Who we are
The Blue John Collective Ltd (“Blue John”, “we”, “us”) owns and operates GREY, a people risk intelligence platform. We take your privacy seriously. This policy explains how we collect and use personal data in connection with GREY Insights.

Who this policy is for
This policy applies to individuals whose data has been used to create a GREY Insight requested by an organisation as part of a talent acquisition, talent management or due diligence process. You may not have had direct contact with Blue John or GREY.

If you are a Blue John marketing contact or website visitor, a separate privacy policy applies: wearebluejohn.com/privacy-policy.

What we collect
GREY analyses publicly observable data. This is information you have chosen to make accessible through professional and public channels. This may include your professional history, public statements, media coverage and information shared on social media platforms.

We never access private accounts or private messages.

How we handle sensitive data
We never infer special category data. This includes health or disability, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and other sensitive categories protected under UK GDPR.

If you have openly and voluntarily spoken about your own experience in one of these areas including, for example, as a public advocate for a charity organisation, that self-disclosed information may be included as part of your public narrative. No single datapoint is determinative, as GREY Insights are always based on the totality of publicly observable information, reviewed by a human editor before publication.

How we use it
Your data is used to produce a GREY Insight: a structured analysis of publicly observable behavioural and reputational signals. Every GREY Insight is reviewed by a member of our Reputation Editorial team before it is published to the customer. No automated output is ever released without human sign-off.

GREY provides insight to inform decisions made by organisations. GREY does not make the decision. We are providing insight not judgement and the final decision will always sit with the organisation that commissioned the GREY Insight.

Our legal basis
We process your data on the basis of legitimate interests under UK GDPR. We have formally assessed that our processing is lawful, necessary and proportionate, and that your interests do not override ours, given the controls we apply. You can request a copy of our Legitimate Interests Assessment at any time by emailing us at hello@wearebluejohn.com.

How long we keep it
GREY Insights are active only for the duration of the relevant talent or due diligence process. Reports are automatically archived after six months and permanently deleted after two years, unless an organisation requests this action sooner.

Your rights
Under UK GDPR you have the right to access, correct, or delete your data, to restrict how we use it, and to object to processing. To exercise any of these rights, contact us at hello@wearebluejohn.com. We will respond within 30 days.

If you are not satisfied with our response, you can complain to the Information Commissioner’s Office at ico.org.uk.

Changes to this notice
We may update this notice from time to time. The current version will always be at wearebluejohn.com/privacy-policy.