consent. Your consent can be express or given through an authorized representative such as a lawyer, agent or broker. Consent may be provided orally, in writing or electronically. To withdraw consent at any time you may email us at email@example.com. We will honor your withdrawal of consent, subject to legal, contractual and other restrictions. If you notify us that you withdraw consent, we will inform you of the likely consequences of that withdrawal of consent, which may include our inability to provide certain services for which that information is necessary.
“Personal data” or “personal information”, as used in this Privacy Statement, means information that relates to you as an individually identified or identifiable person.
2. WHAT PERSONAL DATA WE COLLECT
A. Information You Give Us
Blue Umbrella collects personal information from you or that you provide to us when accessing the Web Site or otherwise. Based on the nature of the transaction, the types of personal information that may be collected from you include the following:
• Contact Information: contact and identifying information (e.g. name, address, email address, phone and fax numbers, employer(s), job title(s)) in connection with your expression of interest in receiving information about, or your registering for, Blue Umbrella products or services, newsletters and conferences;
• Account Information: if you use the Web Site to open an account with Blue Umbrella, we collect the information requested on our account application form. This information is used for internal purposes, such as account establishment, fulfilment of orders and client service; and
• Other Information: other personal information not listed above that you may voluntarily provide to us in an online form or through an email.
B. Information We Collect Through Technology on the Web Site
1. First Party Cookies
Blue Umbrella’s Web Site may use technologies, such as cookies, scripts and tags to analyze trends, to administer the Web Site, to track users’ movements around the Web Site and to gather demographic information about our user base.
When you visit the Web Site, we may collect general Internet data, including your domain name, the web page from which you entered the Web Site, which pages you visited on the Web Site, and how much time you spend on each page. To collect this information, a “cookie” may be set on your computer whenever you visit the Web Site. A cookie is information sent by a web server to a web browser and stored by the browser. Each time the browser requests a page from the web server, the cookie communicates with the web server. This enables the web server to identify and track the web browser.
As is true of most web sites, Blue Umbrella gathers certain information automatically and stores it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We do not link this automatically-collected data to personal information.
For more information concerning our “cookie” policy, please visit https://www.blueumbrella.com/cookie-policy.html.
2. Third Party Cookies
We may track your online activities over time and across third party websites or online services. For example, we might use web beacons to help us determine what links or advertisers brought you to our Web Site. We then track your activities on our Web Site. We also may use web beacons to track your visits to other websites so that third party service providers can display Blue Umbrella advertisements to you on those other websites based on your activities while on the Web Site (“remarketing”).
C. Limits on Our Collection, Use and Disclosure of Personal Information
Blue Umbrella will not collect personal information indiscriminately but will limit collection of personal information to that which is reasonable and necessary for the purposes described in this Privacy Statement. We will also collect personal information as authorized by law.
Blue Umbrella will use and disclose personal information for the purposes set out in this Privacy Statement and as authorized by law.
1. Other Websites
We may also provide social media features that enable you to share information with social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of personal information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
3. PURPOSES FOR WHICH WE USE THE PERSONAL DATA WE COLLECT
When your personal information is collected, Blue Umbrella may use it for the purposes described in this Privacy Statement, including compliance purposes. Blue Umbrella will only use your personal information for the purpose for which it was initially collected. We will only use your personal information for a materially different purpose if you consent.
The purposes for which we will use your personal information include the following:
• Operating Blue Umbrella’s business and providing and administering Blue Umbrella’s products and services;
• Sharing Due Diligence Reports with our clients who have subscribed to our Databank Services (described in Section VIII. Below);
• Operating, maintaining and improving the Web Site;
• Setting up your account;
• Responding to your questions and requests for information;
• Responding to requests for service quotes;
• Responding to your inquiries about job postings;
• Providing newsletters and information about webinars and other events;
• Registering users for promotional materials and events;
• Contacting users for marketing, advertising, and sales purposes;
• Contacting users with relevant information regarding system updates;
• Responding to questions and feedback;
• Aggregating information into non-identifiable information for benchmarking and other purposes;
• Conducting market research and analysis;
• Continuously evaluating and improving the online user experience;
• Network and information security;
• Fraud prevention;
• Reporting suspected criminal acts;
• Managing or transferring our assets or liabilities, for example, in connection with an acquisition or merger, the provision of security for a credit facility, a corporate reorganization or the change of a supplier of products or services, provided that recipient entity uses the disclosed information solely for the purposes permitted by this Privacy Statement;
• Maintaining accurate client records;
• Collecting debts owed to Blue Umbrella;
• Complying with the law or to protect the rights, property, or safety of Blue Umbrella, our users, or others; and
• Responding to law enforcement, conducting legal process (such as in the case of litigation, which may involve the sharing of personal information with a judicial authority or parties to a lawsuit), responding to subpoenas and other legal requests.
