Services Privacy Notice
Last updated: May 22, 2025
Bloomreach takes our obligations to protect the privacy of your personal informationvery seriously. This Services Privacy Notice (“Privacy Notice“) explains how we collect, use, and share personal information about you when providing the Bloomreach Services, and how you can exercise your privacy rights. When we use the terms “Bloomreach“, “we”, and “our”, we are referring to Bloomreach, Inc. and its affiliates. Please find a list of Bloomreach affiliates here
Please review our Website Privacy Notice here for information about how we collect and process personal information, through our corporate websites (such as, www.bloomreach.com) (“Websites“) and in connection with our events, sales and marketing activities.
If you have any questions about this privacy notice please contact us using information provided below.
QUICK LINKS
We recommend that you read this entire Privacy Notice to ensure you are fully informed. However, to make it easier for you to review those sections of this Privacy Notice that apply to you, you may click on the links below:
2. PRIVACY FOR CUSTOMERS AND PERMITTED USERS
INFORMATION WE COLLECT ABOUT CUSTMERS AND PERMITTED USERS
INFORMATION WE COLLECT ABOUT CONSUMERS
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
1. ABOUT BLOOMREACH
We provide publishers, retailers, websites, ecommerce businesses and others (our “Customers”) and their users authorized to use the Bloomreach Services (“Permitted Users“) with tools, analytics, personalization services and marketing platform that help our Customers develop and publish content and their consumers find content they want and deliver personalized customer experiences.
We deliver the Bloomreach Services on our Customers’ commercial websites, mobile applications, and digital properties (collectively the “Digital Properties“) as part of the content they display to consumers who interact with their Digital Properties, including existing or future end-customers or prospects of our Customer (“Visitors or “Consumers”).
For example, Bloomreach may analyze what products Visitors actually view or purchase on a Customer’s website when they enter certain search terms to improve the likelihood that those search terms will bring up the same products or related products faster (on that website) in the future.
The Bloomreach Engagement services include a platform that helps our Customers to maximize profits and drive customer loyalty by targeting the right customers with the right message at the perfect time. Please find out more about our processing within Bloomreach Engagement here or in this Privacy Notice.
You can find out more about Bloomreach and the Bloomreach Services here.
2. PRIVACY FOR CUSTOMERS AND PERMITTED USERS
INFORMATION WE COLLECT ABOUT CUSTOMERS AND PERMITTED USERS
This Section describes what information we collect about our Customers and their Permitted Users (“you”) when they use the Bloomreach Services.
Information you provide to us:
You may provide personal information to us through the Services – for example, when you sign up for and use the Services, consult with our customer support teams, send us an email, integrate the Services with another website or, or communicate with us in any other way.
Bloomreach Academy. If you enroll to Bloomreach Academy, basic personal information about you such as your name, email address, what company you work for, your job title, payment information, course attendance, results and your preferred language are processed by Bloomreach.
We will let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
The information you provide to us may include:
- Account Information: You need a Bloomreach account to use the Bloomreach Services as a Permitted User. When you register for an account, we ask you to provide contact information such as your name, telephone number, job title, country and organization name.
- Billing Information, If you purchase the Bloomreach Services, you may also need to provide us with payment and billing information such as your credit card details and billing address.We will also maintain a record of your purchases, transactional information, your history and any communications and responses.
Information we collect automatically:
When Permitted Users use Bloomreach Services, we automatically collect and process certain information about that Permitted Users device and use of the Bloomreach Services. In some countries, including countries in the European Economic Area or United Kingdom, this information may be considered personal information under applicable data protection laws.
We may use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed in more detail in our Services Cookie Notice that can be found here.
We use this information to learn how we can improve the user experience and our support and quality improvement processes.
The information we automatically collect through the Services includes:
Information about you as a user such as your name, company name, email, phone number, position, or country.
Device Information, such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), longitude, latitude, connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone; and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
Product usage data, which may include the dates and times you access the Bloomreach Services, page views, clicks, invitations, which activities and features are used, crash logs, page load time, how you navigate to and within the Bloomreach Services, the Bloomreach Service version number if applicable, storage configuration settings, language preferences, and technical data relating to devices accessing and using the Bloomreach Services and the performance of the Bloomreach Services in doing so.
