Privacy Policy


Last updated 28 June 2023 Bluelight CRM (“Bluelight CRM”, “our”, “we”, “us”) takes your right to privacy very seriously; the following Privacy and Cookie policy (“Privacy Policy”) aims to give you information on how Bluelight CRM collects and processes your personal data when you use (“Website”).

The Website is not intended for children (those aged 13 and under), and we do not knowingly collect data relating to children. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

This Privacy Policy supplements the other notices and is not intended to override them. When you register or use the Website, you will be asked to "opt-in" to our Privacy Policy, i.e., to confirm that you agree to our use of any personal data that we may collect from you as a user of the Website as set out in this Privacy Policy. If you do not give your consent, you will not be able to use the Website, as we will be unable to provide our services and facilities to you.

For ease of reading, we have divided this Privacy Policy into several sections:

  • What information do we collect?
  • How is your personal data collected?
  • How and why do we use/share your information?
  • How long do we keep your information?
  • Cookies
  • Your Rights

What information do we collect?

What is personal data?

Where this Privacy Policy refers to ‘personal data’ it is referring to data about you (or other living people) from which you could be identified – such as your name, your contact details and even your IP address. By law, all organisations in the UK are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it.

You also have various rights to seek information from those organisations about how they are using your data and to prevent them from processing it unlawfully. For more information about these rights, please see the ‘Your Rights’ section of this Privacy Policy.

The data we collect from you depends on how you interact with us; Bluelight CRM will collect the following from you:

Identity Data: Name, title

Company Data: Name and location

Contact Data: E-mail address, postal address, telephone number; and mobile number

Technical Data: includes IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.

Usage Data: includes information about how you use our Website, products, and services.

Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

Updating your information

If you want to update the information you have previously given to us (e.g. if you have recently moved office or changed your email address), you can contact Bluelight CRM at: [email protected].

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions: You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, e-mail, chatbot or otherwise. This includes personal data you provide when you:

  • Provide your details to receive offers and updates, and other marketing material from us;
  • Give us feedback.

Automated technologies or interaction: As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see the section on cookies for further details.

Third parties: We may receive personal data about you from various third parties as set out below:

  • Technical Data from analytical providers, such as Google, based outside the EU.
  • Identity and Contact Data from our business partners

How and why do we use/share your information?

Collecting your information

Where we collect your personal data, we may use that information to:

  • Operate the service and send you the information you request on the Website
  • Generate aggregated statistics about our Website visitors and users of the service
  • Collect broad demographic information for aggregated use
  • Improve the content of our web pages
  • Administer this Website
  • Customise the service we provide to you
  • Handle enquiries submitted to us by you
  • Send you our newsletter and information about products and services that may interest you if you have agreed to us doing so. This may be by email. If at any time you do not wish to continue to receive these details, then contact us using these details: [email protected]

Why is Bluelight CRM allowed to use your information in this way?

Bluelight CRM will only use your personal data in the following circumstances: 

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where we need to comply with a legal or regulatory obligation.
  • Where we have your consent as a legal basis for processing to send you any direct marketing from us or third parties via e-mail. You have the right to withdraw consent to marketing at any time by contacting us at [email protected].

Sharing your information

Depending on how and why you provide us with your personal data. We may share it in the following ways:

  • We may analyse and disclose aggregated statistics about our Website visitors and users of our service in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
  • We may disclose personal data if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the Website or its visitors.
  • We may share your data with our trusted partners in order to provide the relevant services to you.
  • We shall ensure that we have appropriate contracts in place with our trusted partners to ensure the protection of your information. If at any time you do not wish us to share your information in this way, then you can opt-out any time by contacting Bluelight CRM at [email protected]

Service Providers

We will use third-party service providers to undertake processing operations on our behalf, and this may require us to share your personal data with them. These service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this information and do not use it for any other purpose.

We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights and their commitments to assisting us to help you exercise your rights as a data subject. Please note that some of our service providers are based outside of the European Economic Area (the “EEA”).

Where we transfer your data to a service provider that is outside of the EEA, we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld.

Links to third-party sites

Please note that where we provide links to third-party websites that are not affiliated with Bluelight CRM, such sites are out of our control and are not covered by this Privacy Policy, regardless of whether they use our branding or logo on their websites. If you access third-party sites using the links provided, the operators of these sites may collect information from you that could be used by them in accordance with their own privacy policies. Please check these policies before you submit any personal data to these websites.

How long do we keep your information?

Data retention

In accordance with our Data Retention Policy, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirement.

In some circumstances, you can ask us to delete your data: see ‘below for further information.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Data storage and security

Bluelight CRM takes the protection of your information very seriously. We use encryption (SSL) to protect your personal data when appropriate, and all the information provided to Bluelight CRM is stored securely once we receive it.

Bluelight CRM may store your personal data on secure servers either on our premises or in secure third-party data centres.



A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer's hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the 'lifetime' of the cookie, and a value, usually a randomly generated unique number. A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:

Session cookie. A temporary cookie that remains in the cookie file of your browser until you leave the website.

Persistent cookie. This remains in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

As for the domain to which it belongs, there are either:

First-party cookies. These cookies are issued from the website you have accessed and often serve to give memory about your data and preferences.

Third-party cookies. These are stored by a different domain to the visited page’s domain.

Cookies we use

Necessary: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

UMB_PREVIEW  Allows a previewed page to act as a published page only on the browser which has initialised previewing. Session
UMB-WEBSITE-PREVIEW-ACCEPT A client-side cookie that determines whether the user has accepted to be in Preview Mode when visiting the website. Session

Used to store the Umbraco software installer id.


Enables your system to check for the Umbraco software updates.


Used to store the backoffice antiforgery token validation value.


Set for angular to pass into the header value for "X-UMB-XSRF-TOKEN"


Default authentication type used for storing that 2FA is not needed on next login


Preserves the visitor's session state across page requests.


Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Please note that we use Google Analytics to collect information about you in aggregated form to help Bluelight CRM understand how the Website is being used and to help Bluelight CRM customise the Website for you. For more information about Google’s privacy policy, please visit If you do not wish to allow the use of Google Analytics cookies at all, Google provides an opt-out plug-in for most common website browsers

Your Rights

As a data subject, you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.

Right of Access:

You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a "subject access request").

Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people or a right to request specific documents from us that do not relate to your personal data.

You can exercise this right at any time by writing to us using the contact details set out at [email protected] and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.

Your Right to Rectification and Erasure:

You may, at any time, request that we correct personal data that we hold about you that you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).

Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if, for any reason, we believe that we have a good legal reason to continue processing personal data that you ask us to erase, we will tell you what that reason is at the time we respond to your request.

You can exercise this right at any time by writing to us at [email protected] and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

Your Right to Restrict Processing:

Where we process your personal data on the basis of a legitimate interest (see the section of this Privacy Policy which explains why we use your personal data), you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data: (a) if you dispute the accuracy of that personal data and want us to verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if, for any reason, we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us at [email protected] and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

Your Right to Portability:

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party, you may write to us and ask us to provide it to you in a commonly used machine-readable format.

Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party, we are happy to consider such requests.

Your Right to stop receiving communications:

For details on your rights to ask us to stop sending you various kinds of communications, please contact us at [email protected].

Your Right to object to automated decision making and profiling:

You have the right to be informed about the existence of any automated decision-making and profiling of your personal data and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

Exercising your rights:

When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which rights you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information, then we may delay actioning your request until you have provided us with additional information (and where this is the case, we will tell you).


Bluelight CRM (Company Number 09740281) with registered office address at:

Suite 01,
Churchill Business Square,
West Malling,
ME19 4YU.

You can also email [email protected]