PRIVACY POLICY

 

Last Updated: 

Blueeprint (“we,” or “us”) operates the website https://www.blueeprint.com (“Website”). This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data in compliance with the Saudi Arabia Personal Data Protection Law (PDPL) and other relevant regulations. By accessing or using the Website, you signify that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please discontinue use of our Website immediately.

 

1. Key Definitions

• Personal Data: Any information that, directly or indirectly, identifies an individual. This includes data such as name, address, identification number, email address, or phone number.
• Processing: Any operation performed on Personal Data, such as collection, recording, organization, storage, adaptation, modification, retrieval, consultation, use, disclosure, or destruction.
• Controller: Blueeprint is considered the Data Controller under PDPL, responsible for determining the purposes and means of processing Personal Data.
• Data Subject: The individual to whom the Personal Data relates (you, the user/client).

2. Principles of Data Processing

Under the PDPL, we adhere to the following principles:

1. Lawfulness, Fairness, and Transparency: We collect and process Personal Data only for lawful purposes and inform you about the nature and extent of data processing.
2. Purpose Limitation: We collect Personal Data for specific, explicit, and legitimate purposes relevant to the services we provide.
3. Data Minimization: We collect only the Personal Data that is necessary for fulfilling those purposes.
4. Accuracy: We strive to keep Personal Data accurate and up to date.
5. Storage Limitation: We retain Personal Data only for as long as is necessary to fulfill the purposes stated or as required by Saudi law.
6. Security and Confidentiality: We implement technical and organizational measures to protect Personal Data from unauthorized access, use, or disclosure.
7. Accountability: We maintain documentation and adhere to internal policies to ensure compliance with the PDPL.

3. Personal Data We Collect

3.1 Information You Provide to Us

• Contact Details: Such as your name, email address, phone number, and mailing address when you register, subscribe to our newsletter, or communicate with us.
• Payment Information: Credit or debit card details or bank account information for billing purposes (processed via secure third-party payment gateways).

3.2 Information We Collect Automatically

• Log Files: IP address, browser type, device information, operating system, and referring URLs.
• Cookies & Similar Technologies: We use cookies to enhance user experience, store user preferences, and gather analytic data. You may disable cookies via your browser settings, but this may affect certain functionality of the Website.

3.3 Sensitive Personal Data

• We generally do not collect sensitive data (e.g., health or biometric data) unless absolutely necessary and with your explicit consent or as required by law.

4. Legal Basis for Processing

1. Consent: Where required by PDPL, we rely on your informed and explicit consent to process your Personal Data (e.g., marketing communications).
2. Contractual Necessity: Where processing is necessary to perform our agreement with you (e.g., providing design services).
3. Legal Obligation: Where processing is necessary to comply with our legal or regulatory obligations under Saudi law.
4. Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., improving Website functionality), and where such interests do not override your fundamental rights and freedoms.

5. How We Use Your Personal Data

1. Service Provision: To provide and maintain our services; process transactions; fulfill contractual obligations.
2. Client Support: To respond to your inquiries, resolve technical issues, or address service-related questions.
3. Marketing: To send promotional materials or newsletters about our offerings, only where we have obtained your consent if required.
4. Analytics: To conduct research and analyze usage trends to improve our Website and services.
5. Compliance and Enforcement: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms & Conditions.

6. Data Sharing and Disclosure

We may share Personal Data under the following circumstances, in compliance with the PDPL:

1. Service Providers: With third-party vendors or partners (e.g., hosting platforms, payment processors) under strict data protection agreements ensuring adequate protection.
2. Business Transfers: In connection with a merger, acquisition, or other corporate transaction, provided the receiving entity agrees to observe this Privacy Policy or similar standards.
3. Legal Requirements: If required by law or legal process, or if necessary to protect our rights, property, or safety.
4. With Your Consent: We will seek your explicit consent before sharing data with third parties for any non-essential purpose.

7. Cross-Border Data Transfers

Under the PDPL, cross-border transfers of Personal Data are restricted unless certain conditions are met, such as:

1. Adequate Protection: The receiving country has laws or regulations providing a similar level of data protection.
2. SDAIA Approval or Exemptions: The Saudi Data & AI Authority (SDAIA) or other relevant authorities grant permission or an exemption.
3. Your Consent: In some cases, we may transfer data internationally with your explicit consent, after informing you about the potential risks.

We will take all necessary precautions to ensure your Personal Data is given adequate protection in accordance with the PDPL when transferred outside Saudi Arabia.

8. Your Rights Under the PDPL

As a Data Subject in Saudi Arabia, you have the following rights regarding your Personal Data:

1. Right to Be Informed: You have the right to clear and transparent information about how your data is processed.
2. Right to Access: You can request a copy of your Personal Data and information on how it is processed.
3. Right to Rectification: You can request that we correct any inaccurate or incomplete Personal Data.
4. Right to Erasure (“Right to be Forgotten”): You can request that we delete your Personal Data under certain conditions, such as when the data is no longer necessary or when you withdraw consent.
5. Right to Restrict Processing: You can request limitations on how we process your Personal Data under specific circumstances.
6. Right to Object: You can object to certain processing activities, particularly those based on our legitimate interests.
7. Right to Data Portability: Where technically feasible, and if required by law, you may receive your Personal Data in a structured, commonly used machine-readable format.

To exercise your rights, please contact hello@blueeprint.com. We may need to verify your identity before processing your request.

9. Data Retention and Security

1. Retention Period: We retain Personal Data only as long as is necessary for the purposes stated above, or as required by Saudi law.
2. Security Measures: We implement administrative, technical, and physical safeguards to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures are designed to comply with PDPL’s security requirements.

10. Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect Personal Data from minors without verifiable parental or guardian consent, as required by PDPL and other applicable laws. If you become aware that a minor under 18 has provided us with Personal Data without proper consent, please contact us at hello@blueeprint.com.

11. Third-Party Websites and Services

Our Website may contain links to third-party sites or use third-party services or plugins (e.g., payment gateways, analytics). This Privacy Policy does not apply to those external platforms, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party service you use.

12. Compliance and Complaints

Blueeprint strives to comply with the PDPL. If you believe that your rights under the PDPL have been violated, you have the right to file a complaint directly with us at hello@blueeprint.com. We will investigate and attempt to resolve any issues promptly. You also have the right to file a complaint with the relevant authority (Saudi Data & AI Authority – SDAIA) if you are not satisfied with our response.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make material changes, we will post a notice on our Website or contact you directly. Your continued use of the Website following the posting of changes constitutes acceptance of these changes.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or wish to exercise any of your rights under PDPL, please contact us at:

• Email: hello@blueeprint.com
• Website: https://www.blueeprint.com