Updated: 
September 11, 2025
Next Review: 
January 2026

Bluestone

Privacy Policy

Privacy Policy

Version: BS.202312.03PP

This website is the property of Bluestone and we take our data protection and privacy responsibilities seriously.

You can contact Bluestone directly via email, phone or by sending correspondence to the following address:

Email: info@bluestone.app

Phone:0330 135 8660

Address: Lakeside House, Navigation Court, Wakefield, WF2 7BJ

This Privacy Policy explains our practices regarding the collection, use of and storage of personal information that we receive if you are a user of this site or if you contact us for further information for professional purposes.

Our website may provide links to third party websites. Bluestone is not responsible for the conduct of third-parties linked to the website and you should refer to the privacy notices of these third parties about how they may handle your personal information.

Bluestone, Bluestone Leasing, Bluestone Vehicles and AssetSecure are all trading styles of Bluestone Leasing Limited and is the Controller of any personal data we receive from users who contact us. If you have any questions about who may be the Controller and responsible for your personal information, please contact marketing@bluestone.app.  

When using the term “personal data” or “personal information” in this Privacy Policy, we are referring to information (including opinions) that relates to you and from which you could be identified, either directly or in combination with other information which we may have in our possession.

We may collect personal data about you when:

  • The personal data is provided to us by you (e.g. when you contact us by email, telephone or submit an enquiry form);
  • The personal data is received by us from third parties who provide it to us (e.g. law enforcement agencies, your employer);
  • The personal data is received by us from clients, business partners or supplier;
  • The personal data has been made public by you (e.g. contacting Bluestone via a social media platform);
  • The personal data is collected via our IT systems (e.g. our website - please also see details of our Cookie Policy); and
  • The personal data is created by us, such as records of your communications with Bluestone.

The categories of personal information about you which we may collect and use, depending on our relationship and interactions with you, includes:

  • Personal details: title, full name, home address, telephone and mobile numbers, email address.
  • Employment details: role, business activities, current employer, work-related social media profile details, business contact details (e.g. contact numbers, business address, work email address).
  • Research Data: opinions and views collected when participating in research, including audio and video recordings, informed consent to participate in research and agreement to terms and conditions.
  • Website Access Details: your computer's unique identifier (e.g. IP Address), general location, the date and time you accessed the Website, the original site you may have come through e.g. Google.

Data protection and privacy laws require organisations to have a “legal basis” or “lawful ground” to collect and handle your personal information. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do so.

The purposes for which we may use your personal data and the legal bases we rely on to perform such processing are set out below:

  • On occasions we may ask for your consent, we will use your personal information for the purposes which we explain at the time
  • For purposes which are required by law:
  • In response to requests from government law enforcement authorities conducting an investigation; or
  • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business.

Where necessary for Bluestone’s’ legitimate interests or those of a third party:

  • To deliver our services  
  • To manage our relationship with you including any enquiries, complaints and feedback;
  • For security purposes, including managing access to research materials, and authenticating your identity;
  • For promotional purposes;
  • To prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law;
  • To manage the security of our networks and property and ensure the appropriate use, including monitoring access to our web platform and IT systems;


We sometimes handle personal information relying on exemptions under the applicable data protection law. These exemptions are specific scenarios defined by the law where the standard rules for handling personal data do not apply or are altered and may include:

  • Public interest: Handling personal data for tasks carried out in the public interest or in the exercise of official authority.
  • Legal compliance: Processing necessary for compliance with a legal obligation.
  • Vital interests: Processing necessary to protect someone’s life.
  • Legal claims: Processing necessary for establishing, exercising, or defending legal claims.
  • Security and other important objectives.
  • Regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).

When such exemptions apply, we may process personal information in ways that differ from what is outlined in this standard Privacy Policy. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Our services are not directed at children and we do not knowingly collect personal data from anyone under the age of 13. If you are under 13, please do not provide us with your personal information. If we become aware that we have collected personal information from a child without appropriate consent, we will delete it promptly.

Bluestone does not carry out any decisions about you based solely on automated processing or profiling. Any personal data collected is used by our expert staff to deliver our services.

Where we need to use your personal information for any other purpose, we will let you know at the time of collection or as required or permitted by law. Any permitted handling of personal information under such exemptions will take priority over this Privacy Policy.

Withdrawal of Consent:

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. You can do this by:

  • Clicking the “unsubscribe” link in any marketing emails you receive from us.
  • Adjusting your cookie preferences at any time through our website by clicking the purple cookie icon in the bottom right-hand corner of any page.
  • Contacting us directly at marketing@bluestone.app

Information Commissioner Office (ICO) Complaints


Customers have the right to take any data protection related complaints to the ICO (Information Commissioner’s Office). If you would like to contact them, details can be found below:

  • Website:https://ico.org.uk/
  • Data Protection and Personal Information Complaints Tool: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints
  • Call: 0303 123 1113

How do we justify our legitimate interests?

