Introduction
We take your privacy seriously and are committed to protecting your personal information. This Privacy Notice is designed to help you understand what personal data we collect, why we collect it, how we process it, and the rights and choices available to you.
This Privacy Notice applies to our global personal data processing activities. However, the way we process personal data may vary depending on the specific legal requirements of different jurisdictions. In certain regions, local laws may restrict the types of data we can collect, the purposes for which we can process it, or the rights available to individuals. Where necessary, we adjust our internal policies and practices to comply with these legal requirements.
It is important that you read this Privacy Notice carefully, together with any other privacy notice or fair processing notice we may provide to you on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.
This Privacy Notice supplements any other privacy notices or fair processing notices we provide on specific occasions and is not intended to override them. If additional or country-specific privacy notices apply to your personal data, we encourage you to review them alongside this Privacy Notice.
1. Important information and who we are
This Privacy Notice applies to the global personal data processing activities of the memoryBlue, LLC group of companies which is headquartered at 7925 Jones Branch Drive, Suite 4100, Tysons, VA 22102, United States., References to “memoryBlue”, “we,” “our,” or “us” in this Privacy Notice are references to the memoryBlue, LLC group of companies).
The website https://www.memoryblue.com and https://www.operatix.net (our “Website”) is offered by us.
[The entities covered under this Privacy Notice are:
- memoryBlue, LLC, with its registered address at 7925 Jones Branch Drive, Suite 4100, Tysons, VA 22102, United States.
- Operatix Ltd, with its registered address at 2 Ancells Court, Rye Cl, Fleet United Kingdom, GU51 2UY
Roles and Responsibilities Under Different Legal Frameworks
Each entity within memoryBlue is responsible for processing personal data in accordance with the data protection laws applicable in the jurisdictions in which it operates. Depending on the region, memoryBlue may act as:
- A data controller under the General Data Protection Regulation (GDPR) in the European Economic Area (EEA) and UK, when we act as a data controller or joint controller it determines the purposes and means of processing personal data.
- A business or service provider under U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), and other applicable state laws.
- [A data fiduciary under India’s Digital Personal Data Protection Act (DPDPA).
- A data user under Hong Kong’s Personal Data (Privacy) Ordinance (PDPO).
- A personal information processor under China’s Personal Information Protection Law (PIPL).
- A data controller or processor under South Korea’s Personal Information Protection Act (PIPA), Japan’s Act on the Protection of Personal Information (APPI), and similar APAC laws.]
Where required, we may act as a joint controller or engage in joint business processing with other organizations. Additional privacy notices or policy supplements may be provided where local regulations require specific disclosures.
2. Applicability and Local Adaptations
This Privacy Notice applies to individuals whose personal data we process, including actual and prospective customers, business partners, prospects contacted in connection with our services, job applicants, and visitors to our Website.
In certain engagements, we process personal data on behalf of our clients in connection with the delivery of sales development, marketing and related services. In those circumstances, we may act as a Data Processor in accordance with applicable data protection laws and our contractual agreements with our clients.
In other circumstances, we act as an independent Data Controller in relation to the personal data we collect and process.
In jurisdictions with specific legal requirements, we may issue additional privacy notices, policy supplements, or contract-specific disclosures (including data processing agreements) to ensure full compliance with applicable local privacy laws.
3. Our contact details
For any questions regarding this Privacy Notice or to exercise your data protection rights, you may contact us at:
Name: Please contact us via our Privacy Team
By email: privacy@memoryblue.com
4. What is meant by “personal data” or “personal information”
Personal data (also referred to as “personal information”) is any information that directly or indirectly identifies you as an individual. The definition and scope of personal data may vary across jurisdictions, but generally, it includes any data that can be used alone or in combination with other data to recognize an individual.
Examples of personal data include but are not limited to basic identifiers such as name, address, phone number, email, and date of birth; financial information like bank account or payment details; and technical identifiers such as IP address, device ID, cookies, online identifiers, and location data. What personal data we collect about you will depend on our relationship with you.
5. Sensitive or Special Category Data
Some types of personal data require enhanced protection due to their sensitive nature. Depending on the jurisdiction, this type of data may be referred to as “Sensitive Personal Information” (or “SPI”), “Special Category Data”, or “Protected Data”. Examples include but is not limited to health data (for example, information relating to medical history, genetic or biometric data, or disability status); racial or ethnic origin; religious or philosophical beliefs; political opinions or trade union membership; sexual orientation or sex life data, and data relating to criminal convictions and offenses (where applicable under local laws).
We do not intentionally collect sensitive personal data except where necessary for employment, legal, or service-delivery purposes, or where such information is voluntarily provided to us. Where sensitive personal data is processed, we do so only as permitted by applicable law and with appropriate safeguards and security measures in place.
This Privacy Notice aligns with applicable privacy laws and ensures that we protect your personal data in accordance with relevant legal and regulatory requirements.
