Meet the new BlueDolphin! Join CEO, Jelle Visser, for a live product demo Tuesday, April 21.RSVP
Book a demo

Privacy Statement

Privacy Statement for BlueDolphin, 1 April 2026

To download a pdf of this document, please click here.

1. BlueDolphin

We are BlueDolphin B.V., a Dutch company that trades under the name “BlueDolphin”.

We operate in the European Economic Area (EEA) and we store our data on servers in the EEA, unless we indicate otherwise in this privacy statement.

2. General

In this privacy statement we summarize which data we process about you and how we process it (Sections 3 – 5). In this privacy statement you will also find more information about the rights you have in relation to your personal data and how to exercise them (Section 6). We may change provisions of this privacy statement. If we do that, we will let you know. Nevertheless, we recommend that you periodically check yourself whether the privacy statement has been changed.

If you have any questions, concerns or comments about this privacy statement or if you wish to exercise your rights, please contact us by email at support@bluedolphin.io.

3. Which personal data do we process?

If you use our services or visit our websites, we may process your personal data. Below we explain per role which personal data we may collect from you, why we process it and how long we store it.

3.1 You use BlueDolphin

A. In order to be able to offer you our service ‘BlueDolphin’ and to make the service workable for you, we process the personal data mentioned below up to 13 months after your account has been terminated, your Session ID is kept for one day after your visit. We receive or generate the personal data mentioned below from you directly (for instance when you contact us or use our services). We use the data to create an account for you, to authorize you and to correspond with you about the service, your questions and any tickets you may submit. Our processing basis is the performance of an agreement. If you refuse to share your personal data with us for these purposes, we cannot provide you with our services.

  • Name
  • E-mail address
  • Phone number
  • Content of any communications you have with us
  • Function
  • Organization
  • User ID
  • Session ID
  • BlueDolphin tenant name
  • Password (encrypted)
  • Role within the BlueDolphin software
  • Powers and rights within the BlueDolphin software
  • Language
  • Information about the customer’s IT architecture, its processes and data
  • Device information
  • Support requests
  • IP address
  • Cookie IDLog details
  • Time of the visit
  • Information with regards to the handling of any tickets

If you contact us via the Intercom chat function, your data may be stored by our processor Intercom outside the EEA. Intercom guarantees to comply with European privacy legislation.

B. To secure our service, we process the personal data mentioned below up to 2 years after collecting it. Our processing basis is our legitimate interest to be able to adequately secure the service. We receive or generate the personal data mentioned below from you directly (when using our service).

  • Name
  • E-mail address
  • IP address
  • Date and time of logging in and out
  • Role within the BlueDolphin software
  • Powers and rights within the BlueDolphin software
  • Actions performed on BlueDolphin

C. To improve our services, we process the personal data mentioned below up to 2 years after collecting it. Our processing basis is our legitimate interest to be able to improve our services. Your interests are safeguarded because the data processing is limited. We receive or generate the personal data mentioned below from you directly (when using our services).

  • Name
  • User ID
  • Session ID
  • BlueDolphin tenant name
  • IP address
  • Browser information
  • Location data (country / province level)
  • Actions performed on BlueDolphin
  • Using BlueDolphin and problems encountered
  • Language
  • Device information
  • Internet Service Provider (ISP)
  • Length of the session

For more information on the placement of cookies when using the BlueDolphin software, please refer to our cookie statement: https://www.bluedolphin.io/cookie-policy

D. If you use BlueDolphin, we can send you marketing material such as newsletters and offers. To this end, we process the personal data mentioned below up to 4 years after we last had contact with you or, if that is later, you last performed an action on BlueDolphin. We send such marketing communications in accordance with the applicable Privacy legislation. As such, the conditions for lawful processing laid down in the GDPR do not apply. We receive or generate the personal data mentioned below from you directly (when signing up for or using our services).

We may also send you surveys, interactive forms, evaluations or feedback requests. Our processing basis is our legitimate interest to be able to improve our services.

