<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1058474&amp;fmt=gif">
Skip to the main content.
Facebook Instagram Linkedin X YouTube

Our Valued Partners

BlueStar's diverse portfolio offers unparalleled access to premium products and services that drive business growth and success. From state-of-the-art hardware to advanced software solutions, our portfolio is designed to empower businesses with the tools they need to thrive in today's competitive landscape.

Full Line Card

Industry Insights

Our vertical-based content focuses on different industry technologies, solutions, and insights. 

Blog Articles

Verticals

Solutions

Value-Added Services

A true VAD offers top-notch pick, pack and ship services, and provides programs and services that add value to the distributed products that increase their value or worth.

The BlueStar Difference

Programs

Services

Data Protection Policy

1. INTRODUCTION

At BlueStar Europe Distribution BV , we are committed to protecting your privacy and the security of your personal data. This policy explains how we collect, use, share and protect the personal data of people we interact with, including employees, customers, suppliers, business partners, event participants and visitors to our digital platforms.

We comply with the General Data Protection Regulation (EU Regulation 2016/679 - GDPR) as well as applicable national legislation, such as the Dutch GDPR Implementation Act (UAVG).

This policy will be updated regularly to reflect changes in our practices or applicable law. The most recent version will be available on our website, and we will notify you of any significant changes that may affect your rights.

2. PERSONAL DATA CONTROLLER

The data controller for the processing of personal data collected under this policy is:

BlueStar Europe Distribution BV

Koninginnegracht 19

2514 AB Den Haag

The Netherlands

This responsibility extends to all of its branches and associated entities in Europe. A complete list of our branches, together with their addresses, is available in Annex I of this policy.

The data controller determines the purposes and means of processing personal data and ensures compliance with applicable regulations.

3. OBTAINING CONSENT

Consent will be requested in a clear and specific manner before processing your personal data for purposes that require it.

What does informed consent mean?

Informed consent implies that:

  • You have received clear and complete information about why your data is collected and how it will be used.
  • You have had the opportunity to ask questions and resolve doubts before deciding.
  • You have given your consent freely, without pressure or conditions.

How is consent managed?

We will request your explicit consent in the following cases:

  1. Use of images and videos for promotional purposes.
  2. Sending commercial communications and direct marketing.
  3. Processing of sensitive data, such as medical information.

You may withdraw your consent at any time by writing to our data protection team at the following email address eu-gdpr@eu.bluestarinc.com
. Your withdrawal will not affect the lawfulness of any processing carried out prior to your withdrawal.

 

4. DATA COLLECTION

At BlueStar Europe Distribution BV, we collect personal data in a transparent manner and in compliance with the General Data Protection Regulation (GDPR). This section details what data we collect, how we obtain it and the principles we follow to ensure that your rights are protected.

4.1. From what sources do we obtain your data?

  • Directly from you (forms, contracts, communications).
  • From public sources (social networks, professional directories).
  • From authorized third parties (employment agencies, business partners).

When collecting your data, we will inform you in a clear and transparent manner about the purposes of the processing. We will also inform you whether the provision of data is mandatory or voluntary, and the possible consequences of not providing it on your rights in relation to the data collected.

In the event that the treatment requires your explicit consent (such as for the use of images or the receipt of commercial communications), this will be requested through a specific form or procedure, and you may withdraw it at any time by writing to eu-gdpr@eu.bluestarinc.com.

In section 5 you can find the main purposes for which we collect your personal data.

4.2. What data do we collect?

a) Employees

We collect personal data from employees to manage the employment relationship and to comply with our legal and contractual obligations. Categories of data include:

  • Identification and contact information: Name, surname, address, email, telephone number, etc.
  • Employment data: Start and end dates, salary details, compensation, performance evaluations, permits and licenses, professional history, academic history.
  • Personal and social characteristics data: Sex, marital status, nationality, age, place of birth, family data.
  • Occupational health and safety data: Medical reports related to fitness for work, mandatory medical examinations, accident reports, information on occupational diseases, exposure to specific risks, information on sick leave, health-related work permits.
  • Banking data: Information for payroll management.
  • Images: Captures from security cameras located in facilities and access areas.
  • Access logs: Date, time and location of entry and exit, visitor identification.
  • Images and personal data shared voluntarily: Photographs, videos, birthdays, anniversaries or births, always with your explicit consent.
  • Opinions and Views: Any opinions and views you choose to submit to us.

b) By visiting our website or online store:

When you visit our website or online store, we may collect and process certain personal and non-personal data to improve your experience, ensure the security of our systems, and provide personalized services.

