Blue Trade Limited, trading as BlueCRM (“Blue Trade”, “BlueCRM”, “we”, “our” or “us”), respects your privacy and is committed to protecting personal data.

This Privacy Policy explains how we collect, use, share, store, and protect personal data when you:

• visit our website;
• request a demo, contact us, or sign up for updates;
• use our products and services; and
• interact with us as a customer, prospect, partner, supplier, or website visitor.

For the purposes of data protection law, Blue Trade Limited is the controller of personal data processed for our own business purposes unless this Privacy Policy states otherwise.

Age Verification

BlueCRM is intended for business and professional use. You must be at least 18 years old to create an account, request services in your own name, or otherwise submit information to us for contracting purposes. If you are acting on behalf of a company or other organization, you confirm that you have authority to do so.

We do not knowingly market our services to children or intentionally collect personal data from children.

Operating Address

Blue Trade Limited
Company number: 15227605
Operating and contact address: 111 Balmoral Road, Watford, England, WD24 4EX

If Blue Trade notifies you of a different operational contact address for a specific contract, support matter, or legal notice, that notified address will apply for that purpose.

What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Identity and contact data

• name;
• business email address;
• telephone number;
• job title;
• employer / company name;
• postal address.

Account and service data

• account identifiers;
• username and login-related information;
• workspace and organization details;
• service preferences;
• subscription and contract information.

Communications data

• messages sent through our forms;
• email correspondence;
• support tickets;
• meeting notes;
• call recordings or transcripts where recording is enabled and lawful.

Technical and usage data

• IP address;
• browser type;
• device type;
• operating system;
• referral source;
• log data;
• page views;
• feature usage;
• timestamps;
• diagnostic and performance data.

Billing and transaction data

• billing contact details;
• invoice details;
• payment status;
• transaction history.

We do not intentionally store full payment card details unless this is expressly stated and handled through an approved payment flow.

Marketing and preference data

• newsletter preferences;
• consent records;
• event registrations;
• communication preferences.

Customer Content and connected data If you use BlueCRM, you or your organization may upload, sync, generate, or connect business information, messages, CRM records, workflow content, tickets, files, notes, prompts, outputs, contact records, and related metadata.

Controller and processor roles

Blue Trade does not have a single role for every category of data.

Where Blue Trade acts as controller
We act as controller for personal data we use for our own business purposes, including:

• operating the website;
• responding to enquiries and demo requests;
• account administration;
• billing and collections;
• product security, abuse prevention, and diagnostics;
• service communications;
• legal compliance;
• direct marketing where lawful.

Where Blue Trade acts as processor
When our business customers use BlueCRM to store or process personal data in their own accounts, workflows, or connected systems, Blue Trade generally acts as a processor or service provider on that customer’s behalf. In those cases, the customer is generally responsible for deciding:

• what data is uploaded;
• which individuals are included;
• the purposes of processing; and
• how long the data should be retained.

Our customer contract, order form, Data Processing Addendum, or similar agreement will govern that processor relationship.

How we collect personal data

We collect personal data:

• directly from you;
• from your employer or organization;
• from account administrators and authorized users;
• from cookies and similar technologies;
• from connected applications and integrations you authorize;
• from public business sources such as company websites or professional profiles;
• from referral or implementation partners where lawful.

Why we use personal data and our lawful bases

We may use personal data for the following purposes:

To respond to enquiries, demo requests, and onboarding discussions
Lawful basis: steps requested before entering into a contract; legitimate interests in growing and operating our business.

To provide, configure, secure, maintain, and support BlueCRM
Lawful basis: performance of a contract; legitimate interests in operating a secure and reliable service.

To manage accounts, subscriptions, invoices, collections, and records
Lawful basis: performance of a contract; compliance with legal obligations; legitimate interests in managing our commercial operations.

To improve our platform, monitor performance, troubleshoot issues, and protect security
Lawful basis: legitimate interests in service improvement, resilience, fraud prevention, and information security.

To send service notices and administrative communications
Lawful basis: performance of a contract; legal obligation where applicable; legitimate interests in providing important updates.

To send marketing and promotional communications
Lawful basis: consent where required; otherwise legitimate interests, subject to applicable data protection and electronic marketing rules. You can opt out at any time.

To comply with law, enforce our rights, and handle claims or disputes
Lawful basis: legal obligation; legitimate interests in defending and enforcing legal rights.

AI features and automated processing

BlueCRM includes AI-assisted features that may help users:

• summarize content;
• classify or prioritize information;
• generate or suggest workflow actions;
• produce insights, recommendations, drafts, and automations.

