BlueSkyCSR Privacy Policy
Last Updated: 10/10/2025
This Privacy Policy describes how BlueSkyCSR (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our website (https://blueskycsr.com/) or engage with our services, and your rights in relation to your personal data.
By accessing or using our website or providing us personal data, you consent to the terms of this Privacy Policy.
1. Information We Collect
We may collect the following categories of information:
| Category | Examples / Details | Purpose of Collection |
|---|---|---|
| Personal / Identity Data | Name, email address, phone number, organization name, job title | To communicate, respond to inquiries, send updates, manage relationships |
| Communication / Correspondence Data | Messages you send us, feedback, support requests | To respond to your queries, handle support, improve services |
| Usage / Technical Data | IP address, browser type, device type, OS, pages visited, referring URL, access times | To analyze and improve website performance, security, user experience |
| Marketing & Preference Data | Newsletter preference, subscription opt-in/opt-out status | To send you updates, newsletters, and marketing if permitted |
| Project / CSR Engagement Data | For clients/partners: project descriptions, impact data, partner org details | To carry out CSR assessments, reporting, program evaluations, M&E |
| Third-Party Data | Data provided by third parties or publicly available sources (e.g. social profiles, company registration data) | To supplement or verify information we have, where permitted |
2. Legal Basis for Processing
We will only process your personal data where we have a valid legal basis, such as:
- Consent: You have given your explicit consent (e.g. for receiving newsletters or marketing updates).
- Contractual / Service Provision: Processing is necessary to perform a contract with you or to provide requested services (e.g. CSR assessment).
- Legitimate Interests: Our interests in improving services, protecting security, enforcing our rights, where those interests do not override your rights.
- Legal Obligations: Where required by law, regulation, or court order.
3. How We Use the Information
We may use your personal data for:
- Service Delivery — conducting CSR strategy, impact assessments, audits, evaluations, reporting, monitoring.
- Communications — replying to inquiries, support, administrative notices.
- Marketing & Updates — sending newsletters, articles, CSR best practices (only if you have opted in).
- Analytics & Improvement — measuring website traffic, improving user experience, detecting fraud or misuse.
- Legal Compliance & Protection — complying with legal obligations, protecting our rights and safety, resolving disputes.
5. Cross-Border Data Transfers & Storage
Your data may be stored, processed, or transferred to locations outside your country (e.g. India, or other jurisdictions) where our service providers or partners operate.
To protect your data in such transfers, we will adopt appropriate safeguards (e.g. standard contractual clauses, encryption, access controls) to ensure the level of protection is in line with applicable laws.
6. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.
For example:
- If you request deletion or unsubscribe, we will aim to delete or anonymize data within 30 days, unless legal / regulatory obligations require retention.
- Project / CSR data, reports, audit documents may be retained for longer in accordance with contractual or regulatory obligations.
After this period, data is securely deleted or anonymized.
7. Security Measures
We employ reasonable administrative, technical, and organizational safeguards to protect data from unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (TLS / HTTPS)
- Access controls (role-based access)
- Regular security audits, vulnerability assessments
- Data backups and recovery mechanisms
- Limited access on a need-to-know basis
However, no method of transmission or storage can be guaranteed 100% secure.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of personal data we hold about you
- Correction / Rectification — ask us to update incomplete or inaccurate data
- Deletion / Erasure — request removal of your personal data
- Restriction — restrict processing in certain circumstances
- Objection — object to certain processing (e.g. marketing)
- Data Portability — receive your data in a portable, machine-readable format
- Withdraw Consent — withdraw previously given consent (for marketing, etc.)
To exercise these rights, please contact us (details below). We may require identity verification and respond within the time frame mandated by applicable laws.
9. Children’s Data
Our services are intended for adult users and organizations. We do not knowingly collect personal data from minors under the age of 13. If you believe we have collected data of a minor, please contact us and we will take steps to delete it.
11. Updates to this Privacy Policy
We reserve the right to modify or update this Privacy Policy from time to time, to reflect changes in practices, laws, or services. We will post the updated version on our website with a new “Last Updated” date.
If we make material changes, we will try to notify you (e.g. via email) if you have provided contact information.
12. Contact Information
If you have questions, concerns, or wish to exercise your rights, please contact:
