Confidently erase data in active environments and from used IT assets.
Expedite processes, recover more marketable product, and increase services.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Erase data without disrupting operations or destroying infrastructure.
Home » Privacy Notice
Last Updated: July 2026
Protecting privacy is fundamental to who we are at Blancco. This Privacy Notice explains how we collect, use and protect your personal data and what rights you have.
SUMMARY
This Privacy Notice explains how Blancco Technology Group and its group companies collect, use and protect your personal data. It applies to our clients, prospective clients, suppliers, partners, investors, website visitors and job applicants.
We take your privacy seriously. This Notice seeks to ensure that you know:
Our commitments to you:
1. ABOUT BLANCCO
Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions. We provide thousands of organisations worldwide with the tools they need to securely erase IT assets and protect sensitive data throughout its lifecycle.
This Notice applies to Blancco Technology Group and all its group companies and subsidiaries worldwide. For the purposes of this Notice, references to “Blancco”, “we”, “us” and “our” refer to the Blancco group entity that is processing your personal data.
2. CONTACT DETAILS
If you have any questions about this Privacy Notice or how we handle your personal data, please contact our Data Protection Officer at dataprivacy@blancco.com or visit our contact page at https://blancco.com/contact-us/.
3. SCOPE OF THIS NOTICE
This Notice applies to the following individuals whose personal data we process where we act as controller:
This Notice does not cover the personal data of Blancco employees. Employee personal data is handled through a separate internal privacy notice.
This Notice does not apply where Blancco acts as a data processor on behalf of its customers. In those circumstances, the privacy notice of the relevant customer will apply.
4. PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data, subject to the principle of data minimisation — we only collect what is necessary for the relevant purpose.
Personal Data Category
Description
Identification Data
Name, surname, title, date of birth, driving licence and passport information.
Contact Data
Email address, phone number, postal address, other communication details
Communication Data
Phone calls, email correspondence and hard copy correspondence
Marketing Data
Contact Data and your preferences for receiving marketing communications from us.
Recruitment Data
Recruitment-related data such as Identification Data, Contact Data, Communication Data, CV and job application data.When processing CV data, we may process certain Personal Data including the following: employment history, skills/ experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licences held, interests and hobbies, locations, nationality, passport, eligibility to work in certain jurisdictions, salary expectations, interview/screening answers and notes and usernames and passwords for access to our recruitment portal.
Financial Data
Payment-related information or bank account details and financial data received as part of the services that we provide. (credit card data, bank account data)
Special Category Recruitment Data
If we interact with you for the purposes of a job with the Company, we may collect Recruitment Data that is of a special category as per the GDPR definition: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or data relating to health. We will only source this data with the explicit consent of Candidates.
Website Users
When you visit or use our websites or applications, subscribe to our newsletters or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:
Device Information
Hardware model, unique device identifiers, IP address, operating system version and device settings
Log Information
Time, duration and manner of use of our products, services and digital channels
Location Information
Your location (derived from your IP address, Bluetooth beacons or identifiers, or other location-based technologies), which may be collected when you enable location-based products or features such as through our apps
Other information about your use of our digital channels or products
Apps you use or websites you visit, links you click within our advertising e-mail, motion sensor data
5. HOW WE COLLECT YOUR PERSONAL DATA
5.1 Business Contacts
We collect personal data about Business Contacts from the following sources:
5.2 Candidates
We collect personal data about Candidates primarily directly from the Candidate. We may also collect data from the following sources:
5.3 Website Users
We collect personal data about Website Users automatically when they visit our website, regardless of whether they register or interact with us directly. For full details please refer to our Cookie Policy.
6. WHY WE USE YOUR PERSONAL DATA AND OUR LEGAL BASIS
6.1 Legal Bases
We process personal data lawfully and in accordance with applicable data protection law. The legal bases on which we rely are as follows:
Contract — where processing is necessary to perform our obligations under a contract with you or to take steps at your request prior to entering into a contract.
Legitimate Interest — where processing is necessary for our legitimate business interests, provided those interests are not overridden by your interests or fundamental rights and freedoms. Where we rely on legitimate interest we have considered the impact of the processing on your rights and are satisfied that our interests are proportionate and reasonable.
Legal Obligation — where processing is necessary to comply with a legal obligation to which we are subject, such as tax, regulatory or audit requirements.
Consent — where you have given us your explicit consent to process your personal data for a specific purpose. You may withdraw your consent at any time by contacting us at dataprivacy@blancco.com. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
6.2 Our Legitimate Interests
Where we rely on legitimate interest as our legal basis, our legitimate interests include:
We will not process your personal data on the basis of legitimate interest where your interests or fundamental rights and freedoms override our legitimate interests.
6.3 Artificial Intelligence and Automated Decision-Making
We may use automated tools, including artificial intelligence, to analyse your preferences and interests, to personalise our communications and to improve our products and services. You have the right to object to such analysis carried out for direct marketing purposes at any time, as set out in the section "Your Rights" below.
We may use automated tools, including artificial intelligence (AI), to support these and other activities. We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing without meaningful human involvement.
6.4 Communication Preferences
You may manage your receipt of marketing communications by clicking the unsubscribe link in any of our marketing emails or by contacting us at marketing@blancco.com. You have the absolute right to object to the processing of your personal data for direct marketing purposes at any time. We will stop processing your personal data for this purpose immediately upon receipt of your objection.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
We do not sell your personal data to third parties. We may share your personal data in the following circumstances:
When we engage another organization to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
In order to provide our products and services, we may transfer personal data outside the country in which it was collected, including outside the European Economic Area (“EEA”) and the United Kingdom (“UK”). We ensure that all such transfers are made using legally compliant safeguards.
For transfers of personal data from the EU/EEA, we rely on Standard Contractual Clauses (“SCCs”) approved by the European Commission under Article 46(2) GDPR, or on adequacy decisions where available.
For transfers of personal data from the UK, we use the UK International Data Transfer Agreement (“IDTA”) or the UK Addendum to the EU SCCs, as appropriate.
Where applicable, we may rely on the EU-US Data Privacy Framework or other transfer mechanisms recognised under applicable law for transfers of personal data to the United States.
For transfers of personal data to and from other jurisdictions in which we operate, we ensure that appropriate safeguards are in place in accordance with the applicable laws of those jurisdictions. These safeguards may include standard contractual clauses, binding corporate rules, adequacy decisions or other legally recognised transfer mechanisms as appropriate.
9. HOW LONG WE KEEP YOUR PERSONAL DATA
9.1 Retention Principles
We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with applicable law and our internal retention policies. When determining the appropriate retention period we take into account:
When personal data is no longer required we will delete or anonymise it securely.
9.2 Retention Schedule
The following table sets out our retention periods by processing purpose:
Purpose of Processing
Categories of Personal Data
Retention Period
Service Delivery Activities
Identification Data, Contact Data, Communication Data
24 months after completion of service delivery activities where there is no further meaningful engagement
Marketing and Promotion Activities
Marketing Data, Contact Data, Web Data
Retained for as long as you remain an active contact or until you withdraw consent or request deletion. We will not retain marketing data beyond 3 years of inactivity without re-engagement. Deleted immediately upon receipt of an unsubscribe or erasure request
Recruitment Activity
Identification Data, Contact Data, Communication Data, Recruitment Data, Web Data, Marketing Data, Special Category Recruitment Data
12 months for candidates who are not hired. Candidates who have consented will remain on the database for other positions until consent is withdrawn or there is no meaningful engagement. A separate retention policy applies to employees
Website Delivery
Web Data
12 months
Managing Payments and Administration of Contract
Identification Data, Contact Data, Communication Data, Financial Data
7 to 10 years depending on applicable country legal requirements
Management of Corporate Affairs
7 to 10 years unless a mandatory legal requirement to retain for a longer period applies depending on applicable country legal requirements
10. HOW WE PROTECT YOUR PERSONAL DATA
10.1 Technical and Organisational Measures
We maintain appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction or damage. These measures include conducting internal audits and reviews of our security practices, applying access controls to ensure that only those who need access to your personal data can access it, and using secure connections to protect personal data during transmission.
10.2 Privacy by Design and by Default
We apply Privacy by Design and Data Minimisation principles throughout our organisation. This means we consider data protection from the outset of any new product, service or process and ensure that by default we only process personal data that is necessary for each specific purpose.
10.3 Data Breach Notification
We have a detailed breach notification procedure to detect, report and respond to personal data breaches. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach in accordance with our legal obligations. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
If you think there has been any loss or unauthorised access to your personal data or that of any other individual, please contact us immediately at dataprivacy@blancco.com.
10.4 Your Responsibility
Where you have been given or have chosen a password to access our services, you are responsible for keeping that password confidential. Please do not share your password with anyone.
11. COOKIES
Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies including pixel tags, web beacons and local storage to make our website function, to analyse traffic and usage, and to support our marketing activities.
You can control or withdraw your consent to non-essential cookies at any time via the cookie preference centre on our website. Please note that disabling certain cookies may affect the functionality of our website.
For full details of the cookies we use, their purpose and how to manage them, please see our Cookie Policy at https://blancco.com/cookie-policy/
12. THIRD PARTY WEBSITES
Our website may contain links to third party websites. If you follow a link to any of these websites, please note that those websites have their own privacy notices and settings which are independent of Blancco. We do not endorse and are not responsible for the privacy practices of any third party websites. We recommend that you review the privacy notice of any website you visit before submitting any personal data.
13. CHILDREN'S PRIVACY
Our products and services are not directed at children. We do not knowingly collect or solicit personal data from children. If we become aware that we have collected personal data from a child without the necessary consent or authorisation, we will take immediate steps to delete that information.
We do not knowingly collect personal data from individuals under the age of 16. In jurisdictions where a higher age threshold applies, we comply with the applicable local requirement.
If you are a parent or legal guardian and believe we have collected personal data relating to your child, please contact us immediately at dataprivacy@blancco.com.
14. YOUR RIGHTS
14.1 Your Universal Rights
Subject to applicable law, you have the following rights in relation to your personal data:
Right
What It Means
Right of Access
You may request a copy of the personal data we hold about you and information about how we use it
Right to Rectification
You may ask us to correct personal data that is inaccurate or incomplete
Right to Erasure
You may ask us to delete your personal data where there is no longer a legitimate reason for us to process it
Right to Restriction
You may ask us to limit how we use your personal data in certain circumstances
Right to Data Portability
You may ask us to provide your personal data in a structured, commonly used and machine-readable format or to transfer it directly to another organisation where technically feasible
Right to Object
You may object to our processing of your personal data where we rely on legitimate interest as our legal basis
Right to Withdraw Consent
Where we process your personal data on the basis of your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal
Right Not to be Subject to Automated Decision-Making
You may request that decisions about you are not made solely by automated means where those decisions produce legal or similarly significant effects on you
14.2 Right to Object to Direct Marketing
You have the absolute right to object to the processing of your personal data for direct marketing purposes at any time. We will stop processing your personal data for this purpose immediately upon receipt of your objection. No grounds need be given for such an objection. To object please contact us at dataprivacy@blancco.com or click the unsubscribe link in any of our marketing communications.
14.3 How to Exercise Your Rights
To exercise any of your rights please contact us at dataprivacy@blancco.com. We will respond within one calendar month of receipt of your request. Where your request is complex or you have made multiple requests, we may extend this period by a further two months and will notify you of the extension within the first month.
We will not charge a fee for handling your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
14.4 Right to Complain to a Supervisory Authority
You have the right to lodge a complaint with the data protection or privacy supervisory authority in your country of residence, place of work or where you believe a breach has occurred. Contact details for supervisory authorities in your jurisdiction are available from your local data protection authority's website.
California residents have additional rights under applicable US state privacy law including the right to know, correct, delete and opt out of the sale of personal information. To exercise these rights please contact us at dataprivacy@blancco.com.
15. HANDLING YOUR DATA SUBJECT REQUESTS
When we receive a request to exercise your data subject rights, we will verify your identity, acknowledge your request promptly and respond within the timeframe required by applicable law in your jurisdiction. Where your request is complex, we may extend this period where permitted by law and will notify you accordingly. If we are unable to fulfil your request, we will explain why and inform you of your right to complain to the relevant supervisory authority. To submit a request please contact us at dataprivacy@blancco.com.
16. CHANGES TO THIS NOTICE
We review and update this Privacy Notice periodically to reflect changes in our data processing practices, applicable law or regulatory guidance. The date at the top of this Notice indicates when it was last updated.
Where we make material changes to this Notice we will take reasonable steps to bring those changes to your attention, which may include posting a notice on our website or contacting you directly where we have your contact details and where required by applicable law.
We encourage you to review this Notice periodically to stay informed about how we protect your personal data.
17. QUESTIONS, CONCERNS AND COMPLAINTS
17.1 Contact Us
If you have any questions, concerns or complaints about this Privacy Notice or about how we handle your personal data, please contact us:
Please contact our Data Protection Officer at dataprivacy@blancco.com, call us on +44 (0)1279 874580 or visit our contact page at https://blancco.com/contact-us/
17.2 How We Handle Your Complaint
We are committed to resolving any concerns you may have about our data processing activities in a fair and timely manner. Upon receipt of your complaint, we will:
17.3 Right to Complain to a Supervisory Authority
If we are unable to resolve your concerns, or if you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or where you believe a breach has occurred.
For UK residents, the relevant supervisory authority is the Information Commissioner's Office (ICO) at www.ico.org.uk.
For EEA residents, the relevant supervisory authority is the data protection authority in your country of residence or place of work.
For all other jurisdictions, contact details for your local supervisory authority are available from your local data protection authority's website.