  • Name
  • E-mail address
  • Phone number
  • Content of communications you have with us
  • Function
  • Organization
  • User ID
  • Browser ID
  • IP address
  • Browser information
  • Location data (country / province / city level)
  • Role within the BlueDolphin software
  • Actions performed on and use of BlueDolphin
  • Language
  • Demographic data
  • Your personal lead score (see 3.4 (prospects) and 3.7 (customers) for further information)

You can unsubscribe from receiving these (marketing) messages by following the unsubscribe instructions included in each newsletter or by contacting us via support@bluedolphin.io. If you unsubscribe from receiving (marketing) materials, it will not affect our ability to send you emails about important matters and your account.

E. If you use BlueDolphin, you can choose to fill in optional fields voluntarily. If you do this, our processing basis to process the entered personal data is our legitimate interest (in order to be able to improve our services or to personalise your account). We receive the personal data mentioned below from you directly. This concerns the following personal data.

Improving our services, processed up to 2 years after collection:

  • Name (via completed questionnaires)
  • Function (via completed questionnaires)
  • Organization (via completed questionnaires)
  • Answers provided (via completed questionnaires)
  • Reviews given (processed for up to 13 months after account termination)

Other:

  • Profile photo, for personalizing the personal profile, processed up to 13 months after termination of the account

3.2 You are a visitor to our website

A. To ensure that you can use our website, we process the personal data mentioned below during your visit to our website. We receive this personal data directly from you. Our processing basis is our legitimate interest to be able to show you a website that works.

  • Language
  • User-ID (allowing use of the Intercom chat function and allowing you to review earlier conversations)

This information can be shared with LinkedIn to set the language preference correctly. LinkedIn may process the data in the U.S., but uses standard contractual clauses approved by the European Commission. If you contact us via the Intercom chat function, your data may be stored by our processor Intercom outside the EEA. Intercom guarantees to comply with European privacy legislation.

B. To improve our websites, we process the personal data mentioned below up to 2 years after collecting it. The personal data listed below is generated when you use our website. Our processing basis is our legitimate interest to improve our websites. Your interests are safeguarded because data processing is limited and you can choose not to share the data by unchecking the “analytical cookies” box.

  • Browser information
  • Location data at country / province level
  • Google user ID
  • Device information
  • The duration of your website visit and how you use our websites
  • Demographic data

The above data can be shared with Google Analytics, which can store data outside the EEA but guarantees to continue to comply with European privacy legislation.

C. To secure our website, we process the personal data mentioned below up to 2 years after collecting it. The personal data listed below is generated when you use our website. Our processing basis is our legitimate interest to improve out website.

  • IP address
  • Browser and device information
  • Log details
  • Cookie ID
  • Network and traffic data

D. We place tracking and advertising cookies if you visit our website and give us permission to do so in the cookie banner. The personal data listed below is generated when you use our website. The cookies process the information mentioned below up to 2 years after the collection of the data.

  • IP address
  • Device information
  • The duration of your website visit and how you use our websites
  • Google advertising ID
  • Browser ID
  • Hubspot user ID
  • Demographic data
  • Location data
  • Cookie preferences
  • Cookie ID

The tracking cookies are placed by Hubspot, Meta Platforms, Google and LinkedIn. They can store the data outside the EEA, but guarantee to comply with European privacy legislation.

You can amend your settings via the cookie banner. For further information on the placement of cookies by our website, please refer to our cookie statement: https://www.bluedolphin.io/cookie-policy

E. If you ask us a question or make a request, we will process the personal data listed below up to 4 years after we last had contact with you. We receive or generate this personal data directly from you, when using our services or by contacting us. We process your data to be able to respond to your question or request and to improve our services. Our processing basis is our legitimate interest to be able to respond to your questions and requests and to improve our services.

  • Name
  • E-mail address
  • Phone number
  • Content of any communications you have with us
  • User ID
  • Organization
  • Language
  • Conversation assessment (to improve our services)
  • Date of registration and first visit (to improve our services)
  • Date of last seen and last contact (to improve our services)
  • Number of active web sessions (to improve our services)

We store the above personal data at Intercom. This party stores your data outside of the EEA, but they guarantee compliance with European privacy legislation.

F. If you register yourself for a newsletter on our website, we will process the data mentioned below until you unsubscribe from the newsletter. Our processing basis is consent, because you voluntarily sign up for the newsletter.