We may collect the following categories of data:

  • Voluntarily provided data: Information you provide to us by completing forms on the website (e.g. registration, service requests, subscription to newsletters or promotions). Correspondence you send to us via forms or emails. Username created during registration.
  • Technical and navigation data: IP address, operating system, browser type, device identifier. Data about your activity on the website, such as pages visited, time on the site, resources accessed, and traffic data.
  • Data from cookies and similar technologies: Information collected through cookies to analyse your use of the site, personalise your experience and provide you with relevant content. For more details, see our Cookie Policy (https://www.bluestarinc.com/en-gb/cookie-policy-bluestar)
  • Email Interaction Data: Information about whether you opened and/or clicked on links in our emails.
  • Social Network Data: If you use third-party login features (such as Facebook or Google), we receive the information you authorize to share, such as name, profile picture, gender, job title, contact list, and other preferences as defined by the platform.

c)By subscribing to our marketing emails:

To receive marketing content or emails from BlueStar and after you subscribe, BlueStar requests and stores the following information:

  • Non-personal company data
  • Name, surname, job position
  • How you use the newsletter service, i.e. whether you open, click or unsubscribe.

This is to provide you with relevant information and understand your level of interest. For example, if you have not opened any marketing emails from us in a year, we may stop sending you marketing emails. Please visit our Cookie Policy at the following link (https://www.bluestarinc.com/en-gb/cookie-policy-bluestar) for more information on this

We always treat your personal information with the utmost care.

You may of course choose to unsubscribe at any time via the unsubscribe link found in all our emails. You may ask us to delete your information. We may do so unless we are legally required to retain it.

d) By becoming a reseller/customer/applying for a BlueStar account:

When you register as a Customer, Reseller or Supplier, you will be asked to complete a form and provide the following information:

  • Non-personal company data.
  • Name, Surname, Position.
  • Corporate email and telephone number.

In addition, in your interaction with us, we may also collect data related to:

  • Answers and opinions.
  • Interaction historysdsad
  • Connection data to our system

e) By participating in Events:

For the organization and management of the event, we may collect and process the following categories of personal data:

  • Identification data and position in the company.
  • Contact information such as corporate email and telephone number.
  • Identification number (occasionally) if necessary for logistical or security reasons.
  • Photographic images and videos captured from attendees at the event, with their consent.

f) When visiting or accessing our facilities:

To ensure physical security, we collect:

  • Identification data: Name, surname.
  • Access logs: Date, time and location of entry and exit.
  • Images: Security camera captures at the facilities.

4.3. How do we collect your data?

Voluntary provision of data

We collect personal data that you provide directly to us when you interact with us, for example:

  • By participating in a selection process
  • When hired as an employee
  • When registering as a customer, supplier or reseller
  • When making a purchase in our online store
  • By opting to receive promotional content or marketing
  • When you log in to our services using third-party platforms such as Facebook or Google (depending on the permissions you set on those platforms)
  • By sending us information through forms, emails or direct messaging services

Use of Our Services

When you use our services, we automatically collect data to improve your experience and ensure the security of our systems. This includes:

  • Technical and navigation data collected when you visit our website or online store (e.g. IP address, browser type, pages visited, time on site).
  • Information recorded using cookies and similar technologies. See our Cookie Policy (https://www.bluestarinc.com/en-gb/cookie-policy-bluestar) for more details.

Creation of Personal Data

When you interact with us, we generate additional personal data from your activities and communications, such as:

  • Interaction history : Records of queries, requests or correspondence.
  • Account details: Information generated when you create and manage your account on our platforms.
  • Information derived from your preferences and behaviour (for example, personalising content based on your interaction with our newsletters).

External Sources and Third Parties

We may also obtain personal data through:

  • Public sources: Profiles on professional networks such as LinkedIn, public records or business directories where we can obtain identifying and contact data published by you, preferences, interests or comments related to our products and services.
  • Authorized Third Parties: Business partners, employment agencies, or social media platforms, depending on the settings you allow.

