Back

Privacy Policy – BidCraft.io

BidCraft.io privacy policy

Version: 1.0

1. What this document covers

This policy describes how we process personal data in connection with:

• visiting the BidCraft.io website,
• contact and enquiries,
• concluding and performing B2B agreements (subscription),
• security and technical support.

Important: Data that the Customer enters into the application (e.g. CRM, offers) is generally processed by BidCraft.io as a Processor – the DPA governs that processing.

2. What data we collect

We may process:

1. contact data: name, email, phone, company, job title,
2. account data: login/email, login history, permissions,
3. billing data: tax ID, address, invoice details, payment history,
4. technical data: IP address, session/cookie identifiers where necessary, event logs.

3. Purposes and legal bases

We process data where necessary to:

1. handle contact and enquiries – Art. 6(1)(f) GDPR (legitimate interest) or (b) (pre-contractual steps),
2. conclude and perform the subscription agreement – Art. 6(1)(b) GDPR,
3. billing and legal obligations (accounting/tax) – Art. 6(1)(c) GDPR,
4. security, pursuing claims, preventing abuse – Art. 6(1)(f) GDPR,
5. marketing our own services in a B2B context – Art. 6(1)(f) GDPR (subject to any separate rules on electronic marketing).

4. Who we may disclose data to

Data may be shared with:

• infrastructure/hosting providers: OVHcloud (OVH),
• bodies authorised by law (e.g. authorities).

5. Transfers outside the EEA

We generally do not transfer data outside the EEA. If we do, we will use appropriate safeguards (e.g. SCCs) and inform you.

6. How long we keep data

1. Contact data – for the duration of the matter and then until relevant claims become time-barred,
2. Contract and billing data – for the period required by law,
3. Technical data/logs – for a period justified by security and diagnostics (e.g. up to 12 months).

7. Your rights

You have the right to access, rectify, erase, restrict processing, data portability, object (where we rely on legitimate interest), and to complain to a supervisory authority.

8. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS), access control and monitoring.

9. Cookies

1. We use cookies necessary for the operation of the site.
2. Where we use analytical or marketing cookies, we do so only with consent (cookie banner), if applicable.
3. You can manage cookies in your browser settings.

10. Changes to this policy

This policy may be updated as the Service or the law changes. The current version will be published on the site.