Privacy Notice
1. Introduction
This Notice applies to Blue J Legal Inc. and BJL US Inc. (together, “Blue J,” “us,” “we,” or “our”). If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”), please refer to Section 10 of this Notice for more information about which specific entity or entities act as a controller of your personal data.
When Does This Notice Apply? This Notice only applies to personal data that Blue J handles as a Controller (meaning where Blue J controls how and why your personal data is processed). This includes when you:
- Visit or interact with the bluej.com website, the software and other products that Blue J provides, our branded social media pages, and other websites which we operate (collectively, our “Digital Properties”);
- Register for or participate in our webinars, events, programs, marketing, and promotional activities;
- Interact with us in person; and
- Inquire about or engage in commercial transactions with us.
Changes: We may update this Notice from time to time. Please check back periodically for updates. If you do not agree with any changes we make, you should stop interacting with us. When required under applicable law, we will notify you of any changes to this Notice by posting an update on our website or in another appropriate manner.
2. Personal Data We Collect and Disclose
The below table describes what personal data we collect about you and to whom we disclose personal data.
In addition to the above disclosures, Blue J and our Canadian, US and other service providers and affiliates may disclose your personal information in response to a search warrant or other legally valid inquiry or order (which may include lawful access by Canadian, US or other foreign governmental authorities, courts or law enforcement agencies), to other organizations in the case of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise required or permitted by applicable Canadian, US or other law. Where a disclosure of our customers’ information is required by applicable law or court order, we promptly notify our customer prior to complying with such requirements (unless prohibited from doing so by applicable law). We will co-operate with our customers with respect to our response under applicable law. We may also de-identify, anonymize, or aggregate personal data to use or share with third parties for any purpose, where legally permitted.
3. How We Process Personal Data
We may process your personal data for the below purposes:
Blue J will honor data subject rights to the extent required by law. You may have the right to access, correct, update, and, in some cases, request deletion of your personal data (subject to exceptions). You may submit a request by emailing info@bluejlegal.com.
Blue J uses a limited number of third-party service providers to assist us in processing data for certain purposes. These third-party providers help support certain site features, perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may process or store personal data while providing their services. Blue J maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our obligations under applicable law, including the onward transfer provisions, and Blue J remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
4. Sources of Personal Data
- Information you provide to us directly, including when you register and communicate with us directly through our Digital Properties, visit our offices, or participate in our events, marketing, and outreach activities.
- Information collected from your employer, coworkers, or friends, including information about representatives or other employees of our current, past, and prospective customers, suppliers, investors, and business partners. We may also receive your information from a friend as part of a referral for the Blue J Platform.
- Information automatically collected, including technical information about your interactions with our Digital Properties (such as IP address, browsing preferences, and purchase history). More information is available in Section 5 below and in our Cookie Notice.
- Information from public sources, including information from public records and information you share in public forums, such as social media.
- Information from other third parties, including information from third-party service and content providers, entities with whom we partner to sell or promote products and services, and social media networks (including widgets related to such networks, such as the “Facebook Like” button).
We may combine information that we receive from the various sources described in this Notice, including third-party sources and public sources, and use or disclose it for the purposes identified above.
5. Cookies and Tracking Technologies
We use cookies and other tracking technologies and offer you the option to manage these settings as described in our Cookie Notice. Some tracking technologies enable us to track your device activity over time and across devices and websites. While some browsers have incorporated Do Not Track or DNT preferences, we do not honor such signals from web browsers at this time.
6. Security and Retention
We maintain appropriate security procedures and technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration, or use. More information can be found at www.bluej.com/security.
Your personal data will be generally retained as long as necessary to fulfill the purposes for which we collected the personal data. Once you and/or your company have terminated the contractual relationship with us or otherwise ended your relationship with us, we may retain your personal data in our systems and records to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with applicable legal, tax, or accounting requirements. When we have no ongoing legitimate business need nor lawful legal ground to process your personal data, we will delete, anonymize, or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If you want to know more about retention periods applicable to your particular circumstance, please contact us using the details provided in Section 9 below.
