Privacy Notice

Effective Date: August 31, 2023

Last Modified: [Month] [Date], 2025

BlueForge Alliance, and its subsidiaries and affiliates (collectively, “BFA,” “we,” “our,” and “us”) are responsible for this website www.buildsubmarines.com (the “Website”). This Privacy Notice describes how BFA uses your data.

Introduction

Our Privacy Notice details how we collect, use, and disclose the Personal and Non-Personal Data we collect from and about you when you access or use our Website. This Privacy Notice covers data that we collect through the Website, directly from data subjects, from tracking mechanisms such as cookies or that we obtain from third parties. In cases where you follow a link to a third-party website, you are no longer covered by our Privacy Notice, and any data collection or processing activity that takes place on that website will be governed by that website’s own Privacy Notice. We only collect data on the Website.

Scope of this Privacy Notice

In accordance with our Terms of Use, the Website is only for use by people aged 18 or over.

In all jurisdictions, if you are under the age of majority in your jurisdiction, you must use the Website under the supervision of your parent, legal guardian, or responsible adult even if your age is above the BFA permitted use age for that jurisdiction. 

We adopt a range of measures to try to ensure that no information is knowingly solicited from individuals who do not meet the minimum age or any other applicable age requirements.

If we learn that an individual who does not meet the minimum age requirement has used the Website, Services or provided Personal Data through the Website, we will restrict access to, or close their account, and remove that information from our systems.

Definitions

“Employer” means a person, entity, or organization seeking information relating to hiring, training, or providing education opportunities to Candidates, or seeking to make available information regarding employment opportunities on behalf of their own or another’s behalf, including employment agencies, educational institutions, trade/vocational schools/programs, and BFA community partners and suppliers.

“Candidate” means an individual searching for employment opportunities or information related to their personal job search or employment.

“Personal Data” means an information that relates to or identifies a natural person, which can include information about how that natural person engages with the Website, such as device information or IP address.

“Sensitive Information” category of Personal Data that reveals racial or ethnic origin, religious or philosophical beliefs, union membership, medical history, mental or physical health condition, medical treatment or diagnosis, sex life, sexual orientation, sexuality, status as transgender or nonbinary, military or veteran status, status as a victim of crime, national origin, citizenship or immigration status; genetic or biometric data that is processed for the purpose of uniquely identifying an individual; personal data collected from a known child; precise geolocation data; social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication. This shall have the same meaning as defined in U.S. data privacy law and, of note, BFA does not collect all these data categories.

“Special Category Data” means information that relates to an identified natural person and reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex or sexual orientation, or specific geolocation data. This shall have the same meaning as defined in the GDPR and, of note, BFA does not collect all these data categories.

“Services” means our job search services available to Job Seeks and Employers through the Website, which includes working with Employers and Candidates to facilitate employment, training and career development opportunities and to allow for direct communication between Employers and Candidates, including their identified email addresses in addition to through the Website.

“Non-Personal Data” means any information that does not relate to an identified natural person, e.g., data relating solely to a business.

“Your Information” means Personal Data and Non-Personal Data that pertains to you.

“Controller” means the entity that decides how and why Your Information is processed.

“Processor” means the entity that processes Personal data in a specific way at the direction of the Controller.

“BFA Messaging” means the direct messaging service that allows Employers and Candidates to communicate directly via the Website.

“Job Listings” means the job openings posted on the Website.

“Resume” means a resume or curriculum vitae (CV) document uploaded by a Candidate to the Website.

“Profile” means the information a Candidate provides when creating a profile account, that may include name, address, biography, interests, photograph, location where the Candidates is interested in employment opportunities, and Resume information.

“ATS” means applicant tracking system.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 and the Data protection Act 2018.

“EEA” means the member states of the European Economic Area.

“UK” means the United Kingdom.

Who is Responsible for Your Information

This section explains when BFA is a controller or a processor of your Personal Data, and which entity is responsible for your Personal Data. 

For Candidates:

For certain processing, such as when the employer sets questions like screener questions or assessments, BFA can be a processor of your application materials submitted through the Website. The Employer to whom you are applying controls this data.

BFA is a controller of all other information that you provide in the course of your use of our Website.

For Employers:

For certain processing, BFA can be a processor of Candidate applications submitted through the Website.

BFA is a controller of all other information that you provide in the course of your use of our Website.

BFA controlling entity responsible for your information will depend on your location. It is important to note that the contracting entity indicated in our Terms of Use may differ from the entity listed as a controller in this Privacy Notice. 

Data Collection and Use

BFA uses different types of information to provide our Services. The Personal Data we collect and process may vary, depending on how you use our Website.

Information BFA Collects

In accordance with applicable data protection laws in the EEA, controllers must have a legal basis to process information. This means we rely on different legal bases to process your information, depending on the purpose of processing outlined in this Privacy Notice. 

Full details of the types of personal data we collect from you, the purpose of processing it, our processing operations, and details of the legal bases we rely upon for GDPR are detailed below. 

