top of page
108161_BridgeUp_Flat_RT_AC_FINAL_Artboard2_edited.png

Privacy Policy

Bridge Up Consulting
Version: 10 January  2024

Bridge Up Consulting respects your privacy and is committed to processing personal data in a lawful, fair, and transparent manner.

This Privacy Policy explains how Bridge Up Consulting collects, uses, stores, shares, and protects personal data when you visit our website, contact us, request information, engage our services, attend an event, subscribe to our communications, or otherwise interact with us.

1. Who we are

Bridge Up Consulting is the controller of your personal data for the purposes described in this Privacy Policy.

Controller: Bridge Up Consulting

For any questions about this Privacy Policy or about the way we process personal data, you can contact us using the details above.

2. Scope of this policy

This Privacy Policy applies to personal data processed through:

  • our website;

  • contact forms;

  • email and other direct communications;

  • business development and networking activities;

  • client onboarding and delivery of consultancy services;

  • workshops, events, and advisory sessions;

  • invoicing, administration, and legal compliance;

  • newsletters, updates, or other marketing communications, where applicable.

3. Personal data we may collect

Depending on your interaction with us, we may process the following categories of personal data.

Contact and identification data
Name, company name, job title, business email address, telephone number, postal address, and other contact details you provide.

Professional and business information
Information relating to your role, organisation, business needs, project scope, operational or governance challenges, and other data relevant to a potential or ongoing engagement.

Communication data
Emails, messages, call notes, meeting notes, calendar information, submitted forms, and other correspondence.

Website and technical data
IP address, browser type, device data, language settings, referral source, cookie preferences, and website usage data.

Contract and financial data
Proposal details, contract information, invoicing data, payment information, and records required for accounting, tax, or legal compliance.

Marketing and preference data
Preferences relating to newsletters, invitations, thought leadership, and similar communications.

Bridge Up Consulting does not intentionally collect special categories of personal data unless this is strictly necessary, appropriate, and lawful in the context of a specific engagement.

4. How we collect personal data

We may collect personal data:

  • directly from you;

  • from your employer or organisation;

  • through our website and related technologies;

  • through meetings, events, calls, workshops, and email exchanges;

  • through publicly available professional sources, such as company websites or professional networking platforms, where relevant to legitimate business contact.

5. Purposes and legal bases

Under the GDPR, personal data must be processed on a valid legal basis, such as consent, contract, legal obligation, or legitimate interests, depending on the context. 

Bridge Up Consulting may process personal data for the following purposes:

a. Responding to enquiries

We process personal data to respond to messages, contact requests, meeting requests, and other enquiries.

b. Business development and relationship management

We process personal data to assess potential collaboration, prepare proposals, maintain professional relationships, and develop our business.

c. Delivery of consultancy services

We process personal data where necessary to provide advisory, facilitation, governance, leadership, execution, or other consultancy services.

d. Administration, invoicing, and legal compliance

We process personal data for contract administration, invoicing, accounting, tax compliance, and compliance with other legal obligations.

e. Website performance, security, and improvement

We may use technical and usage data to maintain the website, secure our systems, troubleshoot issues, and improve user experience and content relevance.

Legal basis: legitimate interests and, where required, consent.

f. Marketing communications

We may send newsletters, event invitations, insights, or service updates where you have subscribed, requested them, or where this is otherwise permitted by applicable law.

g. Protection of legal and business interests

We may process personal data where necessary to protect our legal position, prevent misuse, investigate incidents, manage disputes, or establish, exercise, or defend legal claims.

6. Legitimate interests

Where we rely on legitimate interests, these may include:

  • operating and developing our consultancy business;

  • maintaining professional and client relationships;

  • responding to business enquiries;

  • ensuring network and information security;

  • improving our services, website, and communications;

  • protecting our commercial and legal interests.

Where required, we balance those interests against the rights and freedoms of the individual concerned before relying on this legal basis. 

7. Cookies and similar technologies

remember user preferences, improve security, analyse website traffic, enable embedded content, and support communications and marketing activities where applicable. Depending on how the website is configured, this may include technologies provided through Wix, LinkedIn, YouTube, Mailchimp, and other carefully selected third-party service providers that support the operation and development of our website and communications. 

These cookies and similar technologies may include:

Strictly necessary cookies

These are required for the website to function properly, including security, page navigation, consent management, and core site features.

Preference cookies

These help remember choices you make, such as language, cookie preferences, or other user settings.

Analytics cookies

These help us understand how visitors use our website, which pages are visited, and how the site can be improved.

Embedded content cookies

These may be placed when content from third-party platforms such as YouTube or LinkedIn is embedded on our website.

Marketing or tracking cookies

Where used, these may support campaign measurement, audience insights, retargeting, and conversion tracking, including through tools such as the LinkedIn Insight Tag or certain Mailchimp tracking features. LinkedIn states that Insight Tag supports conversion tracking and can work with first-party and third-party cookie settings, while Mailchimp states that some of its tracking features can deploy cookies or use similar local storage-based tracking on websites. 