4. HOW WE SHARE THE PERSONAL DATA WE COLLECT
We will share your personal information with third parties only in the ways that are described in this Privacy Statement unless you consent. Blue Umbrella does not sell or rent personal information to third parties.
Previously Described Purposes:
Blue Umbrella may disclose personal information as necessary or appropriate for any of the listed above in “Purposes for Which We Use the Personal Data We Collect.”
Other Service Providers:
Blue Umbrella may retain agents, subcontractors or service providers from time to time in relation to our business or the Web Site. If we require a service provider to deal with your personal information, we will take reasonable steps to ensure that the service provider adheres to privacy procedures and will keep your personal information confidential. We will not provide more information than is necessary to the service provider and will ensure that the information is returned or destroyed once the purpose for which it was given is filled.
Blue Umbrella is based in Hong Kong, and our affiliates and service providers may be located in various jurisdictions (including the United Kingdom, Germany, Canada, USA, Malaysia, Brazil and India), and you acknowledge that personal information may be processed and stored in foreign jurisdictions with different privacy laws, and that the governments, courts or law enforcement or regulatory agencies in those jurisdictions may be able to obtain disclosure of that personal information through the laws of the foreign jurisdiction.
Blue Umbrella also may disclose your personal information and any other additional information available to Blue Umbrella for any of the following purposes:
• to respond to law enforcement, conducting legal process (such as in the case of litigation, which may involve the sharing of personal information with a judicial authority or parties to a lawsuit), responding to subpoenas and other legal requests;
• in connection with corporate transaction, such as a merger, acquisition or sale of all, or a portion, of Blue Umbrella’s assets;
• to comply with the law or to protect the rights, property, or safety of Blue Umbrella, our users, or others;
• to any other third party with your prior consent to do so;
• to any third party without your consent as permitted or acquired by applicable law; and
• in accordance with applicable law when managing or transferring our assets or liabilities, for example, in connection with an acquisition or merger, the provision of security for a credit facility, a corporate reorganization or the change of a supplier of products or services, provided that recipient entity uses the disclosed information solely for the purposes permitted by this Privacy Statement.
5. HOW WE PROTECT THE PERSONAL DATA WE COLLECT
Blue Umbrella is committed to protecting the personal information that Blue Umbrella receives about individuals. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we cannot guarantee the security of your personal information, we utilize a combination of online and offline security technologies, procedures and organizational measures to help safeguard personal information against loss, misuse, and unauthorized access, disclosure, alteration and destruction.
We maintain physical, electronic and procedural safeguards to help safeguard the personal information that you provide to Blue Umbrella. We employ Transport Layer Security (TLS) data encryption when data is transmitted over the Internet to our Web Site. In addition, we have security protocols and measures in place that aim to protect the personal information we maintain about you from unauthorized access or alteration.
Specifically, we have installed firewall, physical security and technological security measures, and encryption of certain information. Strong password protection protocols are used on our computers, and employees are kept up-to-date on our security and privacy policies. The servers used to store personal information are maintained in a secure environment with appropriate security measures.
In addition, access to client information is restricted to authorized personnel only. Only employees who need the personal data to perform a specific job (for example, a client service representative) are granted access to personal data. Employees with access to personal data are kept up-to-date on our security and privacy practices.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to close your browser after you have completed your visit to the Web Site.
6. YOUR ABILITY TO REVIEW OR MODIFY PERSONAL INFORMATION OR UNSUBSCRIBE FROM NOTICES; RETENTION OF YOUR PERSONAL INFORMATION
You may have a right to access your personal information that we control. In most cases, if you have provided your personal information to Blue Umbrella while browsing Blue Umbrella’s publicly accessible Web Site or otherwise, or so that we may administer your client account, or in connection with the Due Diligence Reports that we share as part of our Databank Services described in Section VIII. below, and you wish to update such personal information (if any) that you have provided us, you may correct, update, amend or delete it by contacting us by email at the contact information listed below. If we do not make a requested change to your personal information, we will annotate the personal information under our control with a note that the correction was requested but not made. If our client controls your personal information, we will refer you to our client.
Also, if you no longer desire our newsletters or similar marketing services, you may email us at firstname.lastname@example.org. We will promptly unsubscribe you from our mailing list.
How To Unsubscribe:
You may cancel or modify the email communications you have chosen to receive from Blue Umbrella by following the instructions contained in emails from us. Alternatively, you may email Blue Umbrella at email@example.com with your request, stating ‘Unsubscribe’ in the header and what email addresses you wish not to receive Blue Umbrella emails. Within a reasonable period, we shall ensure that such email addresses are unsubscribed.
