Blum Consulting is committed to protecting the privacy, confidentiality and security of any personal information about our users. Your privacy is always at the top of our priorities, and we are focused on protecting it from unauthorized access.
We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Our Services do not collect personal information for our customers.
1. WHAT INFORMATION DO WE COLLECT?
- When you are on our website
- Usage Data: Blum Consulting may collect information on how the Service is accessed and used (Usage Data). This Usage Data may include information such as your computer’s Internet Protocol address (IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
- Users details: If you create an account, we ask for information such as your email, name, country, phone number, etc. All this information is used to personalize your experience or send you onboarding emails and invoices.
- Payment information: If you become a paying customer, we will collect your payment card information through our payment gateway or crypto wallet. The payment information is never sent to our servers and therefore, we are not collecting/storing it on our own servers.
- When you subscribe to a newsletter on our website
- Contact details: On our website, we have a form that allows you to subscribe to different feeds of email notifications.
- When you use our services
- Server logs: We monitor your usage, and log requests that you make. Those logs can include IP address, geo localization information, browser type, etc.
- When you contact our support
- Support conversation: If you reach out via email, we keep conversations and other data you might send during those exchanges. When you delete your account, those conversations are removed within 90 days.
2. HOW DO WE USE THE INFORMATION WE COLLECT?
Blum Consulting collects your personal data fairly and lawfully and in accordance with any applicable law and our Terms of Services. The main purpose of collecting personal data is to provide you with a safe, optimal, efficient, and personalized experience.
We may use your personal data as follow:
- To make sure that we get to know you better, so our service can be tailored just for what’s important in your life! identify you and your preferences;
- For a more customized experience, we can research and suggest travel services that will meet your needs;
- In addition to furnishing you with travel-related information, our company will also keep in contact by way of personalized communication and regular newsletters or alerts;
- To make all your travel plans for you. We can book airfare, hotel accommodations, car and other reservations on your behalf;
- To obtain travel insurance policies on your behalf;
- To obtain credit card or other financial approval for payment;
- To compile statistics and conduct market research;
- To compile reports for the suppliers of your travel services and for regulatory and industry agencies;
- To comply with the law;
- To notify you about changes to our Service;
- To gather analysis or valuable information so that we can improve our Service;
- To monitor the usage of our Service;
- To detect, prevent and address technical issues;
- For purposes ancillary to the above.
We act as an agent or intermediary for suppliers of travel services. Your personal information will be provided to these parties in order that they may provide you with relevant service, but it is not shared beyond this purpose without permission from yourself!
When you share with us the personal information of your travel companions or other persons for whom you are requesting information or travel services:
- you warrant to us that you are authorized to give that consent on their behalf and indemnify and hold us harmless against any claim by such persons in which they allege that you were not so authorized.
You can visit our website, read materials, and browse the website’s contents without giving us any personally identifiable information.
3. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
Blum Consulting retains the personal information we process on behalf of our customers for as long as needed to provide the Services to our customers and in accordance with our terms of service. Once it is deleted, Blum Consulting removes almost everything within 90 days. To the extent not deleted by our customers, Blum Consulting may also retain and use certain personal information for a reasonable period of time thereafter as necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our terms of service.
4. DATA PROTECTION RIGHTS UNDER GDPRs / CCPA / PIPEDA / LGPD/ PDPA
You have certain data protection rights. Blum Consulting aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- Right of access/portability
The data subject shall have the right to obtain from the controller confirmation whether personal data concerning him or her are being processed, and, where that is the case, access to the personal data […] The controller shall provide a copy of the personal data undergoing processing.
As a customer, you have access to your personal information through our website.
- Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
As a customer, you can change your personal data right from our website.
- Right to be forgotten & Right to object
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
The data subject shall have the right to obtain from the controller restriction of processing.
As a customer, all your user’s data is erased within 90 days after you cancel your account.
