PRIVACY POLICY.

GLOBAL DATA PROTECTION CONTACTS

Privacy Policy

Download/print the document: HERE

Who’s Responsible for This Website

Just so you know, the following websites are operated by Bare Associates International, Inc.:

  • bareinternational.com
  • bareinternational.eu
  • bareinternational.com.br
  • bareinternational.in
  • bareinternational.ph
  • bareinternational.sg
  • bareinternational.cl
  • bareinternational.mx
  • bareinternational.ae

We’re officially registered under the name Bare Associates International, Inc., with registration number 314809.

Want to get in touch or find our mailing address? You can click HERE for all the details.

You can also reach us at:

📞 +1 800 296 6699

📧 [email protected]

Throughout this notice, we’ll refer to Bare Associates International, Inc. as the Controller.

What This Notice Covers

We follow the rules laid out in the General Data Protection Regulation (GDPR) – officially known as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This is the main law across the EU that protects how your personal data is used and shared. It applies to how we handle your information as the Controller.

This privacy notice explains how we collect and use your personal data when you visit and interact with our website (referred to as the “Website”)—that includes any of the domain names listed above.

When we mention “you” or “User” in this notice, we mean anyone who browses our Website and gets in touch with us.

Use of Cookies and Technical Data Collection

To help the Website run smoothly and understand how visitors use it, we use cookies to support our marketing efforts and collect some basic technical data.

For more details on what cookies we use and why, please check out the section called About the Use of Cookies.

Data Processing related to Email Communication

If you contact us via the email address provided on the Website, we’ll need to process some of your personal data to handle your message.

Who this applies to: Anyone who sends an email to the Controller using the contact email(s) listed on the Website.

Legal basis for processing: We process your data based on your consent, as outlined in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time—just let us know. Please note that withdrawing consent won’t affect the lawfulness of any processing we carried out before the withdrawal. However, if you withdraw your consent before we are able to respond to your request, we will be unable to fulfill it, and you will not receive a response.

What data we collect: When you email us, we typically handle the following information:

  • Your name
  • Your email address
  • The content of your message

Why we collect this data: Simply to communicate with you and respond to your inquiries or requests.

How long we keep your data: We keep your data until we’ve answered your question or fulfilled your request. If the conversation continues, we retain the data for 90 days after the final message or once your request has been fully handled—whichever comes later. After that, your data will be deleted.

How your data is stored: Your information is stored securely in our IT system, in separate databases created specifically for managing communications, and is kept only for the duration of our exchange.

Data Processing Related to Requesting a Quote

If you request a quote by filling out the form available via the REQUEST A QUOTE button on our Website, we’ll process the information you provide in order to respond to your inquiry.

Who this applies to: Users who request a quote by completing the online form linked through the “REQUEST A QUOTE” button on the Website.

Legal basis for processing: We process your data based on your consent, as outlined in Article 6(1)(a) of the GDPR.

You may withdraw your consent at any time by letting us know. Please note that this won’t affect the lawfulness of any processing that occurred prior to your withdrawal. However, if you withdraw your consent before we are able to respond to your request, we will be unable to fulfill it, and you will not receive a response.

What data we collect: We collect a range of details to understand your request and respond appropriately. These may include:

Identification and Contact Information:

  • Name
  • Job title or position
  • Company or organization represented
  • Work phone number or organization phone number
  • Work email address or organization email address
  • Work postal address or organization postal address
  • Country

Request Context and Preferences:

  • How you heard about us
  • Free-text message or comment field
  • Selected options related to services, products, or areas of interest

Why we collect this data: To provide you with a personalized offer and respond to your request. If your message includes a more complex question, we may use the provided phone number to get in touch more efficiently.

How long we keep your data: We retain your data for the period specified by the applicable legal regulations governing contractual relationships, particularly regarding the limitation of any claims. However, as we do not yet know the jurisdiction from which your request originates, it is not currently possible to determine the exact retention period at this stage.

If your quote request results in a contract, we will provide you with further details about how your data will be processed under that agreement.

If no contract is established, your data will be retained for a period of three months following the conclusion of the final negotiations, after which it will be securely deleted.

