Bluebox Aviation Systems Ltd. (Bluebox) operates within a business to business environment, providing software and products for the aviation industry. We have a legitimate interest in collecting and using personal data of individuals in the course of conducting our business.
Personal data is information relating to an identified or identifiable natural person.
Bluebox is committed to:
- ensuring that any personal data we control or process is protected
- being transparent about how we collect and use personal data
- meeting our data protection obligations.
- Commercial engagement with current, past and prospective customers, commercial partners, and suppliers
- Market research for product development
- Marketing communications activities, such as company news and events
- Engagement through our website and social media platforms
- Employment (current and past) and recruitment
- Enquiries in relation to data protection.
In any of these situations, Bluebox may collect personal data in electronic or physical formats and may include data such as:
- Name, job title, company
- Contact information including email address
- Geographic location
- Opinions, preferences and commercial interests e.g. survey responses, product interests
- Professional qualifications, employment history
As a data controller, Bluebox is responsible for deciding how we hold and use personal information about you. Personal data will be used in direct relation to the purpose for which we hold it and managed as outlined in this policy document. It will not be shared with any other third party without your permission, except in the case of our contracted data processors.
Bluebox may change this policy at any time by updating this page. You should check this page to ensure that you are happy with its content.
This policy is effective from 25/05/2018.
Effective commercial engagement relating to current, past and prospective customers, commercial partners, and suppliers requires the collection and use of personal data.
Legitimate Interest Assessment (LIA)
Bluebox has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO and determined that the rights and freedoms of the individuals (data subjects) whose personal information we hold would not be overridden by our commercial engagements with them, and that in no way would a data subject be harmed by our correspondence.
Based upon our segmentation of purpose, coupled with our processing of personal data within the context of a business environment, we believe any individual that receives correspondence from Bluebox in a business development, sales or marketing capacity, could be legitimately interested in Bluebox’s solutions. It is also deemed that sales and direct marketing are necessary in the context of promoting Bluebox to professionals in our industry in order to increase awareness of our solutions in the marketplace, secure new customers, and ultimately be a successful, growing business.
The LIA will be reviewed every year to determine whether there are any new purposes to assess or other considerations which may alter the conclusions.
Salesforce: Salesforce is a CRM platform we use for managing commercial interactions and storing the personal data of our customers, partners, suppliers and other interested parties. The security policies, procedures, and controls Salesforce makes available to customers are described in the Security, Privacy and Architecture documentation available on Salesforce’s website (click here to access this information). For more general information on Salesforce’s compliance with GDPR regulation, please consult the company’s detailed GDPR overview at: https://www.salesforce.com/gdpr/overview/
Freshworks: Freshdesk is a customer support platform we use to manage service and support requests from customers and other stakeholders involved in our customer agreements. The system will record an individual’s business contact details and information relevant to every service ticket. Freshdesk is a product of Freshworks Inc. For more information on how Freshworks keeps personal data secure, please visit: https://www.freshworks.com/privacy. And for specific information about Freshworks’ commitment to the principles of GDPR, please visit: https://www.freshworks.com/privacy/gdpr
Bluebox has an in-house team responsible for ensuring the validity and quality of the data contained within Bluebox’s CRM and customer support systems. The team will review and cleanse data every year. Any records found to be out of date of the retention period relevant to the purpose of the data will be deleted.
On occasion, Bluebox may contact you directly for market research purposes. We may use the information you consent to provide in order to update, enhance or develop products and services. Your input will be aggregated with other research subjects and anonymised in any final report of findings.
We require this information to engage with you and understand your needs, but also to process information and deliver platform functionality on behalf of our customers and commercial partners.
We may also seek your consent to share your input outside the organisation, potentially in ways that identify you personally (e.g. in media, on our website).
Periodically, we may send promotional emails including information which we think you may find interesting (e.g. product and customer news, events we will be attending, customer receptions).
