Blue X GDPR

Our Commitment

Blue X is committed to providing high-quality services and development solutions in strict compliance with international and regional laws, policies, and standards, among which the GDPR is a key framework. Blue X is dedicated to ensuring the protection of all personal data in our possession and to safeguarding such data comprehensively. We recognize our responsibility to continually update and expand our program to meet the requirements of the GDPR.

Blue X is committed to protecting the personal data under our control and to maintaining a system that fulfills the obligations stipulated by the new regulation. Our approach is summarized as follows:

How We Prepared for the GDPR

Blue X has established a consistent level of data protection and security throughout the organization, including but not limited to:

Policies and Procedures: We have revised our data protection policies and procedures to meet the requirements and standards of the GDPR and other relevant data protection laws. These primarily cover the following:

Data Protection: Our primary policies and procedural documents on data protection have been revised to meet GDPR standards and requirements. Accountability and governance measures have been put in place to ensure we understand, communicate, and demonstrate our obligations and responsibilities, with specific attention to individual privacy and rights.

Data Retention and Erasure: We have updated our retention policies and schedules to ensure compliance with the principles of "data minimization" and "storage limitation," and to ensure that the storage, archiving, and destruction of personal data fulfill our obligations. We have established procedures to meet the new "right to erasure" obligations.

Data Breaches: Our procedures ensure that safeguards are in place to promptly identify, assess, investigate, and report any personal data breach. These procedures have been explained to our staff.

International Data Transfers and Third-Party Disclosures: Where Blue X stores or transfers personal data, we have robust procedures to ensure the integrity of the data. Our procedures include continuous reviews of countries deemed to have adequate protection, as well as binding rules or standard contractual clauses adopted in those countries.

Privacy Notices/Policies: We have revised our privacy policies in accordance with the GDPR to ensure that all individuals whose personal data we process are informed about why we need the data, how we use it, what their rights are, to whom the data is disclosed, and what safeguards are in place to protect their data.

Obtaining Consent: We have implemented mechanisms for obtaining consent to process personal data, ensuring that individuals are fully informed about what data is being provided, why it is needed, and how it will be used, along with clear and affirmative options to provide consent.

Direct Marketing: We have revised our direct marketing language and processes to include clear opt-in mechanisms, clear notices and methods for opting out, and an unsubscribe feature in all subsequent marketing communications.

Data Protection Impact Assessments (DPIAs): Where we process personal data considered to be high risk, we have implemented strict procedures to conduct impact assessments in compliance with Article 35 of the GDPR. We have adopted documentation procedures for each assessment, enabling us to rate the risks of processing activities and implement mitigating measures to reduce risks to data subjects.

Data Processing Agreements: Where we engage any third party to process personal data on our behalf, we use compliant data processing agreements and due diligence procedures to ensure they understand and meet both their and our GDPR obligations.

Data Subject Rights

We provide easily accessible data through our website and email channels, enabling individuals to exercise their right to access any personal data that Blue X processes about them and to request the following information:

The personal data we hold about them

The purposes of processing

The categories of personal data involved

The recipients or categories of recipients to whom the personal data has been or will be disclosed

The intended retention period for their personal data and the storage location

The source of the personal data, if not collected directly from them

The right to request rectification or completion of incomplete or inaccurate personal data, and the procedures for doing so

The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection law, as well as to object to any of our direct marketing activities

The right to lodge a complaint or seek judicial remedy, including contact details for doing so

Data Security and Technical & Organizational Measures

Blue X takes the privacy and security of individuals and their personal data very seriously and implements all reasonable measures to protect and secure the personal data we process. We have established robust data security policies and procedures to safeguard personal data from unauthorized access, alteration, disclosure, or destruction.

Contractual Commitments

Blue X is working with our partners and clients to review and update our contractual commitments where necessary to directly address GDPR requirements. We have also reviewed existing contracts to ensure that our product and service teams comply with GDPR, and we will continue to conduct due diligence when onboarding new vendors.

GDPR Roles and Employees

Blue X has appointed a dedicated Data Privacy Team responsible for developing and implementing our roadmap to GDPR compliance. This team is tasked with promoting GDPR awareness across the organization, assessing our level of compliance, identifying any gaps, and implementing new policies, procedures, and measures.

Blue X recognizes that continued employee awareness and understanding are essential for sustained GDPR compliance and engages employees actively in our readiness program.

If you have any questions regarding our GDPR compliance policy, please contact our responsible officer at dongguang.jiang@bluefocus.com