Version March 2025 (Version 3)
BLUEDESK LIMITED is the controller and is responsible for your personal data (collectively referred to as “Company“, “we“, “us“, or “our“ in this policy).
We keep our privacy policy under regular review. This version was last updated in March 2025. It may change, and if it does, these changes will be posted on this page and will be shared with users via emails and in-app notifications to review and accept.
We may collect, use, store, and transfer different kinds of personal data about you as follows:
Our platform handles two types of information:
This data helps us understand how our system is being used and includes:
Like Full name and username.
We collect the full name and username to create and manage your account and to use in the login process.
Identity data are retained as long as the account is active.
Like email address and phone number.
We collect the email address to create and manage your account, verify the account via email, and use it to reset the password upon user request.
We collect the phone number to verify the account via SMS. Note that the account needs only one of these contact data to be verified.
Contact data are retained as long as the account is active.
We only save the transaction ID to get its status from the payment gateway.
Brand, Model, Android version, Build number, Device ID…
Device ID: Android Advertising ID, device serial number (if applicable). We collect the Android Advertising ID for analytics and troubleshooting, and the device serial number for unique device identification in bug reporting.
We don’t collect the device serial number.
With user permission, we collect precise GPS coordinates for the start and end locations during interviews. Location data is stored for the duration of the interview or survey response.
The user can access and see these locations via the web interface and can delete them upon deleting the interview record.
To manage communication channels and ensure effective delivery of information, we keep records about the following communication data: emails sent, push notifications delivered, SMS messages sent.
We also record users’ marketing preferences, such as opt-in and opt-out statuses.
These data are retained as long as the user is active.
We don’t save any financial data.
Troubleshooting: In internal test versions of the mobile app, we collect usage data for troubleshooting and debugging. This data includes feature usage, screen interactions, and crash logs. The resulting log is only shared manually by the user.
Users participating in internal testing are invited via a clear message, to which they can join or decline.
Mobile users can opt out of usage data collection by selecting the option to “Leave the program“ in Google Play.
In production versions of the app, we do not collect usage data.
We maintain audit logs within our secure Microsoft SQL Server database to track user actions on the web system for security, compliance, troubleshooting, and to facilitate the undoing of unintended actions.
These logs track the following specific actions, including the user that made the change: project creation timestamp, survey update details, user deletion record, and other create, update, and delete events.
These logs track actions related to main objects and features in the system, such as projects, surveys, interviews, data views, and user accounts.
Audit logs are retained for 3 months and are protected by Microsoft SQL Server’s Transparent Data Encryption feature. Access is restricted to authorized personnel only.
Audit logs can fall under usage data. We comply with all relevant legal requirements regarding audit logging.
To facilitate troubleshooting and improve the stability of our mobile app and web system, we use third-party error logging tools:
Users cannot directly opt out of error logging, as it is essential for maintaining system stability. However, we ensure that error logs are used solely for troubleshooting and are protected according to the privacy policies of InstaBug and Sentry.
The information collected through your surveys is entirely controlled by you. As the survey creator, you determine what data is collected and how it is used. Our system securely stores this respondent data as a data processor, following your instructions. You are responsible for complying with all applicable privacy laws regarding the data you collect.
Images, Audios, Videos, and normal document files (pdf, docx, etc.).
The user can create a form/survey that contains media content questions, in which the enumerator can select files, shoot images, or record audios and videos.
These content files are kept as long as the interview data are used and retained.
The user who is designing the survey might enable a flag for background voice recording during the interview for quality assurance purposes.
The mobile app shows a clear message to get explicit user consent to record voice conversations during the interviews, showing a clear icon to indicate when the background voice recording is on.
These recordings are content data and are stored locally on the device with encryption, then transferred with encryption to the server, and stored on our encrypted servers without sharing them with any third party.
The user can access, view, and delete these recordings by logging in to the web interface using their same credentials.
The background voice recordings are kept as long as the interview data are used and retained.
Voice recordings will be deleted with the deletion of the interview or the project.
Voice recordings might happen in the background. The user can stop the background recording by ending, stopping, or pausing the data collection section (the interview).
We provide the ability to include location questions (point, line, and area) within the survey design, which allows users to select or provide location data within survey forms.
Location data is retained for the duration of the interview and can be accessed, changed, and deleted via the web interface.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy policy.
Data under our control includes registration data (e.g., email, organization name, organization website, country, business sector, and domain) and site visitor data (e.g., website analytics). This data is used in aggregated ways to monitor usage and growth of Bluedesk Limited. Personal information from registered users is used to provide services to registered users and communicate with them about our services. Registered users can view, edit, and delete their personal information stored in their profile, unregister from communication emails, or delete their account.
This data privacy policy distinguishes between data that is controlled by Bluedesk Limited and data that is processed by Bluedesk Limited.
We are a data controller of very limited data about account holders and site visitors (i.e., we determine the purposes, conditions, and means of the processing of personal data). Bluedesk Limited collects web page analytics from unregistered and registered users of its web page using Google Analytics – pages visited, clicks, browser used, language choice, country of origin, and so on. For registered users, Bluedesk Limited collects the following as part of the registration process:
This information is stored in the user’s profile along with their preferences.
We act as a data processor for data collected by account holders (i.e., we process data on behalf of a data controller). Once a registered user creates a project, Bluedesk Limited stores the information related to the survey and data collected by the account holder. This includes data submitted by participants completing surveys designed by registered users and can include personal information.
We may share your personal data with organizations. This will involve transferring your data outside the European Economic Area (EEA).
We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are called “binding corporate rules“. For further details, see European Commission: Binding corporate rules.
Many of our external third parties are based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Here is a list of the permissions needed in our mobile app and their uses. Users can control or revoke these permissions through their device settings:
The application files mentioned in the above two permissions are the images, videos, audios, and office files that are collected during the user-designed survey.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We implement robust security measures to protect your personal data from unauthorized access, use, or disclosure. These measures include:
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting, or other requirements.
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies. We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data.
We integrate our system with the following third-party services to enhance functionality and provide a better user experience:
Users cannot opt out of the data sent to these third parties, as they are essential for the functionality of the application.
Our system is not intended for children.
We are committed to protecting your personal data and respecting your rights under the General Data Protection Regulation (GDPR). This section outlines how we comply with GDPR principles and your rights as a data subject.
We process your personal data based on one or more of the following legal bases:
Under the GDPR, you have the following rights:
To exercise any of your GDPR rights, please contact us using the contact details provided in the “Contact Us“ section of this privacy policy. We will respond to your request within the timeframes specified by the GDPR.
If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as:
If you are uncertain about our data privacy policy or have requests with regards to general compliance, including GDPR rights, please contact us at [email protected].
BlueData is a Data Management Platform, a tool designed to meet the unique needs of organizations engaged in data collection, quality, analysis, and performance monitoring.
