Last Updated: January 2025
Privacy Policy
Company: Softblues Solutions LTD
Registered: United Kingdom
Contact: privacy@softblues.io
1. Introduction
This Privacy Policy explains how Softblues Solutions LTD ("Softblues", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you:
- Visit our website (softblues.io)
- Use our AI development, consulting, or team augmentation services
- Contact us through our website forms, email, or other channels
- Engage with our marketing communications
- Apply for employment or contractor positions
We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
2. Who We Are
Data Controller:
Softblues Solutions LTD
Registered in England and Wales
United Kingdom
For all data protection matters, you can contact us at:
- Email: privacy@softblues.io
- Website: softblues.io/contacts
3. Information We Collect
3.1 Information You Provide Directly
We collect information you voluntarily provide when you:
- Contact Forms & Inquiries: Name, email address, phone number, company name, job title, and message content
- Service Requests: Project requirements, budget information, timeline expectations, technical specifications
- Newsletter Subscriptions: Email address and communication preferences
- Lead Magnet Downloads: Name, email, company name, job role
- Job Applications: CV/resume, cover letter, work history, education, references, right to work documentation
- Client Engagements: Billing information, contract details, project documentation
3.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Device Information: IP address, browser type and version, operating system, device type
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
- Location Data: Approximate geographic location based on IP address
- Cookies and Similar Technologies: Session cookies, analytics cookies, preference cookies (see Section 10)
3.3 Information from Third Parties
We may receive information from:
- Analytics Providers: Google Analytics, other web analytics services
- Social Media Platforms: LinkedIn, when you engage with our content
- Business Partners: Referral information from partners like Google Cloud
- Publicly Available Sources: Company information from public databases
4. How We Use Your Information
4.1 Service Delivery
- Responding to inquiries and providing information about our services
- Delivering AI development, consulting, and team augmentation services
- Managing client relationships and project communications
- Processing invoices and payments
4.2 Marketing and Communications
- Sending newsletters, industry insights, and company updates (with consent)
- Sharing relevant case studies, whitepapers, and resources
- Personalising content based on your interests and interactions
4.3 Website Improvement
- Analysing website usage to improve user experience
- Testing new features and functionality
- Troubleshooting technical issues
4.4 Legal and Compliance
- Complying with legal obligations
- Establishing, exercising, or defending legal claims
- Preventing fraud and ensuring security
4.5 Recruitment
- Processing job applications
- Assessing candidate suitability
- Conducting background checks where required and permitted
5. Legal Basis for Processing
Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following:
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries | Legitimate interests |
| Delivering contracted services | Contract performance |
| Sending marketing emails | Consent |
| Website analytics | Legitimate interests |
| Legal compliance | Legal obligation |
| Processing job applications | Legitimate interests / Contract |
| Fraud prevention | Legitimate interests |
Legitimate Interests Assessment: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.
6. Data Sharing and Disclosure
We do not sell your personal data.
We may share your information with:
6.1 Service Providers
- Cloud hosting providers (Google Cloud Platform, AWS)
- Email marketing platforms (for newsletter delivery)
- CRM systems (for client relationship management)
- Analytics providers (for website analytics)
- Payment processors (for billing purposes)
6.2 Professional Advisors
Accountants, lawyers, and other professional advisors as necessary.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
6.4 Legal Requirements
- When required by law, court order, or governmental authority
- To protect our rights, property, or safety, or that of our users or others
All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.
7. International Data Transfers
Softblues is based in the United Kingdom. Your data may be transferred to and processed in countries outside the UK and EEA, including:
- United States (cloud infrastructure providers)
- Ukraine (development team members)
- Other countries where our service providers operate
When transferring data internationally, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses (SCCs): EU/UK-approved contractual protections
- Supplementary Measures: Additional technical and organizational measures where required
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Contact form inquiries | 2 years from last contact |
| Client project data | 7 years after project completion |
| Marketing contacts | Until unsubscribe + 30 days |
| Website analytics | 26 months |
| Job applications (unsuccessful) | 12 months after decision |
| Employee records | Duration of employment + 7 years |
After the retention period, data is securely deleted or anonymized.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
9.1 Right of Access
You can request a copy of the personal data we hold about you.
9.2 Right to Rectification
You can request correction of inaccurate or incomplete data.
9.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your data in certain circumstances.
9.4 Right to Restrict Processing
You can request that we limit how we use your data.
9.5 Right to Data Portability
You can request your data in a structured, machine-readable format.
9.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing.
9.7 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing.
9.8 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at: privacy@softblues.io
We will respond to your request within one month. In complex cases, this may be extended by two additional months.
Right to Complain
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
11. Third-Party Services
Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.
Third-party services we integrate with include:
- Google Cloud Platform (infrastructure)
- Calendly (appointment scheduling)
- Clutch.co (reviews platform)
12. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data encrypted in transit (TLS/SSL) and at rest
- Access Controls: Role-based access limiting data to authorized personnel
- Infrastructure Security: Hosting on enterprise-grade cloud platforms (Google Cloud)
- Employee Training: Regular data protection training for all staff
- Incident Response: Procedures for detecting, reporting, and responding to data breaches
- Regular Audits: Periodic security assessments and reviews
Despite these measures, no method of transmission over the internet is 100% secure. If you have concerns about data security, please contact us.
13. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email (if you are a subscriber or client)
- Display a notice on our website
We encourage you to review this policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Softblues Solutions LTD
Email: privacy@softblues.io
Website: softblues.io/contacts
For data protection inquiries, we aim to respond within 5 business days.