Privacy Notice

Blue Life Secure, LLC and its Affiliates

1. Introduction
This Privacy Notice explains how Blue Life Secure, LLC and its affiliates («Blue Life Secure,» «we,» «us,» or «our») collect, use, disclose, and protect personal information in connection with our business operations and services, including services we provide as a data processor on behalf of enterprise clients.

2. Scope and Our Role (Controller / Processor)
This Notice applies to personal information processed through our websites, communications, and service delivery.

  • Data Processor: When acting on behalf of enterprise clients, we process personal information solely in accordance with the client’s documented instructions and applicable contractual obligations, including confidentiality, security, and incident-notification requirements.
  • Data Controller: When processing personal information for our own business operations (such as compliance, vendor management, or internal administration), we act as a data controller in accordance with applicable law and this Notice.

3. Key Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, including collection, use, storage, disclosure, or deletion.
  • Processor: An entity that processes personal data on behalf of a controller.

4. Categories and Sources of Personal Data
Depending on the services provided, Blue Life Secure and its affiliates may process the following categories of personal data:

  • Identifiers and contact information (e.g., name, email address, phone number)
  • Contractual, administrative, and compliance-related information
  • Any additional data categories as instructed by our clients

Sources of personal data may include:

  • Our clients
  • Individuals (data subjects)
  • Authorized systems and platforms used to deliver services

5. Purposes of Processing and Legal Bases
We process personal data for the following purposes:

  • Delivering, maintaining, and improving contracted services
  • Managing client relationships and operational support
  • Security monitoring, fraud prevention, and incident detection
  • Compliance with legal, regulatory, and contractual obligations

Legal bases may include performance of a contract, compliance with legal obligations, and legitimate interests related to information security and business operations. When acting as a processor, the client determines the applicable legal basis.

6. Data Sharing and Subprocessors
Blue Life Secure and its affiliates may engage vetted third-party service providers (“subprocessors”) to support service delivery, such as secure cloud hosting or collaboration tools. All subprocessors are contractually required to maintain appropriate confidentiality, security controls, and regulatory compliance. We maintain records of subprocessors and notify clients of material changes as required by contract.

7. International Data Transfers
Where personal data is transferred across borders, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, in accordance with applicable law and client instructions.

8. Information Security
We maintain administrative, technical, and organizational safeguards designed to protect personal data, including:

  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for cloud services and administrative access
  • Encryption of data in transit and at rest
  • Endpoint protection, patch management, and system monitoring
  • Security event logging and incident response procedures

We maintain incident response policies and notify affected clients within contractually agreed timelines.

9. Data Retention and Deletion
Personal data is retained only for as long as necessary to fulfill the purposes described in this Notice or as required by law or contract. Unless otherwise required, financial and contractual records are retained for up to seven (7) years. Upon service completion and at a client’s request, data will be securely returned or deleted within agreed timelines.

10. Data Subject Rights
Subject to applicable law, individuals may have rights to access, correct, delete, restrict, object to, or request portability of their personal data. When we act as a processor, we forward such requests to the relevant client and provide reasonable assistance to support timely responses.

11. Children’s Data
Our services are not directed to children, and we do not knowingly collect personal information from children without appropriate authorization.

12. Cookies and Similar Technologies
If our website uses cookies or similar technologies, a separate Cookies Notice will be made available describing the types of cookies used and their purposes.

13. Updates to This Notice
We may update this Privacy Notice from time to time to reflect legal, technical, or operational changes. When changes are material, we will take reasonable steps to provide notice as appropriate.