Our Services
Payment Methods
i-BVI
Copyright © 2026 i-BVI. All Rights Reserved
Controller – Dataset SIA, a company registered in Latvia at Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia, registration number 40203028151, VAT number LV40203028151.
Personal Data – information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Policy – this privacy policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – the website operated by the Controller at https://i-bvi.com.
User – any natural person visiting the Website, in particular any natural person using the services provided by the Controller on the Website.
2.1. The Controller collects Users' personal data in connection with their activities on the Website in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.
2.2. The Controller collects personal data for specific, explicit and legitimate purposes and does not further process them in a manner that is incompatible with those purposes.
2.3. The Controller, on the terms set out in this Policy, collects data to the extent necessary to enable the User to use the services made available on the Website and to the extent of information about the User's activities.
3.1.1. During each visit by a User to the Website, the Controller collects technical data from the User's end device, including but not limited to IP address, source of entry to the site, connection time, URL, browser type and version.
3.1.2. The Controller processes the above-mentioned personal data for the purposes of:
(a) Provision of online services – providing Users with access to content and functionalities available on the Website.
(b) Analytics and statistics – conducting analyses of User activity and preferences in order to improve the functionalities and services provided.
(c) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
(d) Error monitoring and debugging – detecting, logging, and resolving technical errors to ensure the Website functions correctly and to improve user experience.
3.2.1. To register an account on the Website, the User is asked by the Controller to provide the following information:
3.2.2. The above-mentioned personal data are processed for the purposes of:
(a) Account management and service provision – managing the User's account and providing services available on the Website.
(b) Analytics and statistics – conducting analyses of User activity and preferences in order to improve the functionalities and services provided.
(c) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
3.3.1. For the provision of paid services available on the Website to the User holding an account, the following personal data of the User are processed:
(a) At the order stage: name, surname, billing address, optionally VAT number.
(b) At the payment card verification and payment stage:
At this stage, personal data from scopes (a) and (b) are shared with the payment operator Stripe Payments Europe Ltd, C/O A&L Goodbody, IFSC, North Wall Quay, Dublin 1, Ireland (registration number: 513174). The Controller does not at any time have access to data from scope (b) and does not process them.
3.3.2. Where the User enters into an agreement for the provision of paid services by the Controller via the Website, the personal data provided by the User are processed for the purposes of:
(a) Performance of the contract – provision of paid services on the Website.
(b) Compliance with legal obligations – fulfilment of legal obligations incumbent on the Controller under applicable law, in particular accounting and tax law.
(c) Analytics and statistics – conducting analyses and statistics of User activity.
(d) Establishment and pursuit of legal claims – establishing, exercising or defending legal claims.
The Website provides a company search function that allows Users to search for BVI companies by name in order to identify and select companies for which they wish to purchase detailed reports. This search functionality uses basic company information from the BVI Financial Services Commission's public search portal (https://publicsearch.bvifsc.vg/).
The search results display basic company information (company names, registration numbers, registered office addresses, company status) to help Users identify the correct company before purchasing a detailed report.
Important: This search functionality is provided as a navigation tool to facilitate Users' ability to locate and select companies for which to order paid reports. The information displayed relates to legal entities (companies), not natural persons. Personal data about directors, officers, and other individuals associated with companies are available exclusively through the Controller's paid report service (see Section 3.5).
3.5.1. Nature of data collection and processing
The Controller operates as an intermediary service that retrieves official BVI company documents on behalf of Users.
How the service works:
We are an intermediary service: The Controller does not generate or create company information. We retrieve official documents directly from the BVI Financial Services Commission through official paid searches submitted on behalf of individual Users. Each document order represents a fresh retrieval of current official documents from the BVI registry.
3.5.2. Categories of personal data processed
The Controller offers various official documents from the BVI Financial Services Commission for purchase. Users can select which specific documents they wish to order.
Most documents do not contain personal data: The majority of available documents (including Certificate of Incorporation, Certificate of Good Standing, Memorandum & Articles of Association, and other corporate documents) contain only company information (company name, registration details, corporate structure, registered office address) and do not contain personal data of individuals.
List of Directors document: This specific document contains the following personal data:
The List of Directors contains only names and roles as disclosed in the official BVI registry. It does not contain residential addresses, passport numbers, dates of birth, or other detailed personal information about directors.