Retention of Your Information

Where BFA acts as a controller of your Personal Data, we retain such data until it is no longer necessary to fulfill the purpose it is being used for, as required by applicable laws, or until you ask us to delete it. 

Information on how long we retain your information, for each purpose, is set out in the following section. In determining these appropriate retention periods, we consider the purposes for which we process Personal Data and whether we can achieve those purposes through other means. We also consider the extent, nature, and sensitivity of Personal Data and our legal obligations with respect to data.

Where BFA acts as Processor of your Personal Data, we store such data until instructed to delete it by the Controller.

Personal Data we collect from all Website users:

What we collect	Identifiers/Contact Information: Name, address, zip code, email address, phone number, and other unique identifiers that identify you as a natural person.
How we collect it	From you directly by providing it to us when signing up to receive our business or use our Services, in communicating with us about our Services, etc. We also collect contact information when you register to attend webinars and other events.
How we use it	We collect, process, and store your contact information. If provided in the context of seeking employment Services, to connect Candidates and Employers to facilitate Website, email or other forms of communication, to contact you or otherwise conduct interviews.
Why we process it	To interact with you, to communicate with you, to create and maintain an account at your direction, to process orders/requests at your request. To help us find products and Services relevant to your preferences. To send you marketing and transaction emails/ communications, and to send you reminders. To contact you to verify your identity/account.
Legal basis	Transactional emails are sent as part of performance of a contract. At account creation, marketing emails are sent on the basis of the legitimate interest of promoting and improving our Services. We rely on our legitimate interest in detecting and preventing fraudulent activities on our Website for verification. Reminders of upcoming interviews and events are consent-based. Account creation and interviewing are done on the basis of performance of a contract. In certain markets, we might rely on your consent in order to contact you and provide Services related to sponsored campaigns or advertisements. Contacting you, including by post are done on the basis of legitimate interest and, in some cases, performance of a contract. We list points of contact for employers in our legitimate interest to help our applicant-employer communications. ‍
What we collect	Communication Information: Information obtained by communicating with us via dispute resolution, correspondence, messages sent/received, comments, replies, interactions with or through our Website.
How we collect it	From you directly as you interact with our Website.
How we use it	We collect, analyze, process, profile, including via automated means, and store your communication/discussion information.
Why we process it	For data analysis, quality control, enforcement of the Website’s rules and other BFA policies, content moderation, and to improve the Website or our Services.
Legal basis	Internet Activity: Browsing history, search history, online interactions, computer sign-on data, time and date data, statistics on page views, location information, traffic to and from the Website, search terms, web logs, links clicked, and other technical information or data collected from traffic to/from the Website.
How we collect it	From cookies and similar technologies and third-party tracking mechanisms.
How we use it	We collect, analyze, process, and store internet activity data including through automated means, and in some cases recorded in real-time.
Why we process it	For fraud prevention and security purposes. To improve our Website and Services. To help us find products and services relevant to your preferences.
Legal basis	We rely on our legitimate interests in understanding how users interact with and use our Website, and keeping our Website and Services safe and secure. Internet data is monitored to prevent malicious and fraudulent activity, or Spam on our Services as part of performance of a contract.
What we collect	Device Information: Device, IP address, “cookie” information (as described in our Cookie Policy), the version of your operating system (OS), and the page you requested. When you use the Website on a mobile platform, we may also collect and record your unique device ID (persistent / non-persistent), hardware type, media access control (MAC) address, international mobile equipment identity (IMEI), your device name, and your location (based on your IP address).
How we collect it	From cookies and similar technologies and third-party tracking mechanisms.
How we use it	We collect, analyze, process, and store device information including through automated means, and in some cases recorded in real-time.
Why we process it	For fraud prevention and security purposes. To improve our Website and Services.
Legal basis	We rely on our legitimate interests in understanding how users interact with and use our Website, and keeping our Website and Services safe and secure. Device data is monitored to prevent malicious and fraudulent activity, or spam on our Services as part of performance of a contract.
What we collect	Profile Data: Log-in credentials, username, how soon you are seeking employment, e.g., immediately, within six (6) months, beyond six (6) months, permissions, associated account actions (such as when your account is created, when you log-in, add information, request a service, and any changes to your account), topics you are interested in, and locations where you are interested in working. This will also include a professional headline, such as a job title or role that aligns with your experience or the type of role you are interested and biography information.
How we collect it	From you directly by providing it to us when creating an account.
