Last Modified: 2021-03-09
(1) BrainApps online at BrainApps.com,
(2) BrainApps online on mobile devices,
It describes how we collect, use, secure, and share information of our users and individuals whose payment details are used to purchase BrainApps (collectively, "you" or "your"). It also describes how to access, update, and correct your personal data and the choices available to you regarding your personal data. Under applicable law, Blumaro is the data controller of your personal data.
What Information We Collect
As described in more detail below, we may collect the following categories of information about you or your use of BrainApps:
Information You Provide Directly to Us
We may collect information from you in a variety of ways, such as when you:
- Register for a BrainApps account (“Account”);
- Request certain features (e.g. newsletters);
- Fill out a survey or provide us with feedback;
- Play cognitive training games or engage in other activities that require your information to function (e.g., portions of BrainApps that require an Account to participate);
- Apply for a job with us;
- Communicate with us; or
- Post user-generated content to BrainApps.
- You are not required to create an Account to gain access to some areas of BrainApps. If you do create an Account, we ask for certain information to process your registration, including an email address and password. If you subscribe to a paid Account, we request additional information, including your full name and payment method details.
We may also collect (1) name, (2) gender, (3) date of birth, (4) education level, (5) other demographic information, and (6) other information you voluntarily provide to us. Providing most of this information is optional. We also allow you select your preferences for training, language, and receiving email communications.
Information that is Passively or Automatically Collected
In addition to the information you provide directly to us, when you use BrainApps, we automatically collect information about the computer, mobile device, or other devices you use to access BrainApps and about how you use BrainApps. For example, we receive data about the games you play and your performance in those games. We also receive information such as your browser type, IP address, language, the type of device you use, operating system version, unique device identifier ("UDID"), the date and time of your visit and files you viewed on our site (e.g., HTML pages, graphics, etc.), Internet service provider, clickstream data, the pages you view and the websites you visited immediately before and after visiting BrainApps. In some cases, we link this automatically collected data to other information we collect about you. We do this to improve the services and marketing we offer you.
We may automatically collect certain information about the computer or devices (including mobile devices or tablets) you use to access BrainApps. As described further below, we may collect and analyze information such as (a) IP addresses, geolocation information (including general location inferred from IP addresses), unique device identifiers, IMEI and TCP/IP address, and other information about your computer or device(s), browser types, browser language, operating system, mobile device carrier information, the state or country from which you accessed BrainApps; and (b) information related to the ways in which you interact with BrainApps, such as: referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of BrainApps, the amount of time spent on particular pages, the date and time you used BrainApps, the frequency of your use of BrainApps, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
Cookies and Other Electronic Technology
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). You can also manage the use of Flash technologies, including cookies and local storage objects with the Flash management tools available at Adobe's website. Please note that by blocking any or all cookies, you may not have access to certain features or offerings of BrainApps.
Information Provided by Social Networking Services and Others
We may supplement the information you provide to us with additional information gathered from other sources, such as publicly available information, or from third parties, such as marketers, partners, researchers and others. We may combine information that we collect from you with information about you that we obtain from such third parties and information derived from any other product or service we provide.
If you are a subject in a research project or study conducted by Blumaro in partnership with a researcher or educational institution, that project may involve the collection of different information than is described in this Section. Research participants may, for example, provide health-related information, including the existence of certain health conditions. Blumaro partners with researchers and educational institutions in conducting such studies. Such research projects are typically done on an anonymous basis, such that Blumaro acts only as a processor of anonymized or pseudononymized data. For further information on how we handle data associated with such research, please refer to the materials distributed to you as part of the study, contact the researcher leading your study, or contact us using the contact information below.
How We Use Your Information at Blumaro
For the purposes for which you provided it;
Authenticating your login and processing your payments;
Personalizing your BrainApps experience and customizing your training program;
Allowing you to monitor your performance and progress in BrainApps, by, for example, presenting charts and graphs of your performance to you;
Customizing and delivering information about our products and services by email;
To contact you with information, surveys, or advertising that we believe may be of interest to you regarding us or BrainApps;
To administer contests and surveys;
Providing customer support and sending confirmations about your Account;
For internal research and reporting;
Protecting our intellectual property or other rights; and
Managing and improving our business, our games, and our training.