User choice: Personal data are processed only when a User specifically orders the List of Directors document. Users who order only other documents (such as certificates or constitutional documents) will not receive any personal data of individuals.
3.5.3. Purpose and legal basis
The Controller processes the above-mentioned personal data (when the List of Directors document is ordered) for the purpose of providing an intermediary service to Users by retrieving and delivering official BVI company documents on their behalf, supporting transparency and certainty in commercial transactions, business due diligence, and legal compliance.
Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of providing Users with convenient access to publicly available BVI company documents by acting as an intermediary between Users and the BVI registry.
3.5.4. Important limitations
The Controller does not share the retrieved documents with any third parties. Documents retrieved on behalf of a User are delivered exclusively to that User and stored in that User's account.
The Controller is not the original source of this data. Users wishing to correct, update or delete their personal data appearing in BVI registry records must contact the BVI Financial Services Commission directly, as the Controller acts solely as an intermediary retrieving publicly available official documents through official channels.
3.6.1. What are cookies?
Cookies are small data files, in particular text files, that are stored on the User's end device. Cookies typically contain the name of the website domain from which they originate, their storage time on the end device, and a unique number.
3.6.2. How we use cookies
During each visit by a User to the Website, the Controller attempts to store cookies. Stored cookies are used by the Controller for the purposes of:
(a) Adapting the content of the Website to the User's preferences and optimising it;
(b) Maintaining the User's session on the Website (after logging in) and shopping cart functionality, so that the User does not have to re-enter their login and password on each subpage of the Website;
(c) Security protection (CSRF prevention, bot detection).
Note: Analytics and error monitoring are handled through privacy-friendly tools that do not use cookies or use only essential cookies as described in Section 3.6.3 and Section 3.7.
3.6.3. Types of cookies used
The Controller uses the following categories of cookies:
(a) Strictly necessary cookies – essential for the operation of the Website and the provision of services.
The following strictly necessary cookies are used:
| Cookie Name | Purpose | Duration |
|---|---|---|
sessionid |
Maintains your login session and shopping cart | Until browser closed or 14 days of inactivity |
csrftoken |
Protects against Cross-Site Request Forgery (CSRF) attacks for your security | 1 year |
cf_clearance |
Cloudflare security cookie - verifies you are a legitimate visitor and protects against bots and malicious traffic | 30 minutes to 24 hours |
(b) Privacy-friendly analytics (no consent required)
The Website uses Umami Analytics, a privacy-friendly analytics service that does NOT use cookies and does NOT collect personal data. Umami provides anonymized, aggregated statistics such as page views, referrers, and general geographic location (country level only).
For more information about Umami's privacy practices: https://umami.is/docs/privacy
(c) Analytics cookies (require consent)
The Website also uses Google Analytics, a web analytics service provided by Google LLC, to collect more detailed usage statistics.
Google Analytics cookies used (only with consent):
| Cookie Name | Purpose | Duration |
|---|---|---|
_ga |
Distinguishes unique users for Google Analytics | 2 years |
_ga_* |
Stores session state for Google Analytics 4 | 2 years |
_gid |
Distinguishes users for 24-hour period | 24 hours |
3.6.4. Managing cookie preferences
Each User may refuse to allow cookies to be placed on their end device. To do this, the User should use the option to disable the downloading and storage of cookies in their web browser settings.
Deleting cookies may result in the loss of the ability to use some functionalities of the Website.
The Website uses a cookie consent management tool that allows Users to accept or reject non-essential cookies before they are placed. Users can change their cookie preferences at any time by accessing the cookie settings available on the Website.
3.6.5. Analytics services
The Website uses two analytics services:
(a) Umami Analytics (privacy-friendly, no cookies)
Umami is a self-hosted privacy-friendly analytics solution that does not use cookies, does not track individual users, and collects only anonymized, aggregated statistics.
All Umami analytics data is stored on the Controller's own servers located in the Netherlands (DigitalOcean) and is not shared with any third parties. Umami provides only aggregate data such as total page views, popular pages, referral sources, and general geographic location (country level).
No personal data is collected or processed through Umami Analytics.
(b) Google Analytics (with consent only)
When you provide consent via the cookie consent banner, the Website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to help analyze how users interact with the Website. The information generated by the cookies is transmitted to and stored by Google on servers located in the United States.