6. How we get the information about you
In order for us to operate effectively, we may request and collect information about you. We collect personal data from you:
- Directly: When you enter or send us information, such as when you fill in a form to ask for more information about our products and services; purchase a product or services from us; review and evaluate our products and services; contact us (including via email or customer contact forms including (but not limited to) for the purposes of making inquiries, providing feedback or providing compliments or complaints); attend our events; subscribe to receive communications from us; apply for a vacancy with us, including when you send us a CV; participate in calls, meetings or other communications with our representatives.
- Indirectly: We may collect personal data about you from third parties and publicly available sources, including:
- Marketing agencies and service providers acting on our behalf;
- Our partners and clients in connection with the delivery of our services;
- Publicly available sources, including professional networking platforms such as LinkedIn and other publicly accessible websites;
- Social media platforms such as LinkedIn, Facebook, TikTok and X;
- Carefully selected data brokers and business contact data providers;
- Data enrichment and verification providers;
- Information made publicly available by you or your organization.
- Your browsing activity while on our Website through cookies and similar technologies.
Where we process personal data for direct marketing or sales outreach, individuals have the right to object to such processing at any time. We will honor such requests in accordance with applicable data protection laws.
7. The personal data we collect about you
We may collect, use, store and transfer different kinds of personal data about you depending on our relationship with you:
- Candidate Data: this may include information you have provided to us in your curriculum vitae, cover letter and/or application form, including name, title, address, telephone number(s), personal email address, date of birth, job title, job role, location, employment history, education history and qualifications, areas of specialisms and registrations with professional bodies.
- Communication Data: includes Information you provide when contacting us through our Website contact form, email, or other communication channels, including any details you enter and send to us, as well as your communication preferences.
- Contact Data: may include (business and / or private) email address, telephone number(s) and addresses.
- Identity Data: may include name, title, gender, date of birth, age and any other identity data that you may include in your communications with us, including (but not limited to) where you submit a CV or job application to us
- Location Data: may include your address, phone code, your country, state, county and / or region.
- Marketing Preferences and Consent Data: includes information regarding your subscription to receive marketing materials and / or newsletters from us, records of consent that you have provided and your preferences in receiving marketing from us.
- Professional and Employment Data: may include employer details, occupation, role, responsibilities and job title.
- Technical Data: may include your IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our Website.
- Usage Data: may include website user stats (interactions with our adverts or Website),information about how you use our Website and resources and information regarding what pages are accessed and when.
- Prospect and Lead Data: may include business contact information that we obtain directly from you, from our clients, or from publicly available sources and third-party data providers for the purpose of delivering sales development, marketing and lead generation services. This may include name, job title, employer, business email address, business telephone number, professional biography, and publicly available professional information.
- Client Campaign and Engagement Data: may include information relating to interactions between you and our representatives in connection with our client services, including call notes, meeting details, calendar invitations, engagement history, qualification status, lead scoring, opportunity stage, and feedback provided by clients regarding your engagement.
- Audio and Meeting Data: Calls and virtual meetings may be recorded or transcribed for quality assurance, training, service delivery, and reporting purposes. Where required by applicable law, appropriate notice and/or consent will be obtained before recording. Recordings and transcripts are processed under contractual, technical, and organizational safeguards and are used solely for legitimate business purposes related to service delivery and performance management.
Where AI-enabled tools are used for transcription, summarization, analytics, or workflow support, such tools are deployed under contractual safeguards and are not permitted to use personal data for independent model training except where authorized and permitted by law.
8. How we process and use your information
We need your personal data to conduct our business and provide you with our Website and services. Most commonly we will use your personal data in the following circumstances:
- Seek your views or comments on the services we provide
- Send you communications which you have requested and that may be of interest to you
- Respond to your communications and inquiries to us
- Process a job application
- Contact you to discuss our products and services
- Book meetings and arrange product demonstrations with you
9. Lawful Basis of processing your personal data
We will only collect, process, and use your personal information where we have a valid legal basis to do so under applicable data protection laws. The legal basis upon which we rely may vary depending on your location and the nature of our interactions with you. Most commonly we will use your personal data on the following basis:
- Where you have consented before the processing.
- Where we need to perform a contract, we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
For more detailed information on how we collect, use, and protect your personal information, as well as your rights under relevant privacy laws, please refer to the section of this Privacy Notice entitled “Jurisdictional Specific Information” and refer to the specific sub-sections that apply to your jurisdiction.
- Additional note for EEA and UK residents: If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data in accordance with the UK GDPR and the EU GDPR. For more details on how we use and process your information, including our legal bases for processing and your rights, please refer to the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for UK and EEA Residents”.
- Additional note for California residents: If you are a resident of California, we process your personal data in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). For more details, including your rights under California law, please see the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for California Residents”.
- Additional note for residents of other U.S. States: If you are a resident of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, or Virginia, we process your personal data in accordance with applicable state privacy laws. For further details, including your privacy rights, please see the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for Residents of Other U.S. States””.
- Additional note for Canadian residents: If you are a resident of Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, including Quebec’s Law 25, Alberta’s PIPA, and British Columbia’s PIPA. For more details on how we process your data, please refer to the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for Canadian Residents”.
- Additional note for residents of Brazil: If you are a resident of Brazil, we process your personal information in accordance with the Lei Geral de Proteção de Dados (LGPD). For more details on how we process your data, please refer to the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for Residents of Brazil”.