How we use it	To verify your identity/account, to collect, analyze, process, and store Profile Data, to send you alerts when a job posting is posted that fits the interests you identified and close to the locations where you indicated you are interested in working.
Why we process it	To interact with you, to communicate with you, to create, maintain an account at your direction, and to notify you of opportunities you might be interested.
Legal basis	Profile Data is processed as part of performance of a contract.
What we collect	Employment-Related Data: Your Resume and other materials shared when you post it/upload it to the Website for Employers to view, your activity in relation to that application, as well as scheduling of / participation in an interview. This will also include the information we collect from a battery of questions you will answer as part of the Profile creation process, including, whether you are in the military, rank and paygrade, experience in certain fields/functions relevant to submarine building and related trades.
How we collect it	From you as you provided it to us.
How we use it	We process your application data and, in some cases, store it, including as part of your personnel file, as part of BFA’s reporting requirements to the Military Intelligence Brigades (“MIBs”) or under our legal requirements to retain applicant information.
Why we process it	To process and facilitate your application for employment.
Legal basis	Performance of a contract as these data are essential to help you find jobs. We rely on our legitimate interests in providing a valid and relevant service to our users.
What we collect	Communication Information: Information obtained by communicating with Employers via BFA Messaging.
How we collect it	From you directly as you interact with BFA Messaging.
How we use it	We collect, analyze, process, profile, including via automated means, and store your discussion information.
Why we process it	For data analysis, quality control, enforcement of the Website’s rules and other BFA policies, content moderation, and to improve the Website or our Services, and ensuring you are provided with personally relevant communications, and preventing fraud and spam.
Legal basis	We rely on our legitimate interests in providing a valid and relevant service to our users and to continue to improve our products and Services. We provide an opt-out so you can object to marketing messages. Messaging data cannot be malicious, spam, or fraudulent and is monitored as part of performance of a contract. Depending on the applicable law, we may rely on your consent.
What we collect	Biometric Data: Your photograph.
How we collect it	From you directly as you submit it to the Website as part of creating a profile account.
How we use it	We collect, analyze, process, profile, including via automated means, and store your Biometric Data.
Why we process it	For data analysis, quality control, enforcement of the Website’s rules and other BFA policies, content moderation, and to improve the Website or our Services.
Legal basis	We rely on our legitimate interests in providing a valid and relevant service to our users and to continue to improve our Services. Messaging data cannot be malicious, spam, or fraudulent and is monitored as part of performance of a contract. Depending on the applicable law, we may rely on your consent.
What we collect	Business Information: Information about your business, employee contact details and physical location of business, Business Registration information.
How we use it	We collect, process, store and analyze such data to verify that Employers on our Website are legitimate, including to match Employers with Candidates with relevant experience or interests in such business or job opportunities and to connect Candidates and Employers to facilitate Website, email, or other forms of communication. This information will be used only for internal purposes, subject to any request by law enforcement or a court order.
Why we process it	To prevent fraud and spam, and to protect Candidates. To enhance our Services. To improve the accuracy of market analysis.
Legal basis	We rely on our legitimate interest in detecting and preventing fraudulent activities on our Website. We rely on our legitimate interest to enhance our Services and to improve the accuracy of market analysis. Where we are required to comply with a legal obligation.
Retention Period	For data provided for verification purposes, we delete such information after your account has been verified. For special category data collected by our vendor on our behalf, they will retain this information for the lifetime of the account.
What we collect	Employer Account Data: Log-in credentials, username, email, and password information.
How we collect it	From you directly by providing it to us when creating an Employer Account.
How we use it	To verify your identity/account, to collect, analyze, process, and store Profile Data, to send you alerts when a job posting is posted that fits the interests you identified and close to the locations where you indicated you are interested in working.
Why we process it	To interact with you, to communicate with you, to create, maintain an account at your direction, and to notify you of opportunities you might be interested.
Legal basis	Profile Data is processed as part of performance of a contract.
What we collect	Communication Information: Information obtained by communicating with Candidates via BFA Messaging.
How we collect it	From you directly as you interact with BFA Messaging.
How we use it	We collect, analyze, process, profile, including via automated means, and store your discussion information.
Why we process it	For data analysis, quality control, enforcement of the Website’s rules and other BFA policies, content moderation, improving the Website or our Services, ensuring you are provided with personally relevant communications, and preventing fraud and spam.
Legal basis	We rely on our legitimate interests in providing a valid and relevant service to our users and to continue to improve our products and Services. We provide an opt-out so you can object to marketing messages. Messaging data cannot be malicious, spam, or fraudulent and is monitored as part of performance of a contract. Depending on the applicable law, we may rely on your consent.

