Freelancers for charities

Blume privacy statement

The formal legal statements are below but because this is such an important issue we thought it would be helpful to summarise our privacy policy in – hopefully – easier to understand terms.

Who has access to what data?

  • Blume Ltd; we have access to all data on the site with the exception of bank and credit card details which are held by ...
  • ... Stripe, our payment provider. In addition to bank details Stripe also holds names, email addresses, physical addresses and dates of birth. For more information about Stripe and why we trust them to hold this data please read our FAQs about security.
  • MailChimp, who we use to send out mailshots. They have access to names and email addresses
  • Google Analytics, who provide us with information about how Blume is being used. They have IP addresses to monitor how people move about Blume. They have no personal data so cannot link this data back to individual users.
  • HotJar, who also provide us with information about how Blume is being used. They also have IP addresses but no personal data so cannot link this data back to individual users.

Security summary

  • Does Blume store credit card or bank account details?
    No, we don't store those in our system. Instead, we use Stripe - a 3rd party payment gateway service, trusted by global organisations like Unicef, Facebook, Comic Relief and Asos - who store your details on their best-in-class server (PCI Service Provider Level 1 for the nerds). Blume never sees your card or bank details at any point.
  • Does Blume store "sensitive" personal information?
    Yes, we store your name, address and (if you've entered it) your date of birth.
  • Where is this information kept?
    We store personal information, encrypted, in our database. Not only is it encrypted, it is stored on a separate server entirely from the Blume website, and that server is never open to the public (only the Blume website can access it).
  • How safe is Blume?
    When you send information to us, we only use HTTPS and use a high quality SHA2-256 2048-bit SSL certificate. The main Blume website server is sitting behind both a reverse proxy and a Cisco firewall, the database server sits privately behind that. We regularly test the site using Tenable software for PCI-quality scans and Qualys to make sure the SSL stays up to scratch, meaning we're taking all the protection we can to keep your data safe.

If you have any questions about this then please email us at contact@blume.life and we will do our best to answer them.

And here’s the more formal version:

Blume Limited (trading as Blume), with company number 10758050 and with a registered address at Little Tufton House, 3 Dean Trench Street, London United Kingdom, SW1P 3HB herein referred to as ‘Blume’ or ‘We’ have created this privacy statement (‘Statement’) in order to demonstrate our firm commitment to protecting the Personal Data that You provide to Blume when using www.blume.life (the ‘Site’) to access the Services.

We are committed to protecting and respecting your privacy and comply with applicable Data Protection Laws. For the purpose of the  General Data Protection Regulation 2016/679, Blume Limited is a Data Controller with ICO registration number: CSN3690216.

In this Statement, references to ‘You’, ‘Your’, ‘Blume Member’, ‘Buyer’ or ‘Blumer’ are references to the person who visits/ uses/ registers on the Site. When You use or access the Site or our Services, You are agreeing to the terms set out in this Statement.

We aim to be as clear as possible in this Statement in respect of Your Personal Data. This Statement applies to Your Personal Data that We collect about You when You use the Site, how and when it is used, how We protect it and who has access to it. This Statement incorporates the Blume Cookie Policy and the Blume Service Terms by this reference (together the ‘Agreement’).[A1] 

Unless otherwise stated, any defined terms as provided in Section 11 below in here shall have the meaning set out in the Blume Service Terms.

1.  YOUR ACCEPTANCE OF THE STATEMENT

This Statement governs Your use of the Services, including any disputes concerning your privacy rights. By using the Services, You accept this Statement in full. You should read the Statement carefully and ensure that You understand its effect before proceeding to use the Site to access the Services. We reserve the right to make reasonable modifications to this Statement at any time with or without notice by posting the changes on this page. Your continued use of any portion of the Site following the posting of the updated Statement will constitute Your acceptance of the changes. However, if in our view any change significantly affects Blume Members’ rights or obligations or is otherwise considered a material change to our Statement’s terms, we shall notify you by email of such changes, and such changes shall take effect 30 days after the date of notification.

2.  WHAT INFORMATION IS COLLECTED & HOW? 

A.  PERSONAL DATA

2.1 The Site asks You to provide various types of Personal Data to enhance the quality of the Services We can provide to You and the more accurate the information You provide, the better We are able to respond to Your requirements. In Your specific role as a Buyer or Blumer (each a ‘Blume Member’), You may input Personal Data in respect of yourself or in respect of one or more other individuals for whom You must have the requisite consent.