  • Name
  • E-mail address

You can unsubscribe from these newsletters by following the unsubscribe instructions included with each newsletter. If you unsubscribe from the newsletter, it will not affect our ability to send you emails about important matters and your account.

3.3 You apply for a job at BlueDolphin

A. If you apply for a job at BlueDolphin, we will process the personal data mentioned below up to 4 weeks after completing the application or up to 1 year if you request it. We receive the personal data mentioned below from you directly (for instance when you provide us with your curriculum vitae and other documents and when we communicate with you). We may also receive your personal data from other sources (such as your LinkedIn profile, your previous employer(s), educational institutions you attended, etc.). Our processing basis is our legitimate interest to process your application.

  • Name
  • Address
  • E-mail address
  • Phone number
  • Your employer
  • Your function
  • Curriculum vitae and motivation letter
  • Your profile picture
  • Information about your availability and employability for work
  • Information provided in the appropriate open fields and information you provide to us during an interview
  • Information included on your LinkedIn profile
  • Information provided to us by referees (such as your previous employer and/or educational institution)

3.4 If you work for a party with whom we intend to enter into a business relationship (prospects)

A. We approach interesting parties, such as potential customers, with the aim of establishing a business relationship with them. If you act as contact person for such a party, we will process the personal data mentioned below up to 4 years after we last had contact with you. We receive or generate this personal data directly from you and/or from the organisation you work for. Our processing basis is our legitimate interest to be able to promote and grow our business by approaching and maintaining contact with prospective customers, suppliers and other business partners, and to manage and document those (potential) business relationships. You can always opt-out or object to such processing by contacting us via support@bluedolphin.io.

  • Name
  • E-mail address
  • Phone number
  • Content of communications you have with us
  • Function
  • Organization
  • Language
  • Preference with respect to the receiving of marketing materials
  • Your personal lead score (see below)

B. We may use certain information about you to determine or generate a “personal lead score”, which helps us assess how interested you (or the organisation you work for) may be in our products and services and how relevant our offerings are to you. We receive or generate this personal data directly from you. Our processing basis is our legitimate interest to optimise and focus our sales and marketing efforts by assessing the likelihood that a contact person (or their organisation) is interested in our products and services, and to prioritise and tailor our follow‑up accordingly. We will process the personal data mentioned below up to 4 years after we last had contact with you.

  • Your personal lead score
  • IP address
  • Browser ID
  • Browser information
  • Location data at country / province level
  • Device information
  • The duration of your website visit and how you use our websites
  • Demographic data
  • Number of actions performed, such as page views, downloads, and completed forms, to determine the lead score

3.5 You follow a course via the BlueDolphin Academy

A. In order to be able to offer you our service ‘BlueDolphin Academy’ and to make the service workable for you, we process personal data mentioned below up to 2 years after your account has been disabled (except for payment and invoice details, which are stored for 7 years). We receive or generate the personal data below from you directly (e.g., when you sign up for a course or make use of our services). You can disable your account via the account settings and your account will be automatically be disabled after 1 year of inactivity. We use the personal data below to create an account for you, to authorize you, to provide you with the learning functionalities of our software and to correspond with you about the service and your questions. Our processing basis is the performance of an agreement. If you refuse to share your personal data with us for these purposes, we cannot provide you with our services.

  • Name
  • Email address
  • Organization
  • User ID
  • Session Data
  • Course activity (e.g., progress, timestamps, completion status, certifications)
  • Password (encrypted)
  • Language
  • Course scores

We make use of Docebo, a cloudplatform for managing, offering, and tracking training courses and e-learning. The BlueDolphin Docebo platform is hosted in the AWS data center located in the EEA. However, a limited amount of personal data may be accessed outside the EEA by Docebo sub-processors (e.g., in the U.S., Canada, Australia, United Kingdom).

B. If you want to personalize your account, you can voluntarily upload an avatar for your BlueDolphin Academy account. If you upload such avatar in which you can be recognized, we will process your avatar on the basis of our legitimate interest to personalize your account at your request.