- Additional note for residents of Mainland China and Hong Kong; If you are a resident of mainland China, we process your personal data under the Personal Information Protection Law (PIPL). If you are a resident of Hong Kong, we process your data under the Personal Data (Privacy) Ordinance (PDPO). For more details on how we process your data, please refer to the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further Information for Residents of Mainland China and Hong Kong”.
- Additional note for residents of other countries: If you are a resident of another country with data protection laws, we process your personal information in accordance with applicable local regulations. If you have any questions about how we process your personal data in your jurisdiction, please refer to the section of the Jurisdictional Specific Section of this Privacy Notice titled “Further information for residents of other countries” below and / or contact us at privacy@memoryblue.com.
10. Withdrawing Consent
If we rely on your consent to process your personal data, whether express or implied, as permitted by applicable data protection law you have the right to withdraw your consent at any time. You can do so by contacting us at privacy@memoryblue.com
Please note:
- Withdrawing consent does not affect the lawfulness of any processing carried out before your withdrawal of such consent.
- In certain jurisdictions, withdrawing consent may not impact on our ability to continue processing your personal data if another lawful basis applies.
- Some processing activities, such as fulfilling contractual obligations or complying with legal requirements, may continue even after consent is withdrawn where permitted by law.
- Withdrawal of your consent may mean that we are no longer able to provide you with certain services or features. We will inform you if that is the case at the time of your withdrawal request.
11. Safeguarding your personal information
We are committed to protecting your personal information and have implemented appropriate technical, organizational, and administrative security measures to prevent your data from being accidentally lost, used, accessed in an unauthorized manner, altered, or disclosed. These measures are regularly reviewed, monitored, and updated to align with our business needs, technological advancements, and regulatory requirements.
Additionally, we limit access to your personal information strictly to employees, agents, contractors, and other third parties who have a legitimate business need to know. They are only permitted to process your personal information according to our instructions and are bound by contractual obligations and/or legal duties of confidentiality.
We continuously review, monitor, and update our security practices to meet evolving standards, including compliance obligations under applicable data protection laws (including, but not limited to):
- Article 32 of the UK and EU GDPR,
- Section 6 of Brazil’s LGPD,
- Canada’s PIPEDA security safeguards; and
- Singapore’s PDPA protection obligations, and
12. Internet and Data Security Risks
While we take extensive steps to safeguard your information, it is important to acknowledge that no data transmission over the internet or any public network is completely secure.
Although we strive to protect your personal information, we cannot control the security of data as it travels between your device and our systems. You should be aware of the security risks associated with online communications and take appropriate measures to protect your own data, such as using secure connections, strong passwords, and updated software.
13. Response to Security Breaches
We have established and maintain incident response procedures to handle any suspected data security breaches. Where legally required, we will notify you and the relevant regulatory authorities of any data breach that may pose a risk to your rights and freedoms.
For further details on how we protect your personal data or if you have any concerns about data security, please contact us at privacy@memoryblue.com.
14. Keeping your personal information
We will retain your personal information in accordance with our retention policy and applicable laws, ensuring that we do not keep it for longer than necessary to fulfil the purposes for which it was collected. This includes meeting legal, accounting, and regulatory requirements.
When determining the appropriate retention period, we consider the following factors:
- The amount, nature, and sensitivity of the personal information involved;
- The potential risk of harm from unauthorized use or disclosure of the personal data involved;
- The purposes for which we process your personal information and whether those purposes can be achieved through other means;
- Any applicable legal, regulatory, tax, accounting, or reporting obligations that require us to retain the personal data for a specified period.
Once your personal information is no longer needed for the purposes for which it was collected, or if you request its deletion (where applicable, and we are required under applicable laws to so delete it), we will either securely delete, anonymize, or pseudonymize it in accordance with legal requirements.
For further details on our data retention practices, please contact us at privacy@memoryblue.com.
15. Information Sharing
We are committed to protecting your privacy and ensuring that your personal information is handled responsibly.
(a) No Sale or Unauthorized Sharing of Your Data
- We do not sell personal information for monetary consideration.
- We may share personal data with clients and service providers where necessary to deliver our services, operate our business, and comply with legal obligations. We do not share personal information with third parties for their independent marketing purposes.
In the course of our relationship with you and / or in delivering our products and services, we may share your personal information with:
- Our clients, where you engage with them or where we are delivering sales, marketing, or revenue services on their behalf (including meeting booking, lead management, pipeline tracking).
- CRM systems, marketing automation platforms, and integration tools used to synchronize leads, activities, and campaign data between our systems and our clients’ systems.
- Data enrichment and intent data providers that support prospect research, validation, and targeting.
- AI-enabled tools and analytics providers are used for call transcription, meeting summaries, performance insights, and workflow automation.
- Professional advisors and service providers who support IT, security, legal, financial, HR, compliance, and operational functions.
- Affiliates within our corporate group to facilitate business operations and customer services.
- External auditors and compliance reviewers, subject to confidentiality obligations.
- Potential or actual acquirers in connection with a merger, acquisition, restructuring, or sale of assets.
- Legal and regulatory authorities, courts, law enforcement, or government bodies where required by law or to defend legal claims.