2.2  Blume reserves the right to remove any user-generated-content (‘UGC’) You post on the Site if in our sole opinion, such content is unlawful or inappropriate.

2.3  As part of the process of using the Site to access the Services, We collect Your Personal Data (and other data or content of a non-personal nature) in various ways including :

-     Registration form upon applying to be a Blume Member;

-     When you sign-up to our newsletter; and

-     Via our ‘Contact Us’.

2.4   As a Blumer or a Buyer, the following types of Personal Data input by You shall be available for all users of the Site:  first name, public biography and photo.

2.5   As a Blumer or a Buyer, the following types of Personal Data input by You shall only be accessible by Blume and Blume Service Providers and any Blume Partners as applicable: last name, D.O.B., gender (optional), and address (optional). If relevant to the task a Blumer’s address will be shared with the Buyer.

2.6   Through Your use of the Site, We use cookies and other technologies to collect information about Your usage. To learn more, please see our Blume Cookie Policy[A2] .

2.7   We may also collect the following types of Personal Data about You (as applicable):

  • Your visits to the Site and the Blume Content that You download;
  • information about Your computer (including Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and Site navigation); 
  • any other information that You choose to send to us, including any request for further services, general correspondence, reports of a problem with the Site or the Services.

Blume agrees that it will adhere to all applicable Data Protection Laws including the General Data Protection Regulation 2016/679 ('GDPR’) and the UK GDPR i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales and as amended from time to time and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data.

B.    FINANCIAL PERSONAL DATA

2.8  Each transaction made on this Site shall be processed by a third-party escrow management payment processing partner Stripe. You will be required to provide the relevant payment processing partner with financial data (i.e. Your card or banking details) in order to authorise payment from You as a Buyer and to release payment to the Blumer in addition to enabling any Blume Fees to be paid to (or deducted by) Blume in consideration of the Services pursuant to the Blume Service Terms[A3] .  Payment processing services for Blume Limited on Blume provided by Stripe are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively, the ‘Stripe Services Agreement’). The terms of the Stripe Services Agreement may be updated from time to time by posting the changes on the Stripe site.  You authorize Stripe to provide Your Personal Data including financial data to its associated companies, fraud and screening agencies and other relevant governmental bodies to (i) provide the payment services to you, (ii) comply with legal and regulatory obligations, and (iii) to perform underwriting and risk review. Where required to comply with legal, network, or regulatory obligations, Stripe may provide Your Personal Data to law enforcement, networks, regulators, or other similar authorised third parties (as the case may be).  For more details on the Stripe processes Your Personal Data please visit: https://stripe.com/en-gr/privacy.

3. HOW AND WHY IS YOUR PERSONAL DATA USED?

Lawful basis we rely on to process Your Personal Data

3.1       You acknowledge that Your Personal Data may be used by Blume to contact You by post, phone or by Electronic Mail when necessary in connection with Your use of the Site to access the Services e.g. in respect of a change to any of our legal terms and conditions to which You are subject, to provide confirmations, notifications and feedback requests. This is a necessary part of continuing to receive access to the Services and accordingly and where you have not provided your consent will be considered a legitimate interest for Blume to process your data for the purposes of providing the Services to You. You may opt out of receiving direct Marketing Communications from Blume as described in Section 3.4 below. We may also process your to comply with our legal and regulatory obligations, for the performance of a contract with You or to take steps at your request before entering into a contract.

Why we process Personal Data?

3.2  We may process your Personal Data for the following reasons: 

·         Providing our Services to You;

·         Create and manage Your account with us;

·         Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us;

·         To enforce legal rights or defend or undertake legal proceedings;

·         Customise our website and its content to Your particular preferences based on a record of your selected preferences or on Your use of our website;

·         Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended;

·         Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or other important notices; 

·         Statistical analysis to help us understand our customer base; 

·         Updating and enhancing customer records; 

·         Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, eg to record and demonstrate evidence of your consents where relevant;

·         To share Your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymized where possible and only shared where necessary. 

