BridgeSync
BridgeSync ensures that all personal data remains within the European Union and is not sold to third parties. The company strictly complies with the General Data Protection Regulation (GDPR). This privacy policy outlines the procedures for processing personal data, the purposes for processing, data retention periods, data sharing practices, and the rights of data subjects. The policy applies to all BridgeSync services and products, including the BridgeSync plugin.
Controller: BridgeSync (hereinafter "BridgeSync" or "we")
Address: Ben Essingstraat 15, 1695 CV Blokker, Netherlands
Email: compliance@bridgesync.io
Chamber of Commerce (KvK): 73844004
VAT number: NL002203659B53
IBAN: NL73 KNAB 0502 6079 71
BridgeSync processes the following types of personal data from users, customers, or website visitors:
BridgeSync requires users\' names, addresses (including street, postcode, city, and country), company names, company information (such as company address and VAT number), and email addresses.
IBAN or bank account numbers, card details, or other payment information are collected to process licence payments or purchases.
IP addresses and similar identifiers, such as device or browser information, are collected during website and plugin use to ensure security and functionality.
This category includes correspondence with customer service or support, feedback, and any other personal data actively provided during the use of BridgeSync services.
BridgeSync does not collect special categories of personal data, such as sensitive health or ethnic information. Services are not intended for children under 16 years of age. Users are required to delete any sensitive information that is accidentally shared without delay.
BridgeSync only uses your personal data for specific purposes and for valid legal reasons under the GDPR. The main purposes are:
Customer details are used for identification, account creation, licence subscription management, and customer service provision. Communication regarding accounts, responses to inquiries, and technical assistance are also provided using this information.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).
Personal data is used to process orders, establish licence subscriptions, and manage payments and invoices. Names and payment details are used to complete transactions and send administrative communications, such as invoices or confirmations.
Legal basis: The performance of a contract (Article 6(1)(b) GDPR) and compliance with legal financial obligations (Article 6(1)(c) GDPR, e.g., tax law).
We maintain and secure the website and plugin. We process IP addresses in log files to protect our servers, measure performance, and detect and prevent abuse (such as unauthorised access, fraud, or spam).
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in IT security and service functionality.
Technical support is provided and users are informed about product updates, bug fixes, and compatibility. Data submitted in support requests is used to resolve issues and improve the plugin.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) and, if applicable, contract performance (Art. 6(1)(b) GDPR).
Personal data is not shared with third parties for their independent purposes. BridgeSync shares data with third parties only when necessary for operational requirements or to comply with legal obligations. The primary categories of partners include payment processors, hosting providers, and technical support services. These partners are required to comply with GDPR standards.
The website uses cookies and similar technologies to enhance user experience, analyse usage, and display third-party content. When the site is accessed, a small text file is stored on the user\'s device. Several types of cookies are utilised. For further information, refer to the Cookie Policy.
These cookies are essential for the operation of the website and plugin. They store cookie preferences, enable account login, and ensure proper navigation and form functionality. The site cannot function correctly without these cookies.
Consent: The law is clear: no permission is needed for strictly necessary cookies. Our cookie manager does not allow for disabling. The only way to remove them is through your browser settings.
Retention period: Functional cookies are typically session cookies, or are stored for a brief period (a few minutes to a year).
These cookies help us to see how people use our website. We use Google Analytics (a web analytics service by Google LLC) to understand how visitors behave, such as which pages are popular and how long they spend on each page.
Consent: Most analytics cookies, such as those used by Google Analytics, require user consent before deployment in the Netherlands and Belgium. These cookies are only placed if the user provides consent via the cookie banner on their first visit.
Retention period: The Google Analytics _ga cookie is only valid for two years. We keep analytics tool data for a maximum of two years.
These cookies are used for marketing and integration purposes, including the provision of multimedia content and the display of personalised advertisements. YouTube cookies are placed when users view YouTube videos on the website.
Consent: Marketing cookies are not placed without user consent. Upon first visit, users are prompted to provide consent via the cookie banner.
Retention period: Marketing and tracking cookies are typically retained for up to two years following the user\'s last interaction with the site.
Upon first visit, a cookie banner is displayed, allowing users to accept or refuse cookies by category, in accordance with legal requirements. Preferences can be modified at any time through the cookie settings. Disabling cookies entirely in browser settings may affect the functionality of the website and the plugin.
BridgeSync stores all personal data within the European Union. All our website and database services are hosted on secure servers in the Netherlands. We use UpCloud\'s infrastructure (UpCloud Oy, Finland), a European cloud provider.
UpCloud, the European hosting provider, is ISO 27001 certified and complies with European data storage and security standards. All personal data is protected under EU law and GDPR standards. No personal data is processed outside the European Union or European Economic Area (EEA).
We categorically will not transfer your data to countries outside the EEA or to international organisations without the right safeguards in place (such as an EU-approved data transfer agreement).
Personal data is retained only as long as necessary to fulfil the purposes described in this policy. Access to personal data is restricted to authorised personnel, such as system administrators and support staff, who are required to maintain confidentiality.
Personal data is retained only for as long as necessary, unless legal obligations require a longer retention period. The following retention periods apply:
Personal data associated with accounts or licences, such as names, contact information, and company details, is retained for the duration of the licence subscription. Following termination or cancellation, this data is retained for a maximum of two years to support aftercare, potential account reactivation, or to address technical inquiries post-cancellation. The two-year period commences from the official termination date, in compliance with operational requirements and the GDPR accountability principle.
