Bluebox Aviation Systems Ltd. (Bluebox) operates within a business to business environment, providing software and products for the aviation industry. We have a legitimate interest in collecting and using personal data of individuals in the course of conducting our business.

Personal data is information relating to an identified or identifiable natural person.

Bluebox is committed to:

  • ensuring that any personal data we control or process is protected
  • being transparent about how we collect and use personal data
  • meeting our data protection obligations.

Should you provide us with personal information, or we obtain information by which you could be identified, then you can be assured that your personal data will only be used in accordance with this privacy policy, and in compliance with the European Union General Data Protection Regulation (GDPR) which came into effect 25 May 2018. In the UK we’ve taken guidance on meeting our GDPR obligations from the UK’s Information Commissioner’s Office.

Personal data may be collected by Bluebox in several ways, including through use of our Blueview digital services platform. Please note, due to the unique nature of this data collection, there is a separate privacy policy addressing data collected through Blueview. Please see this policy here: Privacy Policy – Blueview.

This privacy policy below addresses how Bluebox collects, uses and protects personal data provided to us or obtained by us through our commercial activity for a number of purposes:

  • Commercial engagement with current, past and prospective customers, commercial partners, and suppliers
  • Market research for product development
  • Marketing communications activities, such as company news and events
  • Engagement through our website and social media platforms
  • Employment (current and past) and recruitment
  • Enquiries in relation to data protection.

In any of these situations, Bluebox may collect personal data in electronic or physical formats and may include data such as:

  • Name, job title, company
  • Contact information including email address
  • Geographic location
  • Opinions, preferences and commercial interests e.g. survey responses, product interests
  • Professional qualifications, employment history

As a data controller, Bluebox is responsible for deciding how we hold and use personal information about you. Personal data will be used in direct relation to the purpose for which we hold it and managed as outlined in this policy document. It will not be shared with any other third party without your permission, except in the case of our contracted data processors.

Data processors are third parties who provide elements of our data management for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Details of specific data processors are found in the relevant sections of this privacy policy.

Bluebox may change this policy at any time by updating this page. You should check this page to ensure that you are happy with its content.

This Privacy Policy came into effect on 25th May 2018 and was last updated on 22 March 2023.

Commercial Engagement

Effective commercial engagement relating to current, past and prospective customers, commercial partners, and suppliers requires the collection and use of personal data.

Legitimate Interest Assessment (LIA)

Bluebox has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO and determined that the rights and freedoms of the individuals (data subjects) whose personal information we hold would not be overridden by our commercial engagements with them, and that in no way would a data subject be harmed by our correspondence.

Based upon our segmentation of purpose, coupled with our processing of personal data within the context of a business environment, we believe any individual that receives correspondence from Bluebox in a business development, sales or marketing capacity, could be legitimately interested in Bluebox’s solutions.  It is also deemed that sales and direct marketing are necessary in the context of promoting Bluebox to professionals in our industry in order to increase awareness of our solutions in the marketplace, secure new customers, and ultimately be a successful, growing business.

The LIA will be reviewed every year to determine whether there are any new purposes to assess or other considerations which may alter the conclusions.

Data Processors

Salesforce: Salesforce is a CRM platform we use for managing commercial interactions and storing the personal data of our customers, partners, suppliers and other interested parties. The security policies, procedures, and controls Salesforce makes available to customers are described in the Security, Privacy and Architecture documentation available on Salesforce’s website (click here to access this information). For more general information on Salesforce’s compliance with GDPR regulation, please consult the company’s detailed GDPR overview at:

Freshworks: Freshdesk is a customer support platform we use to manage service and support requests from customers and other stakeholders involved in our customer agreements. The system will record an individual’s business contact details and information relevant to every service ticket. Freshdesk is a product of Freshworks Inc. For more information on how Freshworks keeps personal data secure, please visit: And for specific information about Freshworks’ commitment to the principles of GDPR, please visit: 

Bluebox has an in-house team responsible for ensuring the validity and quality of the data contained within Bluebox’s CRM and customer support systems.  The team will review and cleanse data every year.  Any records found to be out of date of the retention period relevant to the purpose of the data will be deleted.

Market Research

On occasion, Bluebox may contact you directly for market research purposes. We may use the information you consent to provide in order to update, enhance or develop products and services. Your input will be aggregated with other research subjects and anonymised in any final report of findings.

We require this information to engage with you and understand your needs, but also to process information and deliver platform functionality on behalf of our customers and commercial partners.

We may also seek your consent to share your input outside the organisation, potentially in ways that identify you personally (e.g. in media, on our website).

Marketing Communications

Periodically, we may send promotional emails including information which we think you may find interesting (e.g. product and customer news, events we will be attending, customer receptions).

In line with commercial engagements purpose outlined above, legitimate interest is also the legal basis under which we collect data and proactively communicate via various marketing activities. This was determined as part of the Legitimate Interest Assessment (see section above).

However, you may unsubscribe from these mailings at any time by using ‘unsubscribe’ options available or by contacting us directly.

In conjunction with Salesforce (described above), for direct marketing communications purposes – e.g. distribution of company news and event invitations – we use a third-party system for processing the personal data to distribute the communications.

