[ legal · privacy ]
Privacy Policy
Last updated: 2026-06-24
1. Who we are
The data controller for personal data processed via this website is:
BARGO, SIA · Reg. No. 42403048572
Krišjāņa Valdemāra iela 105-57, Rīga, LV-1013, Latvia
Email: gunars@bargo.lv
2. What we collect
We collect a small amount of personal data — only what is necessary to operate the site and respond to enquiries.
Server access logs. Our web server (Caddy on Hetzner Cloud) records each request: your IP address, user-agent string, the page you requested, the response status, and the timestamp. These logs are used to operate the site, mitigate abuse, and meet our security obligations.
Email correspondence. When you email us at gunars@bargo.lv, we receive your email address and the content of your message. We process this to respond to your enquiry and, where you become a customer, to manage the engagement. Mail to and from gunars@bargo.lv is delivered through Google Workspace (described in Section 4).
First-party cookies. We set two first-party cookies, both strictly functional, both used only by us, never shared with third parties:
- bargo_session —
set only when an authorised
@bargo.lvGoogle Workspace account signs in to the internal Document System at/admin. Holds an opaque random session identifier; expires when the session ends. Not set on public marketing pages. - __bargo_internal —
optional self-exclusion cookie. When present (value
1), our server-side analytics aggregation excludes your requests from visitor counts, time-on-site statistics, and country breakdowns. This exists so internal browsing (the team, partners) does not pollute marketing analytics. The cookie holds only the value1(no identifier, no personal data); it is opt-in (set only when you visit /api/internal-opt-out); and you can clear it any time with /api/internal-opt-out?undo=1 or via your browser's cookie controls.
We do not use third-party analytics, tracking pixels, advertising networks, fingerprinting libraries, or any third-party scripts beyond what is described in Section 4.
Server-side aggregate analytics.
We process the server access logs described above into aggregate
per-day statistics (request counts per page, country counts from
IP geolocation, language counts from Accept-Language
header, median time-on-site). The aggregation runs server-side, on
the same machine, and only stores per-day totals — never per-visitor
rows. The aggregate is visible only to the BARGO operations team.
First-party dwell measurement. A small
inline script measures how long each page is actively visible (the W3C Page
Visibility API) and reports that running duration to us with
navigator.sendBeacon — periodically
while you read, and again when you leave or hide the page. What it sends is the page
path, a number of milliseconds, and a random tag generated fresh for that single page
view; from your IP we derive a two-letter country code (the IP is used only momentarily
and is never stored — exactly as for the country counts above). No cookie, no persistent
or cross-page identifier, no stored IP. The random tag lives only in the page's memory,
is never written to your browser, identifies nothing about you, and exists solely to
merge that one page view's repeated reports into a single record. These anonymous
timing records (page path, milliseconds, country) are kept only briefly — see Retention
below — and we report only per-page and per-country aggregates from them. It is a
first-party measurement, not a tracking pixel and not a third party. It honours your
browser's Do-Not-Track setting — when DNT is on, nothing is sent.
3. Why we process it (lawful basis)
We rely on GDPR Article 6(1) bases:
- (b) Steps prior to entering into a contract — when you contact us about a potential engagement.
- (f) Legitimate interests — for server logs (security, abuse mitigation, operational integrity), and for responding to general enquiries.
4. Who receives your data (third parties)
Hetzner Cloud GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — our hosting provider. Acts as our data processor under GDPR Article 28. Hetzner stores the site files, runs the server, and holds the access logs in the EU.
Google LLC (Google Workspace) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) — our business email provider. Acts as our data processor under GDPR Article 28 governed by Google's Workspace Data Processing Amendment. Google receives, stores, and processes the content of emails sent to and from gunars@bargo.lv, including sender address, headers, attachments, and the message body. EU-region data residency is configured where the Workspace plan permits.
Reading-room reference desk ([B]ob). When you ask [B]ob a question in our reading room, the text of your question is sent to a third-party AI service provider that generates the answer from BARGO's published research and the public EU legal texts we hold. That provider acts as our data processor under GDPR Article 28; your question may be processed outside the EU/EEA. We transmit only the text you type, and we retain the question and the answer to monitor and improve the desk. Please do not include personal or confidential data in what you ask — [B]ob is a research reference, not a place to share case details. It is informational only, not legal advice; for your specific situation, contact gunars@bargo.lv.
No other third parties receive your data from us.
5. International transfers
When you use the reading-room reference desk ([B]ob, Section 4), the text of your question is transmitted to a third-party AI service provider and may be processed outside the EU/EEA. We minimise what is sent — only the question you type — and we ask that you not include personal or confidential data.
Email content processed via Google Workspace (Section 4) may transit and be stored on Google infrastructure in the United States and other jurisdictions where Google operates. The legal basis is the EU-US Data Privacy Framework combined with the Standard Contractual Clauses incorporated by reference in the Workspace Data Processing Amendment.
All other data stays within the EU.
6. Retention
- Server access logs: retained for up to 30 days, then deleted.
- First-party dwell measurements: the anonymous per-page-view timing records (page path, milliseconds, country) are retained for up to 40 days, then automatically deleted.
- Email correspondence: retained for as long as the engagement conversation is active, plus up to 5 years after the last contact for engagement-related records (legitimate interest in defending claims and meeting Latvian commercial-record retention requirements). General enquiries that do not become engagements are deleted within 12 months.
7. Your rights
Under GDPR Articles 15-22 you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing in certain circumstances
- Portability — receive your data in a machine-readable format
- Object to processing based on legitimate interests
To exercise any of these rights, email gunars@bargo.lv. We will respond within one month (extendable by two further months for complex requests, per Article 12(3)).
8. Right to complain
You have the right to lodge a complaint with the Latvian data protection authority:
Datu valsts inspekcija
Elijas iela 17, Rīga, LV-1050, Latvia
Web: www.dvi.gov.lv
9. Changes to this policy
If we change this policy materially, we will update the "Last updated" date at the top and, where appropriate, contact people we have an active conversation with about the change.
10. Contact
Privacy-related enquiries: gunars@bargo.lv
← bargo.lv · LV