Privacy Policy

1. Introduction

BlueFlag Security and our affiliates (together, “BlueFlag Security”, “we”, “our” or “us”) provides software supply chain security and governance services (the “Services”). As part of its Services, BlueFlag Security provides its customers with an Identity-based SDLC (Software Development Life Cycle) Governance solution to secure software development – from code to deployment. The platform leverages an AI/ML based Identity Intelligence framework to identify, prioritize, and remediate vulnerabilities and threats before they become major breaches. (collectively, the “Platform”).

BlueFlag Security respects the privacy of its customers, partners, vendors, service providers, Platform users, website visitors and employment candidates, and is committed to protecting the personal information that is shared with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “you” or “Data Subjects”).

To ensure transparency and give you more control over your Personal Data, this privacy policy (“Privacy Policy”) describes how we process, use, collect and store Personal Data (defined below) that we receive from or about you in different scenarios.

For instance, when you browse or visit our websites,  blueflagsecurity.com( together with their subdomains, the “Website”) and use its various offerings (like booking a demo, requesting a free trial, downloading resources, and subscribing to newsletters), create an account and log in to our Platform, and any other software application that we license, show interest in our Services, take part in our marketing activities, interact with us on our social media profiles, or apply for a job with us, as well as when we acquire your Personal Data from third-party sources for marketing, process your Personal Data, all as detailed below.

Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or means of enforcement.

“Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.

Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, the legal basis discussed below is only relevant to individuals protected by the European Union General Data Protection Regulation (also, as it forms part of the laws of England and Wales, Scotland, and Northern Ireland, the “GDPR”)).

For the purposes of the GDPR and other applicable privacy laws, BlueFlag Security is a data controller (“Controller”) in relation to the Personal Data of the representatives of our customers and prospective customers, partners, vendors, website visitors and employment candidates.

For the purposes of the GDPR and other applicable privacy laws, BlueFlag Security is a data processor (“Processor”) in relation to the processing of the Personal Data of our customers’ Platform users, or any other Personal Data processed on behalf of our customers as part of the provision of the Services through our Platform. If you are a registered user of the Platform, or if we may otherwise process your Personal Data on behalf of our customers as part of our Services, please contact our applicable customer to receive additional information regarding the processing of your Personal Data on the Platform as part of our Services.

We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means.

This Privacy Policy forms part of our Website Terms of Use. Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.

2. What information we collect, why we collect it, and how it is used

We collect and use the following information:

(i) When you browse or visit our website:

1. Personal Data we may collect: We may use analytics tools, cookies and log files on our website which may collect Personal Data such as IP address, pages clicked, search and browser history, and device information. For more information about our use of cookies, please read our cookies policy.
2. For what purposes: We use such information to analyze usage trends of the Website, maintain and improve the Website’s functionality and our marketing and promotional efforts. We may also share certain parts of this information with third parties for these purposes. For more information, please refer to our cookies policy.
3. Legal basis (GDPR only, if applicable): Legitimate interest (e.g., essential cookies required for the operation of the Website) or Consent (e.g., non-essential cookies, such as marketing or analytics cookies, to the extent required under applicable law).
4. Consequences of not providing Personal Data: Certain Website features may not be available, and we may not be able to use the Personal Data for the purposes described above (e.g., analytics or marketing).

(ii) When you book a demo:

1. Personal Data we may collect: Full name, business email address, as well as any other Personal Data that you decide to provide us with.
2. For what purposes: To receive and respond to your request, to provide you with a product demo and to send you marketing communications via email. We may also record the demo and/or follow-up sessions, if you agree, for the purposes of business intelligence and improving our Services.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering a contract and/or legitimate interest (to provide you with a demo, marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide a demo and/or send you marketing communications.

(iii) When you request a free trial and during the trial period:  

1. Personal Data we may collect: Full name, job title, business email address, and any other Personal Data that you decide to provide us with.
2. For what purposes: To provide you with a free trial period and to send you marketing communications.
3. Legal basis (GDPR only, if applicable): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract, legitimate interest, or consent (for marketing, if required by applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide you with a free trial and/or send you marketing communications.