- Third-party service providers as set out below.
We will only share personal information as described in this Privacy Notice where necessary to deliver our services, operate our business, comply with legal obligations, or where required or permitted by law.
The type of information shared will always be limited to what is necessary for the specific purpose, in compliance with applicable laws.
(b) Third-party service providers
We may share your personal information with trusted third-party service providers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and to help us deliver services to you. This may include:
| Category | Examples |
| Cloud and IT service providers | Hosting, data storage (e.g., AWS, Microsoft, Google Cloud) |
| IT support and maintenance services | Helpdesk, software maintenance, and system support (e.g., ServiceNow, IBM, internal/external IT support teams) |
| Mailing and communication services | Email delivery, SMS, postal mail services (e.g., SendGrid, Mailchimp, Postmark, Royal Mail, FedEx, DHL) |
| Payment processors | Secure transactions (e.g., Stripe, PayPal) |
| Marketing partners | Email platforms, advertising networks, and analytics tools (e.g., HubSpot, Google Analytics, Meta Ads, LinkedIn Ads) |
| Legal and compliance services | External legal counsel, auditors, regulatory compliance consultants |
| Recruitment and HR services | Background checks, applicant tracking systems (e.g., Greenhouse, LinkedIn Talent Solutions, ScreeningOne) |
| Customer relationship management (CRM) tools | Managing customer interactions and support (e.g., Salesforce, Zendesk) |
| Security and fraud prevention | Cybersecurity monitoring, identity verification (e.g., Okta, Cloudflare, Norton Security) |
| E-learning and training platforms | Employee training and development (e.g., Mindtickle, Udemy, LinkedIn Learning) |
| Other professional service providers | Tax advisors, financial consultants, and industry experts |
All of our third-party providers are contractually obligated to:
- protect your personal data;
- use your personal data only as necessary to provide their services; and
- implement appropriate security and compliance measures.
We maintain a list of our current subprocessors and key service providers that may process personal data on our behalf in connection with our services. This list is available upon request by contacting privacy@memoryblue.com.
16. Onward sharing by third-party providers
Please note that this Privacy Notice does not cover the sharing of personal information by third-party providers who may collect data directly from you and share it with us. We strongly recommend that you review the privacy notices of any third-party providers before submitting your personal information to them.
For further details or any concerns about data sharing, please contact us at privacy@memoryblue.com.
17. Selling Data
We do not sell, rent, or trade your personal data to third parties for any purpose, including reselling. Any personal information you provide to us is used solely for the purposes of delivering and improving our services, communicating with you, and fulfilling our contractual and legal obligations.
We are committed to handling your personal data responsibly and securely, ensuring compliance with all applicable data protection laws and regulations across the jurisdictions in which we operate.
If you have any questions about how we use your personal information, please contact us at privacy@memoryblue.com
18. Transferring your information overseas
We do business globally and may centralize certain aspects of our data processing activities and data storage in different countries. We may therefore have to share and transfer your personal information from one country to another, or even across multiple jurisdictions. Your personal information may therefore be subject to privacy laws that are different from those in the country where the personal information is collected or those in your country of residence and may not provide the same level of data protection as in your home country.
Whenever we transfer your personal data internationally, we will ensure that it has an appropriate level of protection and we will undertake appropriate due diligence and risk assessments prior to transferring the information. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses, adequacy decisions, or other lawful safeguards applicable to the relevant jurisdiction to ensure personal data transferred internationally is protected in accordance with applicable law. Often, this protection is set out under a contract with the organization that receives your personal data or other appropriate safeguards that may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA and UK.
- UK International Data Transfer Agreement (IDTA) for UK data transfers.
- Binding Corporate Rules (BCRs) where applicable.
- Adequacy decisions where a country is recognized by regulatory authorities as having equivalent protections, such as Japan, Canada (PIPEDA), South Korea, Israel, New Zealand, Uruguay, Argentina, and the UK under the EU adequacy framework.
- U.S. Data Privacy Framework (DPF) for eligible transfers to certified organizations in the U.S.
- APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) for transfers among APEC economies, including the U.S., Canada, Japan, South Korea, Singapore, and Mexico.
- China’s Standard Contractual Clauses (China SCCs) for transfers outside China, or security assessment where required.
- Brazil’s Standard Contractual Clauses (LGPD SCCs) for transfers outside Brazil.
- India’s proposed data transfer mechanisms under the Digital Personal Data Protection Act (DPDPA) when finalized.
- Other local derogations and transfer mechanisms, such as legitimate interests, contractual necessity, or explicit consent, where legally applicable under national privacy laws, including South Africa’s POPIA, Thailand’s PDPA, and UAE’s DP Law.
For further details on safeguards in place, please contact privacy@memoryblue.com.
19. Third-party services, websites and plugins
Please note that this Privacy Notice does not apply to sharing of personal data by third party providers who may collect personal information from you and may share it with us. In these situations, we strongly advise you to review the applicable third-party provider’s privacy notice before submitting your personal information.
You should be aware that information about your use of our Website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.
Our Website may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.
