| Blog|FAQ|Newsletter

    • BMS PRIVACY POLICY

     

    Version 1.0
    Updated on 04/01/2021

    General information

    Blue Media Services’ (hereinafter “BMS”) Privacy Policy aims to clarify the Company’s policy on data processing.

     

    BMS is a technology company specialising in retargeting services.

     

    The provision of the retargeting service consists of displaying advertisements featuring products and/or services that match the potential consumer’s interests.

     

    To provide this type of service, BMS uses an artificial intelligence algorithm that makes it possible to identify a potential consumer’s interests based on their browsing behaviour and consumption patterns (searches, interests, geographical location). These data are collected without identifying the user’s personal data.

     

    Based on these data, BMS’s clients (“Advertisers”) may offer targeted media to their end customers according to browsing behaviour. Through BMS, Advertisers may display advertisements in spaces located on internet portals, blogs and partner websites (“Publishers”).

     

    In this way, BMS’s algorithm does not collect personally identifiable data, such as full name, sex, document numbers, postal address or email address. The data collected relate to how an end user browses websites, as well as their preferences. These data are collected through the assignment of an identifier to ensure user anonymity.

     

    A user identifier is randomly assigned to an internet user so it is possible to recognise that a given user exhibits a particular pattern of behaviour. However, due to the randomness of this process, it is not possible to identify personal data or reverse the anonymisation.

     

    In addition, the technical data collected in connection with a potential consumer’s browsing are processed only by BMS, without any third-party involvement, and with a focus on anonymising personally identifiable information.

     

    That is why we prioritise transparency and accessibility so that the terms of our relationship are available and understandable to our customers, partners and visitors.

     

    Service

    BMS provides retargeting services to its Advertisers, as described above.

    How our service works

    BMS provides an internet advertising service called retargeting. To do so, users’ browsing data are collected when they browse within a partner website. This collection is carried out via tags (a set of programming code added to the partner site), which fire and operate in the background of the browsing environment, without the user’s knowledge. In this process, it is important to stress that no data are collected that would make it possible to identify a user.

     

    As a result, the user may be served advertising from the partner, through BMS’s retargeting services, with the aim of encouraging that user to return to the partner’s website to purchase the product or service in which they expressed interest on the partner’s site.

    Collection and use of personal data

    BMS does not collect personally identifiable data when a user accesses any Publisher or Advertiser website. In other words, we do not collect any data that would make it possible to identify a user while they browse a website.

    Users’ personal data will only be collected by BMS with consent, except in the other cases provided for in this Privacy Policy and in cases of legal requirements.


    Legal basis: Article 7, item I of Law No. 13,709/18

    The data collected by BMS are considered “anonymised data” under the Law and, during the processing of such data, there is no possibility of reversing the anonymisation process. In other words, it is not possible to identify the data subject due to the information security procedures adopted by Blue and set out in this Privacy Policy.


    Legal basis: Article 12 of Law No. 13,709/18

    What data do we collect from users?

    Through tags (a set of programming code added to a Publisher’s or Advertiser’s website, which fires and operates in the background without the user’s knowledge), BMS collects data related to the user’s browsing, such as:

    • Which site the user came from;

    • How long the user stays on each page of the partner environment;

    • The last page visited in the partner environment before leaving it;

    • If the user visited a product, we collect the identifier of the product visited (IDs);

    • If the user added products to a website basket, we collect the IDs of the products added; and

    • If the user made a purchase, we collect the IDs of the products purchased, the total value of the sale and the transaction ID.

    Why do we collect these data?

    The data collected allow us to display highly relevant advertisements to users who have shown an interest in making a purchase on one of BMS’s partner websites. The algorithms used by BMS also assign different weights to the stages of the purchase journey completed by the user in order to deliver this advertisement display service. The closer a user gets to the end of a purchase process, the more relevant the advertisement will be to them.

    How long and where are these data stored by BMS?

    All data collected are stored for 180 days on our encrypted servers hosted on AWS (Amazon Web Services) cloud computing services. BMS does not maintain physical servers to store these data. For this reason, access to servers is only possible via password and encryption.

    How BMS staff handle data

    The browsing data of a user of Advertiser and Publisher websites collected by BMS are used by the artificial intelligence algorithms of BMS’s retargeting product.

     

    These data are used in aggregate form to direct content according to the preferences that a group of users have shown through the identifiers randomly assigned to them by BMS’s system. Therefore, users are not individualised during the retargeting service.

     

    Accordingly, BMS staff do not have access to the browsing data or carry out any analysis of such data. The browsing data are used by the artificial intelligence algorithm to perform a classification process and to associate each product identifier with the identifier of a user who showed interest in that product.

    Data storage

    All collected data are stored on encrypted, password-protected servers, accessed only by the Company’s technical lead (CTO) or BMS professionals with the technical capacity to do so, whose access is also controlled by the Company’s CTO. All servers are hosted in the cloud and provided as a service by AWS (Amazon Web Services).

     

    Such data remain stored for a maximum of 180 days and are then permanently deleted/removed from the servers. From that point onwards, BMS’s retargeting service can no longer target new advertisements to a user unless that user returns to the portal of a BMS partner Advertiser. If the user returns to the Advertiser’s portal, the storage process renews and follows the same standard described in this paragraph.

