Welcome to Bridge.
EEA Privacy Policy
01
This Document
1.1 Who we are: Bridge Building Sp. Z.o.o., a company incorporated in Poland with its registered office at ul. Bartycka 22B/21A, Warsaw, 00-716, Poland and with KRS company number 0001039515, and other companies in the Bridge group collect and use certain Personal Data.
1.2 Please read this Privacy Policy: We take your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your Personal Data) in connection with your use of the Services and other online platforms. It also explains your rights in relation to your Personal Data and how to contact us or a relevant regulator in the event you have a complaint.
1.3 We are the controller: We are the controller of Personal Data obtained via the Services and other online platforms (such as social media), meaning we are the organisation legally responsible for ensuring compliance with data protection laws, including (but not limited to) the EU GDPR and any other national, implementing or supplementing data protection legislation. This includes deciding how and for what purposes Personal Data is used.
1.4 Third party links: Throughout our Services we may link to other websites owned and operated by certain trusted third parties, including to help us perform identity verification or make additional products and services available to you. Those third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party websites, please consult their privacy policies as appropriate.
1.5 Changes to this Privacy Policy: We may change this privacy policy from time to time—when we make significant changes, we will take steps to inform you, for example by including a prominent link to a description of those changes on our website for a reasonable period or by other means, such as email.
“Bridge Website” means the Bridge website available at bridge.xyz and any other website made available by Bridge or its affiliates from time to time.
“Bridge”, we or us means Bridge Building Sp. Z.o.o. and other companies of the Bridge group.
“Bridge Website” means the Bridge website available at bridge.xyz and any other website made available by Bridge or its affiliates from time to time.
“Bridge”, we or us means Bridge Building Sp. Z.o.o. and other companies of the Bridge group.
“EEA” means the European Economic Area.
“EU GDPR” means the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) and any laws and regulations implementing or created pursuant to the EU GDPR.
“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Bridge (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Bridge or any other person in respect of an individual.
“Privacy Policy” means this privacy policy.
“Services” means the Bridge Website, our online platform (including APIs) made available through the website of one of our partners and any other online service or platform that Bridge provides users from time to time.
“User(s)” or “You” means the users of the Services.
02
The types of personal data we collect
The Personal Data we collect about you depends on the particular activities carried out. Many of the services offered by Bridge require us to obtain Personal Data about you in order to perform the Services we provide. Users may be unable to access the Services if such Personal Data are not provided. In relation to each of the services described at Section 2.1 above, we will collect and process the following Personal Data about you:
- Information that you provide to us: This includes information about you that you provide to us. The nature of the services you are requesting will determine the kind of Personal Data we might ask for, though such information may include (but is not limited to):
- basic Personal Data (such as first name; family name; job role; email address; phone number; postal address; city; postcode; country; hashed password; national identification number, identity documents, proof of address documentation, payment information (such as banking information, wallet address, payment card details));
- any other information that you choose to share via the Services which may be considered Personal Data;
- Information that we collect or generate about you. This includes (but is not limited to): technical information about your use of the Services e.g. sensor, location, connectivity, technical and aggregated usage data, such as your GPS/GNSS location data; home and work locations; IP addresses, wireless networks, cell towers and Wi-Fi access points; non-identifying data regarding a device, operating system, and browser; activity, communication, and performance logs; issues and bugs; and user activity on our Services. This data does not enable us to learn your true identity or contact details and serves mostly to improve the overall performance of our Services, and to better understand how our users typically use our Services and how we could improve their user experience.
For more information on the cookies and other tracking technologies used by Bridge please see Section 9 of this Privacy Policy and our Cookie Notice below.
- Information we obtain from other sources. We may receive information about you from third parties. For example, we may receive information about you from outside records of third parties, such as identity information. We may supplement the information we collect about you through the Services with such information from third parties in order to verify your identity or enhance our ability to serve you. If we combine such data with information we collect through the Services, such information is subject to this Privacy Policy unless we have disclosed otherwise.
03
How we use your information
3.1 Under data protection law, we can only use your Personal Data if we have a proper reason, e.g.:
a. where you have given consent;
b. to comply with our legal and regulatory obligations;
c. for the performance of a contract with you or to take steps at your request before entering into a contract, or
d. for our legitimate interests or those of a third party.
3.2 A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
3.3 The information below explains what we use your Personal Data for and why.
1. Purpose
To facilitate, operate, and provide our Services as set out in their relevant terms and conditions and to enforce our Terms of Service and any other agreements between you and Bridge.
Our reasons and lawful basis relied on under the EU GDPR
To perform our contract with you (or to take steps at your request before entering into a contract).
Relevant categories of Personal Data
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
2. Purpose
To provide our users with assistance and support.
Our reasons and lawful basis relied on under the EU GDPR
To perform our contract with you.
Relevant categories of Personal Data
Your account details (username) and contact information, including email address and telephone number.
