How Bilenta meets its obligations under the EU General Data Protection Regulation, the lawful bases on which we process data, and the rights you can exercise.
For data about your account and your use of the service — your name, email, login activity and billing — Bilenta acts as the data controller.
For the data you enter into the platform about your own clients, employees and counterparties, you are the controller and Bilenta is your processor, handling that data only on your documented instructions under a data processing agreement available on request.
We process personal data under four bases: performance of our contract with you (providing the service); compliance with legal obligations (accounting, tax and anti-money-laundering law); our legitimate interests (securing the platform, preventing fraud, improving the product); and your consent (optional analytics cookies), which you may withdraw at any time.
Under the GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to its processing, to data portability, and to withdraw consent at any time without affecting prior processing.
To exercise any of these, email info@bilenta.com. We respond within one month. You also have the right to lodge a complaint with your supervisory authority — Datu valsts inspekcija in Latvia, the Commission for Personal Data Protection (CPDP) in Bulgaria, or the Agency for Personal Data Protection (AZLP) in Montenegro.
Your data is hosted within the European Union. Where a sub-processor would transfer personal data outside the European Economic Area, we rely on an adequacy decision or the European Commission's Standard Contractual Clauses to keep the protection with the data.
We keep account and financial data for as long as your account is active. Accounting records are retained for the statutory periods required by Latvian, Bulgarian and Montenegrin law even after closure. When you ask us to delete your data, we do so except where a legal retention obligation requires us to keep specific records for a defined period.
We use a small number of vetted sub-processors to run the service: EU-based cloud hosting and database infrastructure, encrypted object storage for uploaded documents, and a transactional email provider. Each is bound by a data processing agreement. A current list is available at info@bilenta.com, and we give notice before adding a new one.
We protect data with TLS 1.3 in transit, encryption at rest, role-based access control, full audit logging, and daily encrypted backups with point-in-time recovery.
In the event of a personal data breach likely to present a risk, we notify the competent supervisory authority within 72 hours and inform affected users without undue delay where the regulation requires it.
For any data-protection question or to exercise your rights, contact info@bilenta.com. We treat every request seriously and will work with you until it is resolved.
Last updated: June 2026