If your organization runs Hippo CMS or Bloomreach Experience on premise, then the information collection can be turned off globally if that is desired. For documentation on how to do this, please click here.
Bloomreach collects and processes the following data categories about its users:
- Metrics monitoring the application performance during your session such as page load time.
- Metrics monitoring in-app interactions and engagement such as actions, clicks, or invitations.
- Permitted User details including name, company name, email, phone number, position, or country.
- Device details such as device type, os, browser tracking identifier (cookie or Google Analytics ID), IP, longitude, or latitude.
HOW WE USE YOUR INFORMATION
We use the information collected about you for a variety of reasons, including the following purposes, as applicable:
- To keep track of billing and payments.
- To provide, support, personalize, maintain and enhance the Bloomreach Services.
- To fix bugs and troubleshoot product functionality.
- To track Permitted User behavior at an aggregate level to identify and understand trends in the various interactions with the Bloomreach Services, for gathering insights into how the users interact with the app, which parts of the application are or are not used, and how they are interacted with by different types of customers.
- To improve the Bloomreach Services for all Permitted Users.
- To respond to requests or provide requested information;
- To send administrative or account related information.
- To communicate updates to the Service.
- To communicate with you via post, telephone and/or email for the purposes of providing you with marketing and promotional content (where this is in accordance with your marketing preferences). For more information about managing your marketing preferences, please see “Your Rights“.
- To comply with and enforce applicable legal requirements, agreements and policies.
- To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity.
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services.
3. PRIVACY FOR CONSUMERS
INFORMATION WE COLLECT ABOUT CONSUMERS
The Bloomreach Services are intended for use by our Customers. As a result, for much of the personal information we collect and process about Consumers, we act as a processor on behalf of our Customers (who are the data controllers).
We are not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Privacy Notice. We recommend that Consumer’s review the privacy policies and notices of our Customers Digital Properties.
Set out below is further information about the personal information that we collect about Consumers’ through the Bloomreach Services – Discovery, Content, and Engagement.
Discovery & Content Services
These services use and rely on information, such as device and IP address information which is collected automatically through technologies such as cookies and similar tracking technologies. We use this to enable the services to provide better content experiences. You can learn more about how these automatically collect information below and in our Services Cookie Notice found here.
The information we automatically collect about you may include:
Device Information. We collect device-related information about a Consumer’s use of a specific Customer’s Digital Properties and interactions with Bloomreach-created content widgets and pages on that Client’s Digital Properties through our “p.brsrver.com” domain. This device information is collected from a Consumer’s browser, and may include information such as their IP address, the date and time they use the Customer’s Digital Property, technical attributes about the Consumer’s browser request, browser type, browser language, search queries, pages or products browsed, and details about whether they have made a purchase (collectively, “Consumer Data”).
We associate Consumer Data with an anonymous cookie tied to a specific Client’s Digital Property. This information does not enable us (and we don’t link it to any information that enables us) to specifically identify any Consumer (such as by reference to their name or email address).
These do not collect the name, address, phone number, or other personal information of individual Consumers that enables them to be specifically identified (although our Customers may have collected this information separately from these services).
We do NOT:
(1) Associate Consumer Data collected from one Client’s Digital Properties with Consumer Data collected from a different Bloomreach Client’s Digital Properties; or
(2) Track or resolve an individual Consumer’s online activities across multiple unrelated third party websites or online services (often called, “cross-device tracking”).
However, we may collect and use aggregate information about Consumers provided by third party service providers who may track individual Consumer online activities across multiple unrelated third party websites or online services.
Engagement Services
While using these services, our Customers may be providing us with their clients’ personal data.
This data may include following: (IP) address, name, surname, gender, email address, login information, unique device level identifiers (such as an IDFA or Android Advertising ID), time zone setting, operating system and platform, information about visits including the URL, the search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page, activities of users, browsing web pages and purchasing activity.
Bloomreach analyzes our Customers’ clients’ personal data to build individual profiles. These profiles are used to predict future interests and display targeted (online) advertisements. The aim is to provide Customers’ clients with offers that are relevant and interesting for them. The profiling is based on (surfing) behavior of our Customers’ clients on Customer’s website. We conduct profiling solely for the purpose of providing them with more attractive offers for the purchase of goods and/or services and customizing the content of websites according to our Customers’ clients’ preferences. The Customers have the obligation to ensure that they have collected their clients’ respective consents and approval in order to process such data in accordance with GDPR, other applicable data protection law, and their agreement with Bloomreach.
