BumOne, a service of Hashtag Dialing Codes, LLC, places great importance on security of your personal data and only partners with vendors that adhere to the strictest security and data protection standards. BumOne has implemented technical and organizational security measures to guarantee the security of your personal data. Information is stored on secure networks and access is restricted to those employees and partners who are entitled to access our systems.
The Data Controller:
45 Cobblestone Drive
Hudson, New Hampshire 03051 USA
If you have any questions or concerns about BumOne’s personal data practices or your privacy rights, you may contact us at gdpr@BumOne.org.
In accordance with the European Union (EU) General Data Protection Regulation (“GDPR”), BumOne has appointed a representative within the EU for all contact with European Authorities:
Business for Social Responsibility NORDIC ApS
Vester Voldgade 6 - 8, 2nd to the right
DK-1552 Copenhagen V
I. Executive Summary
As a global organization, BumOne complies with data protection legislation and guidelines in all countries where it has locations. BumOne usually works only with IT vendors who participate in and have certified compliance with the EU–U.S. Privacy Shield Framework and are committed to subjecting all personal data received from EU member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles, or have taken other measures to comply with GDPR as mentioned below, under chapter VII. To learn more about the Privacy Shield Framework, you may visit the U.S. Department of Commerce’s Privacy Shield List.
II. How We Collect and Use Your Personal Data
BumOne collects personally identifiable information in the following ways:
Member and Client Data
When a company joins as a member of BumOne or subscribes to our BumOne Mailing list, we collect business contact data in the form of the following data from you:
First and last name
Work email address
Area of interest (e.g. sustainability, climate etc.)
All personal data collected will only be used to process your membership application and to send you product information and occasional special offers or announcements from selected BumOne partners, if you have subscribed to the BumOne Mailing List. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of BumOne services.
We rely on fulfillment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of member and client data.
Website Visitors’ and App Users’ Data
In general, website visitors do not need to provide personalized information to BumOne. We do collect "aggregate data," that is, group data with no personal identifiers. We use this aggregate data to help us understand how the site is being used and to improve its usability. We also use it to enhance the quality and availability of products and services we offer.
We also, with explicit permission, use aggregate data from online surveys you choose to fill out for research and publication purposes.
If personal data is provided, and retained, it is only name, email, and phone number, which allow BumOne to contact the visitor at his or her organization. BumOne solely holds the information and engages in no contact-sharing program with other organizations.
Many websites create Cookies (small text files) when a user visits a website, and these Cookies are used to analyze aggregate user behavior on a website. In compliance with the EU ePrivacy Directive,
BumOne websites ask permission of the visitor prior to setting Cookies. Should the visitor agree,
BumOne’s server will only collect the following information:
The visitor’s IP address (including the domain name associated with the IP address, i.e. using reverse look-up).
The date and time of the visit to the website.
The pages visited on the website.
The browser being used.
In addition, where this is available, BumOne will also collect:
The country from which the visitor is accessing the website (only the ending is saved, e.g., since this indicates the relevant country).
The language of the browser being used.
The website from which the visitor is accessing the BumOne website.
The search word used (if the site is accessed via a search engine).
The type of connection and operating system.
When it comes to Cookies, we rely on consent given as the lawful basis under GDPR Article 6(1)(a).
When you send an inquiry to us through our contact form, we use the personal data that you have stated in the contact form to answer you. Any personal data received from you will not be used for any other purpose without your prior consent and knowledge and will not be disclosed.
We rely on a legitimate interest as the lawful basis under GDPR Article 6(1)(f) for the processing of data in connection to inquiries.
In order to ensure that the services we offer meet your requirements, we may ask for your feedback in form of surveys and polls. Any feedback received from you will only be used for the purpose of improving our services and will not be disclosed.
We rely on your consent as the lawful basis under GDPR Article 6(1)(a) for the processing of data in connection with surveys.
BumOne’s use of ecommerce is limited to registration for a limited number of events each year. Individuals within companies provide their corporate information to register for an event. We use the data collected in order to process billing and orders for products/services you choose to purchase on our website.
We rely on fulfillment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of eCommerce Data.
III. Personal Data Collected From Third Parties
In some cases, we collect your personal data from third parties:
We receive a limited amount of data via lead generation programs. Contacts can change email preferences at any time and opt-out by following the links included in BumOne emails for this purpose.