OPTING OUT FROM RECEIVING MARKETING COMMUNICATIONS FROM BLUME:

3.4       You consent to receiving Marketing Communications either by providing your explicit consent or by registering as a Blume Member, signing up to our newsletter or contacting us via our Site. In the event that you have not provided your explicit consent, we consider that we have a legitimate interest to process your Personal Data for marketing purposes and rely on the soft-opt in rule when you have registered with us or contacted us about our services (and you did not opt-out of such communications when you provided us with your contact details). You can change Your mind about any consents you give and revoke them or grant them at any time. For example, You may choose to receive Marketing Communications by just one method e.g. email or choose all methods available. You can change Your receipt preferences in Your Account. Where You do not wish to be sent future Marketing Communications, We will give You the opportunity to unsubscribe in every Electronic Mail communication that is sent to You (or shall procure that any of our Blume Service Providers such as Mailchimp shall do the same). Alternatively, You can contact Blume by sending an email to contact@blume.life with “UNSUBSCRIBE REQUEST” in the subject line or send Your request by post to Little Tufton House, 3 Dean Trench Street, London SW1P 3HB. 

4. WHO HAS ACCESS TO YOUR PERSONAL DATA?

4.1       You expressly consent to Your Personal Data being passed on to third party service providers as described in section 4.5 below (‘Blume Service Providers’) for the sole purpose of Blume fulfilling the Services only (including making improvements to the Services) in accordance with our instructions and all applicable laws and regulations, and not for the purposes of those third parties sending Marketing Communications to You. For the avoidance of doubt, Blume is the exclusive owner of the Site and the Blume Content.

4.2       Your Personal Data may be shared with Blume Partners (such as potential commercial partners or prospects)  to the extent that You have provided Your express consent to this. It is not shared with any person or company without Your consent.

4.3       We may disclose Your Personal Data to any subscriber of the Blume group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.  Transfer of Personal Data may also occur in the event of the sale of Blume Limited or its asset or in the event that Blume is sold or transfers some of its assets to another party, Your Personal Data could be one of the transferred assets. If Your Personal Data is transferred, its use will remain subject to this Statement and to Data Protection Laws. Your Personal Data may be passed on to a successor in interest in the event of a liquidation or administration of Blume.

4. 4      We only allow those organisations to handle your personal data if we are satisfied, they take appropriate measures to protect your Personal Data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

4.5       We or the third parties occasionally also share personal data with: 

·                     our and their external auditors, eg in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations 

·                     our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations 

·                     law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations 

·                     other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

5.       TRANSFERS OUTSIDE THE EU/UK

5.1 Transfer of Your Personal Data outside of the EEA/ UK

From time to time, We may transfer Your Personal Data to a Blume Partners including companies, agents or contractors required to provide or improve our Services or to assist our security, credit risk or fraud protection activities. Such third parties may be located outside of the EEA/ UK and You consent to the transfer of Your Personal Data to such companies for the purposes set out here in accordance with this Statement and as permitted by Data Protection Laws.

Under Data Protection Laws, we can only transfer your personal data to a country outside the UK/EEA where: 

  • the European Commission or the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the GDPR and the UK GDPR.
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or 
  • a specific exception applies under relevant data protection law 

Where we transfer your personal data outside the EEA/UK we do so on the basis of an adequacy regulation or where this is not available we will rely on Standard Contractual Clauses (SCCs) issued further to Article 46(2) of the GDPR and the UK GDPR and as approved from time to time by the European Commission or the UK government as applicable.

In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy. Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section 1 of this Statement ‘Your acceptance to the Statement’ above.

5.2       Blume Members’ obligations when transferring Personal Data outside of the EEA/UK

A Blume Member agrees and warrants that it shall pay due regard to all Data Protection Law when effecting any transfer of Personal Data relating to other Blume Members or third parties in connection with the Services outside the EE/UK to a country which has not been granted an adequacy decision by the European Commission. You should be aware that in territories outside the EEA/ UK, laws and practices relating to the protection of Personal Data are likely to be different and in some cases may be weaker than those within the EEA/ UK. Blue shall not be responsible for compliance of any cross-border transfers made by Blume Members.

6.  HOW WE PROTECT YOUR PERSONAL DATA & FOR HOW LONG

6.1    The privacy and protection of Your Personal Data is important to us. Any Blume Member statistics that We may collect and may provide to prospective Blume Service Providers or prospective Blume Partners regarding Your usage of the Services are provided in anonymised and aggregate form and do not include any individually identifiable data. It is used primarily to aid the technical administration of the Site, to better understand how the Site is functioning and to draw conclusions upon demographic information.

5.2    You acknowledge that email messages sent over the internet are not encrypted and are not secure. Despite efforts to protect Your Personal Data, We cannot ensure or warrant the security of any Personal Data You transmit to Blume or any of our Blume Partners (or other Blume Members) via, to, or from the Site.