How your data is stored: Your information is stored securely in a separate section of our internal IT system, specifically designated for managing quote requests.

Data Processing Related to Evaluators

If you register as an Evaluator, please note that we provide separate and detailed notice about how your personal data is processed in that context.

This specific privacy notice is made available during the registration process or upon request.

Data Processing Related to Requesting a Free Study

If you request access to one of our free studies by completing the form located under the “FREE ACCESS TO THE STUDY” section (accessible via the “Solutions” and then “Business Intelligence” buttons), we will process the personal data you provide in order to fulfill your request.

Who this applies to: Users who request access to a free study by submitting the relevant form on the Website.

Legal basis for processing: We process your data as it is necessary for performing a service you have requested—specifically, providing access to a free study—according to Article 6(1)(b) of the GDPR.

What data we collect: To provide you with the requested study, we typically handle the following information:

Identification and Contact Information:

  • Name
  • Job title or position
  • Company or organization represented
  • Work phone number or organization phone number
  • Work email address or organization email address
  • Work postal address or organization postal address
  • Country

Request Context and Preferences:

  • How you heard about us
  • Free-text message or comments
  • Selected options related to services, products, or areas of interest

Why we collect this data: To deliver the requested study and provide relevant information about our services and expertise.

How long we keep your data: We retain your data only until the requested study has been successfully delivered.

How your data is stored: Your information is securely stored in a dedicated area of our internal IT system, used solely for managing study requests.

Data Processing Related to Free Pilot Offerings

If you request a free pilot service by filling out the data sheet available through the “Solutions” > “Self-Audits (BARE-ify Pulse)” section of the Website, we will process the personal data you provide to carry out the preliminary assessment.

Who this applies to: Users who request a free pilot offering by submitting the relevant form on the Website.

Legal basis for processing: We process your data as it is necessary for the performance of a service you have requested—specifically, a preliminary assessment—as outlined in Article 6(1)(b) of the GDPR.

What data we collect: To coordinate and deliver the free pilot, we may process the following details:

Identification and Contact Information:

  • Name
  • Job title or position
  • Company or organization represented
  • Work phone number or organization phone number
  • Work email address or organization email address
  • Work postal address or organization postal address
  • Country

Request Context and Preferences:

  • How you heard about us
  • Free-text message or comment
  • Selected options related to services, products, or areas of interest

Why we collect this data: To provide you with the requested free pilot service and to share the results with you.

How long we keep your data: We retain your data only until we have provided the results of the free pilot. Once this has been completed, your data will be deleted promptly.

If a formal contract follows the pilot, we will provide separate information about how your data will be processed going forward.

How your data is stored: Your data is securely stored in a designated area of our internal IT system, reserved for managing free pilot requests.

Data Processing Related to Calls for Proposals, Free Pilot Requests, or Free Study Requests by Natural Persons Representing a Company

If a natural person contacts us on behalf of a partner organization to request a proposal, a free pilot service, or a free study, we may process their personal data as part of that communication.

Who this applies to: Natural persons (“Representatives”) who act on behalf of a company or organization (“Partner Organization”) to request a proposal, a free pilot, or a free study from the Controller.

Legal basis for processing: We process this data based on legitimate interest under Article 6(1)(f) of the GDPR.

It is in the legitimate interest of the Partner Organization to request such services from the Controller. That interest can be pursued by assigning a natural person to communicate on the organization’s behalf.

The Controller processes the Representative’s data solely for administrative purposes related to the Partner Organization’s request. Data processing is limited to what is necessary for that purpose, both in terms of scope and duration.

Please note: Without processing the Representative’s data, the exchange of necessary information—such as for preparing a proposal, conducting a pilot, or sharing a study—would not be possible. Therefore, processing is essential.

A legitimate interest assessment has been documented. Representatives may request information on how to access this documentation from the Controller.

What data we collect: The specific data collected in this context corresponds to the data described in earlier sections (requests for proposals, pilots, and studies), depending on the function used.

Source of the data: Data is usually provided directly by the Representative (User).
If the data is submitted by another person from the Partner Organization, the organization itself is considered the source. In such cases, it is the responsibility of the Partner Organization to inform the Representative that their personal data has been shared with the Controller for this purpose.