IV. Payment Information
When you purchase services from us, we request you to state your payment card details (name on card, billing address [street address/city/state/country], card type [e.g. Visa], card number, expiration date, security code). We are using a secure third party to manage transactions and ecommerce payment processing.
Your payment information will be stored as long as the third party is entitled or obliged to store it pursuant to legislation.
V. Duration of Storage
We will store your personal data until these are no longer necessary for us to process. In certain situations, it may be difficult to envisage an exact period, but the below paragraphs list our periods for the processing of your personal data.
Member and Client Data
We store member company data and contact information of member companies for the duration of the membership with us and for a period of time thereafter to allow members to recover accounts if they decide to renew, to analyze the data for our own operations, and for historical and archiving purposes associated with our history as a membership organization. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data protection officer at gdpr@BumOne.org.
Client data, i.e. data collected due to your subscription to our mailing list, will be erased as soon as possible after your deregistration to the mailing list.
Stored until six months after completion of processing of your inquiry.
Stored up to five years after receipt. To the extent possible, we will store your feedback in an anonymous form, and we have a long duration of storage in order to measure our own performance over time.
In general, if we have reason to store your personal data as part of the protection of our legitimate interests, including, for example, legal disputes, we reserve our right to store your personal data for an extended period and minimum until the legal dispute has been determined.
VI. Transfer of Your Personal Data
We do not rent or sell personally identifiable information with other individuals or organizations.
However, we may transfer your personal data to third parties when it is necessary in order to provide you with our service. Third parties shall mean:
Undertakings in the BumOne Group
Security-cleared data processors/subcontractors, who are assisting us or the group with IT or other services
When we transfer your personal data to business partners, you should be aware that they might have stored personal data concerning you collected by other means, e.g. if you have been in contact with them in another context.
We also transfer your personal data to the above or other third parties if we are obliged to do so according to legislation or in order to protect our or the group’s interests in legal disputes.
VII. For EU Citizens
File Storage and Security
BumOne partners with a security-cleared data processor to store files and data on secure servers. This data processor has self-certified under the EU-U.S. Privacy Shield Framework and thereby guarantees an appropriate standard of data protection and operates to an appropriate standard of data security.
All data is accessed via secure connections in the United States.
In spite of our efforts to establish a secure environment for the website, you should be aware that no information is completely secure on the internet. Therefore, you should always take the necessary safeguards on your own equipment.
You have the right of access to the personal data we are processing concerning you, as well as to have your personal data updated, rectified, or erased, or to obtain a copy of your personal data. All requests shall be made in writing to gdpr@BumOne.org.
Transfer of Personal Data to Third Countries
BumOne partners with various IT vendors and from time to time. This will result in a transfer of personal data to a third country or international organization.
In order to ensure a sufficient level of security for such transfer in accordance with the GDPR,
BumOne has chosen to work only with vendors that:
have certified compliance with the EU-U.S. Privacy Shield Framework, or
have entered into Standard Contractual Clauses with BumOne.
A copy of the Standard Contractual Clauses can be obtained by contacting gdpr@BumOne.org.
If you want to lodge a complaint over our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the national Data Protection Authority.
Effective Date: September 1, 2021 (last updated: October 1, 2021)
IX. Additional Provisions
This Privacy Statement describes the types of information we collect on bumone.app, how we may use that information, and with whom we may share it. We also tell you how you can reach us to update your contact information, remove your name from our contact list, or answer any questions you may have about our online privacy practices. This policy does not apply to information collected offline or on other BumOne, LLC company websites, platforms, or apps.
X. Information We Collect About You
bumone.app is a website intended for adults 21 years of age and older only. We collect information from and about you. bumone.app allows you to sign up to receive future communications and resources about subjects including excise taxes and sales restrictions. To do so, we ask you for certain information (such as your name, email address, and postal address) so we can provide you with the communications and resources you request.
Additionally, you may let your elected officials know your views by contacting them and entering certain information (such as your name, address, and email address) on our site. Your contact information allows us to automatically match your communications to the appropriate elected officials, assist you in registering to vote and requesting an absentee ballot, and help you contact your elected officials. We also collect the information you post on our site or when you contact us. We may also collect information about you from third parties.
XI. Other Information We Collect
We also collect information about your computer and Internet usage. This might include your geolocation. We collect this information using technologies like “cookies” and “web beacons,” as explained below. We might collect personal information about users over time and across different websites when you use this website. Furthermore, we also might have third parties that collect personal information this way.