Usage and Analytic Information. These services do not use data collected on behalf of one Customer for the purpose of servicing a different Customer, but we may use aggregated information compiled from multiple Customer Digital Properties or provided by third party service providers for servicing Customers. For example, we may collect device and machine-generated information such as the request and response logs of our Customer’s Digital Properties. These logs include click and browse information. For example, when Consumers visit our Customer’s websites, information identifying the website they arrive from and the next website they visit is generated and available to the website operator for analysis.
We use this information on an aggregated basis alongside similar information from millions of other Consumers to enable us to improve and develop our products and services and to improve Consumers experiences on our Customer’s Digital Properties.
This aggregated information may include basic reporting metrics like the number of Consumers who discovered content through Bloomreach-suggested content and connections, how frequently Consumer’s return to a Customer’s Digital Property, and the aggregate revenues generated from those Consumers. Aggregated information may also be used to help Bloomreach and its Customers optimize products and services.
Cookies and Similar Tracking Technology
Cookies are files that web servers place on an Internet user’s computer that are designed to store basic information (such as visitor preferences). Cookie technology remains a fundamentally important part of how websites customize users’ online experiences. Through the use of cookies or similar technologies, we may automatically collect and store basic information about your visits to a Customer’s Digital Property, so that we can help improve consumers’ online experiences.
Bloomreach Tracking and Non-Tracking Domains. Bloomreach tracks Customer Consumer Data only through it “p.brsrvr.com domain.” Our other domains, including “www.bloomreach.com,” “brcdn.com,” “brsrvr.com,” “brm-core-0.brsrvr.com” and “brm-suggest-0.brsvr.com” (collectively, our “Non-Tracking Domains”) do not track and store Customer Consumer Data. Bloomreach API requests to our Non-Tracking Domains are HTTP requests which include a user’s IP address in the header of the request. With respect to our Non-Tracking Domains, any information contained in the HTTP request is purged and Bloomreach only retains information contained in the API URL. We do not use, collect or share any Consumer Data received through our Non-Tracking Domains.
How can I opt-out of Bloomreach cookies? While our Customers are responsible for communicating directly with their Consumers, we strive to offer Consumers choices about the collection of information using cookies. Consumers are welcome to opt out of being tracked by Bloomreach by clearing their browser’s cookies for the domain or URL that uses the Bloomreach Services or by blocking the use of cookies when they visit such domains or URLs. For more information about our use of cookies and how you can opt-out of cookies, please see our Services Cookie Notice here.
4. GENERAL INFORMATION
HOW WE SHARE YOUR INFORMATION
Bloomreach will share the information it collects:
- with our group companies. A list of our current group companies is available here;
- with our Customers, if you are a Consumer;
- with our third party services providers (our vendors), including our sub-processors who provide data processing services to us (and with whom the sharing of your personal information is necessary to undertake the work e.g. to external consultants, professional advisors, payment processors, outsourced IT and document storage providers, auditors and accountants). A list of our sub-processors is available here.
- with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- with our marketing partners to offer certain marketing events and promotions and may share individual level information that we have collected with these business partners in order to carry out these events and promotions;
- with a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; and
- with any other person with your consent to the disclosure.
INTERNATIONAL DATA TRANSFERS
We are a growing corporation with operations in multiple countries, including the United States, United Kingdom, India, the Netherlands, Germany, Czechia and Slovakia. While our primary data centers are in the United States, Ireland, the Netherlands and Belgium, we may transfer personal information or other information to Bloomreach offices outside of the United States, the European Economic Area or the United Kingdom. In addition, we may employ other companies and individuals to perform functions on our behalf.
These countries may have data protection laws that are different to the laws of your country. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These safeguards include implementing the European Commission’s Standard Contractual Clauses (including as amended by the UK Data Transfer Addendum to the Standard Contractual Clauses), as well as our certification to (and adherence to the Principles under) the Data Privacy Framework (defined below) in connection with transfers to Bloomreach Inc. in the US.
Our Standard Contractual Clauses can be provided to you upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided to you upon request.
