Loading…
RegulatoryBridge Global Ltd. (77 Lower Camden Street, Saint Kevin's, D02 XE80 Dublin 2, Ireland; company number Pending - see CRO filing) ("RegulatoryBridge", "we", "us", "our") is the controller of personal data processed in connection with this website (regulatorybridge.com) and the services we provide.
Data Protection Officer: Our DPO can be reached at dpo@regulatorybridge.com, or by post to the registered office above (mark correspondence "Attn: Data Protection Officer").
EU Representative (Article 27 GDPR): RegulatoryBridge EU Representative (to be appointed), Pending - to be designated under Article 27 GDPR — eu-rep@regulatorybridge.com.
UK Representative (Article 27 UK GDPR): RegulatoryBridge UK Representative (to be appointed), Pending - to be designated under Article 27 UK GDPR — uk-rep@regulatorybridge.com.
See our Imprint / Legal Notice for full entity disclosures.
This policy describes how we process personal data when you (i) visit this website, (ii) request information, a demo, or a sales conversation, (iii) sign up for our services, (iv) subscribe to communications, or (v) interact with us as a business partner, supplier, or job applicant.
When we provide privacy representation or data protection officer services to our customers, our customer is the controller of their end-users' personal data and RegulatoryBridge acts as a processor under a separate Data Processing Agreement. That processing is governed by the DPA in place with the customer, not by this policy.
We do not intentionally collect special-category data (Article 9 GDPR) or sensitive personal information (CPRA, DPDPA) about prospects or website visitors. If you upload such data into our services for compliance use cases, our processor obligations under the DPA apply.
The lawful bases below reference GDPR Article 6 (and CCPA/CPRA business purposes where applicable):
| Purpose | Lawful basis |
|---|---|
| Provide and operate the services you contract for | Art. 6(1)(b) — contract |
| Account creation, billing, customer support | Art. 6(1)(b) — contract |
| Tax, accounting, and regulator record-keeping | Art. 6(1)(c) — legal obligation |
| Security, fraud prevention, IT logging, abuse monitoring | Art. 6(1)(f) — legitimate interests (running a secure service) |
| Sales outreach to business contacts you provide | Art. 6(1)(f) — legitimate interests, balanced against your rights |
| Marketing emails & newsletters | Art. 6(1)(a) — consent (with one-click withdrawal) |
| Non-essential analytics & advertising cookies | Art. 6(1)(a) — consent (via cookie banner) |
| Defence of legal claims | Art. 6(1)(f) — legitimate interests; or Art. 9(2)(f) for special categories |
We share personal data only with parties who have a legitimate need to receive it:
An up-to-date list of sub-processors is available on request from dpo@regulatorybridge.com. We notify customers of material sub-processor changes in line with the relevant DPA.
We may transfer personal data outside your country of residence. Where the destination is not covered by an EU/UK/Swiss adequacy decision, we rely on appropriate safeguards under GDPR Art. 46:
For data principals in India under DPDPA, cross-border transfers are made only to jurisdictions not restricted by the Central Government. For Brazil (LGPD), transfers rely on ANPD-approved mechanisms (Resolution 19/2024). For Japan (APPI), transfers occur with consent or equivalent-protection arrangements. A copy of the transfer mechanism in place for your data is available on request.
We implement technical and organisational measures appropriate to the risk, including:
Despite all controls, no system is perfectly secure. If a breach affects your personal data, we will notify you and/or the competent supervisory authority in accordance with applicable law.
To exercise any of these rights, contact dpo@regulatorybridge.com. We respond within one month (extendable by two months for complex requests). Where we cannot verify your identity, we will ask for additional information.
California (CCPA / CPRA). California consumers also have rights to know, delete, correct, opt-out of sale or sharing of personal information, limit use of sensitive personal information, and not be discriminated against for exercising rights. We honour Global Privacy Control signals. We have not sold personal information in the preceding 12 months. To exercise CCPA rights email privacy@regulatorybridge.com.
India (DPDPA). Data principals have the rights of access, correction/completion/updating, erasure, grievance redressal, and nomination, and may withdraw consent at any time. Contact dpo-india@regulatorybridge.com.
United Kingdom (UK GDPR). You can lodge a complaint with the Information Commissioner's Office (ico.org.uk).
Brazil (LGPD). You may exercise the rights set out in Article 18 LGPD by writing to our Encarregado at encarregado@regulatorybridge.com; you may also escalate to ANPD.
Singapore (PDPA). Our DPO is the contact for access, correction, and withdrawal of consent under the PDPA.
Japan (APPI). You may request disclosure, correction, cessation, or deletion under Articles 28–35 APPI by contacting our Personal Information Manager at appi@regulatorybridge.com.
Switzerland (revFADP). Equivalent rights apply; complaints may be filed with the FDPIC.
Our services are not directed at children under 16, and we do not knowingly collect personal data from anyone we believe to be under 16. If you believe a child has provided personal data to us, please contact dpo@regulatorybridge.com and we will delete it promptly. Where customers process children's data using our services, the customer is responsible for obtaining required parental consent.
We do not use solely-automated decision-making that produces legal effects or similarly significantly affects you. Some operational systems (e.g., spam filtering, anomaly detection) apply automated logic with human oversight. Where this changes, we will update this policy and obtain consent or another lawful basis as appropriate.
We'd like the chance to resolve your concern first — please write to dpo@regulatorybridge.com. You also have the right to lodge a complaint with your local supervisory authority. The Data Protection Authority of our lead establishment is the Data Protection Commission (Ireland).
We may update this policy from time to time. Material changes will be announced on this page and, where appropriate, via email or in-product notification at least 14 days before they take effect. The version and date at the top of this page indicate the current iteration.
Email: privacy@regulatorybridge.com
Data Protection Officer: dpo@regulatorybridge.com
Post: RegulatoryBridge Global Ltd., Attn: Data Protection Officer, 77 Lower Camden Street, Saint Kevin's, D02 XE80 Dublin 2, Ireland.
src/lib/legal-entity.ts. Fields marked "Pending" must be confirmed by counsel and updated before public launch.