5.3    Unfortunately, the transmission of Personal Data or information via the internet is not completely secure. Although We will do our best to protect Your Personal Data, We cannot guarantee the security of Your data transmitted to the Site; any transmission is at Your own risk. Once We have received Your information, We will use procedures and security features to try to prevent unauthorised access. How long We keep Your Personal Data collected through the Site depends on the context in which You provide it and the purpose for which We use it. We will only retain it for as long as is necessary for such purposes. We may send You direct Marketing Communications for as long as You do not opt-out from receiving the same from Blume.

5.4   Telephone calls: If You call any of the service telephone numbers We provide, We may record Your call. These recordings are used for training and quality control to ensure that We continuously monitor and improve our service standards.

5.5   Any Personal Data that is held with Blume shall be retained in accordance with the Data Protection Law and/ or our retention and destruction policy culminating in its permanent deletion.

6.  COOKIES

For information about cookies and how they are used on the Site, please visit our Blume Cookie Policy.

7.  THIRD PARTY LINKS

The Site may contain links to other websites or applications. Blume is not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently. 

8.       ACCESS TO YOUR PERSONAL DATA

Blume tries to be as open as it can be in terms of giving people access to their Personal Data. Individuals can find out if We hold any Personal Data by making a ‘Subject Access Request’ under applicable Data Protection Laws If We do hold Personal Data about You, We will let You have a copy of that Personal Data. To make a request to Blume for any Personal Data that We may hold, You need to put the request in writing addressing it to the postal address provided below. We will have one (1) calendar month to comply with Your request and may charge an administrative fee if your request is manifestly unfounded or excessive. In order to make a Subject Access Request to any Blume Partner, You will need to contact them directly.

8.  YOUR RIGHTS

 Under Data Protection Laws you have the following rights in respect to your Personal Data : 

·         You have a legal and personal “right of erasure” which is also known as the “right to be forgotten”. Upon Your request, We will close Your Account and remove Your Personal Data as soon as reasonably possible from all of our records unless a lawful reason exists for Blume to retain some or all of it.  Blume reserves the right, in its sole discretion, to delete Your Personal Data if your Account is inactive for six (6) months or more;

·         You have the right to access and receive a copy of your Personal ata;

·         You have the right to request your Personal Data to be corrected, which is also known as the “right to rectification”;

·         You have the right to restrict the use of your Personal Data or object to the use pf your Personal Data;

·         You have the right to move your Personal Data from our Site to another compatible system, also known as “right to data portability”;

·         You have the right not to be subject to decisions based on automated processing including profiling, please see our Cookies Policy [A4] for more information on how we use cookies.

 

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). If you would like to exercise any of those rights, please contact us via contact@blume.life or see below: ‘How to contact us’. When contacting us please: 

·                     provide enough information to identify yourself (eg your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you, and 

·                     let us know which right(s) you want to exercise and the information to which your request relates.

9.   COMPLAINTS OR QUERIES

Blume tries to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously and We encourage You to bring it to our attention by contacting us at contact@blume.life. We would also welcome any suggestions for improving our procedures. This Statement does not provide exhaustive detail of all aspects of Blume’s collection and use of Personal Data. However, We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the postal address below. If You are not happy with the way in which Your Personal Data is being handled by us, please contact us you can contact the supervisory authority,  the Information Commissioner, see www.ico.org.uk.

10. HOW TO CONTACT US

Requests for information about our Statement or a ‘Subject Access Request’ can be emailed to contact@blume.life or requested in writing to: Little Tufton House, 3 Dean Trench Street, London SW1P 3HB

11. DEFINITIONS & INTERPRETATIONS 

Blume Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).

Blume Partners: refers to any third party with whom We partner with in respect of the provision of the Services

Blume Service Providers: refers to the third parties with whom We work with from time to time as a necessary part of providing the Services to You.

Data Protection Laws: refers to the General Data Protection Regulation 2016/697 together with any other applicable regulations, orders, code of practice and guidance.

Electronic Mail: includes email, text, video, voicemail, picture and answerphone messages (including push notifications and in-app notifications).

Personal Data: has the meaning set out in General Data Protection Regulation 2016/697 and any applicable Data Protection Laws.

Subject Access Request: refers to a written request made in accordance with General Data Protection Regulation 2016/697.  

12. CHANGES TO THIS STATEMENT

We keep our Statement under regular review. This Statement was last updated on 01/01/2022.