Any Personal Data BFA obtains from other third-party sources will be processed by BFA in accordance with this Privacy Notice and all applicable laws.

Other Uses for Your Information

How we use your information will depend on which Services you use, how you use those Services, and the choices you make in your settings. The primary reason we collect Information is to provide and improve our Services, to allow us to work with our Employers, some of whom contract with us to promote their employment opportunities, to provide you with a more customized experience on our Services, and as identified in the above tables. However, the following is a summary of more specific ways we may use Your Information:

• To provide operate, measure and improve our Services, keep our Services safe, secure and operational, and customize Website content.

• To contact you regarding your account, to respond to your requests or questions, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service.

• To send you transactional communications. For example, we might send you email alerts and emails about employment opportunities based on your interactions with our Website, the Employers and your preferences. We might also contact you about this Privacy Notice or our Terms of Use.

• To provide other Services requested by you as described when we collect Your Information.

• To share with our marketing partners for marketing purposes or to use for our own marketing purposes. For example, to send you information about events or special promotions, to tell you about new features of the Website, etc. To learn about your choices for these communications, see below.

• To determine your level of engagement with email or promotional marketing materials that are send to you, including whether you opened an email or promotional marketing materials and/or otherwise engaged with it.

• To improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.

• For security purposes. To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities and/or attempts to harm our users.

• To enforce our Terms of Use, this Privacy Notice, or other policies, and to monitor for violations of our policies or applicable laws.

We also use Your Information as otherwise described in this Privacy Notice, as permitted by law, or as we may notify you.

‍

Using Other Website to Login to our Website or Services

Some users may choose to connect to our Website or Services using third-party account credentials (for example, your Facebook login or YouTube account). If you choose to connect your account using a third-party account, you understand some of Your Information may be shared with us or the respective third-party platform. Your Information may also be subject to separate policies of such third-party platform. You should review those policies before providing consent. Connecting your account to third-party applications or services is optional. You can revoke this permission anytime in your account settings.

Cookies and Similar Technologies

Visiting or using our Website or Services with your browser settings adjusted to accept cookies tells us that you consent to our use of cookies and other technologies to provide you with the Services. If you do not accept the use of these cookies, please disable them using the instructions provided below.

What Are Cookies?

“Cookies” are text files transferred to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used to make websites work more efficiently, recognize your browser or device, improve your user experience, customize features and advertising, and provide reporting information about the Services.

You can configure your desktop or mobile browser’s settings to reflect your preference to accept or reject cookies, including how to handle third-party cookies (see, “How to Manage Cookies,” provided below).

You can find out more information about cookies at http://www.allaboutcookies.org and http://www.youronlinechoices.eu.

In addition to cookies, there are other similar technologies used by us and elsewhere on the web or in mobile sites or applications. Web beacons, browser storage and plugins, and other technologies often work in conjunction with cookies, and may store small amounts of data on your device.

How We Use Cookies

The Website uses cookies and other technologies that work in conjunction with cookies (such as SDKs, pixels, tags, or web beacons) to collect and store Your Information. Cookies may be served directly by us to your device (a first party cookie) or may be served by one of our service providers on our behalf (a third party cookie). Cookies can be used to recognize you when you visit our Services, remember your preferences, and give you a more personalized experience. Cookies can also make your interactions with the Services faster and more secure.

While specific types of cookies and technologies may change from time to time as we improve and update the Services, cookies used by the Services generally fall into the categories below:

Security and Authentication (Strictly Necessary Cookies): These cookies are essential to provide you with the Services and to use some of its features, such as access to secure areas. Without these cookies, we cannot provide parts of the Services that you request, like secure login accounts and transactional pages.

Performance & Functionality Cookies: We use performance cookies to analyze how the Services are being accessed and used, or how the Services are performing in order to maintain, operate and continually improve the Services and provide a better overall user experience. Functionality cookies record information about choices you have made and allow us to customize the Services to you. When you continue to use or return to the Services, we can remember choices you make (such as login credentials, language preference, country location, and/or other online settings) and provide the personalized or enhanced features that you select.

Social Networks: Some technologies help you to interact with social networks you are signed into while using the Services, such as sharing content with the social network, logging in with the social network, and other features you employ with the social network, or that are allowed in the social network’s privacy policy. These may be set and controlled by the social networks, and your preferences with those social networks. You can manage your privacy preferences for these social networks and their tools and widgets via your account with the social network.

Advertising or Targeting Cookies: These cookies allow us and third parties to gather information about the content you are browsing, your visit, and your interaction with ads and our communications, and to display ads that are relevant to you and measure their effectiveness. Certain third party cookies may also track your activity across various sites to display ads relevant to you and your interests on third party sites and applications. Most advertising or targeting cookies set by the Services belong to our service providers.

How to Manage Cookies

You can choose whether or not to accept cookies and other technologies, as explained below. However, you should be aware that disabling cookies may prevent you from enjoying the full functionality of the Services.

Most browsers allow you to change your cookie settings. The “Options” or “Preferences” menu of most browsers detail how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Your browser’s settings may also allow you to disable or delete similar technologies and data used by browser add-ons (such as Flash cookies), for instance by changing the add-on’s settings or clearing browser storage. Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information:

Google Chrome

Internet Explorer

Mozilla Firefox

Safari (Desktop)

Safari (Mobile)

Android Browser

Opera

Opera Mobile

Cloudflare

For other browsers, please consult the documentation that your browser manufacturer provides.

If you only want to limit third party advertising cookies, you can turn off most of these cookies by visiting the following links (but be aware that not all of the companies listed on these sites drop cookies via our Services):

Your Online Choices

Network Advertising Initiative

Digital Advertising Alliance

You can also exercise your Website cookie preferences by visiting the TRUSTe preference center by clicking this link: http://preferences-mgr.truste.com/.

Browser Controls

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Websites though your access to some functionality and areas of our Websites may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

Mobile Advertising

You can opt out of having your mobile advertising identifiers used for certain types of Interest Based Advertising, including those performed by us, by accessing the settings in your Apple or Android mobile device and following the most recent published instructions through the Digital Advertising Alliance’s YourAdChoices. In addition, on your iPhone, iPad or Android, you can change your device settings to control whether you see online interest-based ads. If you opt out, we will remove all data about you and no further data collection or tracking will occur. The random ID we (or our third party partners) had previously assigned to you will also be removed. This means that if at a later stage, you decide to opt-in, we will not be able to continue and track you using the same ID as before, and you will for all practical purposes be a new user to our system.