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We undertake balancing tests for the data processing we carry out based on our legitimate interests. These balancing tests will regularly review our data processing to assess business needs, security measures and improve user experience whilst exploring alternative means of achieving the same goals to ensure a fair and responsible approach to data processing, aligning with privacy regulations. You can obtain further information on our balancing tests by contacting us on the details below.

Special category information is certain kinds of personal data that is particularly sensitive and requires higher levels of protection. We may collect certain types of special category information from time to time, primarily in the following scenarios:

  • You provide details about your health and/or disability, so we can provide additional support and assistance when attending our offices; or
  • You choose to share such information in your communications with us or in your research responses;

Where we do collect and handle special category personal information, we will only handle that information in accordance with applicable law, including where:

  • We have your explicit consent;
  • Processing is necessary for the establishment, exercise or defence of legal claims; or
  • Processing is necessary for reasons of substantial public interest.

Less commonly, we may process this type of information where it is needed to protect your vital interests (or someone else’s vital interests) and you are not capable of giving your consent, or where you have already made the information public.

We will only disclose personal information to a third party in limited circumstances, or where we are permitted to do so by law. We may share your personal information with clients, research partners and third parties as described below:

  • With third parties who help manage our business and deliver services (e.g. payment service providers, IT support service providers) and our professional advisors (e.g. law firms, insurers, auditors, brokers). These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us;
  • Third parties approved by you (e.g. when you request your data to be transferred); and government, regulatory and law enforcement bodies where we are required in order:
  • To comply with our legal obligations;
  • To exercise our legal rights (e.g. pursue or defend a claim); and
  • For the prevention, detection and investigation of crime.

We may transfer your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets, or in the event there is an operational or management change of the business. .

The personal information that we collect from you will be stored on our servers which are based in the UK and the European Economic Area (“EEA”). The user data that we may capture from your visit to our website is held within Google Analytics and may be stored outside of the UK by Google. For more information on how we use analytics to improve our website, please refer to our Cookie Policy.

We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To this end, we will:

When transferring personal data to a Client or third parties outside the EEA:

  • To put in place binding corporate agreements, which will include the standard contractual clauses approved by the European Commission for transferring personal information outside the EEA, to ensure that your information is safeguarded; or
  • Ensure that the country in which your personal information will be handled has been deemed ‘adequate’ by the UK Government or the European Commission, or that the transfer is covered by an appropriate safeguard such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs) with the UK Addendum, or participation in the EU–US Data Privacy Framework and the UK–US Data Bridge.
  • Carefully validate any requests for information from law enforcement or regulators before disclosing the information.

If you would like further information about the global handling of your personal information, please contact us at marketing@bluestone.app

Bluestone takes precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect your personal information using a variety of security measures including:

  • Encryption;
  • Firewalls;
  • Secure, encrypted cloud-based services;
  • Placing confidentiality requirements on employees and service providers;
  • Providing employee training to ensure that your personal data in handled correctly;
  • Destroying or permanently anonymising personal information if it is no longer needed for the purposes it was collected; and
  • Secure physical storage units for hard copy files with appropriate security restrictions, preventing damage, and unauthorised access to your personal information.
  • Bluestone is Cyber Essentials compliant and registered.  

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we have in place robust procedures and security features to try to prevent unauthorised access.

We will store your personal information for as long as is reasonably necessary for the purposes set out in this Privacy Policy.  

Below are the general criteria we use to determine how long we will keep your personal information, where upon we will either delete or anonymise your personal data:

  • Any digital data gathered at the request of the Client will be stored on secure cloud based data servers.
  • Other Research Data and General Personal Data:

Bluestone will retain your personal data in accordance with any applicable limitation period (as set out in applicable law). We will keep your personal information for as long as is necessary to fulfil the purposes we collected it for, including to satisfy legal, accounting or reporting requirements as outlined below:

Unless otherwise stated, Bluestone will generally retain your personal data in accordance with any applicable limitation period (as set out in applicable law) plus one (1) year, to allow reasonable time for review and deletion/anonymisation of the personal information held. This will usually be seven (7) years following the expiry of our business or participant relationship with you.

We are required by law (for the purpose of complying with regulatory, tax, accounting requirements etc.) to retain certain information for a period following the expiry of our relationship with you.

Research participation data (e.g. survey responses, recordings, informed consent forms): retained for up to 5 years after the completion of the research project, unless otherwise stated at the time of collection.