(iv) When you download our online resources:

1. Personal Data we may collect: Full name, business email address.
2. For what purposes: To provide our Services and to send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (provide your requested materials) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We will not be able to provide you with the requested online resources and/or send you marketing communications.

(v) When you subscribe to our blog, newsletter(s), or distribution list(s):  

1. Personal Data we may collect: Full name, business email address.
2. For what purposes: To subscribe you to our blog or newsletter and send you updates about BlueFlag Security, including marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot provide you with updates or send you marketing communications.

(vi) When you contact us regarding our Services (e.g., via submit a request or similar forms):

1. Personal Data we may Collect: Full name, business email address, job title, work telephone number, as well as any other Personal Data that you decide to provide us with.
2. For what purposes: To process and answer questions and to contact you upon your request, to provide support and to send you marketing communications.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract (i.e., the subscription agreement) and/or legitimate interest (e.g. respond to a query sent by you, marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing.

(vii) When you attend a marketing event or webinar, exchange business cards with us or otherwise provide us with your Personal Data for marketing purposes:

1. Personal Data we may collect: Full name, business email address, job title, business address and phone number, as well as any other Personal Data you decide to provide us with.
2. For what purposes: To establish a business relationship with you, contact you about our Services and send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (in the context of B2B marketing) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot establish a business relationship or send you marketing communications.

(viii) When we use Personal Data of our customers/end-users (e.g., when you create an account, log-in to and use our online products and Services)

1. Personal Data we may collect directly from you or from your employer who provides us with your contact details: Full name, business email address, phone number, company, country, data relating to your use of our Services, BlueFlag Security password (if you have an BlueFlag Security account), job title, role, company, business address, country, payment information (if applicable and only to the extent that includes Personal Data), Personal Data received from third party software applications, products or services you (or your employer) choose to integrate with, or engage via, our Services, as well as any other Personal Data you decide to provide us with (e.g. any feedback you provide). Personal Data we collect automatically when you use our services: When you access or use the Services, we automatically collect information about you, including data relating to you use of our Platform and services (e.g., pages visited, IP address, access times).
2. For what purposes: (i) To allow you to register for and log-in to our Platform, (ii) to provide our Services and perform our agreements with our customers (iii) for monitoring and security purposes, including for user authentication, logging and debugging and to prevent Platform abuse, (iv) to provide support (e.g. ticketing and chat functions), (vi) to maintain and improve our Services, (vii) to communicate with you and allow you to provide feedback on our Services (viii) for billing (if applicable) and account management, (ix)  to send you marketing communications via email; (x) to collect analytics information on use of the Services.
3. Legal basis (GDPR only, if applicable, regarding data processing as Controller):  Performance of a contract to which the customer is party, compliance with legal obligations (e.g. tax laws, bookkeeping laws, etc.), legitimate interest (to provide our Services, send you contract-related communication, marketing or updates about our Services) or consent (for marketing, if required under applicable law). Data processed on the Platform on behalf of customers (such as Platform user data and other data provided on behalf of customers) is processed by BlueFlag Security as a Processor and is governed by a Data Protection Agreement with our customers.
4. Consequences of not providing Personal Data: We cannot provide the Services, grant you access to the Platform, perform our obligations, or communicate with you.

(ix) When we acquire your Personal Data from third-party sources for marketing:

1. Personal Data we may collect: Full name, business email address, job title, business address, business telephone number, country.
2. For what purposes: To establish a first business connection and to send marketing communications.
3. Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest (in the context of B2B marketing), consent (for marketing, if required under applicable law) or pre-contractual discussions.
4. Consequences of not providing the Personal Data: We cannot contact you regarding our Services or establish a business relationship.