3.6 You attend our webinars

A. When you attend one of our webinars, and in order for us to be able to provide you with this service. Our processing basis is the performance of an agreement. If you refuse to share your personal data with us for these purposes, we cannot provide you with our services. We receive or generate this information directly from you when you sign up for or attend a webinar.

  • Name
  • Email address
  • IP address
  • Organization
  • Function
  • Watch behaviour
  • Chat and Q&A messages

3.7 We conduct business with the organization you work for (customers and suppliers)

A. If the organization you work for entered into a contract with us (as customer or supplier), we may process the personal data below (i) for invoicing and payment processing purposes and to (ii) comply with accounting and tax obligations. We receive this personal data directly from you or from the organization you work for. Our processing basis are (i) to perform the agreement we concluded with your organization and (ii) to comply with legal obligations to which BlueDolphin is subject. We keep this personal data for 7 years from the date of payment/invoice date.

  • Identification and contact information for the billing contact person
  • Invoice and payment details
  • Correspondence
  • Signature

B. If the organization you work for entered into a contract with us (as customer or supplier), we may process the personal data below for communication purposes, contract management, relationship management, account management and customer relationships purposes (“customer relationship management”). We receive or generate this personal data directly from you in the context of our customer relationship or from the organization you work for, certain data is generated by us. Our processing basis is our legitimate interest to be able to effectively maintain our customer relationships.

  • Name
  • E-mail address
  • Phone number
  • Signature
  • Content of communications you have with us
  • Function
  • Organization
  • Language
  • Preference with respect to the receiving of marketing materials
  • Your personal lead score (see below)

C. We may use certain information about you to determine or generate a “personal lead score”, which helps us assess how interested you (or the organisation you work for) may be in our products and services and how relevant our offerings are to you. We receive or generate this personal data directly from you. Our processing basis is our legitimate interest to optimise and focus our sales and marketing efforts by assessing the likelihood that a contact person (or their organisation) is interested in our products and services, and to prioritise and tailor our follow‑up accordingly. We will process the personal data mentioned below up to 4 years after we last had contact with you.

  • Your personal lead score
  • IP address
  • Browser ID
  • Browser information
  • Location data at country / province level
  • Device information
  • The duration of your website visit and how you use our websites
  • Demographic data
  • Number of actions performed, such as page views, downloads, and completed forms, to determine the lead score

3.8 Internal operations

A. We may use your personal data (for instance when it is contained in certain documents) for internal knowledge management and collaboration purposes (for example, for recording and sharing information among BlueDolphin teams), tracking statistics and performance, work and project management, structuring workflows and tasks, and planning and prioritizing product roadmaps. Our processing basis is our legitimate interest in organising and improving our internal operations. These activities help us to operate efficiently, maintain and improve the quality, security and continuity of our services, and develop our products in line with customer needs.

Where we use your personal data for these purposes, we do so only to the extent reasonably necessary and proportionate, and we take steps to minimise the use of directly identifiable information where possible (for example by redacting or aggregating data).

3.9 Legal proceedings

A. We may use and retain your personal data to establish, exercise or defend legal claims in legal proceedings (for example, in the context of a dispute with the organization you work for). All personal data described in this privacy statement may be processed and retained in the case of a claim or legal proceedings. Our processing basis is our legitimate interest to be able to defend BlueDolphin in such case. We may retain your personal data for as long as necessary to establish, exercise or defend actual or potential legal claims. This means that, where relevant, we may keep your personal data until the expiry of the applicable statutory limitation periods for bringing claims; and for the duration of any legal proceedings and until such proceedings are finally concluded.

3.10 Government requests and court orders

A. We may receive requests from government authorities or court orders which oblige us to share certain personal data we process of you with them or a party designated in the order. We will inform you of such orders prior to sharing your personal data, unless the order forbids us from doing so. All personal data described in this privacy statement may be included in the request, but only insofar BlueDolphin is obliged to provide the personal data. Our processing basis is to comply with such legal obligation. We store the personal data until the order has been fulfilled and any terms of appeal or objection have expired.