We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your personal information will be subject to the privacy notices of these third parties and not this Privacy Notice. Accordingly, we urge you to read the privacy and cookie notices of the relevant third parties.
20. What happens if you don’t provide us with your personal data
You may always choose what personal information (if any) you wish to provide to us. Please note, however, our products and services cannot be provided to you if you choose not to provide certain details, for example, and we cannot reply to you without a name or contact details.
We also need your personal information to be able to assess and respond to any application you may make for a job with us.
21. Opting out of marketing
If you provide us with your contact details (e.g., email address), we may process your personal data to send you marketing communications about our products, services, promotions, and events that we believe may be of interest to you, in accordance with applicable data protection laws.
Where required by law, we will obtain your prior consent before sending you marketing communications. You can opt out of receiving marketing communications at any time by:
- Click the “unsubscribe” link in our emails
- Contacting us at privacy@memoryblue.com
Please note that even if you opt out of marketing communications, we may still process your personal data for other purposes, such as sending you service-related messages necessary to fulfill your requests, provide customer support, or comply with legal obligations.
22. Cookies and other tracking technologies
Each time you interact with our Website, we may, depending on the consent provided and your jurisdiction, automatically collect personal information, including technical data about your device, your browsing actions and patterns, content and usage data. We collect this data using Cookies, server logs and other similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our website is used, and to customize our marketing offerings.
24 . Browser privacy signals and “Do Not Track” (DNT)
Some web browsers offer a “Do Not Track” (DNT) feature or other privacy signals, such as Global Privacy Control (GPC), which you can signal your preference not to be tracked across websites.
Currently, our Website does not respond to DNT signals, as there is no consistent industry standard for interpreting them.
However, we recognize, and honor browser-based privacy signals where required by law, such as Global Privacy Control (GPC) under the California Consumer Privacy Act (CCPA/CPRA) and other U.S. state laws that mandate the respect of such opt-out signals.
Where applicable (e.g., under California, Colorado, Connecticut, Virginia, Texas, and similar state laws), we treat a valid privacy signal as a request to opt out of:
- The sale or sharing of personal data for targeted advertising, and
- The use of sensitive personal information beyond what is necessary to provide services.
For jurisdictions such as Canada, Brazil, Morocco, Vietnam, Singapore, and under the UK and EU GDPR, we offer additional privacy rights mechanisms (such as cookie consent banners or opt-out settings) to reflect your choices.
25. What are your rights
Depending on your location, you may have rights regarding your personal data under applicable data protection laws. These rights may include:
- The right to request access to and obtain a copy of your personal data
- The right to request correction or deletion of your data
- The right to restrict processing
- The right to data portability (where applicable)
In certain circumstances, you may also have the right to object to processing, including for direct marketing purposes. You can exercise your rights by contacting us at privacy@memoryblue.com
We will process your request in accordance with applicable data protection laws. For more details, see the jurisdiction specific below.
Please include your country and/or state of residence and specify which rights you wish to exercise. We may verify your identity before processing your request. In some cases, we may ask for additional information to ensure your request is legitimate and compliant with applicable laws.
26. Accuracy of your personal data & your right to rectification
We strive to ensure that the personal data we hold about you is accurate, complete, and up to date.
If you believe any of the information, we process about you is inaccurate, outdated, or incomplete, you have the right to request correction (rectification) under applicable data protection laws. You can request an update or correction of your personal data by contacting us at:
- Email: privacy@memoryblue.com
We will assess your request in accordance with applicable privacy laws. In some cases, we may require proof of identity or verification before making changes. If we deny your request, we will provide an explanation in accordance with legal requirements.
27. Jurisdictional Specific Information
27.1 Further information for EEA and UK residents
We are subject to the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the UK and European Economic Area (EEA).
(a) Details about our processing of your personal information
The table below describes the ways we plan to use your personal data, and which lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| LAWFUL BASIS | PURPOSE EXAMPLES |
| Contract
We use your personal information on the basis that it is necessary for us evaluate applications and candidates for a vacant role prior to entering into an employment contract for that role with the most suitable candidate.
|
Recruitment of candidates (contractors, employees and providers)
We will use the personal information we collect about you to assess your skills, qualifications, and suitability for the role for which you applied. We may use the following personal data for this purpose:
|
| Contract and/or Legitimate Interest
Processing personal data where necessary to perform our services for clients and operate our business in accordance with contractual obligations and legitimate business interests. |
Delivering services to our clients
We process personal data as part of delivering outsourced sales development, marketing, lead generation, meeting scheduling, pipeline tracking and related services for our clients. Depending on the engagement, we may act as a Data Processor on behalf of our clients or as an independent Data Controller where permitted by applicable law. We may use the following personal data for this purpose:
Call recording, transcription and analytics To record, transcribe, summarize and analyze sales calls, meetings and communications for quality assurance, performance management, training, service delivery, reporting and continuous improvement of our services. We may use the following personal data for this purpose:
|
| Legitimate interest
When we rely on this, we will carry out a Legitimate Interests Assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under applicable data protection Law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law. |
Managing our business
We process personal data for our own legitimate business interest. This relates to us managing our business to enable us to maintain and monitor the performance of our Website, platform, products and services and to constantly look to improve the Website platform, products and the services we offer to our customers and users, including when we respond to your queries, feedback, compliments, enquiries and /or and complaints. We may use the following personal data for this purpose:
Provide and maintain our Website To provide and maintain our Website and platform, including to monitor the usage of these, troubleshooting, data analysis, network security and system testing necessary for our legitimate interests in maintaining the useability, security and integrity of our Website and platform. We may use the following personal data for this purpose:
Recommendations and marketing To make recommendations to you about our products and services that may interest you. We may use the following personal data for this purpose:
To measure and analyze the effectiveness of the advertising we serve you. We may use the following personal data for this purpose:
To make suggestions and recommendations to you about goods or services that may be of interest to you and necessary for our legitimate interests (to develop our products/services and grow our business). We may use the following personal data for this purpose:
Rights and claims To enforce or apply our Website and platform terms of use, our policy terms and conditions, or other contracts. To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with. We may use the following personal data for this purpose:
Operating our Business Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise.
