1. Data Controller
Within the meaning of Law No. 18-07 (article 4) and the GDPR (article 4§7), the data controller is:
2. Data Collected
In the course of providing Bridg_ services, we collect the following categories of data:
2.1 Data you provide directly
- Identity data: first name, last name, hotel establishment name.
- Contact data: professional email address, phone number.
- Account data: username, password (encrypted), account preferences.
- Subscription data: plan subscribed to, billing history, payment details (processed by our certified payment provider).
- Property data: name and address of hotel establishments you register, room types, rates, availability.
- Communications: messages sent to our support team, contact form content.
2.2 Data collected automatically
- Technical data: IP address, browser type and version, operating system, session identifier.
- Navigation data: pages visited, session duration, actions performed on the platform, connection logs.
- Performance data: application errors, API response times, aggregated usage metrics.
2.3 Data we do not collect
3. Purposes and Legal Bases for Processing
In accordance with article 10 of Law No. 18-07 and article 6 of the GDPR, each data processing operation is based on an explicit legal basis:
| Purpose | Legal basis |
|---|---|
| Creation and management of your account | Performance of contract (art. 6(1)(b) GDPR / art. 10 Law 18-07) |
| Provision of channel management services | Performance of contract |
| Billing and subscription management | Performance of contract + legal obligation |
| Sending transactional notifications (alerts, confirmations) | Performance of contract |
| Customer support and complaint handling | Legitimate interest / Performance of contract |
| Platform improvement (aggregated analytics) | Legitimate interest (art. 6(1)(f) GDPR) |
| Sending newsletters and marketing communications | Consent (art. 6(1)(a) GDPR / art. 10 Law 18-07) |
| Fraud prevention and security | Legitimate interest + legal obligation |
| Compliance with legal obligations | Legal obligation (art. 6(1)(c) GDPR) |
4. Hosting and Data Location
This location guarantees that your data is subject to the Algerian legal framework and benefits from all the protections provided for by Law No. 18-07.
5. Retention Period
| Data category | Retention period |
|---|---|
| Active account data | Duration of subscription + 3 years after termination |
| Billing and subscription data | 10 years (Algerian accounting obligation) |
| Connection logs and technical data | 12 months |
| Support communications | 3 years from ticket closure |
| Marketing / newsletter data | Until consent is withdrawn + 3 years |
| Analytical cookie data | 13 months maximum (ANPDP/CNIL recommendation) |
| Hotel property data | Contract duration + 5 years (legal archiving) |
Upon expiry of these periods, your data is securely deleted or irreversibly anonymised.
6. Recipients of Data
Your personal data is accessible only to the following persons and entities, strictly within the limits of their assignments and the purposes defined above:
- Authorised internal Bridg_ staff: technical teams, support, accounting.
- Secure payment providers: processing subscription transactions only.
- Transactional email providers: sending notification emails (synchronisation alerts, booking confirmations).
- Legal authorities: only upon judicial or administrative requisition in accordance with the law.
No personal data is sold, rented or transferred to third parties for commercial purposes.
All our subcontractors are bound by a data processing agreement in compliance with article 18 of Law No. 18-07 and article 28 of the GDPR.
7. Your Data Rights
In accordance with articles 13 to 19 of Law No. 18-07 and articles 15 to 22 of the GDPR, you have the following rights:
Right of access
Art. 13 Law 18-07 / Art. 15 GDPR
Obtain a copy of all the data we hold about you.
Right to rectification
Art. 14 Law 18-07 / Art. 16 GDPR
Correct inaccurate or incomplete data.
Right to erasure
Art. 15 Law 18-07 / Art. 17 GDPR
Delete your data in the cases provided for by law ('right to be forgotten').
Right to object
Art. 16 Law 18-07 / Art. 21 GDPR
Object to processing based on legitimate interest or for marketing purposes.
Right to portability
Art. 17 Law 18-07 / Art. 20 GDPR
Receive your data in a structured, machine-readable format.
Right to restriction
Art. 18 Law 18-07 / Art. 18 GDPR
Request the temporary suspension of the processing of your data.
Withdrawal of consent
Art. 10 Law 18-07 / Art. 7(3) GDPR
Withdraw your consent at any time for processing based on it.
Right to complain
Art. 36 Law 18-07
Lodge a complaint with the ANPDP (Algeria) or the CNIL (EU) if you believe your rights are not being respected.
8. How to Exercise Your Rights
To exercise any of the above rights, send your request to:
Data Protection Officer (DPO) — Bridg_
Response time: maximum 30 days from receipt of your request (art. 13 Law 18-07 / art. 12 GDPR). Proof of identity may be required to verify your identity.
If you believe your request has not been handled satisfactorily, you have the right to lodge a complaint with:
- ANPDP — National Authority for Personal Data Protection (Algeria)
- CNIL — Commission Nationale de l'Informatique et des Libertés (France / EU)
9. Data Security
In accordance with article 24 of Law No. 18-07 and article 32 of the GDPR, Bridg_ implements appropriate technical and organisational measures to ensure the security of your personal data, including:
- Encryption in transit: all communications between your browser and our servers are encrypted using the TLS 1.3 protocol (HTTPS).
- Encryption at rest: sensitive data (passwords, access tokens) is encrypted using internationally compliant algorithms (bcrypt, AES-256).
- Access control: two-factor authentication available, data access restricted to authorised personnel on the basis of the principle of least privilege.
- Continuous monitoring: 24/7 infrastructure monitoring, automatic alerts for suspicious activity.
- Security testing: regular audits and penetration testing performed periodically.
- Secure location: all servers are hosted in Algeria, in physically secured data centres.
10. Minors
Bridg_ services are intended exclusively for hospitality professionals and natural persons who are of legal age (18 years and over). We do not knowingly collect personal data relating to minors. If you are aware that a minor has provided us with personal data, please contact us immediately at privacy@bridgchannel.app.
11. International Data Transfers
Your personal data is hosted and processed exclusively in Algeria. In the exceptional case where a transfer to a third country becomes necessary (for example, for the use of a third-party tool), we ensure that this country offers an adequate level of protection, or we put in place appropriate safeguards in accordance with article 11 of Law No. 18-07 and Chapter V of the GDPR (standard contractual clauses, binding corporate rules).
12. Modifications to this Policy
Bridg_ reserves the right to modify this privacy policy at any time, in particular to comply with legislative and regulatory developments. In the event of a substantial modification, you will be informed by email and/or by a visible notification on the Bridg_ platform, at least 15 days before the modifications come into force.
The 'Last updated' date at the top of this document indicates the version currently in force.
13. Contact and Data Protection Officer
For any questions relating to the protection of your personal data, the exercise of your rights, or to contact our Data Protection Officer (DPO):
DPO Email: privacy@bridgchannel.app
Postal address: Bridg_ — DPO, Algiers, Algeria
You can also access your privacy settings directly from your Bridg_ client area → Settings → Privacy.