(x) When we use Personal Data of our service providers or resellers:  

1. Personal Data we may collect: Full name, business email address, business phone number, job title, business address, country, payment information, and any other Personal Data that you provide us with.
2. For what purposes: (i) to fulfil our agreements with our service providers and resellers and communicate with them, and to comply with our legal obligations and record keeping requirements.
3. Legal basis (GDPR only, if applicable): Performance of a contract to which the service provider or distributor is a party, compliance with a legal obligation (e.g., tax laws, bookkeeping laws, etc.), and/or legitimate interest (e.g., send you contract-related communications. to fulfil our agreement with your employer).
4. Consequences of not providing the Personal Data: We cannot fulfil our agreement with you or communicate with you.  

(xi) When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn):

1. Personal Data we may collect: Full name, business email address, any other Personal Data that you decide to share with us.
2. For what purposes: To respond to your questions or request, establish a business relationship and send you marketing communications.
3. Legal basis (GDPR only, if applicable): Legitimate interest (e.g., responding to your request, marketing, and business development) or consent (for marketing, if required under applicable law).
4. Consequences of not providing the Personal Data: We cannot respond to your requests, establish any business relationship, or send you marketing communications.  

(xii) When we undertake social media marketing, including via use of audiences or list-based advertising.

1. Personal Data we may collect or receive: Full name, business email address, job title, telephone number, IP address, pages clicked, search and browser history, device information and any other

Personal Data you or third parties provide us.

1. For what purposes: We may use your Personal Data to contact you via social media platforms to establish a business relationship with you and contact you about the Services. If you are outside the EU, we may also use your Personal Data to create lists of individuals that we would like our advertising about our Services to target via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to BlueFlag Security when you visit those social media platforms) or we may use your Personal Data to ask social media platforms to compile a list of other individuals who we think will be interested in our products, so that those individuals can be presented with advertising about BlueFlag Security.
2. Legal basis (GDPR only, if applicable): Legitimate interest (marketing, advertising, and business development) or Consent (if required by applicable law)
3. Consequences of not providing Personal Data: We cannot establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social media platforms.

(xiii) When you apply for a job with us:  

1. Personal Data we may collect: Full name, email address, any Personal Data contained in your resume, your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide to provide us with. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
2. For what purposes: To assess you as a candidate, review and examine your job application and communicate with you.
3. Legal basis (GDPR only, if applicable): To take steps at the request of the data subject prior to entering into a contract (employment contract) and legitimate interest (e.g., to assess you as a candidate, recruitment).
4. Consequences of not providing the Personal Data: We cannot process your application or communicate with you.

Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may anonymize or de-identify your Personal Data. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties for our business purposes and further use such anonymized data for internal business purposes, including, without limitation, to improve our Services and for research and development purposes.

3. How we protect your Personal Data

We have implemented appropriate technical, organizational and security measures designed to protect your Personal Data. BlueFlag Security implements, enforces, and maintains security measures, technologies, and policies to prevent unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We also take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary considering the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest. Likewise, we take industry standard steps to ensure our Website and Services are safe and to prevent unauthorized access to our databases. Other security safeguards include, but are not limited to, firewalls, access logs, breach detection systems and physical access controls to buildings, systems, and files.

However, please note that we cannot guarantee that the information will not be compromised because of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to act appropriately to protect this information.

Within BlueFlag Security, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for BlueFlag Security to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing and security of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law .

BlueFlag Security shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by BlueFlag Security is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. BlueFlag Security shall promptly take reasonable remedial measures.

4. How we retain your Personal Data

We may store your Personal Data for as long as such Personal Data is necessary in accordance with the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide services or until we proactively delete it, or you send a valid deletion request.

In certain circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, and to meet any audit, compliance and business best-practices, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. We maintain a data retention policy which we apply to Personal Data in our care. Regarding retention of cookies, you can read more in our cookies policy.  

Data that is no longer retained will be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our Website and Services are not subject to the deletion procedures in this policy and will be retained by BlueFlag Security. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until it is aged out.