As a user, you can request the deletion of your data at any time at firstname.lastname@example.org After verification of your identity, a written confirmation of the correct deletion will be given within the next 30 days.
5. CALIFORNIA PRIVACY RIGHTS
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
- Right to Know – You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this privacy statement. You may make such a “request to know” by contacting us at email@example.com
- Right to Request Deletion – You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us at firstname.lastname@example.org
- Right to Opt-Out – You have a right to opt-out from future “sales” of personal information. Note that the CCPA defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our sites and Service when you use our online services, but do not “sell” any other types of personal information.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law.
Finally, you have a right to receive notice of our practices at or before collection of personal information, and you have a right to not be discriminated against for exercising these rights set out in the CCPA.
6. HOW DO WE USE YOUR EMAIL ADDRESS?
By submitting your email address, you agree to receive emails from us. You can cancel your participation in any of these email lists at any time by clicking on the opt-out link or other unsubscribe option that are included in the respective email. However, transactional emails are essential part of email-system and to stop receiving them, you must cancel the service completely.
We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails.
Email addresses submitted only through the order processing page will be used for the sole purpose of sending you information and updates pertaining to your order. If, however, you have provided the same email to us through another method, we may use it for any of the purposes stated in this Policy. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
7. RISK OF EXPOSURE
You understand and agree that using/sharing content online involves risks of unauthorized disclosure or exposure and that, in submitting your content, data to or transmitting it through the system, you assume these risks. Blum Consulting offers no representation, warranty, or guarantee that your data will not be exposed or disclosed through the System or through errors or the actions of third parties.
It is important to be aware of the risks that subsist on the internet and how to minimize them:
- Exposure to inappropriate material
- Illegal activities
- Legal and financial risks
- Identity theft
- Invasion of privacy
- Data breach
8. CYBERSECURITY AND ONLINE WEBSITE DISCLAIMER
- Cyber Security is defined as technologies, processes, procedures and controls that are designed to protect Digital Environments from Cyber Security Incidents;
- Cyber Security Incident is defined as the loss or unauthorized destruction, alteration, disclosure of, access to, or control of a Digital Environment;
- Digital Environment is information technology systems, operational technology systems, networks, internet-enabled applications or devices and the data contained within such systems.
Blum Consulting has implemented administrative, physical and technical safeguards to protect Client’s Personal information. We shall ensure that all such safeguards, including the manner in which Personal Information is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement.
You understand and agree that sharing content online involves risks of unauthorized disclosure or exposure and that, in submitting your content to or transmitting it through the system, you assume the risks.
Blum Consulting is not liable, and you agree not to hold us responsible for any damages or losses arising out of or in connection with this Agreement, including, but not limited to:
- Your use of or your inability to use our Website or Website services;
- Delays or disruptions in our Website or Website services;
- Viruses or other malicious website incurred by accessing, or linking to our Website or Website services;
- Glitches, bugs, errors, or inaccuracies of any kind in our Website or Website services;
- Damage to your hardware device from the use of the Website or Website services;
- The content, actions, or inactions of third parties’ use of the Website or Website services;
- A suspension or other action taken regarding your account.
9. INFORMATION SECURITY EXPERTS
- We regularly consult with our developers and experts if and when urgent issues arise with the Website or if there are scheduled feature releases or upgrades.
- Our cloud hosting provider will only be asked to access the data in the event the Website is down or is experiencing server issues.
- We may consult with security experts to ensure continuous Website safety and compliance.
10. CYBERATTACK DISCLAIMER
A cyberattack is where an attacker tries to gain unauthorized access to an IT system for the purpose of theft, extortion, disruption, or other nefarious reasons.
Normally, a cyberattack is carried out by someone who is not, or was not, a member of the organization.
Blum Consulting strives to protect Customers against Cyberattacks. We have implemented our system with security experts and we use industry best practices security measures to protect our users.
