This Privacy Policy explains how BridgePoint Israel collects, uses, and protects personal data submitted through this website. It is written in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and applicable Israeli privacy law.

1. Data Controller

The data controller responsible for your personal data is:

Bridge Point Israel

If you have any questions about how we handle your data, you may contact us at the email above.

2. What Data We Collect

When you submit the contact form on this website, we collect the following personal data that you voluntarily provide:

• Name — required, to address you in correspondence.
• Email address — required, to respond to your inquiry.
• Phone number — optional, if you choose to provide it.
• Location / project area — optional, to understand the scope of your project.
• Timeline — optional, to assess your project schedule.
• Message content — the details of your inquiry.

We also collect your IP address automatically at the time of form submission, solely for spam prevention purposes. This is not used for any other purpose.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

• Article 6(1)(b) — Pre-contractual measures: Processing is necessary to respond to your inquiry and take steps at your request prior to entering into a service agreement.
• Article 6(1)(f) — Legitimate interests: We have a legitimate interest in receiving and responding to business inquiries submitted through this website. This interest does not override your fundamental rights.

We do not rely on consent as a legal basis for processing contact form data.

4. How We Use Your Data

We use your personal data solely to:

• Respond to your inquiry and discuss your project requirements.
• Assess whether our services are a suitable fit for your situation.
• Communicate with you throughout any subsequent engagement.

We do not use your data for marketing, profiling, or automated decision-making. We do not sell, rent, or share your personal data with any third party for commercial purposes.

5. Data Retention

Inquiry submissions are retained in our website database for a maximum of 24 months from the date of receipt, or for as long as necessary to manage any ongoing business relationship with you, whichever is longer. After this period, data is deleted or anonymised.

If you become a client, we retain project-related personal data for the duration of the engagement plus 7 years, as required by Israeli bookkeeping and tax law.

6. Data Storage and Transfer

This website is hosted on servers located in [YOUR HOSTING REGION — e.g., “the European Union” or “the United States”]. Your data is stored on those servers.

As a business based in Israel, your data is processed in Israel. Israel has been granted an adequacy decision by the European Commission under Article 45 of the GDPR, meaning the level of data protection in Israel is considered equivalent to that of the European Union. No additional safeguards are required for this transfer.

7. Third-Party Services

This website uses the following third-party services that may process limited technical data:

• WordPress (Automattic) — the platform powering this website. See Automattic’s Privacy Policy.
• Web hosting provider — [YOUR HOST NAME]. Processes server logs and stores database data.
• Google Fonts — fonts are loaded from Google’s servers, which may log your IP address. See Google’s Privacy Policy. You can self-host fonts to eliminate this transfer.
• Pexels and Unsplash — stock images embedded from their CDNs. These may set cookies or log your IP. We recommend replacing placeholder images with your own hosted images before launch.

We do not use Google Analytics, Facebook Pixel, or any advertising or tracking technology.

8. Cookies

This website uses only the following cookies:

• WordPress session cookie — set automatically by WordPress for logged-in administrators only. Not set for regular visitors.
• Theme preference — your light/dark mode preference is stored in your browser’s localStorage (not a cookie), local to your device only.

We do not use tracking, advertising, or analytics cookies. A cookie consent banner is not required for strictly necessary cookies. If you add any analytics or third-party scripts in future, you must update this policy and implement a consent mechanism.

9. Your Rights Under the GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:

• Right of access (Article 15) — You may request a copy of the personal data we hold about you.
• Right to rectification (Article 16) — You may request that we correct any inaccurate or incomplete data.
• Right to erasure (Article 17) — You may request that we delete your personal data where there is no legitimate ground for us to continue processing it.
• Right to restriction of processing (Article 18) — You may request that we limit how we use your data in certain circumstances.
• Right to data portability (Article 20) — You may request a machine-readable copy of the data you provided to us.
• Right to object (Article 21) — You may object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

To exercise any of these rights, please contact us at [YOUR EMAIL ADDRESS]. We will respond within 30 days. We may ask you to verify your identity before fulfilling your request.

10. Right to Lodge a Complaint

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with a data protection supervisory authority.

• In Israel: the Privacy Protection Authority (PPA) — gov.il/en/departments/the_privacy_protection_authority
• In the EU: the supervisory authority of your country of residence or place of work. A list of EU DPAs is available at edpb.europa.eu.

We would appreciate the opportunity to address any concerns before you contact a supervisory authority.

11. No Automated Decision-Making

We do not use automated decision-making or profiling (as defined in Article 22 GDPR) in connection with your personal data.

12. Children’s Privacy

This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date displayed at the top of this page reflects the most recent revision. Material changes will be summarised at the top of the updated policy. We encourage you to review this page periodically.

14. Contact

For any questions, requests, or concerns relating to this Privacy Policy or the way we handle your personal data, please contact us at [YOUR EMAIL ADDRESS] or through the contact form on this website.