Privacy policy

Last updated 12 December 2024

1 At bluesource, we are committed to protecting and respecting your privacy.

Your privacy is important to us and this privacy policy (“Policy”) explains what personally identifiable information (“PII”) we collect from you, why we need it, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time, so please occasionally check this Policy, available at www.bluesource.co.uk, to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent to privacy@bluesource.co.uk or by writing to Operations, bluesource Information Limited, London, SE1 2TU. Alternatively you can telephone 020 7940 6200.

2 Who are we?

3 How do we collect information from you?

3.1

Information you give us

We obtain information about you when you visit our website, register with bluesource, subscribe to one of our news feeds (via the website or follow us from LinkedIn or Twitter, etc.), enter promotions or for example when you contact us about products and services. We may also be passed your information from certain bluesource partners, in relation to our products and services and assume that any necessary consents have been received from the data controller.

If you subscribe to one of our services or buy goods from us (collectively considered a “Service”), you will also be asked to supply PII for the purpose of using the Service and us being able to supply and deliver the applicable Services, and to also fulfill any contractual commitment or legislative requirement, such as for fraud prevention. PII may be collected directly or via a contract, service schedule, order form, email or other such document.

We may combine information about you that we have with information we obtain from different Services we provide to you or your company.

3.2

Information we get from the use of our services

In addition to the above, PII may also be contained within documentation/correspondence received while discussing or providing Services, such as a named individual in a project brief, proposal, quotation, contract, or other such document between your company and bluesource (collectively “Documents”).

When you use our services we may automatically collect and store certain information in server or application logs, which may include:
- Details of when you accessed the Service;
- Telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls. your access from a security perspective;
- IP address used to access the Service; and
- Cookies that may uniquely identify your browser, search engine or preferences. (please refer to Bluesource’s Cookie Policy for further information, available at www.bluesource.co.uk).
Our servers and MS Azure instances are located within the UK. If you choose to provide us with personal information, you are consenting to the transfer and storage of that information in such locations and elsewhere we have facilities. We will endeavor to use facilities and services based in the UK and EU, wherever possible.

4 What type of information do we collect from you?

The PII we collect from you will be appropriate, specific and minimalized for the purpose required. We will not ask for sensitive information (such as date of birth, gender, race, religion, sexual orientation or health), unless this is absolutely necessary for a specific service or we are required to monitor equality, or comply with the Modern Slavery Act, or similar legislation, etc.

4.1 The following PII is typically collected, where appropriate, and for the following reasons:

Name

to verify identity and identify you as an individual
Company name

to relate you to a specific company
Work contact details

Work address, work email, work telephone number, work mobile number are processed in day to day in communications to and from you and may be used, together with your name in documentation produced during the relationship between us and you.
Job title/role

used to specify the role within the company that you perform and to apply relevant responsibilities and controls, as well as to communicate to the most appropriate person
Department

used to specify the department you work in and to apply relevant responsibilities, benefits and controls, as well as to communicate to individuals at a departmental level
Login Names

used to authenticate and track access to services for information security purposes, including access control, and provide individual accountability to such access.
IP Address

The IP address of a device used to access or approve services, such as signing documents on behalf of the company, may be logged for information security and compliance purposes
Cookies

Cookies may track access to certain Company websites. Please refer to the Company’s Cookie Policy for more details
Signature

for the approval of transactions between the Parties.

4.2 We will not ask for sensitive information (such as date of birth, gender, race, religion, sexual orientation, or health), unless this is absolutely necessary for a specific service or we are required to monitor equality, or comply with the Modern Slavery Act, or similar legislation, etc.