When collecting personal data, we follow the principles set out in the GDPR to ensure the protection of your personal data:

  • Legality, Loyalty and Transparency: We collect personal data only on a valid legal basis and we clearly inform you about how and why your data is used.
  • Data Minimization: We only collect data that is relevant and necessary for the purposes specified in this policy. We do not request additional information that is not essential.
  • Accuracy: We strive to keep your data accurate and up to date. If you identify incorrect information, you may request correction at any time.
  • Purpose Limitation: Your personal data will only be used for the specific purposes stated in this policy and not for other purposes without your explicit consent.
  • Limited Retention: We retain your data only for as long as necessary to comply with our legal or contractual obligations, after which we securely delete or anonymise it.
  • Security: We implement technical and organizational measures to protect your data during collection, processing and storage.

We are committed to providing you with complete and accessible information during any data collection process. If you have questions or require further information, you can contact our Data Protection team at eu-gdpr@eu.bluestarinc.com
.

5. PROCESSING OF PERSONAL DATA

5.1. Processing of special categories of personal data

We do not intend to collect or otherwise process your special personal data except where:

  • Processing is necessary for compliance with a legal obligation (for example, to comply with our diversity reporting obligations) or regulatory requirements.
  • The processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law.
  • You have openly disclosed this data publicly.
  • The processing is necessary for the establishment, exercise or defence of legal claims in court proceedings .
  • We have obtained your explicit consent, in accordance with applicable regulations, before processing your data for specific purposes. This basis is only used for completely voluntary processing and never for those that are necessary or obligatory.
  • The processing is necessary for reasons of substantial public interest, in accordance with applicable law that is proportionate to the objectives pursued and which includes appropriate measures to safeguard your fundamental rights and freedoms, such as prevention of risks to public health, safeguards in the workplace, etc.

5.2. Purposes for which we may process your Personal Data and legal basis?

The purposes for which we may process Personal Data, subject to applicable law, and the legal bases on which we may carry out such processing, are:

  1. Candidates in a selection process
    The personal data provided will be processed for the sole purpose of managing your application in current or future selection processes that may fit your profile. This includes the evaluation of your professional experience, skills, and any other information relevant to the selection.
    The processing of your data is based on your explicit consent when providing your application and on the application of pre-contractual measures at the request of the interested party.
  2. Employees
    We collect and process personal data of our employees to manage the employment relationship and ensure compliance with our legal and contractual obligations.
    Purpose Data Category Legal Basis
    Management of employment relationships and compliance with labour, tax and social security regulations Identification and contact data, employment, academic and professional data, attendance control, banking data, development of the employment relationship, health, personal and social characteristics. Execution of the employment contract. Compliance with legal obligations
    Employee wellness and recognition programs Identification data, employment data. Legitimate interest
    Performance evaluation Employment data, results and professional performance. Legitimate interest
    Processing of health data (medical examinations) Health data. Explicit consent
    Communication on internal channels Photographs, anniversaries and births of children. Explicit consent
    Security and access to facilities Images from video surveillance cameras and access records. Legitimate interest
    Statistics and external audits Identification data, employment data. Legitimate interest. Compliance with legal obligations.
    Technical training through webinars Videos Explicit consent
    IT support and system security IP connection data, username, access logs and reported incident data. Legitimate interest.
  3. Customer, Reseller, Supplier
    We process data of customers, suppliers and business partners to manage business relationships, ensure the delivery of products or services, and comply with our legal obligations.
    Purpose Data Category Legal Basis

    - Business management and development

    - Operational and contractual management

    - Communications in relation to such business operations and services

    - Customer service and supplier support

    - Shipping and product returns

    Identification data, contact details, position in the company.


    Interaction history

    Execution of a contract

     

    Legitimate interest
    Sending commercial communications and surveys Contact information, responses and opinions Explicit consent
    Security and access to our facilities Identification data, access logs, capture of images by video camera Legitimate interest
    Technical assistance for use and access to our platforms IP, username, access logs and data on reported incidents Legitimate interest
  4. Marketing / Prospecting
    We may process your personal data to communicate with you and to provide you with information about products and services that may be of interest to you, provided that we have previously obtained your consent, to the extent required by and in accordance with applicable law. This includes communicating with you by any means (including email, telephone, text messages, social media, post or in person), provided that we ensure that such communications are provided to you in accordance with applicable law; and maintaining and updating your contact information where appropriate.
    Purpose Data Category Legal Basis
    Sending promotional communications Contact information (email, telephone number), name, company position Explicit consent
    Market segmentation and analysis Preferences, interests, interaction history Legitimate interest
    Personalization of content and campaigns Contact information, professional information Legitimate interest, subject to appropriate safeguards
    Interaction on social networks Public or authorized data on social platforms Explicit consent or legitimate interest
    Commercial prospecting Contact information Legitimate interest


