BLUE OCTOBER PRIVACY POLICY
Revised July 1, 2022
This Privacy Policy describes the policies and procedures for Blue October (“we”, “our” or “us”) on the collection, use and disclosure of your information in connection with your use of www.blueoctober.com or any other Blue October affiliated websites, including the services, features, or content we offer (collectively the “Site”). We receive information about you from various sources, including: (i) if you register for an account on our Forum, Fan Club or otherwise, through your user account (your “Account”); (ii) your use of the Site generally; and (iii) if you choose to sign up to receive our Newsletter. When you use the Site, you are consenting to the collection, transfer, manipulation, storage, disclosure and other uses of your information as described in this Privacy Policy.
WHAT DOES THIS PRIVACY POLICY COVER?
In Short: This Privacy Policy covers the treatment of your Personal Information gathered when you are using or accessing our Services.
We are committed to protecting your Personal Information and your right to privacy. Throughout this Privacy Policy, “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an individual or household. These include information such as full name, postal address, e-mail address and/or telephone number, and if applicable also usage data such as your IP address. Such is the data we collect when you visit the Site.
Here we seek to explain to you in the clearest way possible what Personal Information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Site.
Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your Personal Information with us.
This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third-party websites, services and applications (each a “Third Party Service”) that you elect to access through the Site or to individuals that we do not manage or employ. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access. Those Third Party Services include but are not limited to Spotify, Apple Music, Amazon Music, YouTube, Vevo, and Wix.
WHAT INFORMATION DO WE COLLECT AUTOMATICALLY FROM YOU?
In Short: Some information – such as IP address and/or browser and device characteristics – is collected automatically when you visit our Site.
We automatically collect certain information when you visit, use or navigate the Site that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with you or your household. This information may not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information. This information is primarily needed to maintain the security and operation of our Site, and for our internal analytics and reporting purposes.
The technologies we use for this automatic data collection may include:
Cookies (or browser cookies).
“Cookies” are small text files that are placed on your device by a Web server when you access our Site. We may use both session Cookies and persistent Cookies to tell us how and when you interact with the Site. We may also use Cookies to monitor aggregate usage and web traffic routing on our Site and to customize and improve the Site. Unlike persistent Cookies, session Cookies are deleted when you navigate away from the Site and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Site. Some Service Providers that we engage (including advertisers) may also place their own Cookies on your device. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by any Third Party or Service Provider you visit directly, both which should have their own privacy policies.
Flash Cookies.
Certain features of our Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Site. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Web Beacons.
Pages of our Site and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Sites statistics (for example, recording the popularity of certain Sites content and verifying system and server integrity).
WHAT INFORMATION IS COLLECTED FROM OTHER SOURCES?
In Short: We may collect limited data from public databases, marketing partners, and other outside sources.
We may obtain Personal Information about you from other sources, such as public databases and other Third Parties. Such Third Parties are neither part of our Site nor a Service Provider with whom we have a contractual relationship. All Personal Information that you provide on or to such Third Party or that is collected by a Third Party is provided directly to the controller, owner or operator of the Third Party and is subject to the owner’s or operator’s privacy policy. We do not monitor or control any data you provide to Third Parties. To that end, we are not responsible for the content, privacy or security practices of a Third Party. To assure the protection of your Personal Information, we recommend that you carefully review the privacy policies of any Third Party you access. You assume the risk of providing any information you provide to a Third Party. Other than Third Party services as noted above, we do share your Personal Information with certain Service Providers, who are defined as companies or organizations with whom we have a contractual relationship in connection with fulfilling our services to you (“Service Providers”). Any Personal Information collected may be shared with our Service Providers.
Below is a list of the Service Providers as of the date of this Policy. Please check this Privacy Policy regularly for updates on other Service Providers that may be added to our Site for the most recent list of Service Providers with whom we are legally or contractually obligated to share your information to facilitate your use of the Site.
GOOGLE ANALYTICS
We also use Google Analytics, a web analysis service of Google Inc. (in future: Google) on our Website. Google Analytics is a web analysis tool with the help of which we analyze the interaction of the visitors with our website and thus are able to improve our website for you further. Google Analytics also uses cookies, as they were in principle described in more detail above. The information generated by the cookie regarding your use of our Website are usually transferred to a server belonging to Google in the US and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. The information saved by the cookies includes, for instance, the time of the website visit, the frequency with which the visitor has called up the website, and from where the visitor has accessed the website. To determine the latter value, Google initially records the IP address of the user. However, we have activated the IP anonymization on our website. Based on this, your IP address within Member States of the European Union or in other signatory states of the Treaty on the European Economic Area is shortened by Google before transmission to the US. Only in exceptional cases is the full IP address transferred to a server belonging to Google in the US and shortened there. Google will use the aforementioned information to analyze your usage of the website, to compile reports on the website activities and to provide further services associated with the usage of the website and the Internet towards the website operator. The IP address communicated under Google Analytics by your browser is not merged with other data of Google. You can prevent the saving of the cookies by Google Analytics by a corresponding setting in your browser software; however, reference should again be made to the fact that in this case you may not be able to use all functions of our Website.
