Bridgit Inc. Privacy Notice

Contact support →

Bridgit Inc. (“Bridgit”) is committed to protecting the privacy and Personal Information of all users and visitors to its websites (“Users”), and individuals and businesses (“Customers”) using its products and services(“Services”). This Privacy Notice explains how Bridgit collects, uses and shares Personal Information of its Customers and Users, and outlines the rights and obligations of parties with respect to Personal Information disclosed in the use of the Services and websites (“Sites”). This Privacy Notice is incorporated by reference, is part of and subject to the Terms of Use.

A separate agreement governs delivery, access and use of the Services (the “Customer Agreement”), including the processing of any files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer” or “Employer”) controls their instance of the Services (“Customer Account”) and any associated Customer Data. If you have any questions about specific to Customer Account settings and privacy practices, please contact the Customer whose Services you use.

Information we Collect and Receive

Bridgit may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways and in different capacities. For all personal information included in Customer Data, we will be the responsible “data processor,” the party that carries out activities on behalf of the “data controller,” the party who controls the means and purposes of the processing of personal information. When we collect Other Information from you, we will be the data controller.

Customer Data. Customers or individuals granted access to a Customer Account through a Customer (“Authorized Users”) routinely submit Customer Data to Bridgit when using the Services.
Other Information. Bridgit also collects, generates and/or receives Other Information:
- Customer Account and Account Information. To create or update a Customer Account, you or your Employer supply Bridgit with your name, email address, employee ID, hire date, job title, department, line of business and/or similar account details.
- Usage Information.
  - Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, Bridgit logs activity audit records and usage statistics.
  - Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data. For our Websites personal information collected include name, email address, phone number, and information about the organization you work for
  - Device information. Bridgit collects information about devices accessing the Services, including type of browser or device and what operating system is used.
  - Location information. While using our Websites we receive information from you, and other third-parties that helps us approximate your location. We may, for example, use an IP address received from your browser or device to determine approximate location.
- Cookie Information. Bridgit uses cookies and similar technologies in our Websites and Services that help us collect Other Information.
- Additional Information Provided to Bridgit. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Bridgit.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Customer Account setup details, is not provided, we may be unable to provide the Services.

How we Use Information

Customer Data will be used by Bridgit in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. In these respects, Bridgit is a data processor of Customer Data and Customer is the controller of that data. Customer may, for example, use the Services to grant and remove access to a Customer Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.

Bridgit uses Other Information it collects in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, Bridgit uses Other Information:

To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
As required by applicable law, legal process or regulation.
To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them.
In addition, we may contact you about new product features, promotional communications or other news about Bridgit. We will only send you commercial messages if you agree to receive them. You can control this process and have the ability to opt-in to these messages or unsubscribe should you no longer wish to receive any commercial messages from us.
We may de-identify and aggregate Other Information.
To investigate and help prevent security issues and abuse.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person (that is, no longer considered personal information), Bridgit may use it for any business purpose.

Lawful Basis For Processing

Customer Data and any associated personal information will be processed by Bridgit on the basis of the performance of the Customer Agreement. If you have any questions specific to the Customer Account settings and privacy practices, please contact your Employer.

With respect to Bridgit’s use of Other Information it collects in furtherance of our legitimate interests in operating our Services, Websites, and business the lawful basis for processing is as follows:

To provide, update, maintain and protect our Services, Websites and business. Lawful basis is the performance of the Customer Agreement and necessary for our legitimate interest for running our business, provisions of administration and IT services, network and data security.
As required by applicable law, legal process or regulation.
To communicate with you by responding to your requests, comments and questions. Lawful basis is your consent and necessary for our legitimate interest to respond to your requests, comments and questions.
To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications which are on the basis of performance of the Customer Agreement.
We may contact you about new product features, promotional communications or other news about Bridgit and will be on the basis of consent and necessary for our legitimate interest to develop our services and grow our business.
We may de-identify and aggregate Other Information on the basis as it is necessary for our legitimate interests to define types of customers for our services, to keep our site and Services updated and relevant, to develop our business and Services.
Cookie Information. Bridgit uses cookies and similar technologies in our Websites and Services and is collected on the basis in performance of the Customer Agreement, on Consent, and as necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy (for the necessary cookies).

Data Retention

Bridgit will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Bridgit may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information for the period of time needed for Bridgit to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

How we Share and Disclose Information

This section describes how Bridgit may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Bridgit does not control how they choose to share or disclose Information.

Customer’s Instructions. Bridgit will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
Customer Access. Administrators, Customer Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Services features to export logs of Customer Account activity, or accessing or modifying your profile details.
Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services. We will ensure that any third party processing your information on our behalf does so in compliance with this Policy and applicable law.
Corporate Affiliates. Bridgit may share Other Information with its corporate affiliates, parents and/or subsidiaries.
Aggregated or De-identified Data. We may use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Bridgit customer the average amount of time spent within a typical Customer Account.
To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
With Consent. Bridgit may share Other Information with third parties when we have consent to do so.

Information Security

Bridgit shall implement and maintain commercially reasonable technical and organizational measures that are designed to protect against security incidents involving, and unauthorized or accidental destruction, loss, alteration or damage, unauthorized disclosure of or access to, personal information and designed to preserve the security and confidentiality of personal information, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Bridgit follows SOC 2 compliance and is audited annually. We also limit access to personal information to those employees, contractors and agents who have a business need to know.