Why we collect this data: To respond to the proposal request, conduct the preliminary survey, or provide access to the requested study.

How long we keep your data: The retention period corresponds to the function selected by the Representative and is described in the relevant sections above (e.g. for quote requests, pilot services, or study access).

How your data is stored: Your data is securely stored in a designated part of our internal IT system, separated specifically for managing these types of requests.

Data Processing Related to the Use of the Semi-Automated Communication Service (Chat Window)

If you send us a message using the chat window on our Website, we may process some of your personal data to facilitate that interaction.

Who this applies to: Users who send messages via the chat window on the Website.

Legal basis for processing: We process your data based on your consent, as set out in Article 6(1)(a) of the GDPR.

By sending a message through the chat window, you give your consent to the processing of your personal data.

You may withdraw your consent at any time. Please note that withdrawing consent does not affect the lawfulness of any data processing carried out before the withdrawal. However, if you withdraw your consent before we are able to respond to your request, we will be unable to fulfill it, and you will not receive a response.

What data we collect:

  • Your name
  • Your email address
  • The content of your message

Why we collect this data: To enable effective communication between you and the Controller, reduce the administrative load on our team, and improve communication efficiency through the use of semi-automated tools.

How long we keep your data: If no contract results from the chat exchange, we retain your data only as long as needed to respond to your inquiry or fulfill your request. In any case, your data will be deleted no later than 30 days after we reply or fulfill your request.

If the conversation includes multiple related messages, the data will be deleted no later than 30 days after the final exchange or once your request has been fully addressed—whichever comes later.

If a contract is formed based on the chat communication, and the exchanged messages are relevant to that agreement, your data will be stored in accordance with the applicable legal requirements concerning the limitation of claims.
In such cases, we will provide you with separate information on how your data will be processed going forward.

How your data is stored: Your information is stored electronically in a dedicated database within the Controller’s internal IT system, and only for the duration of the communication.

Use of third-party service provider: The chat feature uses a chatbot service provided by an external service provider to support automated replies. For details regarding data security in connection with this third-party service, please refer to Section Data Protection and Security of this Privacy Notice.

Data Processing Related to WhatsApp Chat Communications

If you choose to contact us via WhatsApp through the chat feature on our Website, we may process certain personal data in order to respond to your inquiry.

Who this applies to: Users who send messages to the Controller via WhatsApp using the chat window available on the Website.

Legal basis for processing: We process your data based on your consent, as outlined in Article 6(1)(a) of the GDPR.

By sending a message via WhatsApp, you give your consent to the processing of your personal data for the purposes of communication.

You may withdraw your consent at any time. Please note that this does not affect the lawfulness of any processing carried out prior to the withdrawal. However, if you withdraw your consent before we are able to respond to your request, we will be unable to fulfill it, and you will not receive a response.

What data we collect:

  • Your name
  • Your phone number
  • The content of your message
  • The date and time the message was sent

Please note: Your phone number and message data are transmitted to the Controller by WhatsApp. Additionally, WhatsApp may collect other information, such as your IP address, device details, and usage data. These activities are subject to WhatsApp’s own privacy policy, which is independent of the Controller.

Why we collect this data: To facilitate communication between you and the Controller through the WhatsApp platform.

How long we keep your data: We retain your data until we have responded to your request or inquiry. If there is an ongoing exchange of messages, your data will be deleted no later than 90 days after the final message or once the matter has been resolved—whichever comes later.

How your data is stored: The data is stored electronically within the system provided by the WhatsApp service provider, which acts as the data processor on behalf of the Controller.

Data Transfer

The Controller does not share personal data with third parties.

Personal data will only be disclosed if required by law or a binding legal obligation. In such cases, the Controller may transfer data to the relevant public authorities as necessary to comply with applicable legal requirements.

Involved Data Processors

To support its data processing activities, the Controller engages certain external service providers (data processors). These providers process personal data solely on behalf of and under the instructions of the Controller, in compliance with applicable data protection laws and regulations.

Storage Space Service Provider

Scope of Data Subjects Involved: All users who visit the Website, regardless of whether they use any specific services.