    If you do not wish to receive marketing communications from us, you may opt out at any time by contacting your usual BlueStar Europe Distribution contact, the BlueStar GDPR internal team using the contact details set out in Section 12, or by electronically unsubscribing from emails we send you. Once you unsubscribe, we will no longer send you promotional emails, but we may continue to communicate with you to the extent necessary for the purposes of any services you have requested.

  5. Participation in Events
    We process personal data of event participants that are necessary for the organization and security of the event.
    Purpose Data Category Legal Basis
    Organization and logistics of the event. Compliance with safety requirements. Identification data, contact details, position in the company Execution of a contract Legal obligations if necessary to ensure security
    Event Evaluation and improvement. Surveys and interaction data Legitimate interest
    Use of images and videos in external communications. Photos and videos Explicit consent
  6. Social networks
    We process the following personal data published by you on social and/or professional networks to facilitate and promote commercial interactions and business collaborations.
    Purpose Data Category Legal Basis
    Personalize communications according to your professional interests. Identification data, contact information, position in the company. Legitimate interest
    Facilitate commercial prospecting and the creation of business relationships. Preferences, interests or comments related to our products or services. Legitimate interest


6. USE AND DISCLOSURE OF PERSONAL DATA

Personal information will not be used or disclosed for purposes other than those specified to you, except:

  • When required by law.
  • To protect BlueStar's interests against criminal activity, fraud and material misrepresentation in connection with a contract.
  • BlueStar may share data with other agencies, such as local authorities, funding bodies and other voluntary agencies, for legitimate business purposes in accordance with applicable law.
  • In most circumstances, the data subject will be informed of how and with whom their information will be shared. There are circumstances where the law allows BlueStar to disclose data (including sensitive data) without the consent of the data subject, which may include:
    1. Comply with a legal duty or as authorized by applicable law
    2. Protecting vital interests of a data subject or another person
    3. The data owner has already made the information public
    4. Carry out any legal procedure, obtain legal advice or defend any legal rights
    5. Monitoring for equal opportunity purposes, i.e. race, disability, religion or gender
    6. Providing a confidential service where consent cannot be obtained from the data subject or where it is reasonable to proceed without consent: for example, where we wish to avoid requiring stressed or ill individuals or service users to provide consent signatures.

BlueStar believes that the legal and correct handling of personal information is very important to our successful operation and to maintaining the trust of those with whom we deal.

BlueStar is committed to ensuring that personal information is treated lawfully and correctly.

To this end, BlueStar will apply the Data Protection Principles as detailed in the General Data Protection Regulation and the Dutch implementing rule (Uitvoeringswet General Ordering gegevensbescherming) (“UAVG”).

6.1. Disclosure to third parties

BlueStar uses various third-party services to provide and improve our own service. These third-party services access or receive aggregated or personal data of employees, visitors to our website, and Customers. The data may include some or all of this personal data depending on the particular function that the third party in question performs, and the third parties may only use the data for the purpose for which they were engaged. Please see the list below.

We may disclose your personal information for any of the purposes mentioned above to any member of our group, which includes our subsidiaries, our holding company and its subsidiaries. This also includes entities that we may acquire as part of an acquisition at a future date. Always on the appropriate legitimate basis and applying the legally enforceable safeguards described below.

We may also share your personal information in response to subpoenas, court orders, or legal processes, or to establish or exercise our legal rights or defend against legal claims, if we believe in good faith that the law requires us to do so, with or without notice to you.