Where required by applicable law, we will request your consent before placing non-essential cookies or similar technologies on your device. You can manage your preferences through our cookie banner and, in some cases, through your browser settings. Wix states that site owners should inform visitors about cookie use and can use a cookie banner and privacy tools for this purpose. 

If we embed YouTube videos, we may use YouTube's Privacy Enhanced Mode where appropriate. According to YouTube, this mode is designed so that viewing an embedded video does not personalize the viewer's broader YouTube browsing experience in the usual way. 

Please note that the exact cookies and retention periods may vary depending on the pages you visit, whether you accept optional cookies, and the third-party services enabled on our website at a given time. For the most current details, users may also consult the relevant third-party cookie and privacy information made available by those providers. LinkedIn publishes a cookie table for third-party site use, Wix provides cookie and privacy documentation for site owners, and Mailchimp publishes a cookie statement describing cookies served through its services.

8. Sharing personal data

Bridge Up Consulting does not sell personal data.

We may share personal data with third parties where necessary for the purposes described in this Privacy Policy, including:

  • website hosting and IT service providers;

  • email, productivity, CRM, and scheduling providers;

  • analytics and website performance providers;

  • accountants, tax advisers, legal advisers, and other professional advisers;

  • payment providers or invoicing tools;

  • subcontractors or independent associates involved in delivering services, where relevant;

  • regulators, courts, authorities, or law enforcement where disclosure is required by law or necessary to protect legal rights.

Where a third party processes personal data on our behalf, we require appropriate safeguards and contractual protections.

9. International transfers

If personal data is transferred outside the European Union or European Economic Area, Bridge Up Consulting will ensure that an appropriate safeguard is in place. Depending on the situation, this may include:

  • an adequacy decision of the European Commission; or

  • Standard Contractual Clauses; or

  • another lawful transfer mechanism permitted under applicable data protection law. Transfers outside the EU/EEA require one of the GDPR-recognised mechanisms, and adequacy decisions or SCCs are among the principal tools recognised by the European Commission. 

10. Retention

Bridge Up Consulting does not retain personal data longer than necessary for the purpose for which it was collected, unless a longer retention period is required or permitted by law. That storage-limitation principle is part of the GDPR, and the Dutch DPA states that organisations may not keep personal data longer than necessary. 

Unless a different retention period is legally required or operationally justified, we generally apply the following approach:

  • contact enquiries: up to 12 months after the last meaningful contact;

  • client and project records: for the duration of the engagement and a reasonable period thereafter;

  • financial and tax records: for the period required under applicable accounting and tax laws;

  • newsletter or marketing records: until you unsubscribe or consent is withdrawn;

  • website analytics data: in accordance with the settings of the relevant tool and only where lawful.

We may retain data for longer where this is necessary for legal claims, dispute management, or compliance purposes.

11. Security

Bridge Up Consulting takes appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure, or unauthorised access.

These measures may include access controls, role-based access, secure systems, password protection, multi-factor authentication where appropriate, vendor controls, confidentiality obligations, and backup and recovery procedures.

No method of transmission or storage is entirely secure, but we seek to apply measures proportionate to the risks involved.

12. Your rights

Under the GDPR, you may have the right to:

  • access your personal data;

  • rectify inaccurate or incomplete personal data;

  • request erasure of personal data;

  • restrict processing;

  • object to processing based on legitimate interests;

  • withdraw consent at any time where processing is based on consent;

  • receive your personal data in a portable format, where applicable;

  • lodge a complaint with a supervisory authority. These rights are part of the GDPR framework described by the European Commission and the Dutch DPA. 

To exercise your rights, please contact us at: l.stones@bridgeupconsulting.com

We may request additional information to verify your identity before responding. In general, controllers must respond to rights requests without undue delay and at the latest within one month, although the period may be extended in certain complex cases if the individual is informed in time. 

13. Complaints

If you believe that Bridge Up Consulting has not processed your personal data in accordance with applicable law, you may contact us first so we can try to resolve the issue.

You also have the right to submit a complaint to the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, which is the supervisory authority in the Netherlands for GDPR matters. The AP provides a route for individuals to submit a complaint or tip-off where they believe an organisation has violated privacy rules. 

14. Third-party websites

Our website may contain links to third-party websites, platforms, or services. Bridge Up Consulting is not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy notices separately.

15. Children

Bridge Up Consulting’s website and services are not intended for children, and we do not knowingly collect personal data from children unless there is a lawful basis to do so.

16. Changes to this Privacy Policy

Bridge Up Consulting may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The latest version will always be published on our website with the updated version date.

17. Contact

For questions, requests, or complaints relating to this Privacy Policy or the processing of personal data, please contact: l.stones@bridgeupconsulting.com

bottom of page