|
| Legal obligations
We may use your Personal Data to comply with laws (for example, if we are required to co-operate with a police investigation after a court order orders us to).
|
Legal requirement
The processing is necessary for compliance with legal obligations, such as but not limited security requirements. We may use the following personal data for this purpose:
To comply with applicable law, for example in response to a request from a court or regulatory body, where such request is made in accordance with the law. We may use the following personal data for this purpose:
Criminal activity To detect fraudulent or criminal activity, we may share information with forces such as the police. We may use the following personal data for this purpose:
Data Subject Rights Verifying your identity when you exercise your data subject rights and thereafter fulfilling / responding to data subject rights requests. We may use the following personal data for this purpose:
|
| Consent
We may have to get your consent to use your personal data, such about you or when we want to send you marketing. Wherever consent is the only reason for using your personal data, you have the right to change your mind and/or withdraw your consent at any time by clicking the Unsubscribe button at the bottom of an applicable email or by contacting us. |
Marketing
To measure and analyze the effectiveness of the advertising we serve you. We may collect IP addresses and store cookies on visitors’ devices. We may use the following personal data for this purpose, depending on what you consent to:
Data analytics We use data analytics to improve our Website, products/services, marketing, customer relationships and experiences. We may use the following personal data for this purpose:
|
Please see more details about your rights below. In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you.
- Right to be informed: We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. We have written this notice to do just that, but if you have any questions or require more specific information regarding any element of this Privacy Notice or our privacy practices, please contact us at
- Right of access: You have the right to ask us for copies of your personal information. This right always applies. There are some exceptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.
- Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Right to erasure: You have the right to request the erasure of your personal information in certain circumstances; however, we may refuse to comply with such a request if we are processing the relevant personal data for specific reasons, including complying with a legal obligation, performing a task in the public interest or exercising official authority, archiving in the public interest, scientific or historical research, statistical purposes, or for the exercise or defence of legal claims.
- Right to restriction of processing: You have the right to ask us to stop processing your personal data while we continue to hold it, serving as an alternative to the right to erasure. You may exercise this right if the accuracy of the relevant personal data is contested, if the processing is unlawful, if we no longer need the relevant personal data but it is required for a legal process, or if you have exercised your right to object and processing is restricted pending a decision on its status.
- Right to object to processing: You have the right to object to processing of your personal data in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).
- Right to data portability This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.
You may contact our Privacy Team at privacy@memoryblue.com regarding any questions, requests, or concerns about this Privacy Notice or our data-protection practices.
You have the right to lodge a complaint with a supervisory authority in the UK or the EEA member state where you work or normally live, or where any alleged infringement of applicable data protection laws has occurred.
Please click to access the details of European supervisory authorities.
The supervisory authority in the UK is the ICO. The ICO may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.
27.2 Further Information for California Residents
(a) Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a resident of California, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
We do not sell or share your personal information for monetary consideration or cross-context behavioral advertising.
California residents have the following rights:
- Right to Know & Access: you may request disclosure of the categories and specific pieces of personal information we have collected about you over the past 12 months, the categories of sources from which the information was collected, the business or commercial purpose for collecting or sharing the information, and the categories of third parties with whom we disclose it.
- Right to Request Deletion: You may request that we delete your personal information, subject to exceptions under California law (e.g., compliance with legal obligations, security purposes, fraud prevention).
- Right to Correction: If your personal information is inaccurate, you have the right to request that we correct it.
- Right to Opt Out of Sharing: We do not sell or share personal information. However, if this changes in the future, you will have the right to opt out.
- Right to Limit Use of Sensitive Personal Information: If we collect Sensitive Personal Information (SPI), you may request that we limit its use to only what is necessary to provide the requested services.
- Right to Non-Discrimination: Exercising your rights under the CCPA will not result in any discrimination, including denial of goods or services, different pricing, or reduced service quality.
(b) How to Exercise Your Rights
To exercise your rights, you may contact us using the following methods:
Email: privacy@memoryblue.com
Verification Process:
To process your request, we must verify your identity by matching the information provided with our records. In some cases, we may require additional verification steps to confirm your identity. If we cannot verify your identity, we may be unable to fulfil your request.
