GDPR Compliance & Data Protection

Last updated: January 2026

1. Commitment to GDPR

Blue Horizon is committed to full compliance with the General Data Protection Regulation (GDPR) and all applicable EU and UK data protection laws. This page outlines our commitment and your rights as a B2B platform user.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: For marketing communications, market updates, and non-essential processing
  • Contract: To facilitate B2B connections and provide platform services
  • Legal Obligation: For tax compliance, trade law compliance, law enforcement requests
  • Legitimate Interests: For fraud prevention, security, compliance verification, and service improvements

3. Your GDPR Rights

3.1 Right to Access (Article 15)

You have the right to access all personal data we hold about you. We will provide this within 30 days in a commonly used electronic format.

3.2 Right to Rectification (Article 16)

If your data is inaccurate or incomplete, you can request correction. We will update your information and notify relevant third parties within 30 days.

3.3 Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances:

  • When it is no longer necessary for its original purpose
  • When you withdraw consent
  • When you object to legitimate interest processing
  • When processing is unlawful

Note: We may retain data if required by law or to fulfill contractual obligations.

3.4 Right to Restrict Processing (Article 18)

You can restrict how we use your data while we verify its accuracy or assess the lawfulness of processing. During restriction, we will only store your data but not actively process it.

3.5 Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, and machine-readable format (such as CSV). We will provide this within 30 days at no cost.

3.6 Right to Object (Article 21)

You can object to processing of your data for marketing, profiling, or legitimate interest purposes. We will stop processing within 30 days of receiving your objection.

3.7 Right to Protection from Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling. We will provide human review upon request for significant decisions affecting you.

3.8 Right to Lodge Complaints (Article 77)

If you believe we have violated your GDPR rights, you can lodge a complaint with your local Data Protection Authority (DPA):

  • EU: Your national DPA
  • UK: Information Commissioner's Office (ICO) - www.ico.org.uk
  • EEA: Your country's data protection authority

4. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. Contact our DPO for any data protection inquiries:

  • Email: dpo@logisticscompany.com
  • Phone: +14155552671

5. Data Processing Agreements

We have executed Data Processing Agreements (DPAs) with all processors handling your data, including:

  • Cloud infrastructure providers
  • SMS and email service providers
  • Payment processors
  • Analytics providers

These agreements include Standard Contractual Clauses (SCCs) for international transfers.

6. International Data Transfers

When we transfer your data outside the EEA/UK, we implement appropriate safeguards:

  • EU/UK adequacy decisions (if applicable)
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Supplementary technical and organizational measures

7. Consent Management

We obtain explicit consent for optional processing, such as:

  • Marketing emails and SMS messages
  • Profiling and personalization
  • Analytics and tracking (beyond necessity)

You can withdraw consent anytime. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

8. Data Retention

We keep your personal data only as long as necessary:

  • Shipping data: 90 days after delivery
  • Account data: Duration of account + 90 days of inactivity
  • Marketing data: Until opt-out
  • Financial records: 6 years (tax requirement)

9. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee data protection training
  • Incident response procedures

10. Data Breach Notification

In case of a data breach, we will:

  • Notify your DPA within 72 hours (when legally required)
  • Notify affected individuals without undue delay
  • Provide details about the breach and mitigation measures
  • Maintain detailed breach records

11. Third-Party Processors

We use the following third-party processors:

  • Twilio: SMS delivery
  • SendGrid: Email delivery
  • Vercel: Website hosting
  • Stripe: Payment processing

All processors have adequate GDPR safeguards in place.

12. How to Exercise Your Rights

To exercise any GDPR right, contact us:

  • Email: dpo@logisticscompany.com or support@consultbluehorizon.services
  • Phone: +14155552671
  • Post: Logistics Pro Legal Department, 123 Main Street, Tech City, TC 12345, USA

We will respond within 30 days (extendable by 60 days for complex requests).

13. Updates to This Policy

We review our GDPR compliance regularly and update this policy as needed. Significant changes will be notified via email.