PRIVACY POLICY
Document information
Data Protection Management System |
|||
Scope |
Data protection |
||
Description |
Privacy policy update (www.bluetab.com) |
||
Classification |
Limited distribution |
Version: |
v.1.0 - 2025 |
Document type |
Automated |
||
Document name |
Privacy policy_Bluetab.com (v.1.0) |
Change control
Version |
Date |
Prepared by |
Change identification |
1.0 |
21/12/2025 |
GA |
Privacy policy update to include the companies in Peru, Mexico and Colombia. |
Bluetab privacy policy
This Privacy Policy is structured into territorial sections in order to provide specific information adapted to the personal data protection regulations applicable in each country in which Bluetab carries out its activity.
For the purposes of this document, personal data means any information relating to an identified or identifiable natural person, and processing means any operation performed on personal data, whether or not by automated means.
Personal data processing policy applicable in Spain – BluetabSolutions, S.L.U.
In accordance with the principles of lawfulness, fairness and transparency, BluetabSolutions, S.L.U. makes this Privacy Policy available to users of its website and to any data subjects whose personal data may be processed by Bluetab Spain.
1. Data Controller
The data controller is BluetabSolutions, S.L.U., with registered office in Spain. Bluetab Spain determines the purposes and means of the processing of personal data carried out in connection with its business activity, website, contact channels, contractual relationships, recruitment processes and corporate communications.
Data subjects may contact Bluetab Spain regarding data protection matters through the contact channels published on the website or through any specific channel made available for the exercise of data protection rights.
2. Personal Data Processing
Bluetab Spain may process identification data, contact data, professional data, information provided through forms, communications sent by users, data generated through commercial or contractual relationships, recruitment information and technical data associated with website use.
The purposes of processing include responding to requests for information, managing commercial and contractual relationships, providing services, managing suppliers, handling recruitment processes, sending corporate communications when legally permitted, complying with legal obligations, maintaining website security and managing cookies in accordance with the Cookies Policy.
Bluetab Spain processes only the data that are adequate, relevant and limited to what is necessary for each stated purpose.
3. Legal Basis for Processing
The legal bases for processing personal data may include the performance of a contract or pre-contractual measures, compliance with legal obligations, the legitimate interests of Bluetab Spain or third parties, and the consent of the data subject where required.
Where processing is based on consent, the data subject may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
4. Data Retention Period
Personal data will be retained for as long as necessary to fulfil the purposes for which they were collected and, where applicable, during the limitation periods required to address legal, contractual, accounting or administrative liabilities.
Data processed through cookies will be retained for the periods indicated for each cookie or cookie category in the Cookies Policy.
5. Disclosure of Data to Third Parties
Personal data may be disclosed to public authorities, courts, regulators or other third parties where legally required. Bluetab Spain may also grant access to data processors that provide services such as hosting, technology support, communication tools, professional services, recruitment platforms or other operational services necessary for the activity of the company.
Data processors will process personal data under the instructions of Bluetab Spain and subject to appropriate contractual safeguards.
6. International Data Transfers
Where international transfers of personal data take place, Bluetab Spain will ensure that they are carried out in accordance with the GDPR. Transfers may be based on an adequacy decision, standard contractual clauses approved by the European Commission or any other safeguard permitted under Articles 45, 46 or 49 of the GDPR.
Transfers to entities located in the United States may rely on the EU-US Data Privacy Framework where the recipient is duly certified, or on appropriate safeguards such as standard contractual clauses and supplementary measures where necessary.
7. Data Protection Rights
Data subjects may exercise their rights of access, rectification, erasure, objection, restriction of processing and data portability, as well as any other rights recognized under applicable data protection law.
Requests must identify the data subject and the right being exercised. Bluetab Spain may request additional information where necessary to verify identity or process the request correctly.
