This policy is intended to help you understand:
In a nutshell, Blix takes every available technical and organisational measures to ensure that any collected data is protected whilst also not attributed or attributable to an identified or identifiable person.
Blix uses WiFi to provide customer experience analytics. In order for Blix to detect a smartphone, it must have WiFi or location services turned on. Smartphones do not need to download an app or login to a WiFi network in order to be seen by Blix. As smartphones send out WiFi probes, either in search of a WiFi connection or for location services, Blix simply detects this probing activity and reports on it.
Blix Products and Services do not collect data that will directly identify an individual. Blix sensors capture data from smartphone probes that contain standard WiFi protocol data such as the device’s MAC address, signal strength, data rate, radiotap, header and other protocol metadata.
Blix does not receive, capture or store any personally identifiable information (PII) about the smartphone owner. More specifically, Blix does not capture or store a mobile phone number, call history, email address, name, serial number, EID, SEID, IMEI, MEID, ICCID, advertising ID, IMSI, TMSI, GUTI or any other identifier of the smartphone or owner.
At Blix, we follow the best practices for data traversing the internet from our sensors to our servers by encrypting data in flight and at rest using the newest version of HTTPS, effectively the same as your bank uses for securing your web browser sessions. Once the data reaches our private zone’s we still enforce encryption of captured data whilst being stored for secondary processing and archival. Secondary processing unpacks data for our online applications, it is in this step that further obfuscation of the data is done i.e. MAC addresses are one-way hashed via MD5 salted randomly to create high entropy tokens. This means these tokens are irreversibly encrypted upon receipt with no discernible patterns making it impossible to reverse-engineer and hence be matched or used in relation to any other third party data. Captured data is fully encrypted and partitioned from the processed data as further protection.
From the data collected we identify general patterns in-store traffic, for instance, what time of day you have the most customers, or how many people walk past your store windows each week. We don't provide data on individual shoppers, and our clients are prohibited from attempting any type of data-matching as part of their contracts.
We do not share captured data. We only display aggregate reporting of a client's data to the client and no one else unless formally agreed to by the client. We never include device-specific data in any client reports, and our clients are contractually prohibited from attempting to identify a shopper using our data. We do not sell, rent, or otherwise disclose device-specific information to law enforcement agencies or the government unless required to by law. Any data provided under legal request is still not personally identifiable due to protections in the data processing pipeline aka MAC Address hashing, due to this Blix is unable to provide unhashed MAC Addresses.
We only use world-class data storage exchange and storage providers, such as Amazon Web Services, which are necessary to provide Blix's services. Although our data warehouses are based in Sydney, data about your device may also pass through our third-party service provider's networks in the USA.
We make it easy to opt-out of Blix tracking. If you'd prefer not to participate in Blix’s aggregate shopping reports, simply turn off your phone's WiFi and location services (or turn on Aeroplane Mode) when entering a Blix-monitored store. If you'd like to opt-out permanently, you can do so instantly on our opt-out page.
To fully inform shoppers about the operation of Blix sensors in participating retailers, we recommend providing an in-store notice to customers. If you have any concerns about Blix, you can easily opt-out of participation. By entering in your MAC address (how do I know what my MAC address is?), we will automatically tokenize your MAC and add it to a blacklist of tokens which are not processed by our system. Once tokenized we will also delete all records of your MAC but may retain your email address. Opt-out now.
Blix reserves the right to update this policy from time to time.