Engaged Data Processor: The Controller uses the services of the following company as a website hosting and storage space provider (hereinafter: Data Processor):

Microsoft Ireland Operations Limited
Short name: Microsoft Ireland Ltd.
Business registration number: 256796
Tax number: IE8256796U
Registered office: 70 Sir Rogerson’s Quay, Dublin 2, Ireland
Postal address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Telephone: +1 800 710 200
Website: https://www.microsoft.com/

Scope of Data Processed: This may include any data categories mentioned in this privacy notice, depending on which services and functions are used by the User. The specific scope of data processed is therefore determined by the nature of the user interaction described in the relevant sections of this policy.

Purpose of Engaging a Data Processor: To ensure the technical operation and availability of the Website by providing the electronic hosting services necessary for its functioning.

Method of Data Processing: Processing is carried out electronically, and is limited to the provision of storage space necessary for the secure and functional operation of the Website. No additional data operations are performed by the processor beyond hosting and storage.

Website Developer

Scope of Data Subjects Involved:
All users who visit the Website, regardless of whether they use any specific services.

Engaged Data Processor: The Controller uses the services of the following company as the website development platform provider (hereinafter: Data Processor):

Automattic Inc. (WordPress)
Registered address: 60 29th Street #343, San Francisco, CA 94110, USA
Postal address: 60 29th Street #343, San Francisco, CA 94110, USA
Telephone: +001 877 273 3049
Website: https://wordpress.com/

Scope of Data Processed: This may include any personal data referenced in this privacy notice, depending on the features used by the User. The specific data processed is determined by the functions engaged by the User as described in the corresponding sections above.

Purpose of Engaging a Data Processor: To support the technical operation and functionality of the Website by providing and maintaining the website software infrastructure required for proper performance and user interaction.

Method of Data Processing: Data is processed electronically, and solely for the purpose of ensuring the proper functioning of the Website through the technical services provided by the software platform. No additional processing is carried out by the developer beyond what is technically necessary.

Data Processing Related to Email Hosting and Communication Software

Scope of Data Subjects Involved: All individuals referenced in this privacy notice, particularly those with whom the Controller communicates via email.

Engaged Data Processors: The Controller uses the services of the following providers as email software developers and hosting service providers (hereinafter: Data Processors):

Microsoft Ireland Operations Limited
Short name: Microsoft Ireland Ltd.
Business registration number: 256796
Tax number: IE8256796U
Registered office: 70 Sir Rogerson’s Quay, Dublin 2, Ireland
Postal address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Telephone: +1 800 710 200
Website: https://www.microsoft.com/

CM.com Netherlands B.V.
Registered office: Konijnenberg 30, 4825 BD Breda, The Netherlands
Mailing address: Konijnenberg 30, 4825 BD Breda, The Netherlands
Website: https://www.cm.com/
Contact: https://www.cm.com/contact/
Email: [email protected]

Scope of Data Processed: Primarily, the name and email address of the data subject. Additionally, any other personal data voluntarily shared within the content of email correspondence may also be processed.

Purpose of Engaging a Data Processor: To ensure the reliable operation and delivery of electronic mail communications, including hosting, storage, and email functionality.

Method of Data Processing: Email content and related personal data are stored electronically in the software environments provided by the Data Processors, and are processed solely during the retention period necessary for communication purposes.

Data Processing Related to the Use of an Automated Communication System (Chatbot)

Scope of Data Subjects Involved: All individuals referred to in this privacy notice who interact with the chatbot-supported communication feature.

Engaged Data Processor: The Controller uses the following service provider as the operator of the automated communication system (chatbot) (hereinafter: Processor):

CM.com Netherlands B.V.
Registered office: Konijnenberg 30, 4825 BD Breda, The Netherlands
Mailing address: Konijnenberg 30, 4825 BD Breda, The Netherlands
Website: https://www.cm.com/
Contact: https://www.cm.com/contact/
Email: [email protected]

Scope of Data Processed:

  • Name of the Data Subject
  • Email address
  • Content of messages exchanged through the chatbot

Purpose of Engaging a Data Processor: The Processor is used to support and streamline communication via the chatbot feature on the Website. This helps to reduce the Controller’s manual communication workload and improve efficiency.

