top of page

Bar Citizen International Data Protection Policy

1. Purpose of Data Collection

Bar Citizen International (herein BCI, “we”, “us”, “our”) is committed to protecting the privacy of its users worldwide. We collect personal data to improve our services, ensure website functionality, and provide user-specific experiences. This policy outlines how we collect, use, share, and protect your data globally in compliance with international, national, and regional data protection laws.

2. What Data We Collect

BCI collects personal information such as names, email addresses, IP addresses, and other identifiers necessary for the provision of services. The data we collect may vary depending on regional legal requirements, including but not limited to:

  • Contact information (e.g., email addresses)

  • Device and browser data (e.g., IP addresses)

  • User preferences (e.g., cookies)

3. How We Use Your Data

BCI uses your personal data to:

  • Provide and manage access to our services

  • Personalise content and improve user experience

  • Comply with legal requirements in your jurisdiction

We will never sell your data, and we maintain strict controls over how your data is shared with third parties for the purposes outlined above.

4. Cookies

BCI uses cookies to enhance website functionality and user experience. Cookies help us store user preferences, conduct website analytics, and provide personalised services. You can manage or disable cookies in your browser settings. This policy complies with regional cookie legislation where required.

5. Third-Party Data Sharing

BCI shares personal data with third-party service providers for purposes such as IT infrastructure, analytics, and marketing. All third parties are vetted to ensure compliance with applicable legal frameworks, including international data transfer mechanisms like Standard Contractual Clauses (SCCs) and local laws requiring data localisation.

6. Data Subject Rights

BCI recognises and upholds the following global data subject rights, which may vary based on your country or state:

  • Right to Access: You may request access to your personal data.

  • Right to Rectification: You may request correction of inaccurate data.

  • Right to Erasure: You may request the deletion of your data under specific conditions.

  • Right to Restrict Processing: You may request restrictions on the processing of your data.

  • Right to Data Portability: You have the right to transfer your personal data to another provider.

  • Right to Object: You may object to data processing under certain circumstances.

7. Legal Basis for Processing

BCI processes personal data under the following conditions:

  • Consent: When you provide explicit consent.

  • Contractual Necessity: When necessary to perform a contract

  • .Legal Obligation: To comply with local legal requirements.

  • Legitimate Interests: When processing is necessary for legitimate business interests, unless overridden by your rights.

8. Data Security

BCI uses industry-standard security measures to protect your data, including encryption, firewalls, and secure storage systems. We regularly review and update our security measures to ensure ongoing compliance with global standards.

9. International Data Transfers

BCI ensures that international transfers of personal data comply with applicable laws. Transfers to countries outside of the European Economic Area (EEA) or your local jurisdiction will be safeguarded by mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or other appropriate measures.

10. Data Retention

BCI retains personal data only as long as necessary to fulfil the purposes described in this policy, or as required by law. Data retention periods may vary by region to ensure compliance with local regulations.

11. Data Breaches

In the event of a data breach, BCI will notify the relevant supervisory authorities and affected individuals in compliance with applicable data protection laws, such as GDPR’s 72-hour breach notification rule and other local regulations.

12. Compliance with Local Laws

Your specific data protection rights and obligations may vary depending on your country or state. BCI strives to comply with the most stringent data protection laws globally. We recognise that data protection frameworks evolve and differ, so we ensure compliance with a wide range of regional regulations, including those enacted by multiple US states, the European Union, and other jurisdictions. Your specific laws may change by country or state.

13. Contact Information

For any queries or requests related to your personal data, please contact our Data Protection Officer at:

Email: privacy@barcitizeninternational.org

If needed, you can also contact the relevant data protection authority in your region:

  • UK: Information Commissioner’s Office (ICO) – https://ico.org.uk/

  • EU: Data Protection Authorities – https://edpb.europa.eu/

  • US (Various States): Refer to your specific state’s privacy law, e.g., California Privacy Protection Agency (CPPA)

  • Brazil: National Data Protection Authority (ANPD) – https://www.gov.br/anpd/en

  • Other Countries: Please contact your local data protection authority.

Cross-Border Data Transfers

BCI operates globally, and as such, we may need to transfer personal data across international borders. These transfers occur when necessary for providing services or for operational purposes. We recognise that different countries have varying levels of data protection, and we ensure that all transfers are conducted in compliance with applicable data protection laws.

1. Legal Mechanisms for Transfers

Where we transfer personal data to countries outside of your jurisdiction, we use appropriate legal mechanisms to safeguard your personal data, including:

  • Standard Contractual Clauses (SCCs): For transfers from the European Economic Area (EEA) to countries without an adequate data protection decision.

  • Adequacy Decisions: Where applicable, if the country to which we transfer personal data has been deemed to provide an adequate level of protection.

  • Binding Corporate Rules (BCRs): Used for internal transfers within BCI entities globally.

  • Other Legal Mechanisms: We comply with local data protection regulations for cross-border transfers, such as data processing agreements or regulatory approvals in countries like Brazil, China, and Russia.

2. Data Localisation and Restrictions

In jurisdictions where local laws require data to be stored and processed locally (e.g., Russia’s data localisation laws or China’s PIPL), we comply by:

  • Storing data within the country where it is collected when required.

  • Using local cloud solutions or working with compliant in-country service providers.

3. Risk and Security of Transfers

To ensure data security during transfers, we implement:

  • Encryption: Personal data is encrypted during international transfers to protect against unauthorised access.

  • Access Controls: Data access is limited to authorised personnel only.

  • Audit and Monitoring: Regular audits and monitoring of cross-border transfers to ensure compliance with laws.

4. Notification of International Transfers

Where legally required, we will notify you prior to transferring your personal data outside of your country or region. You will be informed of the destination country, the legal basis for the transfer, and the protective measures in place.

International Data Protection Laws

BCI complies with the following data protection frameworks worldwide:

  1. General Data Protection Regulation (GDPR) – European Union

  2. Data Protection Act 2018 – United Kingdom

  3. California Consumer Privacy Act (CCPA) & US State Laws – United States

  4. General Data Protection Law (LGPD) – Brazil

  5. Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada

  6. Privacy Act 1988 – Australia

  7. Act on the Protection of Personal Information (APPI) – Japan

  8. Personal Information Protection Act (PIPA) – South Korea

  9. Protection of Personal Information Act (POPIA) – South Africa

  10. Personal Data Protection Bill (PDPB) – India (Draft)

  11. Personal Information Protection Law (PIPL) – China

  12. Other US State Laws – Various state-specific privacy laws

By the Fans For the Fans

A Bar Citizen® is an event, that takes place whenever, and wherever people would like to meet up!
Bar Citizens are coordinators and attendees of social events related to games created by Cloud Imperium Games. BCI services are designed to make it easier for local and regional Bar Citizen® Coordinators to plan and make events, no matter where they are, epic!
 

Bar Citizens International (BCI) - Supporting the Star Citizen Community as a 501(c)(3) Nonprofit.

MadeByTheCommunity_Black_edited.png
  • Discord
  • Facebook
  • X
  • LinkedIn
  • Instagram
  • Youtube
bottom of page