In line with commercial engagements purpose outlined above, legitimate interest is also the legal basis under which we collect data and proactively communicate via various marketing activities. This was determined as part of the Legitimate Interest Assessment (see section above).
However, you may unsubscribe from these mailings at any time by using ‘unsubscribe’ options available or by contacting us directly.
In conjunction with Salesforce (described above), for direct marketing communications purposes – e.g. distribution of company news and event invitations – we use a third-party system for processing the personal data to distribute the communications.
Constant Contact: Constant Contact is an email platform we use for the distribution of information, news, product updates, and event invitations, as part of promotional campaigns and media relations. The privacy and security policies, procedures, and controls Constant Contact makes available to are described here: https://www.constantcontact.com/uk/legal/privacy-statement.
On this platform we may gather statistics around emails opened and content clicked, to understand interest in the subject and as a basis for following up subsequent activity.
Website and Social Media
If we collect personally identifiable information through our website, we will be clear about the purpose of collecting this information and require your consent for its use prior to you submitting your enquiry via forms on the website.
We also use several tools which provide data to us to understand usage trends, which parts of the site are of greatest interest and from where (at generic levels such as region and company). This helps us understand demand for our products and services as well as improve the way we communicate online.
WordPress: We use a third-party platform, WordPress.com, to publish our website. Forms submitted through the website are processed by the platform and submitted to us via our CRM system (see below). WordPress is run by Automattic Inc. For more information about how WordPress processes data, please see Automattic’s privacy notice.
Cookies: We will ask you to accept cookies when visiting our site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Once you accept, the file is added to your hard drive and the cookie helps analyse web traffic or lets you know when you visit a particular site.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and therefore understand customer interests.
Also, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Learn more at www.aboutcookies.org.
Links to other websites
We may review LinkedIn profile information to validate that a person with whom we are engaging is a relevant and legitimate business contact. If an individual reaches out to Bluebox via social media platforms their details will be recorded in our CRM system with the social media platform being identified as the source of the enquiry. This personal data would then fall under the data reviews of our CRM systems and retained and/or deleted according to our data policy.
Employment and Recruitment
As an employer, Bluebox will use your personal information on the following bases:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.
Data processed will sometimes include sensitive information, such as:
- Bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- Next of kin and emergency contact information
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Recipients of your data may include third-party service providers (such as payroll and pensions providers), other related business entities, or a regulator.
When we do so, we will require the third parties to respect the security of your data and to treat it in accordance with the law.
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure to individuals’ personal data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and manage.
A core part of our business is in processing valuable digital content, and so our IT infrastructure, security and operational processes follow specific best practice guidelines and are subject to audit by the Motion Picture Association of America. As a result, all other data we hold, such as the personal data described in this policy, benefits from these security measures. More information about these measures can be found here: https://www.mpaa.org/what-we-do/advancing-creativity/additional-resources.
Notwithstanding our efforts, we cannot guarantee absolute or unqualified protection of this information given the open nature and resulting instability of the Internet, and we make no representations or warranties as to the effectiveness of our security and assume no liability for security breaches or any failure in the security of your computer equipment, your internet service provider or other networks and communications providers.
For most purposes, we will keep personal information under a retention policy of five years from the last engagement with the data subject. After this time, the data will be purged from our systems and external processors.
In the case of employees, personal data will be retained for the duration of your employment with Bluebox and as long as necessary. And in the case of unsuccessful job applicants, personal data will only be held for up to 12 months.
Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
For example, you have the right to:
- Request access to, and a copy of, your personal information
- Request correction of the personal information that we hold about you
- Request erasure of your personal information.
- Object to processing of your personal information
If you would like to exercise any of these rights, please contact our Data Privacy Team at firstname.lastname@example.org.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Bluebox’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below. A small fee will be payable, if you request a copy of the information held on you. Please write to at the address at the end of this notice.
If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible, at the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact the ICO as the statutory body which oversees data protection law in the UK: www.ico.org.uk/concerns.
How to contact us
Bluebook Aviation Systems Ltd.
Attn: Data Privacy Team