5 How we use the information about you?

We process this data for the purposes described in this Policy, namely:

Where we act as a “Data Processor”, as defined under the Data Protection Act 2018 (“DPA”) and the General Data Protection Regulation (“GDPR”), and we are responsible for processing data for the purpose of supplying services to you (i.e. your company). We will process the company data, which may contain PII, in accordance with the provisions of the DPA and GDPR and under the instruction of the “Data Controller”, which is typically your company. Contractual consent is therefore required for using PII for the purpose of supplying services and maintaining the relationship with your Company.
A reference named in a Document produced in the course of a relationship between yourself or your company with bluesource;
Improve security by protecting against fraud and abuse;
Identify an individual requesting access to information or services;
Resolve disputes, troubleshoot problems and inforce our policies;
Communicate with you about service updates and information;
Provide you with information updates that you have signed up to receive;
Customise your experience;
Conduct analytics and measurement to understand how our services are used;
Improve the quality of our services and develop new ones;
Advise you of products and services which may be of interest based upon searches and current subscribed services, or previous consented interest;
When you contact bluesource, we may keep a record of your communication to help solve any issues you might be facing, such as on our call logging software. We may also use your email address to inform you about our services, such as letting you know about upcoming events, changes or improvements; and
To gather feedback about our products and services.

As a global company, bluesource may process PII on our systems and servers around the world. We may process your personal information on a server located outside the country where you live, however we endeavor to store and host such systems and servers within the United Kingdom and the European Economic Union.

We will ask for your consent before using information for a purpose other than those set out in this Privacy Policy.

We retain your PII for as long as it is necessary and relevant for our operations or to comply with relevant laws. In addition, we may need to retain PII after termination of our relationship with you to comply with laws or legislation, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our policies and agreements and take other actions permitted or required by applicable laws.

6 Transparency

7 Accessing and updating your personal information

8 Information that we share

8.1 bluesource does not rent, sell, or share PII with other people or nonaffiliated companies except to provide products or services you've requested, when we have your permission, or under the following circumstances:

For Contractual consent (rather than explicit, freely given individual consent)

necessary to be able to provide the Service. For example, if your company has taken out a support service with us and has escalated an issue to us, we will have contractual consent to process your PII that has been given to us, for the purpose of resolving the issue that is affecting you. Without this consent at a contractual level, we would be unable to reasonably provide the Service to you, or your company.
For external processing:
- 8.1.2.1
  
  Where we need to provide certain information to trusted partners and subcontractors, working on behalf of, or with bluesource, under contractual and confidentiality agreements, to deliver part or all of the Service. Such information shall be the minimum required for that purpose. For example, if we have to escalate your support issue to Microsoft, for their assistance in resolving it, we may need to provide certain PII related to yourself or an individual within your company, such as contact details. These companies do not have any independent right to share this information;
- 8.1.2.2
  
  To assist bluesource communicate with you about offers from bluesource and our marketing partners, where any necessary consents have been freely given. These companies do not have any independent right to share this information.
For Legal reasons

We will share PII with companies, organisations, or individuals outside of bluesource if we believe in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
- 8.1.3.1
  
  Response to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
- 8.1.3.2
  
  Meet any applicable law, regulation, legal process or enforceable government request;
- 8.1.3.3
  
  Enforce applicable terms of service and to investigate potential violations;
- 8.1.3.4
  
  Detect, prevent and address fraud, security and technical issues;
- 8.1.3.5
  
  Protect against harm to the rights, property or safety of bluesource, our workers, our customers, our suppliers, or the public, as required or permitted by law;
- 8.1.3.6
  
  Meet our obligations under DPA and GDPR to report breaches to the data controller and where we are acting as the controller, to the relevant supervisory authority (which is the Information Commissioners Office for the UK).

8.2

We limit access to PII to those employees, partners and subcontractors we believe reasonably need to come into contact with that information to provide Services to you, or your company, in order to do their jobs. We have a “who needs to know, minimum rights” policy to such access.

If we are involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

We may share non PII information publically and with our partners. Where we have permission to do from your company, this may include details of the company name, location, business sector and other non PII, non-confidential information. For example, we may share information publically to show service statistics and trends.

Whenever we share personal data, we take all reasonable steps to ensure that it is treated securely and in accordance with this privacy policy.

9 Information Security

10 When this Privacy Policy applies

11 Compliance and cooperation with regulatory authorities

12 Should I have a complaint, how do I report it?

13 Changes

14 Questions and Suggestions