1. Who we are
BridgeLink Virtual Assistant Agency is a managed outsourcing agency headquartered in the Philippines and serving clients in the United Kingdom and internationally. For the purposes of applicable data protection legislation, BridgeLink is the data controller of personal data submitted through our website, sales enquiries, applications, and client engagements. Where we process personal data on behalf of a client (for example, when a Virtual Assistant handles emails or CRM records for a client), we act as a data processor under the terms of the service agreement between us and the client.
2. Information we collect
We collect the following categories of personal data:
- Contact information — name, email address, phone number, company name, job title, country and city, submitted through discovery-call requests, contact forms, our savings calculator, or direct correspondence.
- Applicant information — full name, contact details, CV, work history, education, portfolio links, references, ID documents, tax and payroll details, provided when applying for a Virtual Assistant role with BridgeLink.
- Client-account data — billing information, engagement scope, points of contact, and business documentation exchanged as part of the service.
- Technical data — IP address, browser type and version, device information, approximate location (city/country), and pages visited, collected automatically via cookies and analytics.
- Communications — records of emails, calls, video meetings, chat messages, and support tickets exchanged with us.
3. How we use your data
We process personal data for the following purposes and legal bases:
- To respond to enquiries, book discovery calls, and provide quotations — legitimate interest and pre-contractual steps.
- To recruit, screen, train, place, and manage Virtual Assistants — contract and legitimate interest.
- To deliver contracted services to clients, including onboarding, day-to-day coordination, performance tracking, invoicing and Monthly Business Reviews — contract.
- To send occasional service updates, industry insights and marketing communications (only where you have opted in or where a soft opt-in applies) — consent or legitimate interest.
- To comply with legal, tax, accounting and regulatory obligations in the UK and the Philippines — legal obligation.
- To protect our systems, prevent fraud, and enforce our terms — legitimate interest.
4. Sharing and disclosure
We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:
- Vetted Virtual Assistants assigned to your account, bound by confidentiality and data-protection obligations.
- Trusted sub-processors such as email, calendar, CRM, communications, payroll and cloud-storage providers, each under a written data-processing agreement.
- Professional advisors — accountants, auditors, insurers and legal counsel.
- Regulators and authorities where required by law, subpoena, or lawful request.
5. International transfers
Because BridgeLink operates between the Philippines and the United Kingdom, personal data may be transferred between the two jurisdictions and to sub-processors in other countries. Where personal data of UK/EU individuals is transferred outside the UK/EEA, we rely on appropriate safeguards, including the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, together with supplementary organisational and technical measures.
6. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Enquiry data is typically retained for up to 24 months; client-account records for the duration of the engagement plus 7 years for tax and regulatory reasons; applicant records for up to 24 months after the last interaction unless we have your consent to keep them longer for future opportunities.
7. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data where there is no legitimate reason to retain it.
- Restrict or object to processing based on our legitimate interests.
- Request portability of the data you have provided in a structured, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk); in the Philippines, the National Privacy Commission (privacy.gov.ph).
8. Security
We apply appropriate technical and organisational measures to protect personal data, including access controls, role-based permissions, encryption in transit, multi-factor authentication for team accounts, mandatory security and confidentiality training for every VA, endpoint protection, and periodic access reviews. No system is perfectly secure; where a personal-data breach occurs and is likely to affect your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.
9. Cookies
Our website uses a small number of cookies. On your first visit you'll see a cookie consent banner where you can accept all cookies, reject all non-essential cookies, or fine-tune your preferences by category. You can reopen the preference centre at any time from the "Cookie settings" link in the footer, or by clearing your browser storage. The categories we use are:
- Strictly necessary — required for the site to function (session, security, load balancing). These cannot be switched off.
- Analytics — anonymised usage statistics (e.g. Google Analytics or Plausible) that help us understand which pages are useful and where visitors get stuck.
- Marketing — cookies set by advertising partners (e.g. LinkedIn Insight, Meta Pixel) to measure the effectiveness of our campaigns and show relevant ads.
You can also control cookies through your browser settings. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew it.
10. Children
Our services are directed at businesses and adult professionals. We do not knowingly collect personal data from anyone under the age of 18.
11. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page reflects the most recent version. Material changes will be communicated to active clients and applicants directly.
12. Contact us
For any privacy-related question, request or complaint, please contact our Data Protection lead at privacy@bridgelink.agency. We aim to respond to all legitimate requests within 30 days.
