Last updated: 16 June 2026
This Privacy Policy explains how PE “Firma Modul” (“OpenBP”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our website at openbp.io (the “Website”) or use the hosted OpenBP platform at panel.openbp.io (the “Platform”).
It also describes your rights under the EU General Data Protection Regulation (GDPR) 2016/679 and Polish data-protection law. We are committed to processing personal data lawfully, fairly, and transparently. Please read this Policy together with our Terms of Service.
The controller of your personal data is:
PE “Firma Modul”, 4/3 Sviatovasylivska St., 43025 Lutsk, Ukraine. EDRPOU: 33463295.
For any privacy question, or to exercise your rights, contact our data-protection point of contact:
Email: info@modulsoft.eu
Or by post at: PE “Firma Modul”, 4/3 Sviatovasylivska St., 43025 Lutsk, Ukraine.
This Policy covers personal data we process as a controller in connection with the Website and your use of the Platform and your Account. It does not cover third-party websites we link to, nor any open-source components of OpenBP that you download and host yourself — when you self-host, you are the controller of any data you process.
Depending on how you use the Service, we may collect the following categories of personal data:
When you use the Platform to store data about your own customers, employees, or contacts, you are the controller of that data and we act as a processor on your behalf, on your instructions, under our Terms of Service and Data Processing Agreement. This Policy primarily concerns data for which we are the controller — namely your use of the Website and your Account.
We process personal data for the following purposes and on the following legal bases under Article 6 GDPR:
With your consent, we may send you newsletters and product updates. You can unsubscribe at any time using the link in our emails or by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
We share personal data only where necessary, with appropriate safeguards, including with:
We do not sell your personal data.
Current categories of sub-processors
An up-to-date list of sub-processors is available on request.
Some recipients are located outside the European Economic Area (EEA), including our affiliate in Ukraine and certain providers in the United States. Where we transfer personal data to a country without an EU adequacy decision, we rely on appropriate safeguards — primarily the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary measures where needed. You can request a copy of the relevant safeguards by contacting us.
We keep personal data only for as long as necessary for the purposes described, then delete or anonymise it:
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, hashing of passwords, monitoring, backups, and confidentiality obligations for our staff. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Subject to the conditions in the GDPR, you have the right to:
To exercise any of these rights, contact us at info@modulsoft.eu. We respond within one month (which may be extended by two further months for complex requests). Exercising your rights is free unless a request is manifestly unfounded or excessive.
You also have the right to lodge a complaint with a supervisory authority — in particular the Polish President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland (uodo.gov.pl) — or with the authority in your country of residence.
We do not make decisions producing legal or similarly significant effects based solely on automated processing. We may use limited profiling, such as aggregated usage analytics, to understand and improve the Service.
Providing certain data — such as your email address and password — is necessary to create an Account and use the Service; without it we cannot provide the Service. Some data is required by law (for example, billing data needed to issue invoices). Other data, such as data used for marketing, is optional and provided with your consent.
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide additional notice where required.
For any privacy matter, contact us at info@modulsoft.eu or by post at PE “Firma Modul”, 4/3 Sviatovasylivska St., 43025 Lutsk, Ukraine. You can also review our Terms of Service.