Method of Data Processing: Data is processed electronically within the administrative system provided by the Processor.

Data Security Measures:

  • The chatbot system uses artificial intelligence (AI) for generating automated responses.
  • The content of the chat is not used for AI training or development.
  • The Processor applies pseudonymisation as a data protection measure.
  • User data is stored in separate databases for each customer.
  • All data is processed within the European Union (EU).
  • Under the EU Artificial Intelligence Act, the chatbot system is classified as a limited-risk AI system.

Provision of Chat Window Service (WhatsApp)

Scope of Data Subjects Involved: Users with a WhatsApp account who send messages to the Controller via the WhatsApp chat window on the Website.

Engaged Data Processor: The Controller uses the following company as a provider of the messaging application (hereinafter: Data Processor):

WhatsApp LLC
Commercial registration number: 202132710693
Registered office: 1601 Willow Road, Menlo Park, California 94025, USA
Mailing address: 1601 Willow Road, Menlo Park, California 94025, USA
Contact: https://www.whatsapp.com/contact
Website: https://www.whatsapp.com

Scope of Data Processed:

  • User’s name
  • Phone number
  • Content of the message
  • Date and time the message was sent

Please note: WhatsApp may also collect additional technical and usage-related data (e.g., IP address, device information, and usage patterns). Such data processing is governed by WhatsApp’s own privacy policy, which is independent of the Controller.

Purpose of Engaging a Data Processor: To enable the operation and technical functionality of the messaging application by providing the necessary hosting and communication software.

Method of Data Processing: Data is processed electronically, including the use of electronic messaging systems and cloud-based storage provided by the Processor.

Data Security Measures: WhatsApp employs end-to-end encryption to safeguard the content of communications. This ensures that messages are encrypted on the sender’s device and can only be decrypted on the recipient’s device—not even WhatsApp has access to the message content. This encryption standard applies to all communication forms, including text, calls, photos, and videos.

Other Data Processors and Data Processing Agreements

The Controller does not engage any additional data processors beyond those specifically listed in this privacy notice or those identified in the document titled “Information About the Use of Cookies.”

The Controller enters into data processing agreements with all data processors it engages. These agreements include all legally required terms to ensure compliance with applicable data protection laws and to guarantee an appropriate level of data security in connection with the processing of personal data.

Data Protection and Security

The Controller is committed to keeping your personal data safe. We take both technical and organizational measures—and follow internal policies—to make sure we comply with data protection laws and confidentiality rules. We protect your data from unauthorized access, alteration, disclosure, deletion, or any unlawful use. We also safeguard it against accidental loss, damage, or inaccessibility due to technological changes.

Any data we collect about website traffic or user behavior is handled in a way that prevents us from linking it to individuals. From the very beginning, this data is processed anonymously.

We only process personal data for the specific and lawful purposes set out in this notice. We do so to the extent necessary and proportionate, always in line with applicable laws, best practices, and with the appropriate security measures in place.

To help protect your data, our Website uses the secure “https” protocol, which encrypts communications and ensures a unique, secure connection. Your data is stored in encrypted databases, organized into separate databases based on the purpose of processing. Only a limited number of authorized Controller staff—those involved in the tasks described in this policy—have access. These individuals are required to handle your data responsibly and in compliance with this policy and relevant legal requirements.

User’s Rights Regarding Their Personal Data

Right to Access

As a User, you have the right to request information about how your personal data is being processed.

At your request, the Controller will provide details about:

  • What personal data is being processed (by us and by any Data Processors),
  • Where the data came from,
  • The purpose and legal basis for processing,
  • How long the data will be stored,
  • The names and addresses of any Data Processors involved and their roles,
  • Any data transfers, including the legal basis and recipients,
  • The possible effects of a data protection incident and the steps taken to prevent such incidents.
  • The method how we process your data.

We aim to respond to your access request without undue delay—always within one month of receiving it.

As part of this right, you can also request a copy of the personal data we process about you. Your first copy is free of charge. If you request additional copies, we may charge a reasonable fee to cover administrative costs.