3.11 Mergers and acquisitions

A. If we process your personal data, we may process your personal data (as included in this privacy statement), if we merge with another company, if we acquire another company or if we are acquired by another company. Your personal data will only be processed if this is strictly required for the transaction or the due diligence investigation. In such cases, we will anonymize and pseudonymize your personal data where possible. Your personal data may be shared with the target company or purchaser, involved lawyers and accountants and other parties involved in the transaction. Due to the confidential nature of the processing activity, you will not be informed separately prior to your personal data being processed for this purpose. Insofar we are allowed to do so, we will inform you afterwards. Our processing basis is our legitimate interests to operate our business, to be able to comply with contractual agreements concluded with other parties, to comply with legislation and to prevent unnecessary risks and damages from occurring to BlueDolphin or other parties. We store the personal data for up to 5 years after the transaction has been completed or for the duration of relevant indemnities and warranties for which your personal data is crucial to be able to invoke or defend against such warranties and indemnities.

3.12 Audits

A. We may be subject to audits for certifications or by our customers or conduct internal audits to verify if we comply with our various requirements. If we process your personal data, this personal data may be processed by the auditor if this is strictly necessary for the audit. We will anonymise or pseudonymize your data as much as possible before sharing it with the auditor. Your personal data may be shared with the auditor. All personal data described in this privacy statement may be included in the audit, but only insofar necessary. Our processing basis is compliance with a legal obligation to conduct audits or our legitimate interest to operate our business, to be able to comply with contractual agreements with customers, to (verify that we) comply with legislation, to gain certifications and to verify that we comply with modern security requirements. We store the personal data for up to 2 years after the audit took place or, if storing personal data is an audit requirement, up to 2 years after expiry of such term.

3.13 Complying with GDPR requests

A. You may exercise your rights under the GDPR (see Section Error! Reference source not found.). We must process your personal data, such as your identification details, when complying with your request. We will only process the personal data which is necessary to comply with your request. Our processing basis is to comply with a legal obligation to comply with GDPR-requests. In case your personal data is processed for this purpose, the processed personal data will be stored until 5 years after the request has been handled.

4. Sharing your personal data

4.1 Our data processors

We may ask others to assist us in providing our services and websites. These “processors” can therefore process your personal data on our behalf. We agree with these processors that they may only use your personal data to enable our services.

We may use the following types of processors:

  • parties that host our services and websites, store data and manage and maintain our servers and databases;
  • developers and suppliers of software and questionnaires;
  • research agencies and analytical software suppliers to improve our services;
  • ticket managers for user support;
  • subscription management and billing tools;
  • recruitment and applicant tracking systems;
  • marketing agencies, and;
  • providers of relationship management software.

4.2 Sharing your personal data with third parties

We only share your personal data with third parties if this:

  1. is described in this privacy statement and we have a valid basis for this;
  2. is reasonably necessary or appropriate to comply with legal obligations;
  3. is necessary to comply with legal requests from authorities;
  4. is necessary to respond to any claims;
  5. is necessary to protect the rights, property or safety of us, our users, our employees or the public;
  6. is necessary to protect ourselves or our users from fraudulent, offensive, inappropriate or unlawful use of our services.

We will notify you immediately if a government agency makes a request relating to your personal data, unless we are not allowed to do so by law.

Our websites may also contain links to websites of others. If you provide your personal data on these third party pages, the privacy policy of this third party applies. We are not responsible for the content of the privacy policy of these parties and the way in which these parties process your personal data. We encourage you to review their privacy policy before providing any personal information to them.

5. Protection of your personal data

We have taken appropriate technical and organizational security measures to protect your personal data. We have in any case taken the following measures:

  • We have physically and digitally secured our servers so that people cannot view your personal data without our consent.
  • We use security to ensure that data is sent encrypted between our services, the websites and our servers.
  • We make backups of your personal data.
  • Vulnerabilities in the services and on the websites are addressed as quickly as possible.
  • We have implemented physical and electronic measures designed to prevent unauthorized access, loss or misuse of personal data as much as possible.
  • We store your passwords encrypted.

We would like to point out that the internet is never completely secure. So be careful what you share via the internet. If in doubt, contact us first.