8. Withdrawal of Consent
Where processing is based on consent, data subjects may withdraw consent at any time through the channels made available by Bluetab Spain. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
9. Complaints to the Supervisory Authority
If a data subject considers that Bluetab Spain has not processed personal data in accordance with applicable law, or that a request to exercise rights has not been handled satisfactorily, the data subject may lodge a complaint with the competent data protection supervisory authority. In Spain, the authority is the Spanish Data Protection Agency (AEPD), available at www.aepd.es.
10. Security and Updating of Personal Data
Bluetab Spain applies technical and organizational security measures designed to protect personal data against unauthorized access, alteration, loss, disclosure or destruction, taking into account the state of the art, the nature of the data and the risks associated with processing.
Data subjects are responsible for ensuring that the personal data they provide are accurate and up to date, and for informing Bluetab Spain of any changes.
10.1. Information Security Policy
Bluetab Spain has developed an information privacy and security policy that reflects management commitment and establishes high-level objectives relating to confidentiality, integrity, availability, compliance and continuous improvement.
11. Confidentiality
Bluetab Spain will treat personal data confidentially and will ensure that any personnel or service providers with access to personal data are subject to appropriate confidentiality duties.
Personal data processing policy applicable in Colombia – BluetabSolutions Colombia, S.A.S.
This section applies to the processing of personal data carried out by BluetabSolutions Colombia, S.A.S. in accordance with the Colombian personal data protection regime, including Law 1581 of 2012, Decree 1377 of 2013 and other applicable regulations.
12. Data Controller Information
BluetabSolutions Colombia, S.A.S. acts as data controller for the databases and processing activities carried out in Colombia. Contact details and channels for data protection requests are made available through corporate channels and this Policy.
13. Purpose
The purpose of this Policy is to establish the guidelines for the processing of personal data by Bluetab Colombia, to inform data subjects clearly and sufficiently, and to guarantee the exercise of their rights under Colombian data protection law.
14. Scope
This Policy applies to all personal data processing carried out by Bluetab Colombia, directly or through data processors, in physical, digital or mixed media, regarding data subjects whose data are collected or managed by the company.
15. Definitions
The terms used in this section shall be interpreted in accordance with the Colombian personal data protection regime. Data controller means the person or entity that decides on the database or on the purposes and means of processing. Data processor means the person or entity that processes data on behalf of the controller. Data subject means the natural person whose personal data are processed.
16. Applicable Principles
Bluetab Colombia processes personal data in accordance with the principles of legality, purpose limitation, freedom, truthfulness or quality, transparency, restricted access and circulation, security and confidentiality.
17. Processing Activities and Purposes
Bluetab Colombia processes personal data for specific, explicit and legitimate purposes associated with prospective clients, clients, prospective suppliers, suppliers, human resources, video surveillance, candidates and corporate channels.
17.1. Prospective Clients
Data may be processed to manage commercial contacts, proposals, communications and business development activities.
17.2. Clients
Data may be processed to manage contractual relationships, service delivery, billing, support, communications and legal or administrative obligations.
17.3. Prospective Suppliers
Data may be processed to assess potential suppliers, request information, evaluate proposals and carry out pre-contractual checks.
17.4. Suppliers
Data may be processed to manage procurement, contracts, payments, communications, compliance controls and supplier administration.
17.5. Human Resources
Data may be processed to manage employment relationships, payroll, benefits, training, internal communications, security and compliance with labor obligations.
17.6. Video Surveillance
Images may be processed for security, access control and protection of people, assets and facilities.
17.7. Candidates
Data may be processed to manage recruitment, selection, interviews, evaluations, communications and hiring processes.
18. Authorization of the Data Subject and Processing Rules
Where required by law, Bluetab Colombia will obtain prior, express and informed authorization from the data subject. Authorization will not be required in the cases expressly permitted by applicable law. Sensitive data and data of children or adolescents will be processed only under the conditions permitted by law and with enhanced safeguards.
19. Rights of Data Subjects
Data subjects may know, update, rectify, request deletion of their data, revoke authorization, request proof of authorization, be informed about the use of their data, file complaints before the competent authority and exercise any other rights recognized by Colombian law.