While Coin Travel takes many measures to ensure security, we are not liable for any Cyberattack, damage, or loss on the World Wide Web. You expressly agree and acknowledge that the use of the Blum Consulting Website is at your sole risk. In no event will Blum Consulting, Blum Consulting professionals or their officers, employees, directors, parents, subsidiaries, affiliates, agents or licensors be liable for any indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of revenues, profits, goodwill, use data or other intangible losses arising out of or related to your use of the Website and/or Service.
11. TYPES OF CYBERATTACKS FOR WHICH WE TAKE NO RESPONSIBILITY:
- Network security attacks
- Wireless security attacks
- Malware attacks
- Social engineering attacks
- Malware: is a type of application that can perform a variety of malicious tasks – spy on the user in order to obtain credentials or other valuable data or to cause disruption.
- Phishing: is where the attacker tries to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property, and so on.
- MITM – Man-in-the-middle-attack is where an attacker intercepts the communications between two parties in an attempt to spy on the victims, steal personal information or credentials, or perhaps alter the conversation in some way.
- DDoS – Distributed Denial-of-Service attack – is where an attacker essentially floods a target server with traffic in an attempt to disrupt, and perhaps even bring down the target. A DDoS attack is able to leverage multiple compromised devices to bombard the target with traffic.
- SQL injection: is a type of attack which is specific to SQL databases. The attacker can exploit the HTML form to execute queries that will create, read, modify, or delete the data stored in the database.
- Zero-day exploit: is where cyber-criminals learn of a vulnerability that has been discovered in certain widely-used website applications and operation systems, and then target organizations who are using that website in order to exploit the vulnerability before a fix becomes available.
- DNS tunneling: is a sophisticated attack vector that is designed to provide attackers with persistent access to a given target. Attackers are able to insert or tunnel malware into DNS queries. The malware is used to create a persistent communication channel that most firewalls are unable to detect.
- BEC – Business Email Compromise: is where the attacker targets specific individuals, usually an employee who has the ability to authorize financial transactions, in order to trick into transferring money into an account controlled by the attacker. BEC attacks usually involve planning and research in order to be effective.
- Cryptojacking: is where cyber criminals compromise a user’s computer or device and use it to mine cryptocurrencies, such as Bitcoin. Organizations don’t have great visibility when it comes to this type of attack, which means that a hacker could use valuable network resources to mine a cryptocurrency without the organization having any knowledge of it.
- Drive by Attack: A drive by download’ attack is where an unsuspecting victim visits a website which in turn infects their device with malware. The website in question could be one that is directly controlled by the attacker, or one that has been compromised. In some cases, the malware is served in content such as banners and advertisements.
- Cross-site scripting (XSS) attacks: Cross-site scripting attacks are quite similar to SQL injection attacks, although instead of extracting data from a database, they are typically used to infect other users who visit the Website. It can happen in the comment section on a webpage.
- Password attack: is a type of cyberattack where an attacker tries to guess or cracks a user’s password. Some examples: Brute-force attack, Dictionary attack, Rainbow table attack, Credential stuffing, Password spraying and Keylogger attack.
- Eavesdropping attack: Sometimes referred as “snooping” or “sniffing”, an eavesdropping attack is where the attacker looks for unsecured network communications to intercept and access data that is being sent across the network.
- AI-Powered attack: AI-powered website is able to slave machines to perform a huge DDoS attack. Also, can learn what kinds of approaches work best and adapt their attack methods accordingly. They can use intelligence feeds to quickly identify website vulnerabilities, as well as scan systems themselves for potential vulnerabilities. AI-powered attacks can work around the clock. They are fast, efficient, affordable and adaptable.
- IOT-Based attacks: is a type of attack where an attacker goes through an IOT (internet-of-things) device and exploits targets such as medical devices, security systems, smart thermometers in order to launch large-scale DDoS attacks.
It’s important to note that no system is 100% vulnerability free or “hacker-proof”.