6. Your rights

You have certain rights regarding your personal data. The rights that we describe below are not absolute rights. We will always consider whether we can reasonably meet your request. If this is not possible, or if it would, for example, be at the expense of the privacy of others, we can refuse your request. If we refuse a request, we will let you know with reasons.

Right to access

You have the right to request which personal data we process about you. You can also ask us the following:

  • to provide insight into the reasons why we process your personal data;
  • what types of personal data we process about you;
  • what types of parties we share your personal data with;
  • how long we store your personal data;
  • where the personal data comes from, and;
  • whether we use automated decision-making.

You may also request a copy of your personal data processed by us. Do you want additional copies? Then we can charge a reasonable fee for this.

Right to rectification

If the personal data processed by us is incorrect or incomplete, you can request us to adjust or supplement your personal data. You can also amend certain personal data we hold about you via your account.

If we approve your request, we will, insofar as this is reasonably possible, inform the parties to whom we have provided your personal data.

Right to erasure of data

Do you no longer want us to process certain personal data about you? Then you can request us to delete some or all of your personal data.

If we have accidentally processed data unlawfully or a specific law prescribes that we must delete personal data, we will delete the personal data. If the personal data is necessary for the settlement of a legal procedure or a (legal) dispute, we will only delete the personal data after the procedure or dispute has ended.

If we approve your request, we will, as far as is reasonably possible, inform the parties to whom we have provided your personal data.

Restriction of processing

If you think that we are not processing the correct personal data about you, or if you believe that we are processing your personal data unlawfully or no longer need it, you can request us to restrict the processing of that personal data. For example, during the time that we need to assess your request, or if there is no lawful basis (anymore) but you still have an interest in us not deleting the personal data yet. If we restrict the processing of your personal data at your request, we may still use that personal data for the settlement of legal proceedings or a (legal) dispute.

Right to data portability

You have the right to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have this personal data transmitted to another party (where technically feasible). You only have this right to data portability when the processing is based on your consent or when this is necessary for the performance of an agreement, and the processing is carried out by automated means. We refer to Section Error! Reference source not found. of this privacy statement for further information on our processing activities.

Right to object

When the processing of your personal data is based on our ‘legitimate interest’ (see Section Error! Reference source not found. of this privacy statement for more information), you have the right to object to such processing on grounds relating to your particular situation. When exercising your right to object, we will review the processing of your personal data. We must stop with the processing of your personal data on this ground, unless we have very good reasons to continue the processing which outweighs your interests, or that relate to a legal claim.

When you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Automated individual decision-making

We do not make decisions based solely on automated processing.

Withdrawal of consent

You may withdraw your consent at any time by clearing voluntarily completed fields, amending your account settings or by contacting us. Please note that when you withdraw your consent, this does not affect the lawfulness of the processing based on consent before its withdrawal. Our contact details are described below.

Exercising your rights

You can send the above requests to support@bluedolphin.io.

Before we respond to your request, we must first make sure that it is your personal data. We usually do this by having you log in to your BlueDolphin or BlueDolphin Academy account. If you do not have an account or if we cannot confirm your identity in this way, we will try to verify your identity by email or telephone. If that also fails, we can ask for a copy of a valid ID. In that case, do not forget to shield your social security number (BSN), MRZ (Machine Readable Zone) and passport photo. For example, by using the ‘KopieID-app’ of the Dutch Government (https://www.rijksoverheid.nl/onderwerpen/identiteitsfraude/vraag-en-antwoord/veilige-kopie-identiteitsbewijs).

We aim to deal with your request or complaint within one month. If it is not possible to make a decision within one month, we will notify you (within one month) of the reasons for the delay and when the decision is expected to be provided. This can never be longer than 3 months after receipt of the request.

Dutch Data Protection Authority / Autoriteit Persoonsgegevens 

Do you have a complaint about our processing? Then contact us. We would of course be happy to help you. Should we nevertheless not come to an agreement, you also have the right to file a complaint with the privacy supervisor, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can contact the Dutch Data Protection Authority via https://autoriteitpersoonsgegevens.nl/.

7. Contact

If you have any questions, concerns or comments about this privacy statement, please contact us by email at support@bluedolphin.io.