Blue Umbrella will retain your information for the duration of the client relationship, if any. We also retain your personal data for at least twelve (12) months after our last interaction with you. Further, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes or enforce our agreements. We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retaining the information and retention is no longer necessary for a legal or business purpose.
7. HOW WE HANDLE PERSONAL INFORMATION WHEN WE ACT AS A PROCESSOR
Our clients, and their third parties using our Service, provide us personal information. Blue Umbrella acts as a processor on behalf of its clients when processing personal information to provide the Service. To obtain information about how our clients process personal information, and the choices that may be available to you about how our clients process your personal information, please see our clients’ respective privacy policies.
When providing the Service, we act on behalf of our clients, and pursuant to their directions. Our clients may ask us to conduct a due diligence investigation on another organization (the “Client’s Third Party”) with which our client currently has, or is considering entering into, a business transaction or relationship. To initiate this due diligence investigation, our client may provide us with personal information on directors, shareholders, owners, or managers of Client’s Third Party. This personal information may include full name, date of birth, title, corporate affiliation, email address, phone number, passport or ID number. Before providing this personal information to us, our client must ensure that both our client and our Client’s Third Party have complied with any relevant data privacy legislation in their collection, use, storage and onward transmission of personal data to Blue Umbrella, including by providing applicable individuals with any legally required notice and by obtaining any legally required consent. Our Client’s Third Party also must acknowledge and agree that the due diligence investigation will include personal data relating to its directors, shareholders, owners, or managers. As part of our due diligence investigation, we may collect personal information on behalf of our client by administering questionnaires and processing personal information received in response to those questionnaires.
We will use the information that we collect as part of our due diligence investigation on behalf of our client to prepare a Due Diligence Report if our client requests that we do so.
When Blue Umbrella performs due diligence services for a client, we may disclose personal information submitted by the Client’s Third Party and/or our client through the Web Site about the Client’s Third Party directors, shareholders, owners, or managers to the Blue Umbrella client that requested the due diligence services.
On behalf of our client, Blue Umbrella also may disclose this personal information to certain third parties as necessary to conduct the due diligence investigation (such as national corporate registers and providers of databases including perpetrators of bribery, anti-money laundering and other criminal activity), as well as to third party representatives or subcontractors authorized by Blue Umbrella to assist in the due diligence investigation. Blue Umbrella discloses to these representatives and subcontractors only the personal information they need to deliver to Blue Umbrella (for the benefit of Blue Umbrella’s client) the requested product or service. Blue Umbrella prohibits these third parties from using that information for any other purpose. Blue Umbrella requires, by written agreement, that these parties maintain commercially reasonable measures to protect the confidentiality of the personal information received from Blue Umbrella.
On behalf of our client, Blue Umbrella may transfer personal information submitted to it for a due diligence investigation to an overseas receiver to perform the investigation. These transfers will occur when Blue Umbrella is attempting to verify the corporate standing of a potential third party, any past litigation or other adverse information of directors, shareholders, owners, or managers during times they were in country other than the country where they currently reside. The Client’s Third Party and our client are responsible for obtaining the prior consent of the relevant directors, shareholders, owners, or managers to these cross-border data transfers.
8. DATABANK SERVICES
Blue Umbrella offers our clients the option of sharing the responses to questionnaires provided as part of the Services, and Due Diligence Reports that we prepare for our clients, with other Blue Umbrella clients. When Blue Umbrella shares the responses to questionnaires that we administer on behalf of our clients, we do so with your consent and act as processor. When we share the Due Diligence Reports that we prepare based on the results of our due diligence investigations with other clients who have subscribed to our Databank Services, we act for own account and as a controller.
A. Links To Third Party Sites
The Web Site may include links to third party web sites whose privacy practices may differ from those of Blue Umbrella. Please be aware that those third party web sites are outside of our control and are not covered by this Privacy Statement. If you submit personal information to any of those sites, your information is governed by their privacy policies. If you have questions about how another site uses your information, consult that site’s privacy statement.
B. Policy Regarding Children
Blue Umbrella does not offer services to children under the age of 18 and this Web Site is not directed to or intended for use by children under the age of 18. Blue Umbrella does not intend to collect information about children under the age of 18 through the Web Site.
C. California Online Privacy Protection Act Compliance/Your California Privacy Rights
California residents who use the Web Site may request that we provide certain information regarding our disclosure of your personal data to third parties for their direct marketing purposes. You can make such a request by email to firstname.lastname@example.org.
10. INFORMATION SPECIFIC TO EEA AND SWISS USERS
The information in this section, which should be read together with the rest of this Privacy Statement applies solely to users in the European Economic Area and Switzerland (collectively, the “EEA”) and solely with respect to personal data we collect as a controller.