List of third parties/services

  1. Employees
    • Payroll Services
    • Pension services
    • Insurance services
    • Employee time management services
    • Medical consulting services
    • External auditors
    • Logistics services
    • CRM and recognition management companies
    • Labour, tax and social security authorities
    • Affiliates of BlueStar for administrative or commercial purposes
      Specific details of the Service can be provided upon written request. Please contact the internal GDPR team at eu-gdpr@eu.bluestarinc.com or see Section 12 for further contact details.
  2. ) Marketing & Web
Hubspot Hosting, managing, monitoring and storing data https://legal.hubspot.com/privacy-policy
Google Analytics Analyzing site's traffic https://policies.google.com/privacy?hl=en
YouTube Site feature, video streaming https://policies.google.com/privacy?hl=en
Google Tag Manager Analytics and advertising https://policies.google.com/privacy
Google Maps Site feature, map sharing https://www.google.com/intl/us_en/help/terms_maps.html
Google reCaptcha Customer support tool https://www.enchant.com/privacy
Google Fonts Interactive web directory of fonts https://policies.google.com/privacy?hl=en
 

6.2. International Transfers

Due to the international nature of our business, we may need to transfer your personal data within the BlueStar group of subsidiaries and affiliates, and to third parties as set out in Section 6 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your personal data to other countries that may have different data protection laws and compliance requirements, including data protection laws of a lower standard than those that apply in the country in which you are located.

When we transfer your personal data to other countries, we do so on the basis of:

  • Adequacy decisions.
  • Appropriate Standard Contractual Clauses.
  • Other valid transfer mechanisms.

If you wish to receive further information about the safeguards applied to international transfers of personal data, please contact the internal GDPR team at eu-gdpr@eu.bluestarinc.com or see Section 12 for further contact details.

7. DATA STORAGE

Your personal data is stored on secure servers located primarily within the European Economic Area (EEA). In some cases, data may be transferred and stored outside the EEA in compliance with the legal safeguards mentioned above.

We use the following secure storage measures:

  1. Encryption : Stored data is encrypted to protect against unauthorized access.
  2. Limited access: Only authorized personnel have access to the servers.
  3. Periodic audits : We regularly review our storage policies to ensure compliance with current regulations.
  4. Backups: We perform regular backups to prevent data loss in the event of incidents.

If you would like more information about where and how your data is stored, please contact the internal GDPR team at eu-gdpr@eu.bluestarinc.com or see Section 12 for further contact details.

8. DATA RETENTION

At BlueStar Europe Distribution BV, we try to ensure that your personal data is retained only for as long as necessary to fulfil the specific purposes for which it was collected. Below we detail our data retention policy, ensuring compliance with the General Data Protection Regulation (GDPR).

8.1. Principles

We adopt the following principles to determine the duration of retention of personal data:

  1. 1. Purpose of processing: The data will be kept for as long as necessary to fulfill the purposes described in this policy.
  2. 2. Legal compliance: We retain data in accordance with the time periods established by applicable regulations, such as tax, labour, contractual and security obligations.
  3. 3. Legitimate interests: We retain data for as long as necessary to protect our legitimate interests (e.g. to defend against legal claims).
  4. 4. Minimisation: We delete or anonymise personal data once it is no longer necessary, unless there is a legal obligation to retain it.

8.2. Retention periods by data category and purposes

The data retention periods are detailed below based on the specific categories and purposes:

Data Category Purpose Conservation Period
Employee data Labour management, performance evaluation During the employment relationship and up to 5 years after its termination, except for specific legal obligations.
Candidate data Selection processes During the selection process, unless consent is given for future retention.
Customer and supplier data Contractual and commercial management During the business relationship and up to 10 years after its termination, according to tax regulations. Up to 11 years after the invoice date for data used to deliver shipments or services.
Event participant data Organization and evaluation of events Up to 1 year after the event, unless explicit consent is given for longer promotional uses.
Data obtained from social networks Marketing and prospecting As long as they are public or until you withdraw consent.
Technical and navigation data (cookies) Online service optimization As indicated in our Cookies Policy (https://www.bluestarinc.com/en-gb/cookie-policy-bluestar). 
Access log and camera data Physical security and access control 30 days, except for legal exceptions or ongoing investigations.

 

8.3. Data deletion and anonymisation

Once the applicable retention period has expired:

  • Deletion: Data is securely deleted, using methods such as physical destruction of documents or erasure of information from systems.
  • Anonymisation: In some cases, data may be anonymised for use in statistical or analytical purposes, without the possibility of identifying the interested party.

8.4. Exceptions to standard retention periods

We may retain your data for longer periods in the following circumstances:

  • Legal claims: If the data is necessary for the exercise or defence of legal claims.
  • Regulatory compliance: If applicable laws require its retention for a longer period.