XII. Tracking Technologies
We – or third parties we work with – use several common passive data collection technologies. These may include cookies, web beacons, and similar technologies.
Like many companies, we use “cookies” on this website. Cookies are bits of text that are placed on your computer’s hard drive when you visit certain websites.
Cookies allow us to “customize” your user experience. When you register with bumone.app, you are able to utilize many of the resources available on the site that align with your home address (e.g., communicating with your elected officials). At the moment of registration, a cookie is set that tells us on future visits to send you directly to your homepage of choice. By segmenting the audience in this way, we can surface information that is appropriate. That way, you will have an easier time getting to the information that you are looking for on repeat visits.
XIII. Our Do Not Track Policy
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These features are not yet uniform, so we are not currently set up to respond to those signals.
XIV. We Use Information as Disclosed and Described Here
We use the information to respond to your requests or questions. Likewise, we also use the information to improve our services. For example, we might use your information to customize your experience with us. We also use the information to look at site trends, customer interests, and security purposes. We also use information as otherwise permitted by law.
XV. Information We Share
We share information as described and disclosed here. We may also share information as described to you at the time we collect it. Furthermore, we may share the information you provide with our parent company, BumOne, LLC, and its companies for outreach regarding legislative, regulatory, or election-related issues and for administrative purposes. We will not share your information for the purpose of these companies marketing their products to you. To learn more about BumOne, LLC and its companies, visit:
We also may share information provided by our website visitors with service providers we have retained to perform services on our behalf. These service providers are required to use or disclose the information only as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets.
XVI. Your Choices
You can opt out of receiving BumOne App communications by following the instructions in any email you get from us, or by contacting us as specified in the How to Contact Us section below and telling us you would like to opt of BumOne App communications.
You can also control cookies and tracking tools. Your browser may give you the ability to control cookies. How you do so depend on the type of cookie. Certain browsers can be set to reject browser cookies. Flash cookies cannot be controlled through your browser settings. To control flash cookies, which we may use on certain websites from time to time, you can go to:
Not all tracking described here will stop if cookies are deleted or blocked. The choices you make are both browser and device-specific.
XVII. NOTICE TO CALIFORNIA RESIDENTS
XVIII. The Site and Minors
This site is meant for adults 21 years of age and older only. We do not knowingly collect personally identifiable information from anyone under 21. If you are a parent or legal guardian and think your child has given us information, you can contact us as specified in the How to Contact Us section below. Parents, you can learn more about how to protect children’s privacy online at: http://www.business.ftc.gov/privacy-and-security/childrens-privacy.
XIX. Links to Other Sites
We may provide links to other websites for your convenience and information. These sites operate independently of bumone.app. These sites may have their own privacy statements in place, which we strongly suggest you review if you visit any linked websites. This Privacy Statement does not apply to those sites. To the extent any linked websites you visit are unrelated to BumOne, LLC and its companies, we are not responsible for their content or any use of the sites.
XX. We Use Standard Security Measures
The Internet is not 100% secure. We cannot promise that your use of our sites will be completely safe. We encourage you to use caution when using the Internet.
Furthermore, we keep personal information as long as it is necessary or relevant for our business. We also keep the information as otherwise required by law.
XXI. Updates to Our Privacy Statement
This Privacy Statement may be updated periodically and without prior notice to you to reflect changes in our on-line information practices. We will post a prominent notice on this site to notify you of any significant changes to our Privacy Statement and indicate at the top of the statement when it was most recently updated and/or provide other appropriate notice to you. We will notify you of any material changes to our Privacy Statement as required by law.
XXII. How to Contact Us
If you have any questions or comments about this Privacy Statement, or if you would like us to update information we have about you or your preferences, please contact us at firstname.lastname@example.org or by calling us at 1.844.4.BumOne.
