Last update: 29/11/2025

Privacy Policy

This Privacy Policy explains how Alexandra Espinosa Hortelano, operating under the brand Blue Ocean, (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website www.blueoceanpro.eu (“Website”).

We are committed to ensuring that your privacy is protected and that we process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

1. Data Controller

The data controller responsible for processing your personal data is:

Alexandra Espinosa Hortelano
Carrer de Viladomat 169
08015 Barcelona, Spain
Email: alexandra.espinosa@blueoceanpro.eu

2. Personal Data We Collect

We collect only the data necessary to operate the Website and respond to user inquiries.

2.1. Data provided through the Contact Form

When you contact us via our Website form, we collect:

  • First name

  • Surname

  • Email address

  • Organisation

  • Message content


2.2. Discovery Call Scheduling (Google Calendar)

If you book a call, Google Calendar may process:

  • Name

  • Email

  • Appointment details

Google processes this data according to its own terms and privacy policy.

2.3. Cookies & Analytics

We use:

  • Google Analytics 4 (GA4)

  • A cookie consent banner provided by Framer


GA4 collects aggregated analytics data such as:

  • Device information

  • Website interactions

  • IP address (anonymised)

  • Browser information

You may refuse non-essential cookies through the cookie banner.

3. Purposes and Legal Bases of Processing

Purpose

Description

Legal Basis

Responding to inquiries

Managing and responding to messages submitted through the contact form

Pre-contractual measures (Art. 6(1)(b) GDPR)

Scheduling discovery calls

Allowing users to schedule meetings via Google Calendar

Pre-contractual measures (Art. 6(1)(b) GDPR)

Website analytics

Understanding Website performance and improving user experience

Consent (Art. 6(1)(a) GDPR)

Ensuring Website functionality

Cookies essential for the Website to operate

Legitimate interest (Art. 6(1)(f) GDPR)

We do not use personal data for unsolicited marketing.

4. Data Sharing

We do not share personal data with external third parties for commercial purposes.

However, data may be processed by service providers acting on our behalf, such as:

  • Google (Google Analytics, Google Calendar)

  • LinkedIn (embedded posts or button integrations, if used)

  • Framer (Website hosting platform)

These providers act as data processors or independent data controllers and process personal data according to their own privacy terms.

5. International Data Transfers

Some of our service providers (e.g., Google, LinkedIn) are located outside the European Economic Area (EEA).

Whenever personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Additional contractual, technical, or organisational measures where required

More information about Google’s and LinkedIn’s transfer mechanisms is available in their respective privacy notices.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

  • Contact form inquiries: retained for 12 months

  • Call scheduling information: retained as long as needed to manage the meeting and any follow-up

  • Analytics cookies: retained according to Google Analytics’ retention settings

  • Technical logs: retained for security purposes for a limited and reasonable period

After these periods, data will be securely deleted.

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access – request a copy of your personal data

  • Right to rectification – request correction of inaccurate data

  • Right to erasure – request deletion of your data under certain conditions

  • Right to restrict processing

  • Right to data portability

  • Right to object to certain processing activities

  • Right to withdraw consent (when processing is based on consent)

To exercise any of these rights, contact: alexandra.espinosa@blueoceanpro.eu

We may request proof of identity to ensure the security of your data.

8. Security Measures

We take appropriate technical and organisational measures to protect personal data from:

  • Unauthorised access

  • Loss or misuse

  • Accidental destruction

While no online service is entirely risk-free, we strive to protect your data to the highest standards.

9. Policy for Minors

Our Website and services are not directed at individuals under 16, and we do not knowingly collect personal data from minors. If you believe such data has been collected, please contact us for removal.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. Updates will be posted on this page with a revised “Last updated” date.

Users are encouraged to review this Policy regularly.

11. Contact

For any privacy-related questions, requests, or concerns, please contact:

📧 alexandra.espinosa@blueoceanpro.eu