Privacy Policy

Last Updated: 01/01/2025

Introduction Welcome to Blue Bay Consolidated. Protecting your personal data is our priority. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable European data protection laws.

1. Data Controller Information

  • Company Name: Blue Bay Consolidated

  • Company Number: 05629943

  • Address: Unit 51, Portmanmoor Road Industrial Estates, Ocean Park, Cardiff, C124511B, United Kingdom

  • Email: fiduciaryservices@bluebayconsultltd.com

  • Phone/WhatsApp: +44 745 211 6793

2. Information We Collect

We collect the following categories of personal data:

2.1 Directly Provided Information

  • Name, contact details (email, phone, address)

  • Payment and billing information

  • Identity verification documents (for compliance with KYC/AML regulations)

  • Business and financial details (for fiduciary services)

2.2 Automatically Collected Data

  • IP address, device information, browser type

  • Website usage data via cookies and analytics tools

  • Log files, transaction records

2.3 Third-Party Data Sources

  • Public databases, government authorities

  • Financial institutions, business partners

  • Credit reference agencies (for due diligence)

3. Legal Basis for Processing Data

We process personal data under the following lawful grounds:

  • Contractual Necessity: To fulfill our fiduciary obligations to clients.

  • Legal Obligation: Compliance with KYC, AML, tax, and regulatory laws.

  • Legitimate Interest: For fraud prevention, security, and business operations.

  • Consent: Where required, such as marketing communications.

4. How We Use Your Data

We use collected data to:

  • Provide and manage our fiduciary and financial services

  • Verify identity and perform due diligence checks

  • Process transactions and payments securely

  • Ensure regulatory compliance (AML/KYC)

  • Improve website performance and user experience

  • Communicate service updates and marketing (with consent)

5. Data Sharing and Transfers

5.1 Third-Party Processors

We may share your data with:

  • Financial institutions and auditors for compliance

  • Regulatory authorities where legally required

  • Technology service providers for hosting, analytics, and security

  • Legal advisors and consultants

5.2 International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure it is protected by:

  • EU-approved Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules (BCRs) where applicable

  • Adequacy decisions by the European Commission

6. Data Retention Policy

We retain personal data:

  • For as long as necessary to fulfill service obligations.

  • For regulatory compliance, including AML/KYC (typically 5–7 years).

  • Until consent withdrawal for marketing purposes.

7. Your Rights Under GDPR

Under GDPR, you have the following rights:

7.1 Right to Access & Rectification

  • Request access to your data and correct inaccuracies.

7.2 Right to Erasure (Right to Be Forgotten)

  • Request deletion of your data, except where required for legal compliance.

7.3 Right to Data Portability

  • Request a copy of your data in a structured, machine-readable format.

7.4 Right to Restrict Processing

  • Request limitation of data processing under specific conditions.

7.5 Right to Object

  • Opt-out of direct marketing and certain data uses.

7.6 Right to Lodge a Complaint

  • File a complaint with your local Data Protection Authority (DPA) if you believe your data rights are violated.

8. Cookies and Tracking Technologies

We use cookies to:

  • Enhance website functionality and security

  • Analyze user behavior to improve services

  • Serve targeted advertisements (with consent)

Users can manage cookie preferences through browser settings or our Cookie Policy.

9. Security Measures

We implement industry-standard security protocols, including:

  • End-to-End Encryption for data transmission

  • Access Controls to restrict unauthorized data access

  • Regular Security Audits to identify vulnerabilities

10. Marketing and Communication Preferences

  • We send marketing communications only with your consent.

  • You can opt out anytime via unsubscribe links or contacting us directly.

11. Changes to this Privacy Policy

We reserve the right to update this policy. The latest version will always be available on our website.

12. Contact Us

For privacy-related inquiries, contact our Data Protection Officer (DPO) at:

By using our services, you acknowledge and accept this Privacy Policy.