Policy key definitions:
- “we” refer to the business, bridgeability ltd.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
- We are exempt from registration in the ICO Data Protection Register.
- Lawful basis: Consent obtained via the website or from requests following programs.
- Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
- Sharing your information: We do not share your information with third parties.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows.
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use and store different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name and last name.
- Contact Data means the data we use to contact you including your billing address, delivery address, email address and telephone number.
- Financial Data means the data we use to process your payments including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
- Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, the click stream to and from our website, page response times and page interaction information such as scrolling, clicks and mouseovers.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity Data, Contact Data and Marketing and Communications Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you
- request marketing to be sent to you;
- attend a bridgeability program;
- give us some feedback following a program.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies that we use are;
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and enable analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Google and stored on a server in the USA. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operators, and providing further services related to website activity and Internet usage. Google will also transmit this information to third parties where required to do so by law, or where such third parties process this data on behalf of Google. Google will under no circumstances connect your IP address with any other data held by Google. You can prevent the installation of cookies by changing your browser settings; however, please note that if you do so, you may not be able to use all the functions of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can opt out of the recording and use of your IP address by Google Analytics at any time with immediate effect. For more information, see: tools.google.com/dlpage/gaoptout. We would like to point out that this website uses the Google Analytics code “gat._anonymizeIp();” to ensure the anonymous recording of IP addresses.
Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
Data Synced (?): Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.
Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.
Data Synced (?): All data and metadata (see above) associated with comments. This includes the status of the comment and, if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies which meet the GDPR compliance requirement.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our full disclosure newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.
Our EMS provider is; Mailchimp. We hold the following information about you within our EMS system;
- Email address
- I.P address
- Subscription time & date
- [list other data that is stored]
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact our data protection officer.
Alternatively, you can make a complaint to the Information Commissioner’s Office:
Report a concern online at
Call 0303 123 1113
Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5A