Try Blue Castle

BLUE CASTLE PRIVACY POLICY

Last Updated: April 15, 2026 

 

Code Blue Ltd. (“Code Blue”“we”“our”, or “us”) operates the website www.codebluecyber.com (the “Website”), the Blue Castle AI platform (www.bluecastle.ai) (the “Platform”), and provide professional services to clients in Israel, Germany, Italy, Canada, and other jurisdictions (collectively, the “Services”). 

We are committed to protecting your privacy and ensuring the fair and lawful processing of your personal data in full compliance with applicable laws. For the purpose of this Policy, “Personal Data” is individually identifiable information, namely information that identifies an individual or may, with reasonable effort, identify an individual. This Privacy Policy (“Policy”) was designed to help you understand the information we collect, store, use, and share. It applies whenever you visit or interact with our website, social media platforms, sign up to attend or participate in an event or webinar, download a white paper or other materials, or inquire about our cloud-based software platform (the “Platform”) or Services. Please note that parts of this Policy may not apply to you, depending on the jurisdiction in which you reside and the applicable laws. 

We recommend that you read this Policy and ensure you fully understand and agree to it. If you do not agree to this Policy, please discontinue and avoid using our Services. You have the right to cease using our Services at any time, pursuant to this Policy and our Terms. You are not legally required to provide us with any personal data, but without it, we will not be able to give you the best experience when using our Services. 

Note: When Blue Castle processes Personal Data on behalf of a customer (e.g., information a customer uploads to our platform), the customer is responsible for legal compliance as the ‘data controller’ of that Personal Data, and our obligations as a ‘data processor’ are defined in our Data Processing Agreement. This Privacy Policy applies to Personal Data for which Blue Castle is the data controller, such as information you provide to us directly (e.g., when you visit our website, create an account, or contact us). 

1. CONSENT AND VOLUNTARY INFORMATION SHARING 

 

You are not legally obligated to provide personal information to us. Any personal information you share is done of your own free will. However, please note that without providing certain personal information, we may be unable to offer you our full range of services or website functionalities. 

By using our website, platform, or related services, you consent to the collection and processing of your personal information as described in this Privacy Policy. Where required by applicable law, we will obtain your explicit consent before processing your personal information for purposes such as marketing communications or international data transfers. 

2. TYPES OF PERSONAL DATA COLLECTED 

 

We collect personal information that you provide voluntarily, or that is generated through your interaction with our website, platform, and related services. This may include: 

 

Contact Information: Your full name, email address, phone number, and organization name (if applicable). 

Account and Access Information: Login credentials, user preferences, and other details necessary to access secure areas of our platform. 

Technical and Device Information: IP address, browser type, operating system, device identifiers, and usage data related to your interaction with our website and platform. 

Usage data: pages visited, time spent, clicks, and navigation patterns on our website. 

Cookie data: information collected via functional and analytical cookies (see Section 3 below). 

 

We do not request or process sensitive information (such as government-issued IDs, health data, or information relating to racial or ethnic origin) unless required by law. 

3.  COOKIES AND ANALYTICAL DATA 

 

Information collected through cookies and similar technologies is used to improve functionality, enhance user experience, and analyze usage patterns. 

Cookies can generally be divided into the following categories: 

 

Cookie Type 

Consent Required? 

Purpose 

Strictly Necessary 

No 

Essential for website operation: navigation, secure area access, basic functionality. Cannot be disabled without affecting core features. 

Functional / Preference 

No 

Remember your settings, language preferences, and improve usability across return visits. 

Analytics 

Yes – Opt-in 

Understand how visitors interact with our website (e.g., Google Analytics). Data is aggregated and pseudonymized. Only placed after explicit consent via our cookie banner. 

Marketing / Targeting 

Yes – Opt-in 

Deliver relevant content and measure engagement across other platforms (e.g., Google Ads Remarketing). Only placed after explicit consent via our cookie banner. You may withdraw consent at any time through the cookie settings. 

 

4. PURPOSES OF DATA PROCESSING 

 

We process personal information only where a lawful basis exists. Such processing may include: 

  • Responding to inquiries and contact form submissions 
  • Sending newsletters and marketing communications 
  • Providing contracted professional services (incident response, preparedness engagements) 
  • Operating and improving our website and platform (analytics, security monitoring) 
  • Compliance with legal obligations (tax, regulatory reporting, court orders) 
  • Fraud prevention and detection; protecting the security of our systems 
  • To manage our business operations, including record-keeping, accounting, and client relationship management. 

 

Where we rely on consent as the legal basis, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. 

We do not process personal information for purposes incompatible with those described above without obtaining your prior explicit consent. 

 

5. CONSEQUENCES OF DATA COLLECTION 

 

If you choose not to provide certain personal information, you may experience limitations in accessing or using our services, including: 

  • An inability to access specific features of our website or platform. 
  • Reduced ability to receive comprehensive customer assistance. 
  • Non-receipt of newsletters, updates, or marketing communications where consent is required. 

These limitations do not affect your legal rights under applicable privacy laws. 

6. DATA SHARING AND TRANSFERS 

 

We do not sell personal information. We may share personal information with: 

 

6.1 Service Providers and Sub-Processors 

We engage trusted third-party service providers (such as cloud hosting providers, email platforms, and CRM tools) that assist in operating our website and delivering our services. These providers act as processors on our behalf and are bound by confidentiality and data security obligations consistent with the Security Regulations and applicable law. Where required, we enter into data processing agreements with them. 