Data Privacy Framework
Bloomreach has certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively the “Data Privacy Framework”) as set forth by the US Department of Commerce with respect to personal information concerning individuals from the European Economic Area, United Kingdom, and Switzerland. Please see our Data Privacy Framework Notice to learn more.
If there is any conflict between the terms in this Privacy Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.
DATA RETENTION
Generally personal data shall be kept for as long as necessary for the purpose for which it was processed. The length of time that Bloomreach will hold your personal data will also depend on the legal basis on which your data is processed. Shall the processing be based on legitimate interest, your data will be processed for as long as the given legitimate interest of Bloomreach is in place. For data kept based on legal obligations, the data-retention period is prescribed by applicable legal regulations. For data processed based on performance of a contract, the data is processed for the duration of the contractual relationship and for an applicable limitation period. Shall the processing be based on your consent, your personal data shall be erased after you withdraw your consent. Please bear in mind that the same data may as well be processed based on other legal basis in which case your withdrawal of consent might not mean a full erasure of your data.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (FOR RESIDENTS OF EEA/UK ONLY)
If you are an individual from the EEA/UK, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we normally rely on our (or our Customer’s) legitimate interest to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your personal information, they include the interests described in this Privacy Notice.
In some cases, we may rely on our consent or have a legal obligation to collect personal information. If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Bloomreach” heading below.
Summary
The following table summarizes our purposes for processing your personal data and the related legal bases. The legal basis under which your personal information is processed will depend on the data concerned and the specific context in which we collect it.
Purpose/Activity | Type of personal data | Lawful basis |
Account creation and profile information for a Bloomreach account | Permitted Users contact data such as your name, telephone number, job title, country and organization name. | – Performance of a Contract |
To communicate with you via post, telephone and/or email for the purposes of providing you with marketing and promotional content (where this is in accordance with your marketing preferences). For more information about managing your marketing preferences, please see “Your Rights“ | Permitted Users contact data such as your name, telephone number, job title, country and organization name. | – Legitimate interest to communicate with and market to Customers -Consent |
Processing payments for the Bloomreach Services, including Bloomreach Academy | Billing information such as your credit card details and billing address. We will also maintain a record of your purchases, transactional information, your history and any communications and responses. | – Performance of a contract |
To provide, support, personalize, maintain and enhance the Bloomreach Services. To fix bugs and troubleshoot product functionality. To track Permitted User behavior at an aggregate level to identify and understand trends in the various interactions with the Bloomreach Services, for gathering insights into how the users interact with the app, which parts of the application are or are not used, and how they are interacted with by different types of customers. To improve the Bloomreach Services for all Permitted Users. – To respond to requests or provide requested information – For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services. |
Metrics monitoring the application performance during Permitted User session such as page load time. Metrics monitoring in-app interactions and engagement of Permitted Users such as actions, clicks, or invitations. Permitted User details including name, company name, email, phone number, position, or country. Device details such as device type, os, browser tracking identifier (cookie or Google Analytics ID), IP, longitude, or latitude as well as unique device identifiers and characteristics), longitude, latitude, connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone; and device locations (for example, internet protocol (IP) addresses and Wi-Fi information). Permitted User product usage data, which may include the dates and times you access the Bloomreach Services, page views, clicks, invitations, which activities and features are used, crash logs, page load time, how you navigate to and within the Bloomreach Services, the Bloomreach Service version number if applicable, storage configuration settings, language preferences, and technical data relating to devices accessing and using the Bloomreach Services and the performance of the Bloomreach Services in doing so. If you enroll to Bloomreach Academy, basic personal information about you such as your name, email address, what company you work for, your job title, payment information, course attendance, results and your preferred language are processed by Bloomreach. |
– Legitimate interest in enhancing and improving the Bloomreach Services Performance of a contract |
-To comply with and enforce applicable legal requirements, agreements and policies. -To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity. |
Metrics monitoring the application performance during Permitted User session such as page load time. Metrics monitoring in-app interactions and engagement of Permitted Users such as actions, clicks, or invitations. Permitted User details including name, company name, email, phone number, position, or country. Device details such as device type, os, browser tracking identifier (cookie or Google Analytics ID), IP, longitude, or latitude as well as unique device identifiers and characteristics), longitude, latitude, connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone; and device locations (for example, internet protocol (IP) addresses and Wi-Fi information). Permitted User product usage data, which may include the dates and times you access the Bloomreach Services, page views, clicks, invitations, which activities and features are used, crash logs, page load time, how you navigate to and within the Bloomreach Services, the Bloomreach Service version number if applicable, storage configuration settings, language preferences, and technical data relating to devices accessing and using the Bloomreach Services and the performance of the Bloomreach Services in doing so. |
– Comply with Legal obligations |
Lawful basis for processing descriptions
Lawful basis | Description |
Contract | We require certain personal data for the purpose of taking steps prior to entering a contractual engagement with you or for performance of a contract with your organization. |
Consent | In certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal data, in which case you can voluntarily choose to give or deny your consent. |
Legitimate interests | We may collect, use or disclose your personal data for the legitimate interests of either Bloomreach or a third party, but only when we are confident that your privacy rights will remain appropriately protected. |
Legal obligation | There may be instances where we must process and retain your personal data to comply with laws or to fulfil certain legal obligations. |
Legal claims | To establish, make or defend legal claims. |
YOUR RIGHTS
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contacting Bloomreach” heading below.