     

    We only retain data required by law or by any authority with competence to make such a request.

    International transfer of data

    The servers used by BMS are distributed across four regions of the world: Brazil, the United States, Germany and Singapore. All servers in each location have identical counterparts for redundancy, and information exchange occurs only within the servers’ own environment, so that no data processing is carried out in jurisdictions other than Brazil.

     

    Ongoing-use information therefore remains in the service’s own locality, in order to minimise latency in responding to requests made by any user to those servers.

    Information security

    All information collected is stored and processed in a highly secure environment. The entire environment is encrypted, password-protected, and controlled directly by the Company’s technical lead (CTO). These servers also include redundancy to prevent data loss in the event of a collapse or any other threat scenario.

     

    The browsing data collected in the retargeting process are stored on our servers under strict encryption controls. Only the Company’s technical lead (CTO) has access to these servers. Such data remain stored for a maximum of 180 days.

     

    Access to any of the databases mentioned above is via passwords and is restricted to individuals responsible for each of the information storage and processing platforms.

    Rules for Advertisers and Publishers

    We only accept advertisers/partners that commit to a minimum privacy standard. This means our Advertisers or Publishers:

     

    (i) must have a privacy policy, which is requested upon each engagement with an Advertiser or Publisher;

     

    (ii) must not use any BMS product to violate users’ privacy rights;

     

    (iii) must not use personal or sensitive data for processing without the prior consent of personal data subjects or without another legal basis to do so.

    Cookie Policy

    We use certain internal cookies to address, assign an identifier and store a user’s browsing data in our environment, such as:

     

    ckid
    This cookie is an identifier (ID) provided by the user’s internet browser and is used to match the user with relevant products in marketing campaigns.

     

    hash
    This is a randomly generated identifier (ID) that ensures it is impossible to identify a user, precisely to maintain anonymity. The ID is generated from the ckid.

     

    BMSID
    An identifier (ID) generated by BMS to ensure that a user is not identified more than once and does not create duplicates in the system, even if they leave the internet browser.

    Benefits of using cookies

    Cookies save certain browsing information. This way, when you visit a BMS partner website again, it will recognise your browser and may keep your previously selected options and preferences, particularly regarding your preferences when searching for products and services.

    What happens if cookies are not accepted?

    Since we fire our tags within a partner website environment, responsibility for providing cookie notices to users lies with the partner.

     

    If the user rejects the use of cookies, our tags will not fire and the anonymous information of that user will not be collected. As a result, our retargeting service will not work for that user in relation to that partner site they visited.

     

    Consequently, the user will stop receiving advertisements relevant to their purchasing behaviour.

    I do not want adverts

    If you do not want adverts targeted by BMS to appear, you can access the link https://www.bluems.com/optout/ to disable the service and prevent cookies from targeting adverts according to your browsing information.

    Deletion of personal data

    Data will only be deleted when there is an explicit request from a data subject and if BMS has collected any personal data. As a business rule, focusing on the principle of privacy by design (privacy from the outset and by design), BMS does not collect personal data. The data it retains from internet users are anonymised by the process explained at the beginning of this policy.

     

    Therefore, there is no possibility of identifying a user and, accordingly, the rules of the General Data Protection Law do not apply to users who in any way provide information to BMS.


    Legal basis: Article 12 of Law No. 13,709/18

     

    If a personal data subject wishes to make any request, verification, amendment request or deletion request regarding personal data, they may communicate directly with an Advertiser or Publisher that is a BMS client. The personal data subject may also request from BMS confirmation of the existence of collection and processing of personal data and, if confirmed, the amendment and/or deletion will be carried out.

    Use of Google Workspace APIs

    Google Workspace APIs are not used for the development, improvement or training of general-use Artificial Intelligence (AI) and/or Machine Learning (ML) models.

     

    The company accesses only its own internal database and does not retain any user data obtained through the Workspace APIs for any purpose, especially for the development, improvement or training of generalised Artificial Intelligence (AI) and/or Machine Learning (ML) models.

     

    In addition, we do not access, store, transfer or share any users’ personal information, including but not limited to names, telephone numbers or addresses. No personal data are collected, processed or retained by our application when you use or interact with our services.

    Changes

    BMS may change this Policy at any time. Each version of the Privacy Policy will contain the effective date and version information at the beginning of the document to make it easier for users to identify. You may also request an older version of the privacy policy for reference, if needed.

     

    Any change to the Privacy Policy will be communicated to users and, in order to continue using the services provided by BMS, this Policy must be accepted.

    Requests regarding personal data

    Any matter relating to personal data should be sent to the email address: gabriella@ggac.com.br

     

    Data Protection Officer (DPO):
    Gabriella Pontes Garcia
    gabriella@ggac.com.br

    Disputes

    This Privacy Policy is governed by the laws of the Federative Republic of Brazil. Any disputes arising from this Privacy Policy shall be resolved by the courts of the District of São Paulo, State of São Paulo, Brazil, to the exclusion of any other, however privileged it may be or become.

    BMS contact details

    BLUE MEDIA SERVICES LTDA

     

    Rua Alvorada No. 1289, Suite 1211
    Vila Olímpia, São Paulo - SP
    CNPJ 37.746.861/0001-23
    Telephone: (11) 3846-6784

     

    © 2025 Copyright by BMS – All rights reserved.