GDPR Compliance Statement

For EU Customers of BARD Tracker
Last updated May 4, 2025

Data Controller and Contact Information

BARD Tracker
3726 SE 8th Ave
Portland, OR 97202
info@bardtracker.com
+1 (503) 662-2712

We act as the data processor for customer-submitted project data and as the data controller for account-related information.


Lawful Basis for Processing


Types of Data Collected

No sensitive personal data (e.g. age, ethnicity, political affiliation) is collected.


Data Hosting and Transfers

Our infrastructure is hosted on AWS us-east-1 (Virginia, USA). Data transfers are protected by:


User Rights

EU/EEA users have the right to:

All BARD Tracker projects have an Export CSV facility for porting data.

All users' data can be accessed, corrected, and/or deleted at-will at all granularity levels, from comments, tickets, projects, accounts, up to entire organizations.

Previously given consent can be withdrawn at any time.

Contact us at info@bardtracker.com for any inquiries about exercising these rights.


Security and Privacy by Design


Data Retention and Backup Policy

Data is retained while accounts are active, and deleted upon request or termination.

We maintain regular backups of our systems to ensure the security and availability of data. These backups are stored securely and are retained for a limited period of time in accordance with our data retention policy.


Right to Erasure

We respect your rights under applicable data protection laws, including your **Right to Erasure** (also known as the "Right to be Forgotten"). If you request the deletion of your personal data, we will take reasonable steps to ensure that your data is removed from our active systems, and historical backups.

Please note that:


Sub-Processors

We use the following vetted, GDPR-compliant sub-processors, and have signed Data Processing Agreements (DPAs) with them:


International Data Transfers

We may transfer your personal data outside of the European Economic Area (EEA) to the United States, where our service providers (Amazon Web Services, or AWS) are located. AWS provides secure cloud storage and hosting services that we use to deliver our Services to you.

We ensure that such transfers are conducted in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Specifically:

Adequate Safeguards: We rely on the European Commission’s Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure that your personal data is adequately protected when transferred outside the EEA.

Data Security: AWS is certified under recognized security standards (e.g., ISO 27001) and provides robust encryption and security measures to protect your data.

By using our Services, you acknowledge that your data may be transferred to countries outside of the EEA, including the United States, and you consent to such transfers.


Data Breach Notification

In the event of a data breach, we shall notify users and relevant authorities per GDPR Articles 33 and 34.


Contact and Complaints

For questions or complaints, contact our Data Protection Officer:

Micah Geisel
micah@botandrose.com

You may also contact your local Data Protection Authority.