Marketing data (e.g. email subscriptions, cookie identifiers, campaign engagement): retained until you withdraw consent or unsubscribe, or after 2 years of inactivity.

Website analytics data (e.g. IP address, device information, cookies): retained in line with our Cookie Policy, typically between 14 months and 2 years, depending on the tool.

Special category data (e.g. health or disability details shared for event access): retained only for as long as necessary to provide the relevant support and then securely deleted.

In specific circumstances (such as ongoing legal obligations, disputes, or where litigation is anticipated) we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

You have legal rights in connection with personal information. Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information (commonly known as the “right to be forgotten”). This enables you to ask us to delete or remove personal information in limited circumstances, where: (i) it is no longer needed for the purposes for which it was collected; (ii) you have withdrawn your consent (where the data processing was based on consent); (iii) following a successful right to object (see Object to processing); (iv) it has been processed unlawfully; or (v) to comply with a legal obligation to which the Bluestone is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for several reasons, including: (i) for compliance with a legal obligation; or (ii) for the establishment, exercise or defence of legal claims.

Object to processing of your personal information by us or on our behalf which has our legitimate interests as its legal basis for that processing, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. You can object at any time to your personal information being processed for direct marketing (including profiling).

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, but only where: (i) its accuracy is contested, to allow us to verify its accuracy; (ii) the processing is unlawful, but you do not want it erased; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or (iv) you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where: (i) we have your consent; (ii) to establish, exercise or defend legal claims; or (iii) to protect the rights of another natural or legal person. You can:

  • Request the transfer of your personal information. You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another Controller, but in each case only where: (i) the processing is based on your consent or on the performance of a contract with you; and (ii) the processing is carried out by automated means.
  • Obtain a copy, or reference to, the personal data safeguards used for transfers outside the European Union. We may redact data transfer agreements to protect commercial terms.
  • Withdraw consent to processing where the legal basis for processing is solely justified on the grounds of consent.

Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.

Data Breach Handling and Notification

Bluestone takes the protection of personal information seriously and has procedures in place to identify, assess and respond to personal data breaches. Where a breach occurs that we believe may result in a risk to any of your personal data held by Bluestone, we will notify the Information Commissioner’s Office (ICO) without undue delay. In the event that we identify that the breach is likely to result in a high risk to you, we will also notify you directly and provide clear information about the nature of the breach, the data affected and the steps we are taking in response.

We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

We reserve the right to update this Privacy Policy.

Top ↑
Useful Sections
Bluestone VehiclesBluestone ServicesWhy BluestoneSearch Library BusinessSearch Library Partner
Bluestone Portal
Bluestone
Head Office

Lakeside House, Navigation Court
Wakefield WF2 7BJ
Tel: 0330 135 8660
Email: info@bluestone.app

Customer Service

We work hard to provide excellent service but if you feel we have let you down in any way, please send us your feedback using our customer service form.

View our Complaints Policy.

Information
Contact Us

Bluestone Main Number: 0330 135 8660
Marketing: 0330 135 8661
PR & Advertising: 0330 135 8662
Bluestone Capital: 0330 135 8663
Asset Secure: 0330 135 8664

Your calls may be recorded for training and compliance purposes.

Join us on our socials:

© Bluestone 2024 - 2025. Terms of Use | Cookie Policy | Complaints Policy | Privacy Policy | Fair Processing Notice | Modern Slavery Statement | Women in Finance Charter

Bluestone, Bluestone Leasing, Bluestone Vehicles and AssetSecure are trading styles of Bluestone Leasing Limited (we), we are incorporated in England and Wales with registered no. 02519389 and registered office at Lakeside House, Navigation Court, Wakefield WF2 7BJ. ICO Data Protection Registration no. Z6897676. We are authorised and regulated by the Financial Conduct Authority with registration no. FRN: 663701. We act as a credit broker for regulated / non-regulated activities, a lender for non-regulated transactions and an insurance intermediary, meaning we arrange insurance policies on behalf of insurers.  We offer a variety of products and services from a wide range (but not the entire market) of Finance Companies, Insurers, UK Vehicle Dealerships and Product Providers with whom we have commercial agreements in place. We can only introduce you to those companies in which we have these commercial agreements. We are a Commission based Organisation which means that we receive payments for introductions, this financial remuneration may be variable or pre-set dependent on the product or service and the volume that we place with that organisation. The commission received will affect the amount you will pay under your finance agreement, product, or service. The amounts that we receive may vary. In some circumstances we may charge you a fee directly.  Our Company Policies can be found here; which includes but not limited to Privacy Policy, Fair Processing Notice (FPN) and Complaints Procedure.
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customise your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use please see our Cookie Policy and Privacy Policy. If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
Let Me ChooseDenyAccept