 

6.2 Group Companies and Joint Ventures 

Code Blue operates internationally through affiliated entities, including Code Blue GmbH (Frankfurt, Germany) and operations in Italy and North America. Personal information may be shared within this group where necessary for operational purposes, subject to appropriate contractual protections and, where applicable, in compliance with EU GDPR requirements. 

 

6.3 Legal and Regulatory Disclosure 

We may disclose personal information to law enforcement authorities, courts, regulators, or other public bodies where required to do so by applicable law, court order, or regulatory requirement, or where necessary to protect the rights, property, or safety of Code Blue, our clients, or the public. 

 

6.4 Business Transfers 

In the event of a merger, acquisition, or sale of assets involving Code Blue, personal information may be transferred to the relevant counterparty as part of that transaction, subject to appropriate confidentiality commitments. 

 

6.5 With Your Consent 

We may share personal information with third parties where you have provided explicit prior consent for us to do so. 

7. INTERNATIONAL DATA TRANSFERS 

 

As a global digital platform, we may transfer your personal information outside your country of residence. We will only transfer your personal information to another country in accordance with applicable data protection laws and provided there is adequate protection in place for the data (e.g., through an adequate mechanism for the international transfer of personal information). We do not sell personal information under any circumstances. 

For customers whose data is processed through the Platform, personal data is hosted by default on infrastructure located in Germany (European Union), meaning no international transfer outside the EEA occurs with respect to primary data storage. Transfers outside the EEA may occur in limited circumstances in connection with sub-processors or support operations and are governed by appropriate safeguards as set out in our Data Processing Agreement. 

8.  DATA SECURITY 

 

We implement comprehensive physical, technical, and organizational measures to protect personal information against unauthorized access, use, alteration, disclosure, or destruction. These measures include: 

  • Encryption of data at rest and in transit using industry-standard protocols (TLS 1.2+, AES-256). 
  • Strict role-based access controls (RBAC) limiting access to personal information on a need-to-know basis. 
  • Regular monitoring, vulnerability scanning, and penetration testing of our systems. 
  • Internal information security policies and employee training programs. 
  • Incident response and breach notification procedures in accordance with the Security Regulations. 

 

While we apply industry-standard security practices, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security. If you become aware of a security issue affecting your interaction with us, please notify us immediately at privacy@codebluecyber.com. 

In the event of a severe security incident affecting personal information, we will notify the Privacy Protection Authority (PPA) and, where required by law or where there is a high risk to your rights, we will notify affected individuals without undue delay and in accordance with the timeframes prescribed by applicable law. 

9. USER RIGHTS 

 

As a data subject, you have the right to: 

  • Request access to the personal information we hold about you. 
  • Seek correction of inaccurate or incomplete data. 
  • Request deletion of your personal information, subject to applicable legal and contractual obligations. 
  • Request to restrict or object to the processing of your personal data where permitted by law. 
  • Withdraw your consent for any processing activities that rely on your consent, such as marketing communications. 
  • Receive certain personal data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another service provider (data portability), to the extent applicable under your local laws. 
  • Right to Lodge a Complaint: file a complaint with your local Data Protection Authority 

If you are located in Israel, you have additional rights under Amendment 13 to the Protection of Privacy Law (effective August 14, 2025), including enhanced rights of access, correction, and deletion, as well as the right to receive notification in the event of a data breach affecting your personal information. 

To exercise any of the above rights, please contact our Data Protection Officer at: privacy@codebluecyber.com. We will acknowledge your request within 7 business days and endeavor to respond fully within 30 days. We may ask you to verify your identity before processing your request. 

10. DATA RETENTION 

 

Subject to the conditions and restrictions set out under applicable laws, we will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter to comply with audit, contractual or legal requirements, or where we need to meet obligations under applicable laws, including data security and record-keeping requirements. We may retain personal information in computer backup or archival copies generated in the ordinary course of our business. 

Retention periods are determined based on the nature of the information, the purpose of processing, and applicable legal requirements. When personal information is no longer required, we will delete or anonymize it in accordance with our data security policies and applicable law. 

11. POLICY MODIFICATIONS 

 

We may update this Policy from time to time to reflect changes in our data processing practices, applicable legal or regulatory requirements, or our business operations. Any material changes will be published on our website with a minimum of seven (7) days’ notice before the revised Policy takes effect. The date of the most recent revision is displayed at the top of this document. 

Your continued use of our website or services following notice of a change constitutes your acceptance of the revised Policy. If you do not agree to the updated Policy, you should discontinue use of our services. 

12. CONTACT INFORMATION 

 

For all privacy-related inquiries or to exercise your rights under this Privacy Policy, please contact us at: 

 

  • Data Protection Officer: Michal Bartov, Adv. 
  • Company: Code Blue Ltd. 
  • Address: 8 Raul Wallenberg, Tel Aviv, Israel 
  • Response Timeframe: Acknowledgement within 7 business days; full response within 30 days 

 

Governing Law & Jurisdiction 

This Policy is governed by and construed in accordance with the laws of the State of Israel. Any dispute arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts of Tel Aviv.