Authorized Agents:
You may designate an authorized agent to submit a request on your behalf. We require written authorization or the power of attorney before processing requests from an agent.
(c) Shine the Light Law (Direct Marketing Disclosures)
Under California’s Shine the Light law, you may request:
- A list of the categories of personal information shared with third parties for their direct marketing purposes (if any).
- The names and addresses of those third parties (if applicable).
To request this information, contact privacy@memoryblue.com.
(d) Retention of Personal Information
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, including:
- Legal compliance (e.g., tax, fraud prevention, security).
- Contractual obligations (e.g., processing transactions or service agreements).
- Internal business purposes (e.g., maintaining sales records, improving services).
Once retention is no longer necessary, we will delete, anonymize, or securely store the information.
27.3 Further Information for Residents of other US States
(Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia)
Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia have certain privacy rights under their respective state laws. These rights vary by state and may include the following:
(a) Your Rights Under U.S. State Privacy Laws
- Right to Confirm Processing: You may request confirmation as to whether we process your personal information.
- Right to Access & Data Portability: You may request access to and receive a copy of the personal information we process about you in a portable and readily usable format.
- Right to Delete: You may request that we delete certain personal information, subject to legal exceptions.
- Right to Correct (Excluding Iowa & Utah): You may request correction of inaccuracies in your personal information, considering the nature and purpose of the data processing.
- Right to Opt-Out of Certain Processing: You may request to opt out of:
-
- (i) Targeted advertising (excluding Iowa).
- (ii) The sale of personal data (as defined by applicable state laws).
- (iii) Profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Right to Limit or Require Consent for Processing Sensitive Data:
Some states require opt-in consent before processing Sensitive Personal Data (SPI) (e.g., biometric, racial/ethnic data, precise geolocation, financial, or health information). Others allow residents to opt out of such processing.
The exact scope of these rights varies by state.
(b) Right to Appeal a Privacy Rights Decision
If we deny your request to exercise your rights, you have the right to appeal our decision. You may submit an appeal by contacting Appeals Contact (Senior Executive or DPO) at privacy@memoryblue.com
If your appeal is denied, you may file a complaint with your state’s Attorney General or Data Protection Authority, where applicable.
(c) Nevada Residents’ Opt-Out Rights
Under Nevada Revised Statutes Chapter 603A, Nevada residents have the right to opt out of the sale of their personal information. To submit a Nevada, opt-out request, please email us at privacy@memoryblue.com. However, please be advised that we do not currently sell personal data that would trigger Nevada’s opt-out requirements.
27.4 Further Information for Swiss Residents
We are subject to the Swiss Federal Act of Data Protection (FADP) in relation to goods and services we offer to individuals and our wider operations in Switzerland.
(a) Your Rights Under the Swiss Federal Act on Data Protection (FADP)
If you are a resident of Switzerland, you have specific rights regarding your personal data under the Swiss Federal Act on Data Protection (FADP), as revised in 2023.
Right to Access: You may request access to the personal data we process about you.
Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
Right to Deletion: You may request that we delete your personal data, subject to legal exceptions.
Right to Object: You may object to the processing of your personal data in certain circumstances.
Right to Data Portability: You may request a copy of your personal data in a structured format.
Right to Restrict Processing: You may request that we limit the processing of your personal data.
Right to Withdraw Consent: Where we rely on your consent to process personal data, you may withdraw that consent at any time.
Right to Lodge a Complaint: You may file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).
27.5 Further Information for Canadian Residents
(a) Your Rights Under PIPEDA and Provincial Privacy Laws
If you are a resident of Canada, we process your personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, including:
- Quebec’s Law 25
- Alberta’s Personal Information Protection Act (PIPA)
- British Columbia’s Personal Information Protection Act (PIPA)
You have the following rights:
- Right to Access: You may request a copy of the personal data we process about you.
- Right to Correction: You may request that we correct any inaccurate personal data.
- Right to Withdraw Consent: You may withdraw your consent where processing is based on consent.
- Right to Challenge Compliance: You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy authority.
27.6 Further Information for Brazilian Residents
If you are a resident of Brazil, we process your personal data in accordance with Lei Geral de Proteção de Dados (LGPD).
(a) Your Rights Under LGPD
- Right to Access: You may request details about the personal data we process about you.
- Right to Correction: You may request that we correct inaccurate or outdated information.
- Right to Deletion: You may request that we delete your personal data, except in cases where retention is legally required.
- Right to Data Portability: You may request a copy of your personal data in a portable format.
- Right to Restrict Processing: You may request that we limit certain processing activities.
- Right to Withdraw Consent: You may withdraw consent at any time.
- Right to Lodge a Complaint: You may file a complaint with the Brazilian Data Protection Authority (ANPD).
27.7 Further Information for China (Mainland and Hong Kong) Residents
(a) Your Rights Under PIPL (Mainland China) and PDPO (Hong Kong)
If you are a resident of mainland China, we process your personal data under the Personal Information Protection Law (PIPL). If you are a resident of Hong Kong, we process your data under the Personal Data (Privacy) Ordinance (PDPO).
- Right to Know & Access: You may request details about how we process your personal data.
