Last Updated: April 15, 2026
Code Blue Ltd. (“Code Blue“, “we“, “our“, or “us“) is an Israeli private company specializing in cyber crisis management, preparedness, incident response, and related advisory services. We operate the website www.stage.codebluecyber.com, the Blue Castle AI platform (www.bluecastle.ai), and provide professional services to clients in Israel, Germany, Italy, Canada, and other jurisdictions.
We are committed to protecting your privacy and ensuring the fair and lawful processing of personal information in full compliance with the Israeli Privacy Protection Law, 5741-1981 (“the Law“), as amended by Amendment No. 13 (effective August 14, 2025), the Privacy Protection Regulations (Data Security), 5777-2017 (“the Security Regulations“), the relevant guidance of the Privacy Protection Authority, all as shall be updated from time to time, and any other applicable law.
This Privacy Policy (“Policy“) explains what personal information we collect, why we collect it, the legal basis for processing, how long we retain it, with whom we share it, and the rights available to you. It applies to all visitors, contacts, prospective clients, and service recipients who interact with our website, platform, or services.
We recommend that you read this Policy and ensure you fully understand and agree to it. If you do not agree to this Policy, please discontinue and avoid using our Services.
You are not legally required to provide us with any personal information. If you choose not to provide certain information, you may experience certain limitations, including: (i) inability to receive comprehensive customer support; (ii) restricted access to specific website features; and (iii) non-receipt of newsletter and marketing communications.
We collect the following categories of personal information:
When Code Blue provides cyber crisis management or incident response services, we may access or receive data from client systems as necessary to perform those services. Such data is processed strictly on behalf of the client under a separate services agreement and data processing arrangement. It is not used for any other purpose and is subject to strict confidentiality obligations.
We do not collect or process sensitive information (such as health data, biometric identifiers, ethnic origin, criminal records, or financial account data) through this website or in connection with our own marketing and operations unless specifically required by applicable law or the scope of an agreed engagement.
We process personal information only where a lawful basis exists. Such processing may include:
Where we rely on consent as the legal basis, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We do not process personal information for purposes incompatible with those described above without obtaining your prior explicit consent.
Subject to the conditions and restrictions set out under applicable laws, we will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter to comply with audit, contractual or legal requirements, or where we need to meet obligations under applicable laws, including data security and record-keeping requirements. We may retain personal information in computer backup or archival copies generated in the ordinary course of our business.
Retention periods are determined based on the nature of the information, the purpose of processing, and applicable legal requirements. When personal information is no longer required, we will delete or anonymize it in accordance with our data security policies and applicable law.
We do not sell personal information. We may share personal information with:
We engage trusted third-party service providers (such as cloud hosting providers, email platforms, and CRM tools) that assist in operating our website and delivering our services. These providers act as processors on our behalf and are bound by confidentiality and data security obligations consistent with the Security Regulations and applicable law. Where required, we enter into data processing agreements with them.
Code Blue operates internationally through affiliated entities, including Code Blue GmbH (Frankfurt, Germany) and operations in Italy and North America. Personal information may be shared within this group where necessary for operational purposes, subject to appropriate contractual protections and, where applicable, in compliance with EU GDPR requirements.
We may disclose personal information to law enforcement authorities, courts, regulators, or other public bodies where required to do so by applicable law, court order, or regulatory requirement, or where necessary to protect the rights, property, or safety of Code Blue, our clients, or the public.
In the event of a merger, acquisition, or sale of assets involving Code Blue, personal information may be transferred to the relevant counterparty as part of that transaction, subject to appropriate confidentiality commitments.
We may share personal information with third parties where you have provided explicit prior consent for us to do so.
Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit a website. We use cookies to ensure website functionality, understand how visitors use our website, and (where you consent) to deliver relevant content.
Cookie Type | Consent Required? | Purpose |
Strictly Necessary | No | Essential for website operation: navigation, secure area access, basic functionality. Cannot be disabled without affecting core features. |
Functional / Preference | No | Remember your settings, language preferences, and improve usability across return visits. |
Analytics | Yes – Opt-in | Understand how visitors interact with our website (e.g., Google Analytics). Data is aggregated and pseudonymized. Only placed after explicit consent via our cookie banner. |
Marketing / Targeting | Yes – Opt-in | Deliver relevant content and measure engagement across other platforms (e.g., Google Ads Remarketing). Only placed after explicit consent via our cookie banner. You may withdraw consent at any time through the cookie settings. |
When you first visit our website, a cookie consent banner is displayed. Analytics and marketing cookies are not placed until you actively accept them. You may change your preferences at any time via the cookie settings link in our website footer, or by adjusting your browser settings.
Please note that disabling certain cookies may affect your experience of the website. Withdrawing consent for analytics or marketing cookies does not affect cookies that are strictly necessary for the website to function.
Code Blue operates globally, with presence in Israel, Germany, Italy, and North America. As a result, personal information may be transferred to, stored in, or processed in countries outside your country of residence.
Israel has been granted an adequacy decision by the European Commission, confirming that the Israeli privacy framework provides an essentially equivalent level of protection to EU law. Transfers of personal data between the EU/EEA and Israel are therefore permitted without additional safeguards, subject to compliance with the Privacy Protection Regulations (Provisions Regarding Data Transferred to Israel from the EEA), 5783-2023.
Where personal information is transferred to or from our German or Italian operations, such transfers are conducted in compliance with the EU General Data Protection Regulation (GDPR). We implement appropriate contractual safeguards (including Data Processing Agreements and, where required, Standard Contractual Clauses) for any onward transfers to countries not covered by an adequacy decision.
We do not transfer personal information to countries that do not provide an adequate level of protection without first implementing appropriate legal safeguards.
As a Data Subject, you have the following rights with respect to personal information we hold about you:
To exercise any of the above rights, please contact our Data Protection Officer at: privacy@stage.codebluecyber.com. We will acknowledge your request within 7 business days and endeavor to respond fully within 30 days. We may ask you to verify your identity before processing your request.
We implement comprehensive physical, technical, and organizational measures to protect personal information against unauthorized access, use, alteration, disclosure, or destruction. These measures include:
While we apply industry-standard security practices, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security. If you become aware of a security issue affecting your interaction with us, please notify us immediately at privacy@stage.codebluecyber.com.
In the event of a severe security incident affecting personal information, we will notify the Privacy Protection Authority (PPA) and, where required by law or where there is a high risk to your rights, we will notify affected individuals without undue delay and in accordance with the timeframes prescribed by applicable law.
Our website and professional services are directed exclusively at business clients, professionals, and adults. We do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe that a minor has provided us with personal information, please contact us immediately at privacy@stage.codebluecyber.com and we will take prompt steps to delete that information.
Our website may contain links to third-party websites, including those of our partners, clients, and industry organizations. This Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices or content of external websites.
We may update this Policy from time to time to reflect changes in our data processing practices, applicable legal or regulatory requirements, or our business operations. Any material changes will be published on our website with a minimum of seven (7) days’ notice before the revised Policy takes effect. The date of the most recent revision is displayed at the top of this document.
Your continued use of our website or services following notice of a change constitutes your acceptance of the revised Policy. If you do not agree to the updated Policy, you should discontinue use of our services.
For any questions, concerns, or requests relating to this Policy or the processing of your personal information, please contact our Data Protection Officer:
Governing Law & Jurisdiction
This Policy is governed by and construed in accordance with the laws of the State of Israel. Any dispute arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts of Tel Aviv.
© Code Blue Ltd. All rights reserved.