20. Consultation and Complaint Procedure
Bluetab Colombia will handle consultations and complaints through the contact channels indicated in this Policy. Consultations will be answered within the legal terms. Complaints must include identification of the data subject, a description of the facts, contact details and supporting documents where applicable.
20.1. Consultations
Consultations relating to personal data will be resolved within the time limits established by Colombian law.
20.2. Complaints
Complaints regarding correction, updating, deletion or alleged non-compliance will be processed under the statutory procedure.
20.3. Prior Requirement Before the SIC
Before filing a complaint with the Superintendence of Industry and Commerce, the data subject must first submit the relevant consultation or complaint to Bluetab Colombia where required by law.
21. Data Processors
Bluetab Colombia may engage service providers acting as data processors. Such providers will process personal data under instructions and subject to confidentiality, security and data protection obligations.
22. International Transfers and Transmissions
International transfers or transmissions of personal data will be carried out in compliance with Colombian law, using appropriate contractual, legal and security safeguards where required.
23. Information Security and Confidentiality
Bluetab Colombia adopts technical, human and administrative measures to protect personal data and requires confidentiality from personnel and third parties with access to such data.
24. Retention and Deletion
Personal data will be retained for the time necessary to fulfil the stated purposes and to comply with legal, contractual, accounting or defense obligations. When the purpose has been fulfilled and no legal basis remains, data will be deleted or anonymized where appropriate.
25. Privacy Notice
Where it is not possible to make this Policy available at the time of collection, Bluetab Colombia will provide a privacy notice identifying the controller, the purposes of processing, the rights of data subjects and the means to access this Policy.
26. Changes to the Policy
Bluetab Colombia may modify this Policy when necessary. Substantial changes will be communicated to data subjects by appropriate means before implementation where required.
27. Term
This Policy is effective from the date indicated in the document and will remain in force while Bluetab Colombia processes personal data in the course of its activities.
Personal data processing policy applicable in Peru – Bluetab Solutions Perú, S.A.C.
This section applies to personal data processing carried out by Bluetab Solutions Perú, S.A.C. in accordance with Peruvian personal data protection law.
1. Data Controller Information
Bluetab Peru acts as data controller for the personal data it processes in the context of its commercial, contractual, employment, supplier, recruitment and website activities.
2. Applicable Legal Framework
Processing is carried out in accordance with the Peruvian Personal Data Protection Law, its regulations and any other applicable rules issued by the competent authority.
3. Personal Data Processing
Bluetab Peru collects only the personal data necessary for determined, explicit and lawful purposes linked to its business relationships, contracts, employment management, security and corporate communications.
3.1. Information We Collect
The information collected may include identification data, contact data, professional data, contractual data, recruitment data, supplier information, communications and technical information generated through digital channels.
3.2. Purposes of Processing
Purposes may include responding to requests, managing clients and suppliers, executing contracts, complying with legal obligations, managing recruitment, protecting facilities and systems and maintaining corporate communications.
3.3. Data Retention
Personal data will be retained for the time necessary to fulfil the purposes for which they were collected and for the periods required by applicable law.
4. Disclosure and Transfers of Data
Data may be disclosed to authorities, service providers and third parties where necessary for the stated purposes or where required by law. International transfers will be carried out with appropriate safeguards.
5. Security Measures
Bluetab Peru applies reasonable technical, organizational and legal measures to preserve the confidentiality, integrity and availability of personal data.
6. Rights of Data Subjects
Data subjects may exercise the rights of access, rectification, cancellation and objection, and any other rights recognized by Peruvian law, through the channels made available by Bluetab Peru.
7. Policy Changes
Bluetab Peru may update this Privacy Policy to reflect legal, operational or jurisprudential changes. Updates will be published in a timely manner.
Personal data processing policy applicable in Mexico – BluetabSolutions México S.A. de C.V.
This section applies to personal data processing carried out by BluetabSolutions México S.A. de C.V. in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties and related regulations.
8. Data Controller Information
Bluetab Mexico acts as data controller for the personal data it processes in Mexico. Data subjects may contact Bluetab Mexico through the channels made available for privacy matters and rights requests.
