top of page

Privacy Policy

Effective Date: 21 August 2025

Updated: 13 September 2025
Business Name: BlueCIRT

Company number:  16662043

ICO Registration Number: ZB971264

Registered in England & Wales.
Owner/Director & Data Protection Officer (DPO): Ivan Pitton
Contact Email: info@bluecirt.com

​

1. Introduction

This Privacy Policy explains how Blue CIRT Ltd (“Blue CIRT”, “we”, “us”, “our”) processes personal data in connection with our website, learning platform, and related services. It applies to all users of our Services and supplements other notices such as our Cookie Policy.

At BlueCIRT, your privacy matters. This Privacy Policy outlines how we collect, use, and protect your personal data when you engage with our services via our Wix-based website, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and other applicable laws.

​

2. Personal Data We Collect

We may collect the following personal data:

  • Identity Data: First and last name

  • Contact Data: Email address, billing address

  • Financial Data: Payment method details (Visa, MasterCard, Apple Pay, Google Pay)

  • Technical Data: IP address, browser type, operating system, device information

  • Marketing Data: Subscription preferences for newsletters and promotional content

  • Communication Data: Information you provide when contacting us via Google services

​

3. How We Collect Your Data

Your data is collected through:

  • Account sign-ups and service registrations

  • Newsletter subscriptions and marketing opt-ins

  • Payment transactions processed via integrated payment services

  • Use of contact forms or emails via Google accounts

  • Wix’s built-in analytics and cookies

​

4. Lawful Basis for Processing

We rely on the following lawful grounds under Article 6 GDPR:

  • Contractual necessity (Art. 6(1)(b)) – to fulfil service or purchase agreements

  • Legal obligation (Art. 6(1)(c)) – for tax, legal, and compliance obligations

  • Consent (Art. 6(1)(a)) – for sending marketing communications

  • Legitimate interests (Art. 6(1)(f)) – to improve services and ensure security

​

5. Use of Personal Data

We use your data to:

  • Register your account and provide requested services

  • Process transactions and deliver receipts

  • Send updates, newsletters, or promotional offers (where you’ve consented)

  • Respond to customer queries and support requests

  • Comply with legal obligations and resolve disputes

​

6. Sharing of Data

We may share your data with:

  • Wix.com Ltd – for web hosting, analytics, forms, and security

  • Google LLC – for email correspondence and support tools

  • Payment providers – such as Visa, MasterCard, Apple Pay, Google Pay

  • Regulatory or legal authorities – where required by law

All third-party data processors are contractually bound to process your data in accordance with the GDPR.

​

7. International Data Transfers

Where data is transferred outside the EEA, we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (Art. 46 GDPR), ensuring an essentially equivalent level of data protection.

 

8. Data Retention

We retain data only as long as necessary for the purposes described or as required by law.

Examples:

- Orders & invoices: 6 years from the end of the financial year.

- Account data: life of account + 24 months.

- Support queries: 24 months after last interaction.

- AI interaction logs (optional features): 12 months.

- Analytics data: 13 months (UK/EU default for Google Analytics).

 

9. Your Data Protection Rights

You have the right to:

  • Access your data (Article 15 GDPR)

  • Correct inaccuracies (Article 16 GDPR)

  • Request deletion of your data (Article 17 GDPR)

  • Restrict the processing of your data (Article 18 GDPR)

  • Object to the processing of your data (Article 21 GDPR)

  • Receive your data in a portable format (Article 20 GDPR)

  • Withdraw your consent at any time where processing is based on consent (Article 7(3) GDPR)

To exercise any of these rights, contact us at info@bluecirt.com.

Right to Lodge a Complaint (EU/EEA Residents)

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a Data Protection Authority (DPA) in your EU or EEA member state.
https://edpb.europa.eu/about-edpb/about-edpb/members_en

U.S. State Privacy Rights

If you are a resident of certain U.S. states—such as California, Virginia, Colorado, Connecticut, or Utah—you may have additional rights under state-specific privacy laws. These may include the right to:

  • Know what personal data is collected about you

  • Request access to or deletion of your data

  • Opt out of the sale or sharing of your data

If applicable, you may contact us at info@bluecirt.com to exercise these rights. We will take reasonable steps to verify your identity before processing such requests.

You can also complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk  or 0303 123 1113.

 

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and deliver personalized content and advertisements. This is done in compliance with Article 5(3) of the ePrivacy Directive and relevant GDPR provisions.

 

a. What Are Cookies?

Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour data. When you visit our website, we may automatically collect information from you through cookies or similar technologies.

 

b. Types of Cookies We Use

  • Strictly Necessary Cookies – Required for the operation of our site (e.g., session management, security). These do not require consent.

  • Analytics/Performance Cookies – Help us understand how visitors interact with our website (e.g., via Google Analytics). These require your consent.

  • Functionality Cookies – Remember your preferences and settings to improve user experience.

  • Marketing/Advertising Cookies – Used to track visitors across websites for relevant marketing and advertising (e.g., Facebook Pixel, Google Ads).

 

c. Managing Cookies

You can manage your cookie preferences through:

 

d. Third-Party Cookies

Cookies may be set by:

  • Wix.com Ltd – platform operation, session tracking

  • Google LLC – analytics, ads, Gemini and integrations

  • Other marketing tools – as disclosed through our consent banner

 

e. Your Consent

We will request your consent for any non-essential cookies. You may withdraw consent at any time via cookie settings.

 

See our Cookie Policy for more details.

​

11. Data Security

We implement appropriate technical and organizational measures (Art. 32 GDPR), including encryption, access controls, and secure storage via trusted platforms (Wix, Google) to protect your data.

​

12. Policy Updates

We may update this Privacy Policy as needed. We will notify you of significant changes via email or our website.

 

13. Children

Our Services are intended for learners aged 16+.

We do not knowingly collect children’s data.

If you believe a child has provided personal data, please contact us and we will delete it.

 

7. Use of AI Tools

We may use AI tools (including Google Gemini / Google AI Studio / Copilot / ChatGPT / Synthesia) to assist with drafting learning materials and optional interactive features.

Human reviewers at the provider may review prompts and outputs to improve service quality.

You should not submit special category, confidential, or sensitive data in AI features.

Where AI processing involves systems outside the UK (e.g., US), we apply safeguards such as the UK-US Data Bridge or IDTA/UK Addendum to the EU SCCs.

 

15. Contact

For all data protection inquiries or to exercise your rights, contact:

Ivan Pitton
Data Protection Officer (DPO), BlueCIRT
info@bluecirt.com

​

16. Disclaimer

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. While we strive to ensure the information is accurate and up to date, BlueCIRT makes no warranties as to its completeness or reliability.

By using our website and services, you acknowledge that BlueCIRT is not liable for any direct, indirect, or consequential loss arising from reliance on this policy. We recommend consulting legal counsel for advice specific to your situation.

BlueCIRT

Terms & Conditions  I  Privacy Policy  I  Disclaimer  I Accessibility Statement  I  Cookie Policy  I  Legal Notice

© 2025 by Blue CIRT

bottom of page