In addition, you can prevent the recording of the data generated by the cookie and relating to your usage of the website (incl. your IP address) to Google and the processing of these data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?
Further information on data protection with regard to Google Analytics can be found directly here at Google.
Our website uses the social plug-ins and pixels of the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. If you have your normal place of residence in the European Union, the Facebook services are offered to you by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland. The social plug-ins are discernible by the Facebook logos (white “f” on blue background or the characteristic Facebook thumb) or marked by the addition “Facebook Social Plug-In”; all Facebook plug-ins can be viewed here. The sign-up and/or log-in of Facebook is also easy to recognize by the characteristic white script on a blue background.
If you would like to register or log in with us using the Facebook sign-up and/or log-in, you then permit us to:
1. Access your general details such as your name, profile image, gender, the user ID, your friend lists and all other data that you have made public in your profile.
2. Send your e-mails.
3. Post status reports on your behalf.
4. Also to access your data when you are not currently using the application.
5. Access your other profile information such as “About me”, your date of birth, your home town and your current place of residence.
SOCIAL PLUG-INS
When you call up our Website on which a social plug-in (e.g., a “like” button) is implemented, your browser will then establish a direct link to Facebook and will then transmit the following data to Facebook directly:
1. date and time of your visit,
2. the Internet address/URL of the site that you are currently visiting,
3. your IP address,
4. your browser,
5. your operating system,
6. your user code if you are a registered user of Facebook and if applicable your surname and first name.
The data can only be transmitted to the Facebook profile when the user is logged in to Facebook. Logging out of Facebook prevents the transmission of these data to the Facebook profile.
Facebook saves these data for a period of 90 days. Facebook then removes the name and all other personal information from the data; a pseudonymized usage profile remains.
Please note that we do not have any influence on the scope of the data which Facebook collects with the help of the plug-in and that with regard to data protection we have to rely on the data usage guideline of Facebook, on which our aforementioned information is based. Please inform yourself further on Facebook specifically about the purpose and scope of the data collection and your rights in this regard and the setting options to protect your privacy using the data usage guidelines. It is of course possible to prevent the placing of cookies by settings in your browser. In addition, it is also possible to block the social plug-ins of Facebook with add-ons for your browser such as the “Facebook Blocker.”
YOUTUBE
Our Website uses plugins from YouTube, including YouTube Pixel, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
GOOGLE WEB FONTS
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
SPOTIFY AND APPLE MUSIC
Our Website uses plugins from Spotify and Apple Music. The operators of these two applications are as follows:
A) Spotify USA Inc., 45 W. 18th Street, Fllor 7, New York, NY 10011, USA
B) Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014, USA.
If you visit one of our pages featuring a Spotify or Apple Music plugin, a connection to their website is established. Here their servers are informed about which of our pages you have visited. If you’re logged in to your Spotify or Apple Music account, each allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Spotify or Apple Music accounts. Spotify and Apple Music are used to help connect you with our music. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data can be found in the data protection declaration of Spotify or Apple Music respectively under https://www.spotify.com/us/legal/privacy-policy/ and
https://www.apple.com/legal/privacy/en-ww/.
WHAT OTHER INFORMATION DO YOU PROVIDE TO US?
In Short: You provide us information if you sign up for our Forum, Fan Club or a Contest, and we also collect some information if you sign up for our Newsletter.
ACCOUNT INFORMATION:
If you register for an Account on our Forum or Fan Club, you will provide information that could be Personal Information, such as your date of birth, a user name, your email address, your time zone, a password, and if you were referred to our Site by an existing registered member. You may also choose to provide additional Personal Information by editing your profile. You may choose to include a Custom User Title, information about yourself, basic demographic information including age and location, a description of your interests, your favorite Blue October songs and/or albums, and links to your website or social media profiles.
THE NEWSLETTER:
Through our Newsletter, we send our fans information about tour dates, new music, merchandise, band members’ side projects, and other Blue October related material. If you choose to be on our mailing list, all we ask for is your name and email address.
PERSONAL INFORMATION OF CHILDREN
In Short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly collect or solicit Personal Data from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send us any of your Personal Data. If we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible.
HOW, AND WITH WHOM, IS MY INFORMATION SHARED OR TRANSFERRED?
In Short: We only share information either with your consent, to comply with laws, to protect your rights, or to fulfill business obligations.
We may process or share data based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your Personal Information in a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your Personal Information to fulfil the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet
national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved. Additionally, we may need to process your data or share your Personal Information in the following situations:
Service Providers. We may share your data with our Service Providers. We may allow Service Providers to use tracking technology on the Site, which will enable them to collect data about how you interact with the Site over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your Personal Information with any Third Party or Service Provider for their promotional purposes.