9. Personal Data Collected and Purposes of Processing
Bluetab Mexico may process identification, contact, professional, employment, financial, contractual, supplier, candidate, image, security and communication data for legitimate and informed purposes.
9.1. Website Visitors and Persons Contacting Bluetab
Data may be processed to answer requests, manage forms, respond to emails and maintain website security.
9.2. Clients
Data may be processed to manage commercial and contractual relationships, service delivery, billing, support and legal obligations.
9.3. Suppliers and Prospective Suppliers
Data may be processed to evaluate, contract, manage and pay suppliers and to comply with administrative and legal obligations.
9.4. Customer Service, Complaints and Suggestions
Data may be processed to receive, document and respond to service requests, complaints, suggestions or claims.
9.5. Image Rights Management
Images may be processed where authorized or legally permitted for corporate, communication, security or evidentiary purposes.
9.6. Information Security and Corporate Systems
Data may be processed to protect systems, manage access, monitor security, prevent incidents and comply with internal policies.
9.7. Candidates, Applicants and Employees
Data may be processed to manage recruitment, employment relationships, payroll, benefits, training, compliance and internal administration.
9.8. Legal Compliance, Audits, Legal Defense, Compliance and Accounting
Data may be processed to comply with legal obligations, audits, accounting requirements, corporate controls and defense of rights.
10. Options to Limit Use or Disclosure of Data
Data subjects may request limitations on the use or disclosure of their personal data through the channels indicated by Bluetab Mexico, subject to applicable legal exceptions.
11. Personal Data Transfers
Personal data may be transferred where permitted by law, required for the relationship with the data subject, necessary for service provision or authorized by the data subject where required.
11.1. Data Processors and Service Providers
Service providers may access personal data to provide services on behalf of Bluetab Mexico and under appropriate confidentiality and security obligations.
11.2. Transfers to Third Parties
Transfers to third parties may occur where necessary, legally required or otherwise permitted under applicable law.
11.3. Transfers Requiring Consent and Objection Mechanism
Where a transfer requires consent, Bluetab Mexico will request it and provide the means for the data subject to object where applicable.
12. ARCO Rights and Withdrawal of Consent
Data subjects may exercise their rights of access, rectification, cancellation and objection, and may withdraw consent where processing is based on consent.
12.1. What Are ARCO Rights?
ARCO rights allow data subjects to access their data, request correction, request cancellation and object to processing.
12.2. Withdrawal of Consent
Consent may be withdrawn at any time, without affecting processing carried out before withdrawal.
12.3. How to Submit an ARCO or Withdrawal Request
Requests must include identification of the data subject, contact details, a clear description of the right exercised and any supporting documentation required by law.
12.4. Response Times
Bluetab Mexico will respond within the periods established by applicable law.
12.5. Delivery Method and Costs
Information will be delivered through legally permitted means. Any costs will be handled in accordance with applicable law.
12.6. Grounds for Refusal
Requests may be denied, totally or partially, where a legal ground for refusal applies.
12.7. Disagreement and Authority Procedure
If the data subject is not satisfied with the response, the data subject may use the procedure before the competent authority in accordance with applicable law.
13. Retention of Information
Personal data will be retained for the time necessary to fulfil the purposes described in this Policy and to comply with legal, contractual, accounting or defense obligations.
14. Security Measures
Bluetab Mexico implements administrative, technical and physical security measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing.
15. Use of Cookies, Web Beacons or Similar Technologies
Bluetab Mexico may use cookies, web beacons or similar technologies through the website. Users may consult the Cookies Policy for further information about categories, purposes, retention periods and configuration options.
16. Changes to the Privacy Notice
Bluetab Mexico may modify this Privacy Policy or privacy notice to reflect legal, operational or business changes. Updates will be published through the website or other appropriate means.
17. Competent Authority and Complaint Mechanism
If a data subject considers that the right to personal data protection has been infringed, or does not receive a satisfactory response, the data subject may use the rights protection procedure before the competent federal data protection authority in Mexico.