7. Children’s Privacy
Our Digital Properties are not directed to children under the age of 16, and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact us using the details provided in Section 9 below.
8. External Links
When interacting with us, you may encounter links to external sites or other online services, including those embedded in third-party advertisements. We do not control and are not responsible for privacy and data collection policies for such third-party sites and services. You should consult such third parties and their respective privacy notices for more information or if you have any questions about their practices.
9. Contact Information
If you have questions or complaints regarding this Notice or about Blue J’s privacy practices, please contact us by email at info@bluejlegal.com.
10. Supplemental Information for the EEA, Switzerland, and the U.K.
The following terms supplement the Notice with respect to our processing of EEA (i.e., European Union Member States, Iceland, Liechtenstein, and Norway), Swiss, and U.K. personal data. In the event of any conflict or inconsistency between the other parts of the Notice and the terms of this Section 10, Section 10 shall govern and prevail with regard to the processing of EEA, Swiss, and U.K. Personal Data, to the extent applicable.
Data Controller: The Blue J entity with which you have a primary relationship (such as the entity that concluded the Blue J Platform contract with you; the entity that has provided you with marketing materials and promotional communications; or the primary entity in the region where you access the Blue J Platform) is the controller within the scope of this Notice.
a. Legal Basis for Processing:
Please see Section 3 for the legal basis on which we rely for the collection, processing, and use of personal data.
b. Your Data Protection Rights:
Under applicable data protection laws, you may exercise certain rights regarding your personal data:
- Right to Access. You have the right to obtain confirmation from us whether we are processing your personal data and related information, as well as the right to obtain a copy of your personal data undergoing processing.
- Right to Data Portability. You may receive your personal data, that you have provided to us, in a structured, commonly-used, and machine-readable format, and you may have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract, and the processing is carried out by automated means.
- Right to Rectification. You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
- Right to Objection. You have the right to object to the processing of your personal data in certain cases.
- Right to Restrict Processing. You may request that we restrict the processing of your personal data in certain cases.
- Right to Erasure. You may request that we erase your personal data in certain cases.
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.
- Right to Refuse or Withdraw Consent. In case we ask for your consent to process your personal data, you are free to refuse to give it. If you have given your consent, you may withdraw it at any time without any adverse consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
- Right to Not Be Subject to Automated Decision-making. The types of automated decision-making referred to in Article 22(1) and (4) EU/UK General Data Protection Regulation (“GDPR”) do not take place in connection with your personal data. Should this change, we will inform you about why and how any such decision was made, the significance of it, and the possible consequences of it. You will also have the right to human intervention, to express your point of view, and to contest the decision.
You may exercise these rights by contacting us using the details provided in Section 9 above. Please note that we may refuse to act on requests to exercise data protection rights in certain cases, such as where providing access might infringe someone else’s privacy rights or impact our legal obligations.
c. International Transfers of Personal Data:
The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, Switzerland, or the U.K., your personal information may be processed outside of such jurisdiction including in the United States; these international transfers of your personal information are made pursuant to appropriate safeguards, and, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within such jurisdiction. Such measures shall include, but are not limited to, having Data Processing Agreements with applicable sub-processors and ensuring that such sub-processors have adequate security and data protection procedures in place aligned with the applicable data protection law. If you wish to inquire further about these safeguards used, please contact us using the details set out in Section 9.
VeraSafe has been appointed as our representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of our DPO, only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
11. Supplemental Information for Other Regions
- Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used, and/or processed by Blue J in accordance with Blue J’s obligations under PIPEDA.
- Nevada: We do not presently sell personal data as defined under Nevada law. If you are a Nevada resident, you may nevertheless email us using the information above to exercise your right to opt-out of sale under Nevada Revised Statutes §603A et seq.
- United Kingdom: Personal data collected, stored, used, and/or processed by Blue J, as described in this Privacy Notice, is collected, stored, used, and/or processed in accordance with Blue J’s obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced.
12. English Version Controls
Non-English translations of this notice are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.