Privacy Policy
Last updated: 2026-07-09
1. Data controller
The controller for data collected through this website and for platform account management is Bluix Group LTD, a company incorporated in England (United Kingdom). Contact: info@protue.com.
The United Kingdom benefits from a European Commission adequacy decision (Art. 45 GDPR). Platform data is in any case stored on servers located in the European Union (Germany and Finland).
2. Roles: controller and processor
- Browsing data, contact requests and accounts: Bluix Group LTD acts as controller.
- Data about patients, assisted persons and workers uploaded by client organisations (including health data under Art. 9 GDPR): each organisation is the controller; Bluix Group LTD acts as processor under Art. 28 GDPR, based on a Data Processing Agreement (DPA) with each organisation. To exercise rights over such data, please contact the controlling organisation.
3. Data processed and purposes
- Contact data submitted through website forms: handling of the request and commercial follow-up (Art. 6.1.b and 6.1.f).
- Account data (credentials, roles, access logs): provision of the subscription service (Art. 6.1.b).
- Billing data: contractual and tax obligations (Art. 6.1.b and 6.1.c).
- Technical and security logs (pseudonymised IP addresses, audit trail): platform security (Art. 6.1.f).
4. Special categories of data (Art. 9 GDPR)
The platform is designed to process health data on behalf of controlling organisations (medical transport, care plans, clinical documents, prescriptions). Measures include: encryption at rest and in transit, per-tenant data isolation, role-based access control, auditing of every document access, encrypted backups, secure erasure procedures (crypto-shredding) and support for the controllers' DPIAs.
5. Sub-processors and recipients
- Hetzner Online GmbH (Germany/Finland) — production hosting (EU).
- Netcup GmbH (Germany) — staging environments and ancillary services (EU).
- Stripe Payments Europe, Ltd. — card payment processing.
- Creem — subscription management as merchant of record, where active.
- SMS provider — delivery of notifications and verification codes.
An up-to-date list of sub-processors is available on request at info@protue.com. We do not sell or share personal data with third parties for marketing purposes.
6. Retention
Contact data is kept no longer than 24 months from the last interaction. Account and billing data is kept for the duration of the contract and the applicable statutory periods. Data processed on behalf of organisations is retained according to the controller's instructions and deleted or returned at contract termination.
7. Data subject rights
Under Arts. 15-22 GDPR you may exercise your rights of access, rectification, erasure, restriction, portability and objection by writing to info@protue.com. You may also lodge a complaint with your supervisory authority. For data processed on behalf of a controlling organisation, requests will be forwarded to the competent controller.
8. Changes
Any changes to this notice will be published on this page with the updated date.