8.5. Rights of the interested party regarding data retention

You have the right to:

  • Request information: About how long we will retain your data.
  • Request the deletion of your personal data: If they are no longer necessary for the specified purposes or if the processing lacks a legal basis.

To exercise these rights, you can contact our internal GDPR team at eu-gdpr@eu.bluestarinc.com or see Section 12 for further contact details.

9. DATA SECURITY

At BlueStar Europe Distribution BV, we implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration or destruction in accordance with our Data Security Policy and have a security incident response plan in place. These measures are designed and updated in accordance with industry best practices and in compliance with the General Data Protection Regulation (GDPR) .

9.1. Safety Principles

We adopt a risk-based approach to ensure the confidentiality, integrity and availability of personal data. Our security policies are governed by the following principles:

  1. Proportionality: Security measures are adapted to the sensitivity of the data and the associated risks.
  2. Prevention: We implement preventive controls to minimize the risk of security incidents.
  3. Continuous monitoring: We regularly monitor and assess our security practices to detect and address potential vulnerabilities.

9.2. Technical Security Measures

To protect personal data, we use the following technical measures:

  • Data Encryption: Data in transit protected using SSL/TLS. Data at rest encrypted using advanced algorithms.
  • Access control: Restricted access based on roles and job needs. Multi-factor authentication for access to critical systems.
  • Network security: Use of firewalls, intrusion detection and prevention systems (IDS/IPS). Network segmentation to limit unauthorized access.
  • Backup and Recovery: Performing regular backups to secure locations. Regular disaster recovery testing.
  • Monitoring and auditing: Constant monitoring of system activities. Periodic audits of computer security and regulatory compliance.

9.3. Organizational Security Measures

In addition to technical measures, we implement organizational controls to protect data:

  • Staff training: Regular training in data security best practices and cyber risk awareness.
  • Internal policies: Password management and acceptable use of systems policies. Asset management.
  • Physical security: Restricted access to servers and areas where sensitive data is stored. Use of surveillance and access control systems in physical facilities.
  • Supplier Management: We ensure that suppliers and partners meet equivalent security standards through contractual agreements.

9.4. Management of incidents and security breaches

In the event of a security incident affecting personal data, we follow a clear and structured protocol:

  1. Identification and containment: We detect and contain the incident to minimize the impact.
  2. Risk assessment: We analyse the nature of the incident and the scope of the data affected.
  3. Notification : We notify the relevant data protection authorities within 72 hours, if necessary. We communicate the incident to affected data subjects when there is a high risk to their rights and freedoms.
  4. Corrective measures : We implement corrective actions to prevent future similar incidents.

9.5. Supervision and Audit

We periodically review our security policies to ensure their effectiveness and compliance with current regulations.

10. DATA MINIMIZATION

BlueStar takes reasonable steps designed to ensure that your Personal Data processed is limited to the Personal Data reasonably required in connection with the purposes set out in this Policy.

How we implement this principle:

  • Pre-assessment : Before collecting data, we analyse its necessity and usefulness for the specific purpose.
  • Periodic review: We review our records to identify and delete data that is no longer needed.
  • Access restriction: Only personnel who need the data for a specific purpose may access it.

11. RIGHTS OF INTERESTED PARTIES

Under the General Data Protection Regulation (GDPR) , you have a number of rights over the personal data we process. These rights are designed to ensure that you have control over how your data is used and can protect your privacy.

11.1. Guaranteed Rights

You may exercise the following rights:

Right Description
Access (Art. 15 GDPR) Request information about whether we process your data and, if so, obtain a copy of it.
Rectification (Art. 16 GDPR) Request correction of inaccurate or incomplete data we hold about you.
Deletion (Art. 17 GDPR) Request the deletion of your personal data when they are no longer necessary for the purposes for which they were collected.
Limitation of processing (Art. 18 GDPR) Restrict the use of your data in certain circumstances, for example, if you contest its accuracy or the lawfulness of the processing.
Portability (Art. 20 GDPR) Receive your data in a structured, machine-readable format, or request that it be transferred to another controller.
Opposition (Art. 21 GDPR) Object to the processing of your data based on legitimate interest or direct marketing.
Not to be subject to automated decisions (Art. 22 GDPR) Request that no decisions be made based solely on automated processing, including profiling, that significantly affect you.
Withdrawal of consent (Art. 7.3 GDPR) Withdraw your consent to processing at any time, without affecting the legality of previous processing.

