Bridge Bridge

Privacy Policy

Last updated: July 1, 2026

This Privacy Policy explains how BLCSS d.o.o. collects, uses, and protects personal data when you use our services. We are committed to processing personal data in accordance with the General Data Protection Regulation (GDPR) and applicable local data-protection law.

1. Data controller

The controller responsible for your personal data is BLCSS d.o.o., Sime Šolaje 1a, Banja Luka, Bosnia and Herzegovina, registration/tax number (JIB) 4404921190008. For privacy matters you can reach us at [email protected].

2. Data we collect

We collect: (a) account data such as name, email address, and credentials; (b) organization data such as organization name and role assignments; (c) usage data such as log records, device and browser information, and actions taken within the Services; and (d) any Customer Data your Organization chooses to store in the Services.

3. Purposes and legal bases

We process personal data to: provide and operate the Services (performance of a contract, GDPR Art. 6(1)(b)); maintain security and prevent abuse (legitimate interests, Art. 6(1)(f)); comply with legal obligations (Art. 6(1)(c)); and, where applicable, on the basis of your consent (Art. 6(1)(a)), which you may withdraw at any time.

4. Controller and processor roles

For account and usage data relating to our own operation of the Services, we act as a controller. For Customer Data submitted by an Organization, we act as a processor acting on the Organization's instructions. In that case, processing is governed by these terms and, where required, a separate data-processing agreement.

5. Sharing and sub-processors

We do not sell personal data. We share personal data only with service providers (sub-processors) that help us operate the Services, such as hosting and infrastructure providers, and only under contractual obligations to protect the data. We may also disclose data where required by law.

6. International transfers

Where personal data is transferred outside your country or the European Economic Area, we ensure appropriate safeguards are in place, such as adequacy decisions or Standard Contractual Clauses.

7. Retention

We retain personal data for as long as necessary to provide the Services and for legitimate business or legal purposes. When data is no longer required, we delete or anonymize it. Customer Data is retained according to your subscription and can be exported before deletion.

8. Your rights

Subject to applicable law, you have the right to access, rectify, and erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent. You also have the right to lodge a complaint with your data-protection authority. To exercise your rights, contact us at [email protected].

9. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse, including access controls, encryption in transit, and regular review of our security practices.

10. Cookies

We use cookies and similar technologies as described in our Cookie Policy. These include strictly necessary cookies for authentication and session management, as well as preference cookies.

11. Children

The Services are intended for business use and are not directed to children. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will provide reasonable notice. The effective date above indicates when this policy was last revised.

13. Contact

For any privacy questions or requests, contact BLCSS d.o.o. at [email protected], or by post to Sime Šolaje 1a, Banja Luka, Bosnia and Herzegovina.