Please note that even if you opt-out and limit cookies or these third party tracking technologies, they may still collect data and you may still see ads, but they will not be targeted based on information collected through these technologies.

With Whom We Share Your Information

Sharing by you

The Services are social by their very nature, so your participation in such Services will allow Employers to see your name and/or username, profile picture, bio, employment-related data, and any other content you upload or disclose through your Profile.

Sharing by us

We share your information with third parties as listed below and as otherwise described elsewhere in this Privacy Notice:

Employers

The Website’s purpose is to connect Candidates and Employees. As such, we share your Information with Employers information who might be interested in your employment services.

BFA sends Candidate Personal Data to Employers, including, on the instruction of Candidates and Employers. Such transfers are performed in the course of the job search, application, and interview process. Candidate Personal Data transferred to Employers in this way is processed in accordance with BFA’s Terms of Us and those of the relevant Employer. This allows Employers to review Candidates and to connect directly with Candidates via the Website, email or other forms of communication.

Employers agree to comply with all their responsibilities under applicable data protection rules with respect to the collection, processing, and storage of Personal Data, as well as providing adequate protection of all data subject rights provided for under all applicable data protection rules.

BFA Employer Accounts associated with an Employer’s domain may be shared with other members of your organization to facilitate the allocation of new joining members to the corresponding Employer Account. If you use BFA with a company email address, but you do not use the Services in connection with your organization (for example searching and applying for jobs yourself), and you do not wish for this information to be shared with your organization, you should transfer your account to a personal email address. You might be able to update the email address on your account from the account settings page, depending on your sign-in method.

In certain jurisdictions, we host jobs made available by other job boards. When a Candidate applies to job posts posted by job boards that have been integrated by BFA, if such Candidate agrees to the terms of service and the privacy policy of the job boards before submitting the application, the Candidate’s personal data may be transferred not just to employers but also to the job boards.

Candidates

BFA sends certain Employment-related information to Candidates. This includes publishing Job Ads, Company pages, and salary information on the Website and publishing Job Listings on third-party websites. BFA may also make available certain Employer-related information to Candidates, such as information about an Employer’s activity and responsiveness on the Website. This can include the Employer representative’s name, the Employer’s city/state location, and other information about the Employer’s business. BFA does this to help Candidates evaluate employment opportunities. As an Employer, when you use the Website, e.g., for example by posting a Job Listing or contacting a Candidate through BFA Messaging, you agree that BFA may provide this information to Candidates.

Service Providers and Other Third Parties

We use third parties to perform services in connection with our operations, to improve the Website and our services, products, and features, to protect our users and better understand their needs, and to optimize our services and our users’ experiences, such as payment processing, data management and analytics, marketing, advertising, communication and IT services, and we need to share your Information with them in order for them to provide such products and services. Unless we tell you differently or you consent otherwise, these third parties do not have any right to use Your Information beyond what is necessary to assist us in providing Services. Any uses of Your Information by these third parties will remain governed by security and confidentiality obligations consistent with this Privacy Notice and applicable law.

By using our Website, you acknowledge our use of such third-parties, including, but not limited to, for the purpose of collecting, processing, analyzing, and recording your activity on, interaction with, and communications with, or through our Website. This includes: which areas of the Website you visit (including URLs), which content you view, which information you input, whether and where you click, scroll, hover-over, mouseover, or otherwise interact with or communicate with or through the Site, the timing of each activity, and time spent on each activity. Our third parties collect this data from everyone using the Website, including users of private browsing mode, “incognito mode,” or similar modes.

We process your activity on the Website directly or through third parties to help us better understand how you use them. This helps us improve the Services we offer. All of which allows us to help you find jobs.

To the Public

BFA sends certain Employer-related information to Candidates. This includes publishing Job Listings, Employer web pages, and salary information on the Website and publishing Job Listings on third-party websites. BFA may also make available certain Employer-related information to Candidates, such as information about an Employer’s activity and responsiveness on the Website. This can include the Employer representative’s name, the Employer’s city/state location, whether the Employer has taken or has chosen not to take an action with regard to the Candidate’s resume or application such as opening, viewing, responding to or making a decision in regard to it, whether the Employer has engaged with other Candidates or viewed other Candidates’ resumes, and whether the Employer has taken an action in regard to a Job Listing such as pausing or closing it. We do this in order to help Candidates evaluate employment opportunities. As an Employer, when you use the Website you agree that BFA may provide this information to Candidates.

Company Affiliates

Subject to applicable laws, we may share your information with companies with whom the Company is affiliated or related to, e.g., parent company or subsidiaries, and will require such affiliated or related companies to use the Information solely in accordance with this Privacy Notice.

