Back to Application
CertaBlue|

Privacy Policy

Last updated: March 19, 2026

1. Introduction

CertaBlue BV ("CertaBlue", "we", "us", or "our"), located at Voorveld 16, 6071 RE Swalmen, The Netherlands, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the CertaBlue AutoScanner software and related services (the "Service").

Our Service is designed for professional use in food safety testing and cosmetics quality control. We process data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Dutch data protection laws.

2. Data Controller

CertaBlue BV is the data controller for personal data processed through the Service. For questions about this policy or your data rights, contact us at:

CertaBlue BV

Voorveld 16, 6071 RE Swalmen, The Netherlands

Email: [email protected]

Website: www.certablue.com

3. Data We Collect

3.1 Account Information

When your organization registers for the Service, we collect: user names, email addresses, organization name, and role assignments. This data is necessary for authentication and access control.

3.2 Test and Measurement Data

All measurement data, sensor readings, calibration records, and test results are stored exclusively on your local system (the PC running the CertaBlue Local Service). This data is not transmitted to or stored in our cloud infrastructure. Only lightweight metadata (test counts, device status, license information) is synchronized with our cloud service for remote monitoring purposes.

3.3 Usage Data

We may collect anonymized usage statistics to improve the Service, including: pages visited, features used, and error reports. This data does not identify individual users and is only collected with your consent (see Cookie Policy below).

3.4 Device Information

We collect scanner serial numbers and connection status for device management and license verification purposes. No data from the scanner hardware itself is transmitted to the cloud.

4. How We Use Your Data

We process personal data for the following purposes:

  • Service Provision: To authenticate users, manage access, and deliver the core functionality of the Service.
  • License Management: To verify and manage software licenses for your organization.
  • Remote Monitoring: To provide remote device status and test summary views (metadata only).
  • Support: To provide technical support and troubleshoot issues when requested.
  • Improvement: To improve the Service based on anonymized usage patterns (with consent).

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service under your license agreement.
  • Legitimate Interest (Art. 6(1)(f)): Processing for security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a)): For analytics cookies and optional usage tracking. You may withdraw consent at any time.

6. Data Storage and Security

6.1 Local Data

Measurement data, test results, calibration records, and sensor readings are stored locally on your organization's hardware. CertaBlue does not have access to this data unless you explicitly share it for support purposes. You are responsible for securing and backing up your local data.

6.2 Cloud Data

Account information and metadata are stored on secure cloud infrastructure with the following protections: encryption at rest and in transit (TLS), access controls and role-based permissions, regular security audits and penetration testing, and network segmentation.

6.3 Data Retention

We retain account data for the duration of your license agreement plus 12 months. Local measurement data is retained indefinitely on your hardware unless you choose to delete it. Cloud metadata is deleted within 30 days of account termination.

7. Cookie Policy

We use the following categories of cookies:

Essential Cookies (Always Active)

Required for authentication, session management, and application functionality.

Analytics Cookies (With Consent)

Help us understand usage patterns. No personal data is shared with third parties.

Functional Cookies (With Consent)

Remember your preferences such as language and display settings.

You can manage your cookie preferences at any time through the cookie settings banner or by clearing your browser's local storage.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Request correction of inaccurate data.
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent for analytics at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

9. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of third parties, under appropriate data processing agreements:

  • Cloud Infrastructure Provider: For hosting the cloud component of the Service.
  • Authentication Provider: For secure user authentication.

All third-party processors are bound by data processing agreements that ensure GDPR compliance. We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards.

10. Industry-Specific Considerations

CertaBlue AutoScanner is used in food safety testing and cosmetics quality control. We understand the regulatory requirements of these industries:

  • Test measurement data remains on your local infrastructure, supporting your data integrity requirements.
  • Audit trails are maintained for all critical operations, supporting traceability requirements.
  • Access controls support role-based security as required by quality management systems.

For customers requiring specific regulatory compliance documentation (e.g., 21 CFR Part 11, ISO 17025), please contact us to discuss your requirements.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours and inform affected individuals without undue delay, in accordance with GDPR Articles 33 and 34.

12. Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30, 2594 AV Den Haag

Website: www.autoriteitpersoonsgegevens.nl

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

CertaBlueBV — Voorveld 16, 6071 RE Swalmen, The Netherlands
certablue.com

Note: This privacy policy is a template and should be reviewed by a qualified legal professional before use in production.