Legal
Privacy Policy
Last updated: February 25, 2026
Bluechainlogic ("Company", "we", "us", or "our"), registered in the Netherlands, is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our website, services, and business operations.
This policy is compliant with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG).
1. Data Controller
The data controller for the personal data described in this policy is:
Bluechainlogic
Utrecht, the Netherlands
Email: [email protected]
2. What Data We Collect
We collect and process the following categories of personal data:
2.1 Website Visitors
- Technical data: IP address, browser type, device information, operating system, referring URL.
- Usage data: pages viewed, time on site, click patterns, and scroll behaviour (collected via analytics tools).
- Booking data: name, email address, and any information you provide when scheduling a call through our Calendly integration.
2.2 Clients
- Contact information: name, email address, phone number, company name, job title.
- Business information: ideal customer profile details, CRM credentials (where access is granted), campaign preferences, and feedback.
- Billing information: invoicing details, company registration number, VAT number, and payment records.
2.3 Prospects (Outreach Recipients)
- Professional contact information: name, business email address, job title, company name, and company information sourced from publicly available business directories, company websites, LinkedIn, and licensed third-party data providers.
- Behavioural signals: business activities and publicly available information used to determine outreach timing and relevance (e.g., funding announcements, hiring activity, product launches).
3. How We Use Your Data
| Purpose |
Legal Basis (GDPR) |
| Providing and delivering our services to clients |
Performance of a contract (Art. 6(1)(b)) |
| Conducting prospect research and outreach campaigns on behalf of clients |
Legitimate interest (Art. 6(1)(f)) — direct marketing of relevant B2B services |
| Processing booking requests and discovery calls |
Consent / Pre-contractual measures (Art. 6(1)(a)/(b)) |
| Sending invoices and processing payments |
Performance of a contract (Art. 6(1)(b)) |
| Analysing website usage and improving our services |
Legitimate interest (Art. 6(1)(f)) |
| Complying with legal and regulatory obligations |
Legal obligation (Art. 6(1)(c)) |
| Protecting against fraud, abuse, and security threats |
Legitimate interest (Art. 6(1)(f)) |
Legitimate Interest Assessment: Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override the rights and freedoms of the data subjects. For B2B outreach, we only contact individuals in their professional capacity using publicly available business information, and we provide a clear and easy opt-out mechanism in every communication.
4. Data Sharing
We do not sell personal data. We may share personal data with the following categories of recipients:
- Clients: Qualified lead information (prospect name, company, contact details, and context) is shared with the client on whose behalf the outreach was conducted.
- Service providers: We use trusted third-party tools and services for email delivery, CRM integration, analytics, hosting, and scheduling. These providers process data on our behalf under Data Processing Agreements compliant with GDPR Article 28.
- Legal authorities: Where required by law, regulation, or valid legal process.
We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission).
5. Data Retention
- Client data: Retained for the duration of the engagement and for 5 years thereafter (in accordance with Dutch statutory retention obligations for financial records).
- Prospect data: Retained for up to 12 months from the date of last outreach activity. Data is deleted or anonymized after this period unless the prospect has entered into an active business relationship with our client.
- Website analytics data: Retained for up to 26 months.
- Booking data: Retained for 12 months after the scheduled call, unless a business relationship is established.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access — Request a copy of the personal data we hold about you.
- Right to rectification — Request correction of inaccurate or incomplete data.
- Right to erasure — Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Right to restriction — Request that we limit the processing of your data in certain circumstances.
- Right to data portability — Request your data in a structured, machine-readable format.
- Right to object — Object to the processing of your data based on legitimate interest, including direct marketing. We will cease processing upon receipt of a valid objection unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
7. Opt-Out of Outreach
Every outreach message we send includes a clear and functional opt-out mechanism. If you wish to stop receiving communications from us or from any campaign we operate on behalf of a client, you may:
- Click the unsubscribe link in any email you receive from us.
- Reply to any outreach message requesting removal.
- Email us directly at [email protected].
We process all opt-out requests within 5 business days and maintain a suppression list to prevent future contact.
8. Cookies and Tracking
Our website uses cookies and similar technologies for the following purposes:
- Essential cookies: Required for the website to function properly (e.g., scheduling integration).
- Analytics cookies: Used to understand how visitors interact with our website (e.g., Google Analytics, configured with IP anonymization).
We do not use advertising or retargeting cookies. You can manage your cookie preferences through your browser settings. Blocking essential cookies may affect website functionality.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest.
- Access controls with role-based permissions and two-factor authentication.
- Regular security assessments and monitoring.
- Confidentiality agreements with all employees and contractors.
- Secure cloud infrastructure with providers that maintain SOC 2 or equivalent certification.
10. Data Breach Notification
In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will:
- Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach.
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
- Document the breach, its effects, and the remedial actions taken.
11. Third-Party Links
Our website may contain links to third-party websites or services (e.g., Calendly, LinkedIn). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal data.
12. Children's Data
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. For active clients, we will also notify changes via email.
14. Complaints
If you believe we have not handled your personal data in accordance with this policy or applicable law, you have the right to lodge a complaint with:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00
We encourage you to contact us first at