Military Intelligence Brigades

We may disclose Candidate information to military entities, including MIBs or other authorized national security or defense organization where such disclosure is required by applicable law, regulation, or lawful military order; necessary to support background investigation, security clearance processing, or national security vetting; or pursuant to a request from a military or Governmental Authority acting within the scope of its official duties. Subject information may include, Identifiers/Contact Information and Employment-Related Data. Any information disclosed in this manner will be limited to what is necessary to fulfill the authorized purpose and in accordance with any applicable FAR/DFARS requirements.

Department of Defense

Further, certain personal information that we collect, receive, maintain, transmit, or otherwise process through this website may be handled by us in our capacity as a prime contractor, subcontractor, or other covered support provider to the United States Department of Defense (“DoD”). When we process such information on behalf of the DoD, that information is incorporated into one or more official DoD Systems of Records and is therefore subject to the Privacy Act of 1974. Pursuant to 5 U.S.C. § 552a(j)(2) and § 552a(k)(1)–(5), and as further set forth in the applicable DoD System-of-Records Notices, the DoD has lawfully exempted certain categories of records from one or more provisions of the Privacy Act.

Nothing in this clause, however, diminishes any privacy rights you may have with respect to information that we process outside the scope of our DoD contracts or that is not incorporated into a DoD System of Records. For such data, the rights and procedures described in this Privacy Notice continue to apply. This statement is effective as of the date indicated at the top of this Privacy Notice. We reserve the right to revise or withdraw this statement as required to remain consistent with changes to DoD policy, federal law, or our contractual obligations.

Business Transfers

We may choose to buy or sell assets. In these types of transactions, customer Information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired or merged, or if we go out of business, enter bankruptcy, or go through some other change of control, Your Information would be one of the assets transferred to or acquired by a third party.

Protection of Company and Others

We reserve the right to access, read, preserve, and disclose any of Your Information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, interests, or safety of our Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

The Security of Your Information

The security of Your Information is important to us. We take commercially reasonable security measures, including administrative, technical, and physical safeguards, to protect your Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Your Information by selecting and protecting your password and/or other sign-on mechanism appropriately. To help protect Your Information, you should not share your account information or password, reuse your password on other Website, or use a password you have used on other Website.

We endeavor to protect the privacy of your account and Your Information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

Where Your Information Will Be Held

In order to provide the Service, Your Information may be transferred to and stored at a destination outside of your country and the EEA and, in particular, the United States. It may also be processed by any service providers appointed by us who operate outside of the EEA and their staff. By submitting Your Information, you agree to this transfer, storing or processing outside of the EEA or your country and acknowledge that not all countries guarantee the same level of protection for your Information as the one in which you reside. Data transferred will be treated in accordance with this Privacy Notice and, where applicable, the GDPR.

Your Privacy Rights

Right to Opt Out of Certain Communications

By providing your phone number through the Service, you expressly consent to receive recurring marketing text messages, job alerts, service updates, and other promotional communications from BFA or our affiliates at the number you provided, including via automated technology such as autodialers or prerecorded messages. Consent is not a condition of user of our Service. Message and data rates may apply. Message frequency may vary. You may opt out of receiving text messages at any time by replying “STOP” to any message you receive. For help, reply: “HELP” or Contact Us.

We may contact you via tele-call, email or other forms of communication for transaction purposes. You may receive such communication when you create an account with us or receive alerts from us regarding Employers or employment opportunities you might be interested. By agreeing to this Privacy Notice you give us explicit permission to do so. Irrespective of the fact if you have also registered yourself under DND or DNC or NCPR service, you still authorize us to give you a call for the above-mentioned purposes. Marketing opt-out requests will only remove you from our list and the list of any service provider performing services on our behalf, not from the list of any third party.

You may be able to opt-out of receiving certain email communications, such as marketing, from us or sent on our behalf by clicking the “Unsubscribe” button at the bottom of any email communication from us, by adjusting your preferences or location in your Account settings, or by emailing us at info@blueforgealliance.us.

U.S. State Privacy Rights

Some U.S. states have privacy laws providing privacy rights to their residents. These laws include the Texas Data Privacy Security Act, California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA), Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Privacy Act, New Jersey Data Protection Act, Oregon Consumer Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act. However, these rights are available to all users located in the U.S.

While states may provide different rights to their residents and use different termination, we strive to live up to the law, and what you want to do as it pertains to your Personal Data. Here is a summary of the rights per state with a summary of what those rights entail directly below.

Sample Caption
Privacy Rights by State	CA1	CO2	CT3	DE4	IA5	MT6	OR7	TX8	NE9	NH10	NJ11	UT12	VA13
Access and Portability	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑
Correct Inaccuracies	☑	☑	☑	☑		☑	☑	☑	☑	☑	☑	☑	☑
Delete	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑
Opt Out of Processing for the Purpose of Sale and Targeted Advertising	☑	☑	☑	☑	☑14	☑	☑	☑	☑	☑	☑	☑	☑
Opt out of profiling	☑	☑	☑	☑		☑	☑	☑	☑	☑	☑		☑
Limit the Use of Sensitive Personal Data	☑
Non-Discrimination	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑	☑
Designate an Authorized Agent	☑	☑	☑	☑		☑	☑	☑	☑	☑	☑	☑	☑

Access and Portability

You have the right to access a copy of your Personal Data, which you can do by following the instructions in the Exercise Your Privacy Rights below.