11.2. Exercise of your rights

You can exercise these rights by contacting our Data Protection Coordinator (DPC) through the following means:

11.3. Procedure and deadlines

We will respond to your request within a maximum period of 1 month from its receipt. In complex cases, this period may be extended to 2 months, informing you of the extension and the reasons for it. We may request additional information from you to confirm your identity and ensure the protection of your data.

11.4. Limitations and exceptions

Some rights may be subject to limitations under the GDPR and other applicable laws.

For example:

  • Deletion: May not apply if we need to retain your data to comply with legal obligations
  • Portability: Only applies to data processed automatically and when the processing is based on your consent or a contract.

11.5. Transparency and Accessibility

You can submit your application in your preferred language within the official languages of the EU. We are committed to providing clear, understandable and accessible responses to your requests.

12. CONTACT INFORMATION

BlueStar has a Data Protection Coordinator (DPC) who is responsible for matters relating to privacy and data protection. You can contact our Data Protection Coordinator at the following address:

BlueStar Europe Distribution BV

Att: Data Protection Coordinator

Koninginnegracht 19

2514 AB Den Haag

The Netherlands

E-mail: compliance@eu.bluestarinc.com

Registering a privacy-related complaint

If you are not satisfied with the way we have handled your personal information, please direct your complaint to the Data Protection team by sending an email to eu-gdpr@eu.bluestarinc.com or to our Data Protection Coordinator previously identified.

We will explain our complaints handling procedure to you and inform you of other complaints procedures that may be available to you.

If the complaint is justified, we will take appropriate steps to resolve the situation and, if necessary, change our policies, procedures or practices.

If you believe that we have not handled your request appropriately or that we have infringed your rights, you have the right to lodge a complaint with the data protection authority for your country:

  • Spain: Spanish Data Protection Agency (www.aepd.es).
  • Netherlands: Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl .
  • Other EU countries: Please see the list of data protection authorities at the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_es

General enquiries

This policy will be updated as necessary to reflect best practices in data management, security and control and to ensure compliance with any changes or amendments to the General Data Protection Regulation (GDPR). The most up-to-date version will always be available on our website: (here).

Any comments, questions or concerns about any of the information contained in this Policy, or any other matter relating to the Processing of Personal Data by BlueStar Europe Distribution BV, please contact the internal Data Protection team at eu-gdpr@eu.bluestarinc.com

 

13. GLOSSARY OF TERMS

This glossary aims to provide a clear and accessible explanation of the terms used in our privacy policy and in applicable legislation, including the General Data Protection Regulation (GDPR) .

Data Controller: Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. (Art. 4.7 GDPR)

Data Processor: Natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. (Art. 4.8 GDPR)

Data Subject: Identified or identifiable natural person whose personal data is processed.

Personal Data: Any information relating to an identified or identifiable natural person ( e.g. name, ID, location data, online identifiers). (Art. 4.1 GDPR)

Sensitive Data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, sexual life, biometric or genetic data. (Art. 9 GDPR)

Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means ( e.g. collection, storage, use, deletion). (Art. 4.2 GDPR)

Consent: A manifestation of free, specific, informed and unequivocal will by which the interested party accepts the processing of his/her personal data. (Art. 4.11 GDPR)

Legitimate Interest: Legal basis that allows data processing when necessary for the legitimate interests of the controller or a third party, provided that the rights and freedoms of the data subject do not prevail. (Art. 6.1.f GDPR)

Data Breach: A breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or processed. (Art. 4.12 GDPR)

International Data Transfer: Movement of personal data to a third country outside the European Economic Area or to an international organisation. (Chapter V GDPR)

Data Retention: Period during which personal data is retained based on the purposes of processing and applicable legal obligations

Pseudonymisation: Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without additional information being kept separately and protected. (Art. 4.5 GDPR)

Anonymisation: Process by which personal data is irreversibly modified so that it can no longer identify a person, directly or indirectly.

Supervisory Authority: Independent public body in charge of supervising the application of the GDPR in each Member State. You can find the data protection authorities in all EU jurisdictions at the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

 

 BLUESTAR BRANCHES AND ESTABLISHMENTS IN EUROPE >>