1. Information We Collect

We collect various types of information to provide and improve our services to you. The categories of information we collect include:

1.1 Personal Information You Provide

When you interact with our website, contact us, or use our services, you may voluntarily provide us with certain personal information, including:

Contact Information: Name, email address, phone number, company name, job title.
Account Credentials: Username and password when you create an account to access our services.
Billing Information: Payment card details, billing address, and transaction history (processed securely through third-party payment processors).
Communication Data: Any information you provide when you contact us via forms, email, or phone, including support inquiries and feedback.
Project Information: Details about your business, marketing campaigns, and objectives that you share with us for the purpose of delivering our AI consulting services.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical data about your device and usage patterns:

Log Data: IP address, browser type, operating system, referring URLs, pages visited, time and date of access, and other diagnostic data.
Device Information: Device type, unique device identifiers, and mobile network information.
Usage Data: Clickstream data, navigation paths, time spent on pages, interaction with content, and conversion events.
Location Data: Approximate geographic location derived from your IP address.

1.3 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze website traffic, and personalize content. For detailed information about our use of cookies, please refer to our Cookie Policy.

1.4 Information from Third Parties

We may receive information about you from third-party sources, such as:

Analytics Providers: Google Analytics and similar services that provide insights into user behavior.
Marketing Partners: When you engage with our content on partner platforms.
Public Sources: Information available publicly that helps us understand your business context.

2. How We Use Your Information

We process your personal information for the following purposes, relying on appropriate legal bases under applicable data protection laws (including GDPR and CCPA):

2.1 To Provide and Maintain Our Services

Deliver AI-powered email marketing, business intelligence, and AI search optimization services as requested.
Manage user accounts, authenticate users, and provide customer support.
Process transactions and send related administrative information.

2.2 To Improve and Optimize Our Services

Analyze usage patterns to enhance website functionality, user experience, and service delivery.
Train and improve our AI models and algorithms (using aggregated and anonymized data whenever possible).
Conduct research and analytics to identify trends and develop new features.

2.3 To Communicate with You

Send you updates, newsletters, marketing communications, and promotional offers (where you have opted in).
Respond to your inquiries, feedback, and support requests.
Notify you about changes to our services, terms, or policies.

2.4 For Legal Compliance and Security

Comply with applicable laws, regulations, legal processes, and government requests.
Detect, prevent, and address fraud, security issues, or technical problems.
Protect our rights, privacy, safety, or property, and that of our users and the public.

2.5 For Marketing and Advertising

Deliver personalized advertisements and content based on your interests and interactions with our services.
Measure the effectiveness of our marketing campaigns.

3. Legal Basis for Processing (GDPR Compliance)

For individuals in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., to provide consulting services).
Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
Legal Obligation: Processing is necessary to comply with a legal obligation (e.g., tax records).
Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving services, security, fraud prevention), provided your fundamental rights do not override those interests.

If you are located in the EEA, you have the right to withdraw consent at any time where we rely on consent to process your personal data.

4. Sharing and Disclosure of Information

We do not sell, rent, or trade your personal information. We may share your data in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, such as:

Hosting and cloud infrastructure (e.g., AWS, Google Cloud).
Payment processing (e.g., Stripe, PayPal).
Email delivery and marketing platforms (e.g., Mailchimp, SendGrid).
Analytics and performance monitoring (e.g., Google Analytics, Hotjar).
Customer relationship management (CRM).

These service providers are contractually obligated to protect your information and use it only for the services they perform for us.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Data transmitted between your browser and our servers is protected using SSL/TLS encryption (HTTPS).
Access Controls: Strict access controls to personal data, with access granted only on a need-to-know basis.
Regular Security Assessments: Periodic security audits, vulnerability scanning, and penetration testing.
Data Minimization: We only collect data that is necessary for the purposes described.
Employee Training: Regular training on data protection and security best practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period depends on factors such as:

The duration of our ongoing relationship with you (e.g., active account).
Legal retention periods required by applicable laws (e.g., tax and commercial records).
Whether there is a legal obligation to which we are subject.
Whether retention is advisable in light of our legal position (e.g., in relation to applicable statutes of limitations, litigation, or regulatory investigations).

After the retention period, we will securely delete or anonymize your personal information. Anonymized data may be retained for analytical and research purposes indefinitely.

7. Your Rights and Choices

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal information:

7.1 Rights for EEA, UK, and Swiss Residents (GDPR)

Right to Access: Request a copy of the personal information we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete information.
Right to Erasure (Right to be Forgotten): Request deletion of your personal information under certain conditions.
Right to Restrict Processing: Request that we limit processing of your data.
Right to Data Portability: Request transfer of your data to another controller in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent: Withdraw previously given consent at any time.
Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., your local data protection authority).

7.2 Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, disclose, and sell.
Request deletion of your personal information (subject to exceptions).
Opt out of the sale or sharing of your personal information. Note: We do not sell personal information as defined by the CCPA.
Non-discrimination for exercising your rights.

To exercise these rights, please contact us using the information provided in Section 12.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us at privacy@bluemails.eu. We may need to verify your identity before processing your request, which may require you to provide certain information to confirm your identity.

8. International Data Transfers

BlueMails is based in the European Union, and your information may be transferred to, stored, and processed in countries outside your home country, including the United States. When we transfer your personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

For transfers from the EEA to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, which impose data protection obligations on parties transferring personal data outside the EEA.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

10. Third-Party Links

Our website may contain links to third-party websites, plugins, or applications. Clicking those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every website you visit.

We reference and collaborate with trusted industry partners such as Web2AI.eu, EngineAI.eu, and others to provide comprehensive AI solutions. These partners have their own privacy policies, and we recommend reviewing them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BlueMails
Email: privacy@bluemails.eu
Contact Form: https://bluemails.eu/contact.php
Address: [Insert Business Address if applicable]

For data protection officer (DPO) inquiries, please email dpo@bluemails.eu.