AI-generated outputs may be incomplete, inaccurate, or inappropriate for a particular context and should be reviewed by a human user before reliance, especially for legal, financial, employment, compliance, or similarly significant matters.

Unless we expressly agree otherwise in writing, we do not use Customer Content submitted through paid customer accounts to train third-party foundation models for generalized use unrelated to providing the services to that customer.

Blue Trade does not routinely make solely automated decisions about individuals that produce legal or similarly significant effects without appropriate safeguards, notice, and, where required, a route to request human review.

Who we share personal data with

We may share personal data only where there is a valid reason to do so, including with:

• cloud hosting and infrastructure providers;
• communications and collaboration providers;
• analytics and monitoring providers;
• identity and access-management providers;
• customer support and ticketing providers;
• professional advisers, auditors, insurers, and legal counsel;
• payment, invoicing, and finance providers;
• regulators, courts, law enforcement, or public authorities where required by law;
• a purchaser, successor, investor, or transaction counterparty in connection with a merger, financing, reorganization, or asset sale.

Where Blue Trade uses vendors to process personal data on its behalf, we require them to protect personal data and process it only for permitted purposes.

A current list of subprocessors used for customer-account processing is available on request. Blue Trade may later publish a live subprocessors page and, if so, this Privacy Policy will be updated accordingly.

International transfers

We may process or store personal data in the UK, the EEA, or other countries where we or our service providers operate.

If we transfer personal data outside the UK or EEA, we will use an appropriate transfer mechanism, which may include:

• an adequacy decision;
• standard contractual clauses;
• the UK International Data Transfer Agreement or Addendum; or
• another lawful safeguard or exception available under applicable law.

You may request more information about the transfer safeguards relevant to your personal data by contacting us.

How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including to meet legal, regulatory, accounting, security, and dispute-handling requirements.

Our default retention periods are:

If we cannot state an exact period for a particular category, we will keep it only for so long as necessary to fulfil the relevant purpose and then delete or anonymize it.

Your rights

Depending on the applicable law and the context of processing, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of personal data;
• request restriction of processing;
• object to processing based on legitimate interests;
• request portability of data you provided to us where the law applies;
• withdraw consent at any time where we rely on consent.

To exercise these rights, contact us using the details at the end of this Privacy Policy.

Complaints

If you have a privacy concern or data protection complaint, please contact Blue Trade first so we can investigate and try to resolve it.

You can send data protection complaints to: contact@bluetr.io

Please include enough detail for us to identify the issue and your relationship with Blue Trade. We aim to acknowledge complaints promptly and, where applicable, in line with our legal obligations.

You also have the right to complain to the Information Commissioner’s Office in the UK. If EU GDPR applies to the relevant processing, you may also have the right to complain to the supervisory authority in the EEA country where you live, work, or where the alleged infringement took place.

Cookies and similar technologies

We use cookies and similar technologies on our website. Some are strictly necessary for the website to function. Others are used only if you consent.

Please read our Cookies Policy for more information about:

• the categories of cookies we use;
• how to manage your choices; and
• how to withdraw consent.

Security

We use technical and organizational measures designed to protect personal data, including measures relating to access control, authentication, logging, monitoring, encryption where appropriate, and vendor management.

No method of transmission or storage is completely secure. You should also use appropriate security measures on your side, including strong passwords and access controls.

Third-party links and integrations

Our website or services may contain links to third-party websites, products, or services. If you follow those links or enable third-party integrations, those third parties may process personal data under their own terms and privacy notices. We are not responsible for their independent processing.

Refund and dispute policies

Commercial payment terms, renewals, suspension rights, service credits, refunds, and dispute procedures for paid services are primarily governed by the applicable order form, statement of work, subscription agreement, master services agreement, or another written contract with Blue Trade.

Blue Trade does not use blanket “no refunds” language in this Privacy Policy. If you have a billing or refund query, contact us first at contact@bluetr.io and we will review the matter in good faith in line with the relevant contract and any mandatory legal rights that apply.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last updated” date above. Material changes will apply from the date stated in the updated notice.

Company Contact Information

Blue Trade Limited
Trading name: BlueCRM
Company number: 15227605
Operating and contact address: 111 Balmoral Road, Watford, England, WD24 4EX
Email: contact@bluetr.io

If Blue Trade appoints a Data Protection Officer or an EU representative for the purposes of applicable data protection law, their contact details will be published in this Privacy Policy.