BlueForge
Get in touch Start a project
Services Custom Software Web Applications Mobile Apps SaaS Products Enterprise Systems IT Support Cloud & DevOps Cybersecurity Company Why us Pricing Contact
Start a project
HomePrivacy Policy
Legal

Privacy Policy

How we collect, use and protect your personal data — and the rights you have under UK data protection law.

Last updated: 17 June 2026

Introduction

This Privacy Policy explains how BlueForge IT Ltd ("BlueForge IT", "we", "us" or "our") collects, uses, stores and protects your personal data when you contact us, work with us, or browse our website at blueforge-it.com.

BlueForge IT Ltd is a company registered in England & Wales under company number 17102546, with its registered office at 128 City Road, London, EC1V 2NX. For the purposes of UK data protection law — primarily the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 — we are the data controller responsible for your personal data.

This policy applies to personal data we handle in the course of running our business: enquiries we receive, services we provide, contracts we manage, and visits to our website. Please read it carefully. If you do not agree with any part of it, please do not use our website or send us personal data.

Information we collect

We only collect personal data that we genuinely need. Depending on how you interact with us, this may include:

  • Contact details you give us — your name, email address, telephone number, company name and job title, typically when you email or call us about a project or enquiry.
  • Project information you share — details about your business, requirements, technical environment, documents, or any other information you choose to send us so we can understand and scope your needs.
  • Correspondence — the content of emails, call notes and other communications between us.
  • Technical data collected automatically — when you visit our website, our hosting provider and any analytics we enable may record information such as your IP address, browser type and version, device type, the pages you view, and the date and time of your visit.

We do not operate a contact form on this website. We therefore only receive the personal data you actively choose to send us by email or telephone, together with basic technical and analytics data gathered automatically when our analytics are enabled. We do not knowingly collect special category data (such as health, ethnicity or religious beliefs) and we ask that you do not send it to us unless it is strictly necessary and agreed in advance.

How we use your information

We use your personal data for the following purposes:

  • To respond to your enquiries, questions and requests;
  • To prepare and provide quotes, proposals and statements of work;
  • To deliver, manage and support the services you engage us for;
  • To enter into and perform contracts with you, including invoicing and payment;
  • To operate, maintain, secure and improve our website and services;
  • To send you service-related communications relevant to a project or contract; and
  • To comply with our legal, accounting and regulatory obligations.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not sell your data to anyone.

Under UK GDPR we must have a lawful basis for processing your personal data. Depending on the situation, we rely on one or more of the following:

  • Consent — where you have given clear, specific consent, for example to certain optional cookies or to receive a particular communication. You can withdraw consent at any time.
  • Contract — where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you (for example, delivering agreed services and handling invoicing).
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as responding to enquiries, keeping records, securing our systems, and improving our website, provided those interests are not overridden by your rights and freedoms.
  • Legal obligation — where we must process data to comply with the law, for example retaining accounting records or responding to lawful requests from authorities.

If you would like more detail about the legal basis we rely on for a specific activity, please contact us using the details below.

Cookies

Our website uses only minimal cookies and similar technologies. Strictly necessary cookies help the site function and remember basic preferences, and we may use limited analytics cookies — only where enabled and, where required, with your consent — to understand how the site is used.

Please note that some third-party embeds, such as Google Maps, may set their own cookies when loaded. For full details of the cookies we use, their purpose and how to control them, please see our Cookies Policy. You can also manage or disable cookies through your browser settings, although doing so may affect how parts of the site work.

Sharing your information

We do not sell, rent or trade your personal data. We may share it only in the following limited circumstances:

  • Trusted service providers (processors) — we use carefully selected suppliers to run our business, such as website hosting, email, file storage and analytics providers. These providers process data on our behalf, under written contracts that require them to keep it secure and use it only for the purposes we specify.
  • Professional advisers — such as accountants or legal advisers, where reasonably necessary.
  • Legal and regulatory requirements — where we are required to disclose information to comply with the law, a court order, or a lawful request from a public authority, or to protect our rights, property or safety.
  • Business transfers — if our business is reorganised, merged or transferred, your data may be shared with the relevant party, subject to appropriate protections.

Data retention

We keep personal data only for as long as is necessary for the purposes set out in this policy, or for as long as the law requires.

  • Enquiry and correspondence data is kept while we are in contact and for a reasonable period afterwards in case you get back in touch.
  • Client and contract records, including invoices and accounting information, are retained for the periods required by UK tax and company law (typically at least six years).
  • Website technical and analytics data is retained for a limited period and then deleted or anonymised.

When personal data is no longer needed, we securely delete or anonymise it.

Your rights

Under UK GDPR you have a number of rights over your personal data. Subject to certain conditions, these include the right to:

  • Access — request a copy of the personal data we hold about you;
  • Rectification — ask us to correct inaccurate or incomplete data;
  • Erasure — ask us to delete your data ("the right to be forgotten") in certain circumstances;
  • Restriction — ask us to limit how we use your data;
  • Objection — object to processing based on our legitimate interests;
  • Portability — ask to receive certain data in a structured, commonly used, machine-readable format; and
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please email us at Office@blueforge-it.com. We will respond within one month, as required by law. There is normally no charge, and we may need to verify your identity before acting on your request.

International transfers

We aim to keep personal data within the UK or the European Economic Area wherever possible. Some of our service providers may process data outside the UK. Where that happens, we take steps to ensure your data receives an appropriate level of protection — for example by relying on UK adequacy regulations or by putting in place approved safeguards such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

Security

We take the protection of your personal data seriously and apply reasonable technical and organisational measures to guard against unauthorised access, loss, misuse or alteration. These include access controls, encrypted connections, reputable hosting and email providers, and limiting access to data on a need-to-know basis.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you have concerns about the security of any information you share with us, please contact us before sending it.

Children's privacy

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will revise the "Last updated" date shown at the top of this page. We encourage you to review this policy periodically. Where changes are significant, we will take reasonable steps to bring them to your attention.

Contact & complaints

If you have any questions about this Privacy Policy, or you wish to exercise your rights, please contact us:

We hope to resolve any concern you raise directly. However, you also have the right to lodge a complaint with the UK's supervisory authority for data protection, the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling their helpline. We would, however, appreciate the chance to address your concerns before you approach the ICO.

Questions about your data?

We're happy to help

If anything in this policy is unclear, or you'd like to exercise your rights, get in touch — we reply within 24 hours.

Contact us Office@blueforge-it.com