Individuals who reside in the EEA (“EEA Individuals”) are not required by statute or by contract to provide any personal data to us.
A. Transfers of Personal Information
The personal data collected by Blue Umbrella may be transferred to Hong Kong or other jurisdictions (which may include Germany and the United Kingdom (which are member states of the EEA), Canada, USA, Malaysia, Brazil and India). Canada is considered by the European Commission to offer an adequate level of protection for personal data as under GDPR. The European Commission has not issued a determination that Hong Kong, USA, Malaysia, Brazil or India ensure an adequate level of protection for personal data. For these countries, we have executed the European Commission’s standard contractual clauses to govern onward data transfers. To obtain a copy, you may email us at email@example.com
B. Legal Bases For Processing and Purposes
Blue Umbrella processes your personal data on the basis of your consent (where required by law), to provide you information about the products and services that we think might interest you; and to contact users who are not customers for marketing, advertising, and sales purposes.
Blue Umbrella also processes personal data as necessary for its legitimate interests in managing its business to increase its revenues and capitalize on opportunities while acting in compliance with law and managing risks. We rely on legitimate interests as the legal basis for processing personal data to share our Due Diligence Reports as part of our Databank Services; to operate, maintain and improve the Web Site; to aggregate information into non-identifiable information for benchmarking and other purposes; to conduct market research and analysis; to continuously evaluate and improve the online user experience; to try to ensure network and information security; to prevent fraud and to report suspected criminal acts; to manage or transfer our assets or liabilities, for example, in connection with an acquisition or merger, the provision of security for a credit facility, a corporate reorganization or the change of a supplier of products or services; and to protect the rights, property, or safety of Blue Umbrella, our users, or others in those cases where not required by law.
Blue Umbrella also processes personal data to comply with laws such as the UK Bribery Act, to protect the rights, property, or safety of Blue Umbrella, our users, or others where required by law; to respond to law enforcement; to conduct legal processes (such as in the case of litigation, which may involve the sharing of personal information with a judicial authority or parties to a lawsuit); and to respond to subpoenas and other legal requests.
C. Rights of EEA Residents
1.Right to Object to Processing for Direct Marketing or Legitimate Interests
EEA Individuals have the right to object to the processing of their personal data for purposes of Blue Umbrella’s direct marketing or, on grounds relating to the EEA Individual’s particular situation, for Blue Umbrella’s legitimate interests, by contacting Blue Umbrella at firstname.lastname@example.org.
2.Other Individual Rights
Access, Correction, Deletion:
EEA Individuals have the right to access their personal data collected by Blue Umbrella and to request that Blue Umbrella update, correct, or delete their personal data as provided by applicable law. EEA Individuals also have the right to restrict Blue Umbrella’s processing of their personal data.
EEA Individuals have the right to data portability concerning their personal data. Subject to certain limitations, the right to data portability allows EEA Individuals to obtain from Blue Umbrella, or to ask Blue Umbrella to send to a third party a digital copy of the personal data that they provided to Blue Umbrella. EEA Individuals’ right to access their personal data includes their right to receive a copy of all, or a portion, of their personal data in Blue Umbrella’s possession as long as Blue Umbrella’s providing the personal data would not adversely affect the rights and freedoms of others.
Point of Contact/Complaints:
EEA Individuals can exercise these rights by contacting email@example.com. Blue Umbrella will respond to such requests in accordance with applicable data protection law. If EEA Individuals believe that their personal data has been processed in violation of applicable data protection law, they have the right to lodge a complaint with the relevant data protection authority in the country where they reside, where they work, or where the alleged violation occurred.
EEA Individuals may use the contact information above, at any time, to withdraw their consent for the processing of their personal data where Blue Umbrella requires their consent as a legal basis for processing their personal data. Any withdrawal will apply only prospectively, and Blue Umbrella will continue to retain the personal data that EEA Individuals provided before they withdrew their consent for as long as allowed or required by applicable law.
Blue Umbrella’s representative in the European Union is Blue Umbrella Risk Management Limited. You can contact our representative at firstname.lastname@example.org.
11. CHANGES TO THIS PRIVACY STATEMENT
Blue Umbrella may revise or update this Privacy Statement on occasion to reflect changes to our practices. If we make any material changes to this Privacy Statement, we will provide notification of such changes’ effective date prior to the changes taking effect through our Web Site and directly to you if we have your contact information on file. Blue Umbrella will not provide less privacy protection, without your consent, to information collected under a prior Privacy Statement. We encourage you to refer back to this Privacy Statement for the latest information and the effective date of any changes.
Any inquiries, complaints or questions regarding this Privacy Statement should be directed in writing to our Privacy Officer:
Blue Umbrella Limited
Last Updated: March 30, 2020