Notice to California Residents – Your California Privacy Rights
Effective Date: July 1, 2020
Notice of Collection and Use of Personal Information
We may collect and may have collected during the 12-month period prior to the effective date of this Policy the following categories of personal information about you:
Identifiers: Identifiers such as a real name, postal address, unique personal identifiers (such as a device identifier; cookies, beacons, pixel tags, and similar technology; customer number; telephone number and other forms of persistent or probabilistic identifiers), IP address, email address, and other similar identifiers
Customer Records Data (Subject to Cal. Civ. Code § 1798.80): signature, and physical characteristics or description
Protected Classifications: characteristics of protected classifications under California or federal law, such as age, gender, and ethnicity/race/national origin
Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications, or advertisements
Sensory Information: audio, electronic, and similar information
Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, predispositions, behavior, and attitudes
We may use and may have used during the 12-month period prior to the effective date of this Policy, your personal information for the purposes described in the privacy statement on www.bumone.app and for the following business purposes specified in the California Consumer Privacy Act of 2018:
Outreach regarding legislative, regulatory, or election-related issues
Looking at site trends, customer interests, and for security purposes
Performing services, including maintaining or servicing accounts, providing customer service, verifying customer information, providing advertising, providing analytics services, or providing similar services
Auditing is related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Debugging to identify and repair errors that impair existing intended functionality
Conducting internal research for technological development and demonstration
Sources of Personal Information
During the 12-month period prior to the effective date of this Policy, we may have obtained personal information about you from the following categories of sources:
From you and your device, for example, through your use of the website when you email us, when you create an account, or otherwise visit, contact, or communicate with us
From our affiliates
From our vendors
From advertising networks
4. Sharing of Personal Information
During the 12-month period prior to the effective date of this Policy, we may have shared your personal information with certain categories of third parties, as described below.
We may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:
Category of Third Party
Categories of Personal Information
Vendors, consultants, and advisors who provide services on our behalf
Identifiers; Customer Records Data; Protected Classifications; Online Activity; and Inferences
Data analytics providers
Identifiers and Online Activity
Identifiers and Online Activity
5. In addition to the categories of third parties identified above, during the 12-month period prior to the effective date of this Policy, we may have shared personal information about you with the following additional categories of third parties:
Category of Third Party
Categories of Personal Information
1. Acquiring/merging entity, in the event of a sale or transfer of all or a portion of our business or assets Identifiers; Protected Classifications; Online Activity; and Inferences
2. Government entities and investigatory bodies, including regulatory agencies and law enforcement
3. Identifiers; Customer Records Data; Protected Classifications; Online Activity; Inferences; and Sensory Information
4. We may share personal information for other reasons that we may describe to you from time to time or as permitted by law
Sale of Personal Information
1. During the 12-month period prior to the effective date of this Policy, we may have provided the following categories of personal information:
2. To online advertising providers:
3. Identifiers and Online Activity
4. This site is meant for adults 21 years of age and older only. We do not knowingly collect personally identifiable information from anyone under 21. Accordingly, we do not sell the personal information of individuals under 21 years of age if we have actual knowledge of the individual’s age.
California Consumer Privacy Rights
1. You have certain choices regarding your personal information, as described below.
2. Rights Under the California Consumer Privacy Act of 2018
3. Access: You may have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed, and sold about you during the past 12 months.
4. Deletion: You have the right to request that we delete the certain personal information we have collected from your subject to certain exceptions under the law. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. In the case of requests submitted online, if we are able to verify your identity (as described below), we will ask you to confirm that you would like your personal information deleted prior to deleting any of your personal information.
5. Opt-Out of Sale: You have the right to opt-out of the sale of your personal information.
How to Submit a Request:
1. To submit an access, deletion, or opt-out of sale request online, please follow this link to the Privacy Contact Us form.
2. You may also submit an access, deletion, or opt-out of sale request by emailing us to submit an access, deletion, or opt-out of sale request
3. email@example.com include your first name and a phone number at which we may reach you or by calling 1.844.423.6663. Indicate that you are a California resident, making a “California Consumer Privacy Act” inquiry.
4. To submit a request as an authorized agent on behalf of a consumer, please email us at firstname.lastname@example.org a request as an authorized agent on behalf of a email@example.com with your first name and a phone number at which we may reach you and indicate in the subject line that you are making a CCPA Authorized Agent Request, or call 1.844.423.6663.
5. Verifying Access and Deletion Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request.
6. If you request to access or delete your personal information, we may require you to provide information such as: address, email, and birth year.
7. In addition, if you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
8. Non-Discrimination: We will not discriminate against you if you choose to exercise any of your rights under the California Consumer Privacy Act, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Rights Under California’s “Shine the Light” Law
1. If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please contact us at https://www.bumone.app/privacy-contact-form or, by calling us at 1-888-977-2246. Indicate that you are a California resident making a “Shine the Light” inquiry.