Google LLC participates in the EU-U.S. Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of data protection.
For more information about Google Analytics: https://policies.google.com/technologies/partner-sites
3.7.1. What is error tracking?
To ensure the Website functions correctly and to quickly identify and resolve technical issues, the Controller uses Sentry, an error tracking and monitoring service provided by Functional Software, Inc. (Sentry), headquartered in San Francisco, United States.
3.7.2. What data does Sentry collect?
When a technical error occurs on the Website, Sentry automatically collects the following information:
This information is collected automatically when an error occurs and is used solely for debugging and improving the Website.
3.7.3. Purpose and legal basis
Purpose: Detecting, diagnosing, and resolving technical errors to ensure the Website operates correctly, maintain security, and improve the user experience.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of maintaining the security, stability, and functionality of the Website and protecting Users from technical issues and security vulnerabilities.
3.7.4. Data retention by Sentry
Error data collected by Sentry is retained for 90 days, after which it is automatically deleted. This retention period allows the Controller sufficient time to identify patterns, diagnose issues, and implement fixes.
3.7.5. International data transfer
Sentry is based in the United States. Error data is transmitted to and stored on Sentry's servers located in the United States. Sentry has implemented Standard Contractual Clauses approved by the European Commission and maintains appropriate technical and organizational security measures.
For more information about Sentry's data protection practices: https://sentry.io/privacy/
3.7.6. Your rights
You have the right to object to error tracking on grounds relating to your particular situation. However, disabling error tracking may affect the Controller's ability to identify and resolve technical issues that affect your use of the Website.
4.1.1. The Controller may share Users' personal data with the following categories of recipients:
(a) Payment processor: Stripe Payments Europe Ltd (Ireland) – for processing payment card transactions.
(b) IT service providers:
(c) Public authorities – where required by applicable law (e.g., tax authorities, law enforcement).
4.1.2. The Controller does not sell or otherwise transfer Users' personal data to third parties for marketing purposes.
4.1.3. BVI company search data: Basic company information (company names, registration numbers, addresses) displayed in search results is sourced from publicly accessible BVI registry data. This information relates to legal entities (companies), not natural persons.
4.1.4. BVI official documents (paid service): Official documents retrieved from the BVI Financial Services Commission on behalf of a User are delivered exclusively to that User and are not shared with other third parties. Most documents contain only company information. Personal data (directors' names) appear only in the List of Directors document, and only when a User specifically orders this document.
4.2.1. Data processing within the EEA
The Controller's servers are located in the Netherlands (European Union). The majority of data processing takes place within the European Economic Area (EEA).
4.2.2. Transfers outside the EEA
Certain third-party service providers used by the Controller may involve data transfers outside the EEA:
(a) Sentry (United States): Error tracking and monitoring services involve data transfers to the United States. Sentry provides appropriate safeguards through Standard Contractual Clauses approved by the European Commission.
(b) Google LLC (United States): Google Analytics services (when consent is given) involve data transfers to the United States. Google LLC participates in the EU-U.S. Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of data protection.
(c) Cloudflare (United States): Cloudflare's global network may involve data processing in various locations. Cloudflare provides appropriate safeguards through Standard Contractual Clauses approved by the European Commission.
4.2.3. Where the Controller transfers personal data outside the EEA, it ensures appropriate safeguards are in place, including:
4.2.4. Users may obtain further information about international data transfers and copies of the safeguards in place by contacting the Controller at [email protected].
5.1. Account data: Personal data associated with User accounts (email address, password, billing details) are retained for the duration of the account's active use. If an account remains inactive (no login) for 3 years, the Controller may notify the User and request confirmation of continued use. If no response is received within 30 days, the account may be deleted. Users may request deletion of their account at any time by contacting [email protected].
5.2. Payment and invoicing data: Personal data processed for the purposes of fulfilling legal obligations (accounting, tax law) are retained for 10 years from the end of the calendar year in which the transaction took place, in accordance with Latvian legal requirements (Law on Accounting, Section 12). This retention period applies even if the User's account is deleted, as retention is required by law.
5.3. BVI company search data: The Controller does not maintain a permanent database of BVI company information. Search results are generated dynamically from publicly available sources and display only basic company information (company names, registration numbers, addresses), not personal data of individuals. Search results are not stored by the Controller beyond the User's active browsing session.