Changes to this Privacy Policy

Bridgit may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Bridgit will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should contact your Employer to deactivate your Services account. Contact your Employer if you wish to request the removal of Personal Data under their control.

Data Residency and Global Access – Services

Data protection laws in certain jurisdictions differentiates between the data controller and data processor of information. In the case of the Services the Customer is the data controller and Bridgit is the data processor.

Each Customer has a data residency choice to make when the account is established. Currently they can select to have data stored in the US region or in the UK/EU region (England with back-up in Germany).

While the data will be stored as chosen by each Customer based on the above, Bridgit personnel may access the data from other locations outside of the specified region. The data will continue to reside in the region selected by the Customer.

By accepting this Privacy Policy, or providing us with any personal information, you agree to the above data residency conditions as chosen by your Employer

Data Residency and Global Access – Websites

Bridgit processes and stores personal information and may use third party providers who may have server(s) based in Canada and the U.S.

If you are located outside of Canada or the U.S, your personal information and other information that we collect through this Website may be transferred to Canada or the U.S, for the purposes described above. By accepting this Privacy Policy, using this Website or providing us with any personal information, you agree to the transfer of information to Canada or the U.S.. or to the US. from Canada, as the case may be.

Links to third party Websites

The Website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Bridgit neither owns nor controls these third-party websites and accordingly assumes no responsibility for the information practices of those websites. You should inform yourself with the privacy policies (if any) of those third-party websites.

Your Rights

You may at any time contact Bridgit for further information regarding its Privacy Notice and its practices regarding the handling of Personal Information.

At any time, you also have the opportunity to request information on the types of Personal Information we hold about you, what it is being used for, and with whom it has been shared. You may also request access to your Personal Information currently held by Bridgit. We will provide you with access to your Personal Information, subject to certain exceptions such as: any personal information about another individual that cannot be separated from yours , any information subject to solicitor-client privilege, commercially confidential information, information that may threaten life or security of an individual, or information collected for purposes related to an investigation of a breach of an agreement or contravention of law.

If you notice any inaccuracies or wish to update or complete any part of your Personal Information, you may request the correction or update of that information. When appropriate, the amended information will be transmitted to any third-parties having access to the Personal Information in question.

The way in which we will give you access to your Personal Information may vary, depending on the format in which we hold it and the amount of information. We may provide your information in physical or electronic format. In the case of an exceptionally large file, we may provide you a summary of the information.

At any time, you may withdraw your consent to the collection, use, of your Personal Information, subject to contractual or legal restrictions. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. Bridgit does not sell Personal Information, and does not discriminate against anyone who chooses to opt-out of data collection. In addition, you may at any time opt-out of marketing communications received from Bridgit by clicking on the “unsubscribe” link in the marketing e-mails, or email dpo@gobridgit.com.

If you wish to exercise any of these rights, please contact us at the information below. We may require you to verify your identity and provide such other details before responding to such requests, as may be required by law. In the event that Bridgit is unable to provide certain Personal Information (for example where the information contains references to other’s Personal Information which is not easily severable, or which cannot be disclosed for legal, security or other commercial proprietary reasons), Bridgit will provide a justification.

Your withdrawal of consent is not retroactive, since Bridgit may already have used your information for the purposes described here; it will be applied on a go-forward basis.

If you wish to withdraw (revoke) your consent from the Services you will need to contact your Employer.

Children’s Privacy

Bridgit does not knowingly collect or solicit Personal Information from children under the age of 18, nor allow them to use or request information through the Sites without the consent of their parent or guardian. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please notify us and we will promptly respond.

Notices

Notice to California Residents

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To request a copy of this information or to opt out of these disclosures, please contact our Privacy Officer at dpo@gobridgit.com.

CONTACT US

Bridgit is responsible for personal information under its control and has designated a Privacy Officer who is accountable for this Privacy Policy. Should you have any questions about your personal information or Bridgit’s privacy practices, please contact our Privacy Officer at the information below.

In relation to our Websites users may contact us with requests that we delete their personal information from our systems, or to request access or correction to their personal information. We will attempt to accommodate such requests to the extent possible. In relation to the Bridgit Services user must contact your Employer to request the deletion of personal information from the Bridgit Services. If all such information is deleted from our systems, your account may become deactivated. In any event, we may retain an archived copy of your records as required by law or for legitimate business purposes.

The Privacy Officer may be contacted at:

Bridgit Inc.
55 Northfield Dr. East, Suite #150, Waterloo, ON Canada
Email: dpo@gobridgit.com
Tel: 1-800-783-2127 ext 604

You may also contact the Privacy Commissioner of Canada at: https://www.priv.gc.ca/ or by telephone at: 1-800-282-1376.

EU Representative Contact Detail
Instant EU GDPR Representative Ltd
Email: contact@gdprlocal.com
Tel: + 353 15 549 700
Address: INSTANT EU GDPR REPRESENTATIVE LIMITED Office 2 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland

UK Representative Contact Detail
GDPRLocal Ltd.
Email: contact@gdprlocal.com
Tel: + 441 772 217 800
Address: GDPRLocal Ltd. 1st Floor Front Suite 27-29 North Street, Brighton England BN1 1EB

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.