Privacy Policy

Blue Wonders Consultancy ("Blue Wonders", "we", "us" or "our") is a digital consultancy registered in the Philippines, providing web design and development, digital marketing and related professional services. Our website is bluewondersconsultancy.com.

This Privacy Policy explains what personal information we collect through our website and during our engagements, why we collect it, how we use and share it, and the choices you have. It applies to visitors of our website and to representatives of clients, prospects and partners.

We collect information in three ways:

• Information you give us. When you submit a contact form, request a proposal, subscribe to updates or otherwise reach out, you may share your name, work email, company, phone number, role and the contents of your message.
• Information collected automatically. When you visit our website, we and our service providers may collect technical information such as your IP address, browser type, device type, operating system, referring URL, pages visited, time spent on pages and approximate location derived from your IP address.
• Information from third parties. We may receive limited information from analytics, advertising and security providers — for example, aggregated usage statistics or fraud-prevention signals.

We do not knowingly collect personal information from children under 18. If you believe we have, please contact us so we can delete it.

We use personal information to:

• respond to enquiries, proposals and support requests;
• deliver, manage and improve the services we provide to clients;
• operate, secure and improve our website, including measuring performance and diagnosing issues;
• send service-related communications and, where permitted, marketing about services similar to those you have asked about;
• comply with legal obligations and enforce our agreements; and
• detect, prevent and respond to fraud, abuse and security incidents.

Where the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) or the EU General Data Protection Regulation (GDPR) applies, we process personal information on the following legal bases:

• Consent — for example, when you opt in to marketing communications.
• Contract — to take steps at your request prior to entering an agreement, and to perform the services we have agreed to provide.
• Legitimate interests — to operate, secure and promote our business in ways you would reasonably expect, where those interests are not overridden by your rights.
• Legal obligation — where we are required to process information to comply with applicable law.

Our website uses a small number of cookies and similar technologies to make the site work, remember your preferences and measure usage. Where required, we ask for your consent before setting non-essential cookies. You can change or withdraw your cookie consent at any time using your browser settings.

We do not sell personal information. We share it only with parties who help us run our business, on terms that protect your data:

• Service providers — hosting, email, analytics, customer-support and security vendors operating on our instructions.
• Professional advisors — auditors, lawyers and accountants where there is a legitimate business need.
• Legal and safety — public authorities, courts or other parties where we are legally required to disclose, or where disclosure is needed to protect rights, property or safety.
• Business transfers — to a successor entity in connection with a merger, acquisition or sale of assets, subject to confidentiality protections.

Our service providers may process information in countries other than your own. Where we transfer personal information across borders, we use lawful transfer mechanisms — such as standard contractual clauses or equivalent safeguards — to keep it protected to the standard required by applicable law.

We keep personal information only as long as we need it for the purposes set out in this Policy, or as required by law. Contact enquiries that do not lead to an engagement are typically deleted within 24 months. Records related to active or past client engagements are retained for the period required by tax, accounting and contractual obligations.

We use administrative, technical and physical safeguards designed to protect personal information from loss, misuse and unauthorised access. These include access controls, encryption in transit, secure backups and regular reviews of our security practices. No system is perfectly secure; if we ever suffer an incident affecting your information, we will notify you and the relevant authorities as required by law.

Subject to applicable law, you have the right to access, correct, update, delete or restrict our processing of your personal information, and to object to certain processing. You may also ask us to provide a portable copy of information you have provided. To exercise these rights, contact us using the details below.

You may also lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph) or, where applicable, your local data protection authority.

We may update this Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify you by email or through a notice on the website. Continued use of our website after a change takes effect constitutes acceptance of the revised Policy.

For questions about this Policy or to exercise any of your rights, contact our privacy team at business@bluewondersconsultancy.com or by post at:

Blue Wonders Consultancy
702 RCI Building, 105 Rada, Legazpi Village, Makati City, 1227 Metro Manila, Philippines