Right to Data Portability

You have the right to receive the personal data we hold about you in a structured, commonly used, and machine-readable format. You can also request that this data be transferred to another controller—without interference from us—if:

a) the processing is based on your consent or a contract, and
b) the processing is carried out by automated means.

If technically possible, you can also ask us to transfer your data directly to another controller on your behalf.

Right to Correction

You have the right to request that we correct any inaccurate personal data we hold about you. If your data is incomplete, you can also ask us to update it—such as by providing a supplementary statement.

We’ll handle your correction request without undue delay and, at the latest, within one month of receiving it.

Right to Restrict Processing

You can ask us to limit how we use your personal data. When data is restricted, we’ll mark it to ensure it’s not used for anything beyond what’s absolutely necessary. You can request this in the following situations:

a) You believe the data we have is inaccurate—restriction will apply while we verify the data.
b) The processing is unlawful, but you don’t want the data deleted—you’d prefer we just stop using it.
c) We no longer need the data for processing, but you need it to establish, exercise, or defend legal claims.
d) You’ve objected to our processing based on legitimate interest—processing will be limited while we assess whether our interest overrides yours.

Right to Erasure (“Right to Be Forgotten”)

You have the right to ask us to delete your personal data, and we’ll do so without delay if any of the following apply:

a) The data is no longer needed for the purpose it was originally collected or processed.
b) You withdraw your consent, and there’s no other legal reason to keep processing the data.
c) You object to the processing, and there are no overriding legitimate grounds to continue—or you object to processing for direct marketing purposes.
d) Your data was processed unlawfully.
e) We’re required to delete the data to comply with legal obligations under EU or Member State law.
f) You request deletion (or object to processing), and the data was collected in connection with offering online services directly to children.

If we’ve made your personal data public and are required to erase it, we’ll also take reasonable steps—considering available technology and implementation costs—to inform other controllers that you’ve requested deletion of any links to, or copies of, that data.

Obligation to Notify

If we correct, restrict, or delete your personal data, we’ll inform you and any other parties we’ve shared the data with—unless doing so is impossible or would require disproportionate effort. If you ask, we’ll also let you know who we’ve shared your data with.

Right to Object

You have the right to object to the processing of your personal data at any time if it’s being processed based on our legitimate interests, and you have a personal reason for doing so.

If you object, we’ll stop processing your data—unless we can demonstrate that we have compelling legal reasons that override your interests, rights, and freedoms, or if the data is needed to establish, exercise, or defend legal claims.

Responding to User Requests

We provide information and take action on your data-related requests free of charge, as described at the “User’s Rights Regarding Their Personal Data” section of this document.

However, if a request is clearly unfounded or excessive—especially if it’s repeated—we may:

a) charge a reasonable fee to cover administrative costs, or
b) refuse to act on the request.

We’ll make this decision based on the nature of the request and the effort required to fulfill it.

We’ll respond to your request as soon as possible—no later than one month after we receive it. This includes providing any copies of your personal data, if requested.

If your request is complex or we’ve received multiple requests, we may need up to two additional months to respond. In that case, we’ll let you know within the first month and explain why there’s a delay.

If you submit your request electronically, we’ll respond electronically unless you ask for a different format.

If we decide not to take action on your request, we’ll inform you within one month and explain why. We’ll also let you know how you can file a complaint with the relevant data protection authority or seek legal remedy.

You can submit your request in any format that allows us to verify your identity. For security reasons, we can only act on requests from individuals we can identify. If we have reasonable doubts about your identity, we may ask for additional information to confirm it.

You can send your requests to the Controller’s postal address listed HERE, or by email to [email protected].

Please note: We’ll treat an email request as valid only if it’s sent from an email address already registered in our system. If it comes from a different email, we may not be able to act on it. The official receipt date for emails is the day after it was sent.

Enforcing Your Rights

If you believe your rights have been violated, you have the right to take legal action by:

  • Filing a complaint with the data protection authority responsible for your place of residence, or

Turning to the competent court to seek a legal remedy.

June 2, 2025

Bare Associates International, Inc.

This post is also available in: Portuguese (Brazil)