We also reserve the right to use and disclose non-personal data (e.g., de-identified or aggregate data) for any purpose. For example, we show aggregate performance measures to users to allow them to evaluate their performance against other BrainApps users. Also, in connection with our Human Cognition Project, we may disclose performance statistics to university collaborators to evaluate, study, and improve the effectiveness of our programs or human cognition more generally. In these situations, all data is disclosed either in aggregate form or with information that can identify you removed. In addition, when we work with university collaborators, we contractually prohibit them from attempting to re-identify individuals from data that has been de-identified.
To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis for our premium users.
Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. To withdraw your consent, please contact us at [email protected]
Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as:
Providing a safe and enjoyable user experience;
Protecting our users, personnel, and property;
Analyzing and improving our business;
Processing job applications; and
Managing legal issues.
We may also process personal data for the legitimate interests of our research partners, such as to provide cognitive training, research, and analytics for such partners.
Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.
To protect the vital interests of the individual or others: For example, we may collect or share personal data to help resolve an urgent safety situation.
No Disclosure to Third Parties for Their Own Marketing Purposes
We believe in protecting your privacy, and therefore do not provide your personal data to third parties for their own marketing purposes.
We may share your information with our corporate affiliates, such as entities under common ownership or control.
Compliance with law and law enforcement requests, and protection of our rights.
We may disclose your information when we have a good faith belief we are required to do so by law, or in response to a subpoena, court order, or other legal mechanism. We may also disclose your information when we have a good faith belief that disclosure may prevent fraud and abuse of BrainApps or its users or protect our property rights.
Online Analytics And Tailored Advertising
We may use third-party web analytics services on BrainApps, such as those of Google Analytics, Rollbar, and New Relic. These service providers use the sort of technology previously described in the "Cookies and other electronic technologies" section to help us analyze how users use BrainApps, including by noting the third-party website from which you arrive, how often you use our app, the events that occur within our app, where the app was downloaded from, and provide certain features to you. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of BrainApps. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
If you receive email from us, we may use certain tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications.
We may personalize the content and advertising that you see when using BrainApps through the use of third-party advertising technologies that allow for the delivery of relevant content and advertising on our websites, as well as other websites you visit and other applications you use. The ads may be based on various factors such as the content of the page you are visiting, information you provide such as your age and gender, your searches, demographic data, user-generated content, and other information we collect from you. These ads may be based on your current activity or your activity over time and may be tailored to your interests.
To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into BrainApps, you may still receive advertisements even if you opt-out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
Data Subject Rights And Your Choices
You may access, review, correct, and delete certain of your personal data by logging into your Account.
Analytics and Advertising
Your Legal Rights
confirm whether we hold personal data about them,
provide access to personal data we hold about them (including, in some cases, in portable form),
update, amend and/or correct personal data we hold;
delete certain personal data in appropriate circumstances;
transfer personal data to a third party provider of services;
To exercise any of the above rights (or any other rights under applicable law), please contact us via our help center.
In addition, individuals in the European Union and some other jurisdictions outside the United States have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances. They may also object to our uses or disclosures of personal data or exercise legal rights to withdraw consent, though such actions typically will not have retroactive effect. To exercise any of the above rights (or any other rights under applicable law), please contact us via our help center.
The rights described herein are subject to limitations and exceptions under applicable law. In situations in which we process personal data on behalf of our research partners, we may refer the request to the relevant research partner and cooperate with their handling of the request, subject to any special contractual arrangement with that research partner.
In addition to the rights above, residents of the European Economic Area also have the right to lodge a complaint with your relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
California residents have certain rights, subject to exceptions. California law may permit you to request that we:
Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
Provide access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.
You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide our services to you. If you ask us to delete it, you may no longer be able to access or use BrainApps.