Emails, support tickets, and other correspondence are retained for up to two years after a request is addressed. This retention provides context for follow-up inquiries and supports service improvement.
Server log files containing IP addresses and activity are retained for security monitoring and troubleshooting purposes. Log data is stored for three to six months before deletion or anonymisation.
The retention period for cookies depends on their type. Most cookies are temporary and expire after a defined period, typically not exceeding two years. Users may manually delete cookies at any time.
We retain financial administration data (such as invoices, payment details, and transaction history) for as long as required by law. In the Netherlands, there is a 7‑year tax retention obligation for administrative data.
Upon expiration of the retention period, personal data is either deleted or anonymised. Data may be retained for a longer period if necessary to establish, exercise, or defend legal claims, provided such retention is legally permissible.
The General Data Protection Regulation (GDPR) establishes several privacy rights for individuals. BridgeSync recognises and facilitates the exercise of these rights. The following rights apply to personal data:
Individuals have the right to determine whether their personal data is processed and, if so, to access that data. Information provided includes the origin of the data, its processing purposes, and the parties with whom it is shared.
If personal data is inaccurate or incomplete, individuals may request correction. BridgeSync will respond to such requests promptly.
Individuals may request deletion of their personal data in certain circumstances. Requests will be honoured unless a legal or compelling reason for retention exists. This right is not absolute, and some data must be retained as required by law.
Individuals may request temporary restriction of personal data processing, for example, if data accuracy is contested or if processing is unlawful but deletion is not desired.
Individuals have the right to object at any time to the processing of their personal data based on legitimate interests. Processing will cease unless overriding legitimate grounds are demonstrated.
Individuals have the right to receive their provided personal data in a standard, commonly used, and machine-readable format for transmission to another provider.
Certain data may be processed based on user consent, such as for newsletters or analytics and marketing cookies. Consent can be withdrawn at any time.
Questions or concerns regarding the processing of personal data by BridgeSync can be addressed to the company. If concerns are not resolved satisfactorily, complaints may be submitted to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in the Netherlands or the Data Protection Authority (Gegevensbeschermingsautoriteit) in Belgium.
Rights may be exercised free of charge by contacting compliance@bridgesync.io. Additional information may be requested to verify identity. Responses will be provided within one month of receiving the request.
Security measures begin with the identification and mitigation of primary threats, including unauthorized access and ransomware. Robust technical and organizational controls are implemented to prevent data loss, misuse, unauthorized disclosure, and unlawful alteration. Key security measures include:
Our website and plugin use encrypted connections (SSL/TLS) to guarantee the confidentiality of data exchanged between you and our servers. Sensitive information (such as payment data) is stored encrypted or processed via secure APIs.
Access to personal data is strictly limited to employees or contractors who require it to perform their duties. Robust authentication and authorisation mechanisms, including strong passwords, two-factor authentication, and role-based access controls, are implemented to secure databases and systems.
Servers are protected by firewalls, malware scanners, and intrusion detection systems. Updates and patches are regularly applied to address security vulnerabilities. All data is fully encrypted and stored in secure locations.
Systems are continuously monitored for unusual or suspicious activity, and potential security issues are proactively identified. Any irregularities are reported to the IT security team. Regular security audits and penetration tests are conducted on infrastructure and plugins.
All employees receive privacy protection training and are bound by confidentiality obligations. Internal data protection policies and incident response plans are established and maintained.
Note: We do everything we can to keep your data safe, but no system is 100% secure. If there\'s ever a data breach or security incident that could affect your privacy, we\'ll inform the relevant authorities and affected users immediately, in accordance with the GDPR and Dutch/Belgian data protection laws.
The success of using the BridgeSync plugin and related services cannot be guaranteed. The software and services are provided as-is, without warranties. BridgeSync does not guarantee the quality, safety, functionality, availability, or suitability of the plugin for any specific purpose.
BridgeSync is not responsible for any damage, loss, or injury caused by or related to our plugin, website, or services. This includes loss of data, lost profits, business interruption, system compromise, and other incidental, consequential, or special damages.
BridgeSync is not responsible for issues arising from technical errors, bugs, security vulnerabilities, or incompatibility with user IT environments. Users are responsible for ensuring system protection and maintaining data backups when using the plugin.
In some places, you can\'t get rid of or limit certain warranties or liabilities. If that happens, the liability clause will be changed to make it legal. BridgeSync is liable if it\'s prohibited by law, such as in cases of intent or gross negligence.
It is recommended to test the plugin in a staging environment prior to deployment and to perform regular updates. This practice facilitates early identification of compatibility issues.
BridgeSync reserves the right to modify this privacy policy at any time. Changes may be made to comply with evolving legislation, adapt services, or clarify data processing practices.
Significant changes to the privacy policy will be announced on the website, such as through a homepage notification. The "Last updated" date is included at the top of the policy to indicate the most recent revision.
Users are encouraged to review the privacy policy regularly for updates. In the event of discrepancies between versions, the most recent policy prevails. Continued use of the website or plugin constitutes acceptance of the updated privacy policy. Users who disagree with changes may discontinue use of the services.
This privacy and cookie policy is written in line with the GDPR and the relevant national laws of the Netherlands and Belgium.
Last updated: 10 June 2025.
If you have any questions about how we handle your personal data, or if you want to submit an access or deletion request, please contact us.