UK Privacy Notice

PRIVACY NOTICE

Effective Date: May 1, 2025
Entity: BLUESTAQ LTD

Why you should read this notice
As a UK-based commercial organisation, BLUESTAQ LTD ("BLUESTAQ", "we", "our", or "us") collects, uses, and shares personal data in the course of conducting business. When acting as a data controller — i.e., when we decide how and why personal data is used — this Privacy Notice sets out how we process that data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws. It also outlines your rights and how to exercise them.

Scope of this notice

This Privacy Notice applies to:

  • The personal data we collect when you use our services, visit our website, attend our events, or otherwise interact with us.
  • How and why we process that data.
  • Who we share it with.
  • Your rights under UK data protection law.

This notice does not cover personal data we process on behalf of our clients, where we act as a data processor. Please refer to the relevant client’s privacy notice if applicable.

We may include links to third-party platforms (e.g., event partners or integrations). We are not responsible for their privacy practices.

Categories of personal data we collect

We collect and process the following types of personal data:

  • Contact details: name, email address, phone number, job title, employer.
  • Professional information: CVs, employment history, areas of expertise.
  • Transactional data: purchases of our services, subscription activity.
  • Payment information: invoicing, billing, payment tokens (we do not store credit card details).
  • Technical data: IP address, browser type, device identifiers, cookies.
  • Training and certification data: course registrations, results.
  • Communications data: messages, correspondence, surveys.
  • Government-issued identifiers: where legally required, e.g., passport or driving licence.
  • Visual/audio data: recordings from events, video calls, photographs.
  • Inferred or derived data: profiling based on aggregated activity.
  • Preferences: marketing preferences, communication opt-ins.

How we use your personal data

  • 1. Business operations and service delivery

    We use your data to:

    • • Provide our products and services.
    • • Respond to enquiries and requests.
    • • Manage contracts and business relationships.
    • • Process payments and invoices.
    • • Operate, maintain, and improve our digital platforms.
    • • Support training and certification activities.
    • • Fulfil legal and regulatory obligations.
  • 2. Marketing and communication
    • • Send promotional emails (only with your consent, or under soft opt-in rules).
    • • Customise content and recommend relevant products.
    • • Run surveys and feedback campaigns.
    • • Measure campaign performance.
  • 3. Events and site visits
    • • Administer attendance at events (physical and virtual).
    • • Monitor safety and access control at our premises.
  • 4. Legal and regulatory
    • • Respond to legal requests or enforcement actions.
    • • Prevent fraud or other unlawful activity.
    • • Enforce contracts or investigate breaches.

Lawful bases for processing

Under the UK GDPR, we rely on the following legal grounds:

  • Contractual necessity – to fulfil or prepare for a contract.
  • Legitimate interests – e.g., business development, service improvement.
  • Consent – for specific uses like email marketing, where required.
  • Legal obligation – compliance with applicable law or regulation.

Where we rely on legitimate interests, we ensure they are not overridden by your rights.

Who we share personal data with

We may share your data with:

  • Our group companies and affiliates, where relevant to service delivery.
  • Service providers, e.g., hosting, CRM, email distribution, training platforms.
  • Payment processors, e.g., Stripe.
  • Professional advisors, e.g., legal or tax consultants.
  • Event partners, for jointly hosted or co-branded events.
  • Regulators, courts, or public authorities, as required by law.
  • Potential buyers, in the context of a merger, acquisition, or reorganisation.

We do not sell your personal data.

Cookies and analytics

Our website uses cookies and similar technologies to:

  • Recognise your device.
  • Analyse user behaviour.
  • Improve performance and user experience.

You can control cookies via your browser settings. Please refer to our Cookies Policy for more detail.

International transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place. These include:

  • UK-approved Standard Contractual Clauses (SCCs).
  • International Data Transfer Agreements (IDTAs).
  • Transfers to countries with an adequacy decision by the UK government.

Where we rely on legitimate interests, we ensure they are not overridden by your rights.

Data retention

We retain personal data only as long as necessary:

  • To meet the purpose for which it was collected.
  • To comply with legal or regulatory requirements.
  • For auditing, dispute resolution, and enforcement of agreements.

Our internal retention policy outlines specific timeframes by data category.

Your data protection rights

Under the UK GDPR, you have rights including:

  • Access - to request copies of your personal data.
  • Rectification - to request correction of inaccurate or incomplete data.
  • Erasure - to request deletion of your data (“right to be forgotten”).
  • Restriction - to limit how we use your data.
  • Objection - to object to processing where we rely on legitimate interests.
  • Portability - to transfer your data to another organisation.
  • Withdraw consent - where processing is based on your consent.

To exercise any of these rights, please contact us at contact.us@bluestaq.com. We may require you to verify your identity.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection authority:

Children’s data

Our services are not directed at children under the age of 16. If you believe a child has provided personal data to us without appropriate consent, please contact us and we will take steps to delete such information.

Updates to this notice

We may update this Privacy Notice from time to time to reflect legal, operational, or technological changes. The latest version will always be available on our website. We will notify you of material changes where required.

Contact us

Data Protection Officer
BLUESTAQ LTD
86-90 Paul Street, London,
EC2A 4NE.
Email: contact.us@bluestaq.com