You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
If would like to exercise any of these rights, please submit a request via our help center or webform. We will take reasonable steps to verify your identity.
The CCPA requires us to disclose the categories of “third parties” (as defined by the CCPA) to whom personal information was disclosed or sold. In the preceding 12 months, we may have disclosed user-generated content, such as where you share user-generated content with other BrainApps users or publicly. If you have expressly agreed to participate in a research study with us or with a third party that incorporates your personal data collected by BrainApps, we also may have disclosed your information for the purpose of facilitating the research to which you have consented. Please review the section above on “When We Share Your Personal Information With Third Parties” for more details on how BrainApps generally shares information collected.
California residents may opt out of the “sale” of their personal information. BrainApps does not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations.
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law via our via our help center. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
We have implemented and maintain security practices to protect against the unauthorized access, use, modification, destruction or disclosure of your personal data. For example, when you enter sensitive information on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. However, no method of transmission or storage is completely secure, and we therefore cannot guarantee absolute security. If you have any questions about security on our website, please contact us using the contact information below.
Outside The United States Consent To Processing And Transfer Of Information
If you access BrainApps outside of the United States, you fully understand and unambiguously consent to the transfer of your personal data to, and the collection and processing of such personal data in the United States. The recipients of the personal data disclosures described in the "When We Share Your Personal Data with Third Parties" section above may be located in the United States or elsewhere in the world. Privacy laws in these countries may not provide protections equivalent to those of your country of residence, and your government may or may not deem such protections adequate.
Referrals And Contacts
We allow you to refer your friends and contacts to BrainApps, either by manually entering their email addresses or by importing contacts from email accounts you have with third parties. If you choose to utilize these features, we’ll use and store the email addresses only for purposes of sending the invitation emails you have requested. If you utilize these features, the friends or contacts that you refer may contact us at the contact information listed below to request that we delete their personal data. Please note that we do not collect the username and password to your email accounts; the import features route you to the third party email provider to log in through their services.
Social Media Widgets
Our website may include social media features, such as Facebook and Twitter buttons. Such features may collect your IP address and information about the page you are visiting, and may set cookies to function properly. Your interactions with these features are governed by the privacy policies of the company providing them.
Cross-Border Transfers; EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
We may import personal data from entities in the European Economic Area on the basis of legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses.
Blumaro participates in and has certified its compliance with the EU – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework. Blumaro is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom, and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. . https://www.privacyshield.gov/list
We recognize that the Court of Justice of the European Union ruled in July 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR export personal data to jurisdictions outside the European Economic Area. Blumaro will continue to honor its obligation to comply with the Privacy Shield Principles with respect to data that was transferred pursuant to the EU Privacy Shield Framework. For such data or any transferred under the Swiss-U.S. Privacy Shield Framework, when Blumaro transfers it to a third-party service provider acting as an agent on Blumaro’s behalf, Blumaro has certain liability under the Privacy Shield if both (a) the agent processes the information in a manner inconsistent with the Privacy Shield and (b) Blumaro is responsible for the event giving rise to the damage. Blumaro complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland subject to the Privacy Shield Framework, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Blumaro is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Blumaro may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Please contact us at the contact information below if you have an unresolved privacy or data use concern, If after that you feel that we have not addressed your privacy or data use concern satisfactorily, please contact our U.S.-based third party dispute resolution provider (at no cost) at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Prior to initiating such arbitration, you must: (1) contact Blumaro and afford us the opportunity to resolve the issue; (2) seek assistance from Blumaro’ designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual.
BrainApps is not directed to individuals under 13 years old. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13, children under the age of 14 in Spain or South Korea, or from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as required by law. As appropriate under applicable law, parents or legal guardians with questions or requests regarding their children’s personal data may contact us as described below.
California “Do Not Track” Notice
We do not track our customers’ personal data over time and across third-party websites to provide targeted advertising and therefore do not respond to "Do Not Track" (DNT) signals.