5.4. BVI official documents (paid service): When a User purchases official documents from the BVI Financial Services Commission, the Controller retrieves the documents and stores them in the User's account for the User's future reference. Retrieved documents are retained in the User's account for the following periods:
Exception for legal compliance: Payment records and invoices associated with purchased documents are retained for 10 years from the date of the transaction, as required by Latvian accounting and tax law, even if the User's account and documents are deleted. After 10 years, these records are permanently deleted.
Documents are stored individually per User and are not accessible to other Users or third parties.
5.5. Server logs and analytics data:
Technical data (IP addresses, browser information) collected in server logs are retained for 30 days, after which they are automatically deleted.
Umami Analytics data (anonymized, aggregated statistics with no personal data) is retained indefinitely as it contains no information that can identify individual users.
Error tracking data collected by Sentry is retained for 90 days, after which it is automatically deleted.
Google Analytics data (when consent is given) is retained according to Google's data retention policies and our Google Analytics settings (typically 14-26 months, configurable).
5.6. Cookie data: Session cookies are deleted when the User closes their browser. Persistent cookies (including analytics cookies) are retained for the periods specified in the cookie consent banner (typically up to 2 years for Google Analytics cookies).
5.7. Legal claims: Where personal data are processed for the purpose of establishing, exercising or defending legal claims, the data are retained until the claim is resolved and the applicable limitation period (10 years under Latvian law) has expired.
5.8. Retention schedule summary:
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Active account data | While account active | Contract performance |
| Inactive account data | 3 years after last login, then 30-day notice | Legitimate interest + storage limitation |
| Invoices & payment records | 10 years after transaction | Legal obligation (Latvian accounting law) |
| Purchased documents (active account) | While account active (up to 3 years inactivity) | Contract performance + legitimate interest |
| Purchased documents (deleted account) | Deleted immediately (except invoices) | GDPR erasure right |
| Search data (navigation) | Not stored (session only) | N/A |
| Server logs | 30 days | Legitimate interest (security) |
| Umami analytics data (aggregated, no personal data) | Indefinite | Legitimate interest |
| Error tracking data (Sentry) | 90 days | Legitimate interest (debugging) |
| Google Analytics cookies (with consent) | Up to 2 years (_ga), 24 hours (_gid) | Consent |
6.1. Right of access (Article 15 GDPR)
Each data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:
The Controller shall provide a copy of the personal data undergoing processing free of charge. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs.
6.2. Right to rectification (Article 16 GDPR)
Each data subject has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Important note regarding BVI registry data: The Controller is not the original source of data from the BVI registry. Data subjects wishing to correct their personal data appearing in BVI company records must contact the BVI Financial Services Commission directly. The Controller retrieves data as they appear in the public registry and cannot modify the source data.
6.3. Right to erasure / "right to be forgotten" (Article 17 GDPR)
Each data subject has the right to obtain from the Controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
Exceptions: The right to erasure does not apply where processing is necessary:
How to exercise this right:
To delete your account and purchased documents: You may request account deletion at any time by contacting [email protected]. Upon account deletion:
BVI registry data in other Users' purchased documents: BVI registry data appearing in documents purchased by other Users cannot be deleted, as each User is entitled to retain their own purchased documents.
To modify data in the official BVI registry: BVI Financial Services Commission – https://www.bvifsc.vg
Automatic deletion of inactive accounts: If your account remains inactive (no login) for 3 years, the Controller will send a notification to your registered email address informing you that your account will be deleted in 30 days unless you log in or respond. This policy ensures compliance with the GDPR principle of storage limitation while giving you the opportunity to retain your account if desired.
6.4. Right to restriction of processing (Article 18 GDPR)
Each data subject has the right to obtain from the Controller restriction of processing where one of the following applies:
6.5. Right to data portability (Article 20 GDPR)
Each data subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller, where:
6.6. Right to object (Article 21 GDPR)
6.6.1. Each data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interests (Article 6(1)(f) GDPR), including profiling based on those provisions.
The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.6.2. Right to object to direct marketing: Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Note: The Controller does not currently engage in direct marketing activities. Should this change in the future, Users will be informed and given the opportunity to opt out.