5. How we share your Personal Data

Depending on the context described in Section 2 above, we may share your Personal Data with the following categories of third parties:

5.1. Third party service providers. BlueFlag Security has partnered with several selected service providers, whose services and solutions complement, facilitate, and enhance our own (“Third Party Service Providers”). These may include service providers of the following services: hosting / storage, email distribution and monitoring, authentication, support and ticketing, logging and monitoring, CRM, data enrichment, sales and marketing engagement and automation, analytics and business intelligence, in-app notification and feedback, data and cyber security services, billing and payment processing services (only if applicable), fraud detection and prevention services, session recording and remote access services, and our legal and financial advisors, document management, only in case you are applying for a job with us- automation / management of HR and job application, and only in case of jobs in certain jurisdictions, and only with your consent- background checks.

Depending on context, we may share the following categories of Personal Data with such Third-Party Service Providers for business purposes: identifiers, including name, alias, unique personal identifiers, online identifiers, IP addresses, business email address or other similar identifiers, as well as information regarding services purchased, obtained, or considered.

5.2. BlueFlag Security affiliated companies. We may share your Personal Data internally within our affiliated companies, to the extent necessary to fulfill the purposes listed above. Sharing Personal Data between of data subjects from the European Union, the United Kingdom and Switzerland between BlueFlag Security’s subsidiaries located outside these regions will always take place under an approved transfer mechanism, such as the relevant Standard Contractual Clauses (if required).  

5.3. Law enforcement, legal requests, and duties. To the extent necessary and subject to applicable law, BlueFlag Security may disclose or otherwise allow access to any categories of Personal Data described in this Privacy Policy, with or without notice to you, to regulators, courts or competent authorities, pursuant to valid legal requests (such as a subpoenas, legal proceedings, search warrants or court orders), to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order.

5.4. In connection with a change in corporate control. Should BlueFlag Security or any of its affiliates undergo any change of control, including by means of merger, acquisition, or purchase of substantially all its assets, or in the event of bankruptcy or a comparable event, your Personal Data (to the minimum extent required) may be shared with the parties involved in such event.

5.5. Social media platforms. For the purposes mentioned above.

5.6. With your consent or upon your further direction. Our Services enable you, through different techniques, to engage and procure different optional third-party services, products, and tools (for instance, log-in using an account you maintain with a third-party platform). If you choose to use such third-party services, they may have access to and process your Personal Data. In addition, we may share your Personal Data where you have provided your consent to us sharing or transferring your Personal Data, or where you directed us to do so (e.g., where you opt-in to optional additional services or functionalities or applicable third-party services available on our Services). Please note that in such instances BlueFlag Security merely acts as an intermediary in your direction, allowing you to procure such third-party services with which you are interacting directly, at your discretion and risk.

6. Where we store your Personal Data and additional information about transfers of GDPR protected Personal Data

6.1. Generally, and unless you are an end use of a customer with which we have agreed otherwise in a separate customer agreement, your Personal Data is stored in data centers of our cloud hosting third party service providers that are in the United States of America and the European Economic Area (EEA).  

6.2. Personal Data collected in the EU and UK is transferred to and stored and processed at destinations outside the EEA and the UK. This includes transfers to our headquarters, located in the USA, a jurisdiction deemed adequate by the EU Commission and the UK, and transfers to our staff and certain third-party service providers in the USA, not currently deemed adequate. We transfer Personal Data to such locations to:

1. store or backup the information;
2. enable us to provide you with the Services and fulfill our contract with you;
3. fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer.
4. facilitate the operation of our group businesses, where it is in our legitimate interests, and we have concluded these are not overridden by your rights;
5. to serve our customers across multiple jurisdictions; and
6. To operate our affiliates efficiently and optimally.

6.3. Where your Personal Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under the GDPR and other applicable laws, and that it is treated securely and in accordance with this Privacy Policy.  

6.4. Transfers from the EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission. Transfers from the UK to the EEA are made based on UK’s Adequacy Regulations. Transfers from the UK to the USA are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.

7. Your privacy rights; how to delete your data

7.1. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals (some of which only apply to individuals protected by the GDPR or other applicable data protection laws):

• You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge; however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
• You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
• You have the right to request the erasure/deletion of your Personal Data (e.g., from our records).

Please note that there may be circumstances in which we are required to retain your Personal

Data, for example for the establishment, exercise, or defense of legal claims.