- In addition, if you are a resident of the European Economic Area (“EEA”) or United Kingdom (“UK”), you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contacting Bloomreach” heading below or via our Website in the section https://www.bloomreach.com/en/legal/control-your-data?_ga=2.163252412.1609075078.1640601789-1812993489.1640601789.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contacting Bloomreach” heading below or via our Website in the section https://www.bloomreach.com/en/legal/control-your-data?_ga=2.163252412.1609075078.1640601789-1812993489.1640601789.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You can withdraw your consent anytime using the contact details provided under the “Contacting Bloomreach” heading below or via our Website in the section https://www.bloomreach.com/en/legal/control-your-data?_ga=2.163252412.1609075078.1640601789-1812993489.1640601789.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA are available here.) If you are a UK resident please contact the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/.
Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that it accurately fulfils your request. You may also be required to provide ID.
Further Information for Consumers: As described in this Notice, for much of the personal information we collect and process about you through the Bloomreach Services, we act as a processor on behalf of our Customers. In such cases, if you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal information is handled by Bloomreach as a processor on behalf of our Customers, you should contact the relevant Customer that has contracted with Bloomreach for the use of the Bloomreach Services, and refer to their separate privacy policies. If you are having difficulties finding this Customer, you can contact us through our support team and we will try our best to help you.
SECURITY
We use appropriate technical and organizational security measures to protect any personal information we process against unauthorized access, disclosure, alteration, and destruction. For example, to protect your information access to data processing facilities is restricted, we deploy appropriate firewalls, anti-virus and other anti-malware software and technologies as well as access controls on our networks and systems.
Unfortunately, nobody is truly and completely safe from hackers. Although we do our best to protect your personal information, we cannot guarantee security, no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure e-mail and similar technologies to protect yourself online.
CHANGES AND UPDATES
Bloomreach will maintain personal information in accordance with this Notice. We may update this Notice from time to time in response to changing legal, technical, or business developments. If we decide to change this Notice, we will post the changes on this page and update the “last updated” date at the top of this policy.
If at any point Bloomreach decides to retain or use previously collected personal information in a materially less restrictive manner, we will seek to provide affected individuals with additional notice (such as by way of email (where possible) or by posting a notice on our website or product login screens) for at least 30 days prior to the change in use. We encourage you to review our Notice whenever you use our Website to stay informed about our information practices and the ways you can help protect your privacy.
CONTACTING BLOOMREACH
If you have any questions, comments, or concerns about BloomReach or this Notice, please contact our Data Protection Officer by email at [email protected] or using the contact details provided below.
Attn: Data Protection Officer
Postal Mail Address:
BloomReach, Inc.
700 E. El Camino Real, Suite 130
Mountain View, CA 94040
If you are an EEA/UK resident:
BloomReach B.V.
Keizersgracht 125
1015 CJ Amsterdam
The Netherlands
Attn: Data Protection Officer
We can be reached via e-mail at [email protected] or you can reach us by telephone at +1 (888) 263-3917.
If you are resident in the EEA/UK, the data controller of your personal information is Bloomreach B.V., jointly with Bloomreach, Inc.
If you are a Consumer, the data controller of your personal information is our Client whose Digital Properties you use.