Constant Contact: Constant Contact is an email platform we use for the distribution of information, news, product updates, and event invitations, as part of promotional campaigns and media relations. The privacy and security policies, procedures, and controls Constant Contact makes available to are described here:

On this platform we may gather statistics around emails opened and content clicked, to understand interest in the subject and as a basis for following up subsequent activity.

Website and Social Media

If we collect personally identifiable information through our website, we will be clear about the purpose of collecting this information and require your consent for its use prior to you submitting your enquiry via forms on the website.

We also use several tools which provide data to us to understand usage trends, which parts of the site are of greatest interest and from where (at generic levels such as region and company). This helps us understand demand for our products and services as well as improve the way we communicate online.

WordPress: We use a third-party platform,, to publish our website. Forms submitted through the website are processed by the platform and submitted to us via our CRM system (see below). WordPress is run by Automattic Inc. For more information about how WordPress processes data, please see Automattic’s privacy notice.

Google Analytics: Our website uses Google Analytics which is a third-party freemium web analytics service that tracks and reports website traffic. The information is anonymous, however, you can opt-out of having your activity available to Google Analytics by installing the opt-out browser add-on. The add-on prevents the Google Analytics JavaScript that is running on our website from sharing information with Google Analytics about visit activity. Google’s Privacy Policy can be viewed here:

Lead Forensics: We subscribe to a third-party service, Lead Forensics, which uses IP Address tracking technology to identify to us identifiable businesses visiting our site and the pages that are being used. It does not identify individuals within those businesses, but helps us analyse data about web page traffic to understand market interest in our products and services as well as to develop and improve our website. Please view Lead Forensics’ privacy policy information for more information about how they use data.

Cookies: We will ask you to accept cookies when visiting our site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Once you accept, the file is added to your hard drive and the cookie helps analyse web traffic or lets you know when you visit a particular site.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and therefore understand customer interests.

Also, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Learn more at

Links to other websites

This policy and our website may contain links to other websites of interest. However, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. We encourage you to review the privacy statement applicable to the website in question.

Social Media

We may review LinkedIn profile information to validate that a person with whom we are engaging is a relevant and legitimate business contact. If an individual reaches out to Bluebox via social media platforms their details will be recorded in our CRM system with the social media platform being identified as the source of the enquiry. This personal data would then fall under the data reviews of our CRM systems and retained and/or deleted according to our data policy.

Employment and Recruitment


A separate employee privacy policy describes how we collect and use personal information about you during and after your working relationship with us in accordance with the GDPR.

As an employer, Bluebox will use your personal information on the following bases:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.

Data processed will sometimes include sensitive information, such as:

  • Bank account details, payroll records and tax status information
  • Salary, annual leave, pension and benefits information
  • Next of kin and emergency contact information

We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Recipients of your data may include third-party service providers (such as payroll and pensions providers), other related business entities, or a regulator.

When we do so, we will require the third parties to respect the security of your data and to treat it in accordance with the law.

The employee privacy policy applies to all current and former employees, workers and contractors. For more information on the employee privacy policy, please email


Bluebox collects and processes personal data during our recruitment process. Upon applying via the email address, you consent to your details being securely held and processed by the company in accordance with our recruitment privacy policy and this privacy notice. For more information on our recruitment privacy policy, please email

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes.

For more information on our recruitment privacy policy, please email


We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure to individuals’ personal data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and manage.

A core part of our business is in processing valuable digital content, and so our IT infrastructure, security and operational processes follow specific best practice guidelines and are subject to audit by the Motion Picture Association of America. As a result, all other data we hold, such as the personal data described in this policy, benefits from these security measures. More information about these measures can be found here:

Notwithstanding our efforts, we cannot guarantee absolute or unqualified protection of this information given the open nature and resulting instability of the Internet, and we make no representations or warranties as to the effectiveness of our security and assume no liability for security breaches or any failure in the security of your computer equipment, your internet service provider or other networks and communications providers.

Data Retention

For most purposes, we will keep personal information under a retention policy of five years from the last engagement with the data subject. After this time, the data will be purged from our systems and external processors.

In the case of employees, personal data will be retained for the duration of your employment with Bluebox and as long as necessary. And in the case of unsuccessful job applicants, personal data will only be held for up to 12 months.

Your Rights

Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here:

For example, you have the right to:

  • Request access to, and a copy of, your personal information
  • Request correction of the personal information that we hold about you
  • Request erasure of your personal information.
  • Object to processing of your personal information

If you would like to exercise any of these rights, please contact our Data Privacy Team at

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Bluebox’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below. A small fee will be payable, if you request a copy of the information held on you. Please write to at the address at the end of this notice.

If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible, at the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact the ICO as the statutory body which oversees data protection law in the UK:

Changes to this Privacy Policy

We regularly review and update our privacy policy. This privacy policy was last updated on 22 March 2023.

How to contact us

If you want to request information about our privacy policy you can email us at or write to us at:

Attn: Data Protection Team
Bluebook Aviation Systems Ltd.
Estantia House
Pitreavie Drive
Dunfermline, Fife
KY11 8US
United Kingdom