- Right to Correction: You may request that we correct inaccurate personal data.
- Right to Deletion: You may request that we delete your personal data under certain circumstances.
- Right to Restrict Processing: You may request limitations on how we use your data.
- Right to Withdraw Consent: You may withdraw consent at any time.
27.8 Further Information for Other Countries
| Residency | Applicable Privacy Law | Your Rights |
| Japan | Act on the Protection of Personal Information (APPI). | Right to Access & Disclosure
Right to Correction & Deletion Right to Object to Processing Right to Restrict Processing |
| South Korea | Personal Information Protection Act (PIPA). | Right to Access & Disclosure Right to Correction & Deletion Right to Object to Processing Right to Restrict Processing |
| Australia | Australian Privacy Act 1988 (Cth)
|
Right to Access & Correction Right to Lodge Complaints |
| New Zealand | New Zealand Privacy Act 2020
|
Right to Access & Correction Right to Lodge Complaints |
| United Arab Emirates |
|
Right to Access, Correction & Deletion Right to Object to Processing Right to Lodge a Complaint |
| Mexico | Federal Law on Protection of Personal Data (LFPDPPP) and regulations issued by the National Institute for Transparency, Access to Information, and Personal Data Protection (INAI). | Right to Access: Request details about the personal data we hold about you. Right to Rectification: Request corrections if your personal data is inaccurate or outdated. Right to Cancellation: Request deletion of your personal data. Right to Object (ARCO Rights): Object to the processing of your personal data under certain circumstances. Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time. |
| Argentina
The Agency For Access To Public Information, in its capacity as the supervisory authority of Law No. 25,326, has the power to deal with complaints and claims filed by those affected in their rights for breach of the current regulations on the protection of personal data.”
|
Personal Data Protection Law (Ley 25.326) and regulations issued by the Agency for Access to Public Information (AAIP). | Right to Access & Correction Right to Deletion & Object to Processing Right to Withdraw Consent Right to Lodge a Complaint with AAIP |
| Chile | Law No. 19.628 on the Protection of Private Life | Right to Access & Rectification Right to Erasure (Limited Scope) Right to Object to Processing Right to Lodge Complaints with Local Authorities |
| South Africa | Protection of Personal Information Act (POPIA).
|
Right to Access & Correction Right to Deletion & Restriction Right to Object to Processing Right to Lodge a Complaint with the Information Regulator (IRSA) |
| India | Digital Personal Data Protection Act (DPDPA 2023) | Right to Access & Correction Right to Erasure Right to Withdraw Consent Right to Lodge Complaints with the Data Protection Board of India |
| Thailand | Personal Data Protection Act (PDPA) | Right to Access & Rectification Right to Object & Restrict Processing Right to Data Portability Right to Lodge Complaints with the Personal Data Protection Committee (PDPC) |
| Indonesia | Personal Data Protection Law (PDP Law – 2022) | Right to Access & Rectification Right to Deletion & Restriction Right to Object to Processing Right to Withdraw Consent |
| Turkey | Law No. 6698 on the Protection of Personal Data (KVKK). | Right to Access & Rectification Right to Deletion & Restriction Right to Object to Processing Right to Lodge Complaints with the Turkish Data Protection Authority (KVKK) |
| Russia Residents
Important Note: Russian law requires localization of personal data collected from Russian residents. This means we may be required to store your personal data on servers located within Russia.
|
Federal Law on Personal Data (No. 152-FZ) | Right to Access & Correction Right to Object to Processing Right to Request Deletion Right to Lodge Complaints with Roskomnadzor |
28. Right to Lodge a Complaint
We hope that we can resolve any query or concern you raise about our use of your personal information. To lodge a complaint in this regard please contact us at privacy@memoryblue.com first and title your email “Complaint”. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.
If you believe we have not handled your personal data in compliance with applicable laws, you have the right to lodge a complaint with the relevant Data Protection Authority (DPA):
- UK: Information Commissioner’s Office (ICO)
- EU/EEA: Contact your local Supervisory Authority
- U.S.: Contact your state Attorney General (for CCPA/CPRA and state laws)
- Canada: Office of the Privacy Commissioner of Canada (OPC)
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
- Singapore: Personal Data Protection Commission Singapore | PDPC
- South Korea: Personal Information Protection Commission (PIPC)
- Japan: Personal Information Protection Commission
- UAE: Relevant free-zone data protection authority (e.g., DIFC, ADGM)
- Other jurisdictions: Contact your local privacy regulator.
Alternatively, you can contact us at privacy@memoryblue.com
Changes to This Privacy Notice
We may update this Privacy Notice periodically to reflect:
- changes in applicable laws and regulations;
- new data processing practices or services; and / or
- updates to our security measures or business operations.
If we make material changes that affect your rights or the way we process your personal data, we will:
- notify you by email (if required by law);
- post an updated version on our Website with a new effective date; and
- where legally required, obtain your consent before implementing certain changes
We encourage you to review this Privacy Notice regularly to stay informed about how we protect your personal data. If you continue using our services after an update, it means you will accept the revised terms.
VERSION: 1.1
Last Updated: February 1, 2026