Data Protection

Data Protection and Privacy notice


Identity and contact details


Please click here to find out more about Blue Tortoise. We are registered with the Information Commissioner's Office; our registration number is ZA117312. Our designated statutory authority under the General Data Protection Regulation (GDPR) is the Information Commissioner's Office. We are based in England.


The individual in charge of Data Protection within Blue Tortoise Limited is Andrew Roberts. Click here to contact Andrew by email. Call our main line (+44 1635 597077) to contact Andrew by telephone.


What data we collect


On data relating to customers, business partners and prospective customers, we capture information on the individual's names, email business addresses, business telephone numbers, business location, employer company name, and job title/role. We capture and audit when, where and how we communicate with the contacts in this category.


We collect and process information on Blue Tortoise employees so that we can manage contracts and pay our employees. We outsource our payroll, and have processor agreements with our payroll provider.


Why we collect data


We collect information on existing customers and business partners so that we can manage contracts and carry out our business.


We collect personal data on prospective customers either through the purchase of data through reputable organisations, from information that is publically available (including data on the web), or from face-to-face meetings.


  • We use the personal data on prospective customers to communicate how we can help the organisation to optimise their data for their marketing (and sometimes sales) campaigns. Blue Tortoise have a 'legitimate interest' in communicating information on Blue Tortoise offerings to this prospective client base.


  • We send out a regular newsletter with information on strategic changes within the largest technology organisations to a set of prospective customers, existing customers and business partners. Where individuals receive this newsletter regularly, they have consented to receive the newsletter.


We collect information from individuals who exercise their various rights under the GDPR through emails triggered by links on this web site.


We do not collect sensitive personal data or personal data on consumers.


When we delete data


We retain data for as long as the prospective customer, existing customer or business partner remains in the job role in the organisation that they work for. We aim to refresh the information on these individuals to check that it is accurate and relevant at least once a year.


Other information on what we do with data


We store and process data for which we act as Data Controllers in the UK.


We do not carry out profiling or automated decision making on data for which we act as Data Controllers.


We do not provide information for which we act as Data Controllers to any third-parties without the express consent of the data subject.


We act as data processors for our customers, and have separate processor agreements for this. The work we do under instruction from our customers can include the licensing of data from reputable data providers, and transferring that data to our customers.


How we look after data


We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data.


We store the personal data that we collect securely.


We do not publish the details of the safeguards we use to protect personal data that we control as this could reduce the effectiveness of those safeguards.


Your rights


Blue Tortoise recognises the rights of data subjects as defined in the General Data Protection Regulation (GDPR).


We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.



Please note that we do not carry out automated decision-making or profiling as a Data Controller.


Blue Tortoise recognises your right to lodge a complaint with a supervisory authority. You can access the ICO's web site from this link.