6.7. Right to withdraw consent (Article 7(3) GDPR)
Where processing is based on consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw consent as to give it.
To withdraw consent for analytics cookies, Users may use the cookie settings tool available on the Website.
6.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, each data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.
Supervisory authority for Latvia:
Data State Inspectorate (Datu valsts inspekcija)
Address: Blaumaņa iela 11/13-15, Rīga, LV-1011, Latvia
Phone: +371 67 22 31 31
Email: [email protected]
Website: https://www.dvi.gov.lv
6.9. Automated decision-making and profiling (Article 22 GDPR)
The Controller does not engage in automated decision-making, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them.
7.1. To exercise any of the rights described in Section 6, data subjects may contact the Controller by:
Email: [email protected]
Post: Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
7.2. The Controller shall respond to requests without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
7.3. The Controller may request additional information necessary to confirm the identity of the data subject making the request.
8.1. The Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
(a) Pseudonymisation and encryption of personal data where appropriate;
(b) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
8.2. Payment security: All payment card data are processed by Stripe Payments Europe Ltd using secure encryption protocols. The Controller does not store full payment card numbers and complies with PCI DSS requirements through its payment processor.
8.3. Data transmission: All data transmitted between Users and the Website are encrypted using SSL/TLS protocols (HTTPS).
8.4. Access controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis.
9.1. Data Controller:
Dataset SIA
Krišjāņa Valdemāra iela 18-7
LV-1010 Rīga
Latvia
Registration number: 40203028151
VAT number: LV40203028151
9.2. Contact for data protection matters:
Email: [email protected]
Postal address: Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
9.3. Data Protection Officer:
The Controller has not appointed a Data Protection Officer as it is not required under Article 37 GDPR. For all data protection inquiries, please contact the Controller using the details in Section 9.2.
10.1. The Controller reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, the Controller's data processing practices, or for other legitimate reasons.
10.2. Users are encouraged to review this Privacy Policy periodically. Continued use of the Website after changes have been made constitutes acceptance of the revised Privacy Policy.
10.3. Where changes are material and affect Users' rights, the Controller will notify Users via email (to the address provided during account registration) or by displaying a prominent notice on the Website.
This section applies to personal data that the Controller obtains from the BVI Financial Services Commission registry, rather than directly from the data subject.
Identity and contact details of the Controller:
Dataset SIA, Krišjāņa Valdemāra iela 18-7, LV-1010, Rīga, Latvia
Email: [email protected]
Categories of personal data:
Names of directors and information about roles held (director, alternate director, etc.) as disclosed in the BVI Financial Services Commission List of Directors document.
Note: Personal data (directors' names) are processed only when a User specifically orders the List of Directors document. The majority of documents offered by the Controller (including Certificate of Incorporation, Certificate of Good Standing, Memorandum & Articles, and other corporate documents) do not contain personal data of individuals.
Source of personal data:
BVI Financial Services Commission – List of Directors official document retrieved through official paid searches submitted on behalf of individual Users.
Purposes of processing and legal basis:
Purpose: Providing intermediary services to Users by retrieving and delivering official BVI company documents (including List of Directors when specifically ordered) on their behalf to support transparency, business due diligence, legal compliance, and informed commercial decision-making.
Legal basis: Legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest consists of providing Users with convenient access to publicly available BVI company documents by acting as an intermediary between Users and the BVI registry.
Recipients:
Documents retrieved on behalf of a User are delivered exclusively to that User and stored in that User's account. The documents are not shared with other third parties.
Retention period:
Retrieved documents are stored in the User's account indefinitely until the User requests deletion of the specific document or their entire account, or until the account remains inactive for 3 years (see Section 5.4 for full details).
Rights of data subjects:
You have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to processing. You also have the right to lodge a complaint with the Data State Inspectorate of Latvia.
Important note: The Controller is not the original source of BVI registry data. The Controller operates as an intermediary service that retrieves official documents from the BVI Financial Services Commission on behalf of Users. To correct or erase your data in the BVI registry, please contact the BVI Financial Services Commission directly at https://www.bvifsc.vg.
Automated decision-making:
The Controller does not engage in automated decision-making or profiling in relation to BVI registry data.
Copyright © 2026 i-BVI. All Rights Reserved