• You have the right to object to or to request restriction of the processing.
• You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and that you have the right to transmit that data to another controller;
• You have the right to object to profiling;
• Where you have consented to the processing of your Personal Data, you have the right to withdraw your consent at any time and prevent further processing by contacting us as described in this Privacy Policy. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
• You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. Please try to resolve any issues with us before contacting your local supervisory authority and/or relevant institution.
• If you may have certain additional rights under local privacy laws applicable in your jurisdiction. To the extent such privacy laws apply to you, we will respect your rights and comply with such laws.

7.2. You can exercise your rights by contacting us at privacy@blueflagsecurity.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.  

7.3. Deleting your Platform user account and Personal Data: Please note that if you are a registered user of the Platform (as an employee or agent operating on behalf of a customer of BlueFlag Security), or if we may otherwise process any of your Personal Data on behalf of a customer as part of the provision of the Services through our Platform, please contact our applicable customer with any deletion or other data subject rights requests. You can also contact us by emailing privacy@blueflagsecurity.com, and we, as a Processor of such customer, will do our best to assist, in accordance with our agreement with the customer and per the customer’s instructions.

7.4. Deleting other (non-Platform user) Personal Data: Should you ever wish to delete your Personal Data that BlueFlag Security processes as a Controller (e.g., Personal Data of the representatives of our customers and prospective customers, partners, vendors, website visitors and employment candidates), you may submit your request by emailing privacy@blueflagsecurity.com  

8. Use by children

Our Services and Website are not intended for children under the age of eighteen (18), so we do not knowingly collect Personal Data from, of or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not use our Services or Website and do not provide any Personal Data to us without involvement of a parent or a guardian. If you believe that we have such information, please contact us at privacy@blueflagsecurity.com.

9. Links to and interaction with third party services

Our Services may enable you to interact with, contain links to, or allow integration with your, or your employer’s, third party accounts and other third-party websites, software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third-Party Services. Please be aware that Third Party Services may collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third-Party Service that you choose to use or interact with.

10. Use of cookies, log files, analytical tools, and similar technologies

10.1. Cookies. We and our Third-Party Service Providers use cookies and other similar technologies (“Cookies”) to provide our Services and ensure that they perform properly, to analyze our performance and marketing activities, and to track your use of the Website and personalize your experience. You can learn more about how we use cookies and similar technologies and how you can exercise control over them by reviewing our cookies policy.

Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from browsers; however, most browsers allow you to control Cookies, including whether to accept them and how to remove them. You may set most browsers to notify you if you receive a Cookie, or you may choose to block Cookies with your browser.

Please also note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they manage your Personal Data. Information about how they collect and use Personal Data (and how they use cookies and similar technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.

10.2. Log files. Our Services collects and stores information that your browser automatically transmits to us in "server log files", which may include (but not limited to): IP addresses, browser type and version, operating system used, referring/exit pages URL, clicked pages, date/time stamp of the server request. We use such information to analyze trends, administer our Services and track the use of our website.  

10.3. Analytic tools. We use the analytical tools listed below to improve our Services.

• Google Analytics. The Website uses “Google Analytics” to collect information about the use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit, and what other websites they used prior to visiting our website. We use this Google Analytics information to maintain and improve our Services. we do not combine information we receive through Google Analytics with Personal Data we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.  

11. Specific provisions applicable under California Privacy Law

11.1. Do Not Track Signals. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers to inform websites that they do not want to be tracked. We do not respond to or honor DNT signals.

11.2. California Consumer Privacy Rights (CPRA). BlueFlag Security does not meet the threshold of the California Privacy Rights Act of 2020 (“CPRA”), and therefore its data processing activities as a Business (such as regarding Website visitor data) are not governed by the CPRA. BlueFlag Security acts as a Service Provider (as defined in the CPRA) on behalf of its customers and, where the CPRA is applicable to its customers, BlueFlag Security is committed to processing Personal Information on their behalf in accordance with the CPRA.

12. Contact us

If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at privacy@blueflagsecurity.com.

BlueFlag Security’s data protection officer (DPO) may be contacted at: privacy@blueflagsecurity.com.