Bundlet Privacy Policy

Bundlet GmbH (“Bundlet”, “we”, “our”, or “us”) provides an online Software-as-a-Service platform (the “Solution”) that enables organizations to version, deploy, back up, and compare their NetSuite customizations and configurations using Git-based workflows.

Our websites at https://www.bundlet.com (together with any subdomains, the “Website”) provides visitors with information about our company, our technology, and our Solution. The Website, Solution, and any related services we provide are referred to collectively in this Privacy Policy as the “Services.”

We are committed to protecting the privacy of individuals who use our Services (“Users”, “you”, or “your”). Users may include:

This Privacy Policy explains the types of information we collect, how we use it, the rights available to you, and how you can exercise those rights. It should be read together with our Terms of Use and our Cookie Policy.

• Administrators (“Admins”) who create or manage Bundlet accounts on behalf of a customer organization,
  
  
• End Users who are invited by an Admin to access and use the Services, and
  
  
• Visitors who access our Website or request information, demos, or trials.
  
  

1. Consent

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and processing of your personal information as described here. If you do not agree, please do not use the Services.

If you provide us with personal information relating to others (such as colleagues or employees), you are responsible for ensuring that you have the authority and any required consent to share such information with us.

‍

2. Scope

This Privacy Policy applies only to information collected by Bundlet in connection with the use of our Services. It does not cover the practices of third-party services or applications that may integrate with Bundlet.

3. Information We Collect

We categorize the data we collect into Personal Information and Non-Personal Information:

• Non-Personal Information: technical or aggregated usage data that cannot by itself identify an individual (e.g. browser type, device information, general usage statistics).
  
  
• Personal Information: any information that relates to an identified or identifiable individual (e.g. name, email, company affiliation, IP address, or persistent identifiers).
  
  

How we collect data:

1. Information you provide directly:
   
   
   
   • When registering for an account, signing up for a trial, requesting a demo, filling out forms, or communicating with us.
     
     
   • Examples: name, email address, job title, company name, support messages.
     
     
2. Information we collect automatically:
   
   
   
   • Technical and usage data collected when you interact with our Services.
     
     
   • This may involve cookies, pixels, and similar technologies (see our Cookie Policy).
     
     
3. Information from third parties:
   
   
   
   • If you log in using GitHub, GitLab, or other third-party integrations, we may receive profile information you authorize us to access.
     
     
   • We may also receive information if another user invites you to a Bundlet account.
     
     

4. How We Use Information

We use the information we collect for the following purposes:

• To operate, provide, and improve the Services.
  
  
• To personalize your experience and tailor functionality to your needs.
  
  
• To communicate with you, including sending updates, security notices, and support responses.
  
  
• To detect, prevent, and address fraud, abuse, or security issues.
  
  
• To comply with legal obligations or respond to lawful requests.
  
  
• To provide marketing communications and evaluate the effectiveness of our marketing campaigns (where permitted by law or with your consent).
  
  
• To process job applications when submitted.
  
  

Importantly: while Bundlet enables you to connect your NetSuite accounts, we do not access or process underlying ERP business data unless explicitly required for providing the Services, and never for our own commercial use.

5. Legal Basis for Processing

As a company established in Germany, our processing of personal data is subject to the EU General Data Protection Regulation (GDPR). The legal bases we rely on include:

• Consent (Article 6(1)(a) GDPR), where you have given permission.
  
  
• Contract performance (Article 6(1)(b) GDPR), when processing is necessary to deliver the Services.
  
  
• Legitimate interests (Article 6(1)(f) GDPR), such as ensuring security, preventing misuse, and improving our Services.
  
  
• Legal obligations (Article 6(1)(c) GDPR), where processing is required by law.
  
  

‍

6. Sharing of Information

We do not sell your personal information. We may share data only in these cases:

• Corporate transactions: if Bundlet is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
  
  
• Legal compliance: when required to respond to lawful requests, enforce our terms, or protect rights and safety.
  
  
• Aggregated/Anonymized data: we may share insights that cannot identify you.
  
  

7. Data Transfers

We primarily store and process data within the European Union. Where data is transferred outside the EU/EEA, we ensure adequate safeguards are in place, such as the EU Standard Contractual Clauses, or equivalent mechanisms recognized under GDPR.

8. Your Rights

As a data subject under the GDPR, you have the right to:

• Access the personal information we hold about you.
  
  
• Correct inaccurate or incomplete data.
  
  
• Request deletion of your data (“right to be forgotten”).
  
  
• Restrict or object to certain processing activities.
  
  
• Request a copy of your data in a portable format.
  
  
• Withdraw consent where processing is based on consent.
  
  

You can exercise your rights by contacting us at simon@bundlet.com.

‍

9. Cookies and Tracking

We use cookies and similar technologies to improve functionality, analyze usage, and support marketing. You can control cookie settings in your browser and through our Cookie Policy. Some features of the Services may not function properly if cookies are disabled.

10. Data Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Despite our efforts, no system is completely secure, and we cannot guarantee absolute security.

11. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention is required by law (e.g. for tax or legal compliance). When no longer needed, data will be securely deleted or anonymized.

12. Children’s Privacy

Our Services are intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If we become aware that such data has been collected, we will delete it.

13. Job Applicants

If you apply for a position with Bundlet, we will process your personal information for recruitment purposes only. Candidate information may be retained for a reasonable period to consider you for future roles, unless you request deletion.

14. Updates to This Policy

We may revise this Privacy Policy from time to time. The latest version will always be available on our Website, with the “Last updated” date at the top. If changes are material, we will notify you through the Services or by email before they take effect.

‍

15. Governing Law

This Privacy Policy and any related disputes shall be governed by the laws of the Federal Republic of Germany. The exclusive place of jurisdiction is Berlin, Germany.

16. Contact

If you have questions about this Privacy Policy, your rights, or our data practices, please contact us

‍