3. Purpose
To authenticate the identity of our users, and to allow them to access and use our Services.
Our reasons and lawful basis relied on under the EU GDPR
Compliance with a legal obligation and to perform our contract with you.
Relevant categories of Personal Data
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
4. Purpose
To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity.
Our reasons and lawful basis relied on under the EU GDPR
Compliance with a legal obligation and legitimate interests
Relevant categories of Personal Data
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
5. Purpose
To comply with any other applicable laws and regulations.
Our reasons and lawful basis relied on under the EU GDPR
Compliance with a legal obligation.
Relevant categories of Personal Data
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
04
Disclosure of your information to third parties
The table below sets out who we share Personal Data with.
1. Who we share with
Other Bridge Group companies
Use by recipient
To assist us in performing our Services.
Relevant categories of personal information transferred (or likely to be transferred to) recipient
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
2. Who we share with
Third party service providers
Use by recipient
To help deliver our Services to you, such as payment service providers, digital storage providers, and identity verification providers.
To help us run our business including (but not limited to) hosting and server co-location services, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, payment processing services, e-mail and SMS distribution and monitoring services, session recording, and our business, legal and financial advisors). These Service Providers may have access to your Personal Information, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.
Relevant categories of personal information transferred (or likely to be transferred to) recipient
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
3. Who we share with
Bridge Partners
Use by recipient
If you access Services through the website of one of Bridge’s partners, then we may share your Personal Information with that partner in order to provide the Services.
Relevant categories of personal information transferred (or likely to be transferred to) recipient
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
4. Who we share with
Our regulators, law enforcement agencies or other relevant governmental agencies
Use by recipient
Compliance with a legal obligation and legitimate interests.
Relevant categories of personal information transferred (or likely to be transferred to) recipient
Your name, address, date of birth, and contact information, including email address and telephone number, your account details (username) and your payment details.
Your identity documentation and proof of address documentation.
Your national identification number.
Any other information that you choose to share via the Services which may be considered Personal Data.
05
International Transfers of Personal Data
5.1 We may transfer your Personal Data: Bridge has customers and operations spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
5.2 Protections when transferring internationally: Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the EEA, for example, this may be done in one of the following ways:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data. A list of countries the European Commission has currently made adequacy decisions in relation to is available here. We rely on adequacy decisions for transfers to the following countries: United States;
- there are appropriate safeguards in place for you (including, but not limited to, the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data);
- the recipient may have adhered to binding corporate rules (only for intragroup transfers);
- in other circumstances the law may permit us to otherwise transfer your Personal Data outside of the EEA.
You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA by contacting us as described below.
06
How we safeguard your information
We maintain administrative, technical, and physical safeguards that are designed to protect the privacy and security of your Personal Data. For example, all information you provide is accessible only to designated staff. In addition, all information is protected by SSL/TLS encryption when it is exchanged between your web browser and the Services.
We note, however, that the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of information transmitted to or via the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. In addition, where you have chosen a password for access to certain parts of our Services, you are responsible for keeping this password confidential.
We will take steps to ensure that the Personal Data is accessed only by employees of Bridge that have a need to do so for the purposes described in this Privacy Policy.
07
How long we keep your personal data
7.1 How long we will hold your Personal Data for will vary and will be determined by the following cumulative criteria:
- the purpose for which we are using it – Bridge will need to keep your Personal Data for as long as is necessary for that purpose;
- as needed to deal with potential or actual legal claims, complaints, litigation or regulatory proceedings; and
- legal obligations – laws or regulation may set a minimum period for which Bridge has to keep your Personal Data.
08
Your Rights
8.1 What are your rights: In all the above cases in which we collect, use or store your Personal Data, you may have the following rights which you can exercise free of charge. These rights include:
- the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
- the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
- in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to Bridge;
- the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
- the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it;
- the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
8.2 You can exercise your rights by contacting us using the details listed below. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction. For a list of EEA data protection supervisory authorities and their contact details see here.
10
Contact Us
If you have questions or concerns regarding, or a request to make pursuant to this Privacy Policy, please contact us by please contact us using the following contact details.
Address: ul. Bartycka 22B/21A, Warsaw, 00-716, Poland
Email: privacy@bridge.xyz
11
Concerns and Complaints
11.1 Contact us: For further information regarding the processing of your Personal Data by Bridge, this Privacy Policy, questions relating to consent, or in order to exercise the rights mentioned above, please contact us using the details above.
11.2 Lodging complaints: We hope we will be able to resolve any issues you may have. You also have the right to lodge a complaint with:
a. our lead supervisory authority in the EEA, details of which are below:
Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 531 03 00
Email: kancelaria@uodo.gov.pl dwme@uodo.gov.pl
Website: https://uodo.gov.pl/
or
b. a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA. For a list of EEA data protection supervisory authorities and their contact details see here.
