Last material update: 23 July 2022
2. Data we collect and how we collect it
Personal information is typically data that identifies an individual or relates to an identifiable living individual. This includes information you provide, information which is collected about you automatically, and information obtained from third parties. It does not include data which cannot be used to identify an individual person, such as a company registration number, nor data where the identity has been removed (anonymized data).
2.1 Information you provide
We do not require you to set up an account to use Bridges' Services, but there are certain situations in which you may choose to provide us with personal information:
Request for customer support: You can contact us by email or by reaching out to a Customer Care Representative in Telegram or Discord. In this conp, we process the information and data you provide (including personal data such as first name, last name, email address, and username). The nature of your data storage in this case depends on the platform:
- Email: We store your email communications in a secure Google Group which is only accessible by the necessary Bridges team members. You can request us to delete this data at any time. We will only retain this data for up to 6 months in the event of follow-up questions.
- Telegram: If you open a Telegram chat or join a Telegram channel, we do not own your message data; it is owned and managed by Telegram (https://telegram.org/). You can delete your messages to us at any time.
- Discord: If you reach out for help on our Discord server, we do not own your message data; it is owned and managed by Discord (https://discord.com/). You can delete your messages to us at any time, or request to have them removed by a moderator or Customer Care Representative.
Application to join our team: We collect name, email address, work history, curriculum vitae, and other information pertaining to evaluating candidates for open roles in our team. This information is collected through our Team Application Form (currently available at https://wru6uj38gcq.typeform.com/to/xIqIwKiB) and is only accessible by the necessary members of the Bridges team.
Application to list a new project token on Bridges Exchange: We collect email address, information about the team's identities, and information about the projects which may not yet be public. This information is collected through our Team Application Form (currently available at https://wru6uj38gcq.typeform.com/to/wKgwe9v8) and is only accessible by the necessary members of the Bridges team.
2.2 Information we collect automatically
Bridges automatically collects anonymized information about website performance, traffic, and user interaction with Bridges' Services. Bridges does not collect any personal information from you (such as your name or other identifiers that can be linked to you). However, we do use third-party service provider Google Analytics (https://analytics.google.com/). Google Analytics may receive or independently obtain your personal information from publicly-available sources. We do not control how it handles your data, and you should review their privacy policies to understand how they collect, use, and share your personal information. In particular, please visit https://policies.google.com/technologies/partner-sites to learn more about how Google uses data. By accessing and using Bridges' Services, you understand and consent to our data practices and our service providers' treatment of your information.
Please note that when you use Bridges' Services, you are interacting with a blockchain which provides transparency into your transactions. Bridges does not control and is not responsible for any information you make public on any blockchain by taking actions through its Services.
2.3 Information obtained from third parties
Bridges does not receive any personal information about you from third parties.
3. How we use your data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Provide responses to Customer Support enquiries;
- Legitimate interests: means our interests (or those of a third party), where we make sure we use this basis as far as your interests and individual rights do not override those interests;
- Compliance with a legal obligation: means processing your personal data where we need to comply with a legal obligation we are subject to;
- Consent: means freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you; under specific circumstances this consent should be explicit. If this is the case, we will ask for it properly.
4. Disclosures of your data
Bridges does not share your personal data with third-party service providers, agents, subcontractors, other associated organizations, or affiliates.
We may pass your personal data to the following entities:
- Fraud or crime prevention agencies to help fight against crimes including fraud, money-laundering, and terrorist financing;
- Regulatory and law enforcement authorities where the law allows or requires us to do so.
5. Data security
While there is an inherent risk in any data being shared over the internet, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, damaged, or accessed in an unauthorized or unlawful way, altered, or disclosed. In addition, we limit access to your personal data to those employees who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Depending on the nature of the risks presented by the proposed processing of your personal data, we have in place the following appropriate security measures:
- Organizational measures (including but not limited to staff training and policy development);
- Technical measures (including but not limited to physical protection of data, pseudonymization and encryption); and
- Securing ongoing availability, integrity, and accessibility (including but not limited to ensuring appropriate back-ups of personal data are held).
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.
6. Data retention
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements.
Here are some exemplary factors which we usually consider when determining how long we need to retain your personal data:
- In the event of a complaint;
- If we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims (e.g. email addresses and content, chats, letters);
- To comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data;
- In accordance with relevant industry standards or guidelines.
Information provided to our applications is subject to retention for as long as the business relationship between you and Bridges is upheld.
7. Your legal rights
You have certain applicable rights to the storage and usage of your data held by Bridges. The rights available to you depend on our reason for processing your personal data. If you need more detailed information or wish to exercise any of the rights set out below, please contact us.
- Request access to your personal data, which enables you to obtain confirmation of whether we are processing your personal data, to receive a copy of the personal data we hold about you and information regarding how your personal data is being used by us;
- Request rectification of your personal data by asking us to rectify information you think is inaccurate and to complete information you think is incomplete, though we may need to verify the accuracy of the new data you provide to us;
- Request erasure of your personal data by asking us to delete or remove personal data we hold about you; note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you;
- Withdraw consent at any time where we are relying on consent to process your personal data; however, this will not affect the lawfulness of any processing carried out before you withdraw your consent; if you withdraw your consent, we may not be able to provide certain products or services to you, but we will advise you if this is the case at the time you withdraw your consent.
No fee typically required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Period for replying to a legitimate request
The statutory period under GDPR for us to reply to a legitimate request is one month. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Please note that we may request that you provide some details necessary to verify your identity when you request to exercise a legal right regarding your personal data.