12. HARM TO YOUR DEVICES
You understand and agree that you use, access, download, or otherwise obtain information, materials, assessments, results or data through the Website or any of the other services or any third-party site at your own discretion and risk and that you will be solely responsible for any damage to your property (including your devices) or loss of data that results from the download or use of such material or data.
13. WEBSITE IMPROVEMENT
Blum Consulting is committed to helping protect your privacy at all times except as otherwise provided in this Agreement. In order to provide and improve the website, its features, and user experience, we may automatically collect, maintain, process and use information concerning the way the various modules and functionalities of the Blum Consulting website are being used. Information is also gathered anonymously for the purpose of statistical analysis of Website usage.
We will only use such information for the purpose of providing end users with the best possible website experience. The collected data will not be disclosed, shared, sold, traded, or rented to any third parties for marketing purposes.
14. COOKIES POLICY
Cookies are small pieces of text used to store information on web browsers. They are used by many websites to store and receive identifiers and other information on devices, such as a handheld phone or computer.
We also may include tracking pixels, which are small graphic images, in our marketing communications to determine engagement. These cookies may be set by us or by third parties with whom we have partnered to assist in our marketing efforts.
Categories of cookies:
Strictly Necessary, Functional, Performance, and Targeting.
Strictly Necessary cookies are required to deliver security and enable core site functionality and cannot be turned off.
Most web browsers are set to accept cookies by default; however, you may be able to delete cookies yourself through your browser’s cookie manager. To do so, please follow the instructions provided by your web browser. Please note that disabling cookies will reset your session, disable auto-login, and may adversely affect the availability and functionality of our Platform and the services we can provide to you.
Strictly Necessary Cookies
Strictly Necessary cookies are essential to providing the Website and Services to you and cannot be turned off. They provide necessary security settings or help you use our websites’ features and Services as expected (including remembering your cookie consent preferences). We place Strictly Necessary cookies.
Functional cookies allow us to remember choices you make about the kind of experience you want on our Platform and to provide you with a more personalized experience. For example, a functional cookie is required to remember which language you prefer. You may choose to opt out of these cookies, but if you do, various functions of the websites or Services may be unavailable to you or may not work as intended.
Performance cookies help us learn how you use our Platform to help improve their performance and design. These cookies provide us with aggregated statistical information such as number of page visits, page load speeds, how long a user spends on a particular page, and the types of browsers or devices used to access our system.
These third party cookies are placed by third party advertising platforms or networks to collect information about your visits to and actions on certain pages of our Platform so they can deliver ads for relevant products and services to you later, such as when you are on certain third party sites. These cookies also track ad performance.
We use to collect information about how users access our platform – for example, the number of users on a website, how long they stay on the site for, and what parts of the site they visit.
Here are some examples of how to change your browser settings:
- For Internet Explorer (7, 8, 9):
- Internet Options
- Set up as you wish
- For Chrome:
- Show advanced settings
- Set up as you wish
- For Mozilla Firefox:
- Menu “Tools”
- Tab “Privacy”
- Set up as you wish
- For Safari:
- Set up as you wish
15. HOW LONG DO WE KEEP YOUR INFORMATION?
Blum Consulting will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
After the expiry of this period, we undertake to delete any information we have collected from you.
Disclosure of data:
- Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
16. HOW DO WE PROTECT YOUR INFORMATION?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information
We cannot, however, ensure or warrant the absolute security of any information you transmit to We or guarantee that your information on the Service may not be accessed, disclosed, altered, or destroyed by a breach of our physical, technical, or managerial safeguards.
17. YOUR CONSENT
18. CHILDREN’S PRIVACY
Our Service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.
20. GOVERNING LAW
This Agreement will be governed by the law of Dubai, United Arab Emirates, without giving effect to the principles of conflict of law.
21. DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions about this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contacts Data Protection Officer, at email@example.com