Correct Inaccuracies

You have the right to request that we correct inaccurate Personal Data that we have collected about you. You can do so by submitting following the instructions in the Exercise Your Privacy Rights below.

Delete

You have the right to request deletion of the Personal Data that we have collected from you, which you can do by following the instructions in the Exercise Your Privacy Rights below. But if we delete your Personal Data, we might not be able to provide any or all of our Services.

“Sale” and “Sharing” for Targeted Advertising

Under U.S. privacy laws, Personal Data is “sold” when provided to a third party for monetary or other valuable consideration, which is a fairly broad term. We share your Personal Data with third parties for a variety of reasons, including with Employers to help Candidates find employment opportunities and to help Employers find appropriate candidates. However, we do not sell or share your Personal Data as those terms of defined under U.S. privacy laws, including the definition of “share” under the CCPA.

U.S. privacy laws provide the right to opt out of the processing of your Personal Data for purposes of the sale of your Personal Data and the sharing of your personal data for purposes of targeted advertising. As explained above, we do not sell or share your Personal Data third parties.

Sensitive Information

We do not knowingly collect or process Sensitive Information though you could provide Sensitive Information to us via your biography submission or your Resume of which you do so by consent. Some states require we obtain consent prior to the collection of Sensitive Information, while some states like California provide users the right to limit the use and disclosure of Sensitive Information beyond what is necessary to perform the services as reasonably expected by users and those other activities allowed under its regulations. All Sensitive Information collected by BFA is with your consent, or as permitted or required under applicable laws.

Profiling

We do not undertake any profiling in furtherance of decisions that produce legal or similarly significant effects on our users.

Exercise Your Privacy Rights

To exercise any of your data subject rights, please submit the attached Data Subject Request Form or Contact Us at via email info@blueforgealliance.us subject line “Exercise My Data Privacy Rights” and provide us information about how we might be able to locate you in our records/system to process your request and also identify the data subject rights you wish to exercise.

We will respond to your request without undue delay, and, in any event, within 45 days of the request, unless less time is required by law. That period may be extended by 45 days (for a total of 90 days) where necessary, taking into account the complexity and number of the requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data disclosure requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor's identity or authority to make the request and, to the extent necessary, to identify the browser/device that is the subject of the request.

There may be a number of reasons for denying your request, including that we may not be a covered business under the data privacy law that may apply to you.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Verification

In order to process a data subject request, we will need enough detail to understand and respond to your request. We may need to verify your identity to process your requests and may also need to confirm your state residency. To verify your identity, we may require a combination of government identification, or other information. We may also require you to login from a verified valid device or verify that the device you are logging in from is valid.

Authorized Agents

You can have an authorized agent make a request on your behalf, but we’ll need to verify your agent’s identity. We would also need a copy of a valid power of attorney, or a written and signed permission to exercise your privacy rights on your behalf. We may still need to verify your identity and may ask you to directly confirm that you provided your authorized agent permission to submit the request on your behalf.

Appeals

If you are a Colorado resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been a Colorado consumer in the relevant time period and not able to exercise rights under the Colorado Privacy Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Colorado Attorney General.

If you are an Iowa resident, if within 90 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been an Iowa consumer in the relevant time period and not able to exercise rights under the Iowa Consumer Data Protection Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Iowa Attorney General.

If you are a Delaware resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been a Delaware consumer in the relevant time period and not able to exercise rights under the Delaware consumer privacy law. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Department of Justice to subject a complaint via following the link here: https://attorneygeneral.delaware.gov/fraud/cmu/complaint/.

If you are a Montana resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been an Iowa consumer in the relevant time period and not able to exercise rights under the Montana Consumer Data Protection Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Montana Attorney General.

If you are a New Hampshire resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been an Iowa consumer in the relevant time period and not able to exercise rights under the New Hampshire Consumer Data Protection Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the New Hampshire Attorney General.

If you are a New Jersey resident, if within 45 days of a valid and verifiable data subject request, we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been a New Jersey consumer in the relevant time period and not able to exercise rights under the New Jersey Data Protection Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Division of Consumer Affairs in the Department of Law and Public Safety to subject a complaint via following the link here: https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx.

If you are an Oregon resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been an Iowa consumer in the relevant time period and not able to exercise rights under the Oregon Consumer Data Protection Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Oregon Attorney General.

If you are a Texas resident, if within 45 days of a valid and verifiable data subject request we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been an Iowa consumer in the relevant time period and not able to exercise rights under the Texas Data Privacy and Security Act. We will provide information about how you may appeal this decision / non-action in that communication. If your appeal is denied, you may contact the Texas Attorney General.