WHAT PUBLIC INFORMATION ABOUT YOU AND YOUR ACTIVITY ON THE SITE CAN OTHERS VIEW?
In Short: Information you post about you on our Site may be viewed by others who access the Site.
Information you choose to include in your profile, or any Personal Information you share about yourself on our Forum may be viewed by others who access the Site. This includes information you choose to provide openly, including your username, contact name, information about yourself, and links to your website or social media profiles, which may be displayed to other users to facilitate user interaction within the Site. We will not directly reveal user email addresses to other users.
Some of your activity on and through the Site is public by default. This may include, but is not limited to, content you have posted publicly on the Site or otherwise through the Site. Please remember that if you choose to provide Personal Information using certain public features of the Site, then that information is governed by the privacy settings of those particular features and may be publicly available. Individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through the Site.
WHAT INFORMATION IS DISCLOSED FOR OUR PROTECTION AND THE PROTECTION OF OTHERS?
In Short: We may have to share your Personal Information if legally required to do so.
We reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this Privacy Policy, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
WHAT CHOICES DO YOU HAVE REGARDING YOUR INFORMATION?
IN SHORT: YOU HAVE SEVERAL OPTIONS TO CONTROL AND MANAGE THE AMOUNT OF PERSONAL INFORMATION YOU SHARE WITH US.
EU RESIDENTS
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Information, as outlined below.
A) ACCESS:
You can request more information about the Personal Information we hold about you and request a copy of such Personal Information.
B) RECTIFICATION:
If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by updating any of the information contained in your user profile.
C) ERASURE:
You can request that we erase some or all of your Personal Information from our systems.
D) WITHDRAWAL OF CONSENT:
If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
E) PORTABILITY:
You can ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
F) OBJECTION:
You can contact us to let us know that you object to the further use or disclosure of your Personal Information for certain purposes.
G) RESTRICTION OF PROCESSING:
You can ask us to restrict further processing of your Personal Information.
H) RIGHT TO FILE COMPLAINT:
You have the right to lodge a complaint about Blue October’s practices with respect to your Personal Information with the supervisory authority of your country or EU Member State.
I) TRANSFERS OF PERSONAL INFORMATION:
The Services are hosted and operated in the United States (“U.S.”) through our Service Providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you is being provided to Blue October in the U.S. and will be hosted on U.S. servers, and you authorize us to transfer, store and process your information to and in the U.S., and possibly other countries. Please note that whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring, where required by law, at least one of the following safeguards is implemented: transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or transferring personal data to the United States to an entity if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
You may be entitled, in accordance with applicable law, to request a copy of relevant safeguards.
CALIFORNIA PRIVACY RIGHTS:
If you are a California resident and you have provided us with your Personal Information, you have the right to request that we:
A) Disclose the categories and specific pieces of Personal Information we have collected;
B) Disclose the categories of sources from which the Personal Information is collected;
C) Disclose the purpose for collecting or selling your Personal Information;
D) Disclose the categories of third parties with whom we share your Personal Information;
E) Delete any Personal Information about you that we have collected from you, subject to
certain exceptions; and
F) NOT SELL YOUR PERSONAL INFORMATION.
NEVADA PRIVACY RIGHTS:
If you are a Nevada resident and you have provided us with your Personal Information, you have the right to request that we allow you to opt-out of the sale of your Personal Information.
OPT-OUT OF TARGETED ADVERTISING
Through the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about interest-based ads from participating third parties, please visit the DAA’s or NAI’s consumer opt out pages, which are located at http://www.networkadvertising.org/choices/ or www.aboutads.info/choices.
Reset your mobile device’s advertising identifier or set it to opt out of targeted advertising.
iOS: You can opt-out of targeted advertising by choosing “Limit Ad Tracking” in your device’s settings menu.
Android: You can reset your advertising ID at any time from the Ads section under Settings on your device, or you can also opt-out of targeting advertising in this same section.
HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION?
In Short: We keep your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
We will only keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
IS THE INFORMATION ABOUT YOU SECURE?
In Short: We aim to protect your Personal Information through a system of organizational and technical security measures, including encryption as required by law.
As required by Nevada law, we encrypt any Personal Information during transfers or any movement of it to our Service Providers are whenever otherwise required contractually, by law or order. In addition, we have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process.
Please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your Personal Information, transmission of Personal Information to and from our Site is at your own risk. You should only access the Site within a secure environment.
WHAT HAPPENS WHEN THERE ARE CHANGES TO THIS PRIVACY POLICY?
In Short: We may update this Privacy Policy from time to time, so you should review it periodically for updates or review it if you receive a notice of update from us.
The effective date of this Privacy Policy appears at the top of this page. However, we may update this Privacy Policy from time to time. It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat your Personal Information, we will notify you by email to the email address specified in your account or through a notice on the Site home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Privacy Policy to check for any changes.