Your Shine the Light California Rights (CA Civil Code § 1798.83)

Residents of California who use the Website primarily for personal, family or household purposes may request a list of third parties to which certain personal information (as defined by applicable California law) obtained through the Website was disclosed by us during the preceding year for those third parties’ direct marketing purposes. If you are a California resident and want such a list, please Contact Us via email at info@blueforgealliance.us. For such requests, you must put the statement “Your California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code. In your request, you need to attest to the fact that you are a California resident and provide a current California address for our response. Please note that we will not accept requests via the telephone or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

EEA and UK Privacy Rights

EEA an UK residents have rights under the GDPR. The rights under GDPR include:

Right of Access. This includes your right to access the Personal Data we gather about you, and your right to obtain Personal Data about the sharing, storage, security, and processing of that information.

Right to Correction. This is your right to request correction of your Personal Data.

Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your Personal Data be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using the Services and may result in closing your account.

Right to Complain. You have the right to make a complaint regarding our handling of your Personal Data with the appropriate supervisory authority.

Right to Restrict Processing. This is your right to request restriction of how and why your Personal Data is used or processed.

Right to Object. This is your right, in certain situations, to object to how or why your Personal Data is processed.

Right to Portability. This is your right to receive the Personal Data we have about you and the right to transmit it to another party.

Right to Not be Subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.

Exercise Your Privacy Rights

How to File a GDPR Complaint.

We hope that we can resolve any query or concern you raise about our use of your Personal Data. The GDPR also gives you right to lodge a complaint with a supervisory authority, in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities

If you are located in the UK or EU or are otherwise afforded the protections of the GDPR, we are commit to resolve complaints about our collection or use of your Personal Data. If you have questions or complaints regarding our privacy notice or practices, you should first Contact Us.

If we fall short of your expectations in processing your Personal Data or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.

If your complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

In the UK, unresolved complaints can be sent to the Information Commissioner’s Office by calling 0303 123 1113 or by visiting: https://ico.org.uk/concerns/.

EU residents have the option of filing complaints directly with their local DPA, which will work with the Department of Commerce and the Federal Trade Commission (FTC) to investigate and resolve complaints. In the event your complaint is unresolved by all other available mechanisms, you may have the right to invoke binding arbitration before a Privacy Shield Panel, in accordance with procedures designated by the Department of Commerce and the European Commission.

Canadian Users – Opt Out

If you are a Canadian resident, you may ask us to refrain from sharing your Personal Data with certain of our affiliates and other third parties for their marketing purposes by contacting us at info@blueforgealliance.us subject line “Exercise My Data Privacy Rights” and provide us information about how we might be able to locate you in our records/system to effect your request and also identify the data subject rights you wish to exercise.

Canadian residents have the option of filing a complaint with the Office of the Privacy Commissioner of Canada by contacting:

Office of the Privacy Commissioner of Canada Place de Ville

112 Kent Street, 3rd floor Ottawa, Ontario

K1A 1H3 Canada 1-800-282-1376

Do Not Track

Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to requesting them not to track the user. At this time, we do not respond to Web browser “do not track” settings or signals. As described in our Cookie Policy, we deploy cookies and other technologies on our Service to collect information about you and your browsing activity, even if you have turned on the Do Not Track signal.

Consent to Receive Electronic Notifications

Electronic communication is the most effective and timely way to provide the users of the Website and Services with any optional or required notifications and disclosures. In some circumstances, however, applicable laws may require us to send you disclosures or communications in paper format unless you have affirmatively consented to receiving electronic notifications only in advance of the notification. Through this Privacy Notice, pursuant to 15 U.S.C. § 7001, you hereby affirmatively consent to receive electronic notifications and disclosures from us only (without requiring a paper copy) and you represent that, to date, you have not withdrawn such consent. You have the right to change your mind and withdraw your consent at any time. If you would like to withdraw your consent to receive electronic notifications and/or would like to request paper copies of any required notifications you receive electronically, you may Contact Us. To receive electronic records, you will need access to a smartphone, tablet, laptop or computer with internet access and an email account.

In the event you receive marketing email communications from us and no longer wish to, you can click the “Unsubscribe” link at the bottom of any marketing email to opt out of further marketing communications. Please note that this opting out is only effective for marketing communications as we will still communicate with you via email regarding transactional issues, such as to confirm a purchase or to provide you information about a purchase.

Legal Disclosures

It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of the Company, our users, personnel, or others. We attempt to notify users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

Changes to This Privacy Notice

We may modify this Privacy Notice, our Terms of Use and our Cookie Policy from time to time. If we make material changes to it, we will provide you notice through the Service, the Website, via email or by other means, to provide you the opportunity to review the changes before they become effective. You shall be responsible for reviewing and becoming familiar with any such modifications. We agree that changes cannot be retroactive. If you object to any changes, you may close your account or discontinue use of the Services. Your continued use of our Services after we publish or send a notice about our changes to these terms means that you are consenting to the updated terms.

Contact Us

If you have any comments, questions or suggestions, please email info@blueforgealliance.us or send via mail to 3891 S. Traditions Drive, Bryan, Texas 77807. If you wish to access, correct or update your Personal Data, or if you have questions about BFA’s privacy practices in general or a complaint, please email info@blueforgealliance.us.