Privacy Policy

Who Are We?
The website at https://www.rebenefit.bg is owned and maintained by ReBeneFit Ltd, having its business seat and registered address at 109 Bulgaria Blvd., Vertigo Business Tower, fl. 1404 Sofia, Bulgaria, registered in the Commercial register of the Registry Agency under UIC 206162139. To the extend Re:Benefit Ltd may collect or process personal data through its Websites, ReBenefit Ltd acts as the data controller for the processing of your personal data collected on the Websites.

In this Privacy Policy, references to “we”, “us” or “our” means ReBenefit Ltd and/or member firms that are part of ReBenefit Ltd, as the case may be. References to “you” and “your” are to users of our Websites. We recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws in all countries in which we operate. Therefore we have created this Privacy Policy to inform you how we collect, use and otherwise handle information about you and any personal information you submit or make available to us, or that we collect from you, when you use our Websites and/or via email and/or via any events or social media sites like Facebook, Twitter, Messenger, LinkedIn. When using the term “personal information” or “Personal Information” we refer to information relating to you, which can be used to personally identify you (either directly or indirectly), such as your name, e-mail address, company name, address, phone number, CVs, resumes and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Information About Children

The Websites are not intended for or targeted at children under 16 years old, and we do not knowingly or intentionally collect or maintain information about children under 16 years old. If you believe that we have collected information about a child under 16 years old, please contact us at info@rebenefit.bg, so that we may delete the information. In addition, we kindly ask any child under the age of 16 not to submit any personal information to us or use the Websites.

Why And How We Collect And Use Your Personal Information.

Types of personal information we collect

The types of information that we may collect from you, depending on how you use our Websites or contact us, include:
• your name;
• your family name;
• your email address;
• your company details;
• your CV, motivation letter or additional supporting documentation (portfolio, projects description, related pictures, etc.). you elect to provide where you apply for a role at our company on our Websites or via email, events, social media sites or other sites;
• your photo if you elect to provide when you register for an Event;
• information about your age, gender, education, academic profile and occupation you elect
to provide when you take part in our surveys (“Survey(s)”) and
• any other information that you choose to provide us when filling out a contact form on our
Websites or when attending our events, participating in our Surveys or by contacting us via
e-mail or via any of the social media sites like Facebook, Twitter, Messenger, LinkedIn.


How do we collect information and how we use your Personal Information Visitors to our Websites

When entering one of our Websites, we will collect information necessary for the operation of the Websites and for us to comply with security and legal requirements in relation to operating our Websites. We also collect information about your activities during your visit such as date and time of visits, the pages viewed, time spent at our Websites, and the websites visited just before our own, as well as your IP address and your browser so that we can better address your queries and to collect statistics to help us improve your browsing experience in the future.

Information from the “Contact Form” section of our Websites

We may collect your Personal Information, which you choose to provide when you fill in contact forms on our Websites, including your name and e-mail. We may use this Personal Information to respond to your queries, and/or provide the services and/or information that you have requested.

Information from requests via e-mail

When you contact us via e-mail in connection with a request such as request for information, to order a product or service, to provide you with support, to offer us a proposal or to participate in an event, we collect information necessary to respond to your request and to be able to contact you. For instance, we collect your name and contact information and details about your request. We may use this Personal Information to respond to your queries, and/or provide the services and/or information that you have requested. We use Transport Layer Security (TLS) to encrypt and protect web and email traffic. If your
email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Survey

When you elect to participate in Surveys, organized by us, you may provide to us personal information voluntarily and on your own initiative, as necessary for us to collect accurate feedback in relation to its employment or academic initiatives.

Events

When you register for and/or participate in event, campaign, Survey, traineeship, or other educational program („Training”) we may collect additional information (online or offline) in relation to the event, campaign, Survey, or the Training organization, and during an event, campaign, Survey, or a Training, such as participation in sessions, survey results, test results and/or results from exams. Events/campaigns may be recorded, and group photos taken. We reserve the right to use photos for promotional use, unless you explicitly inform us that you don‘t want photos of you to be used for such purposes or request them to be removed. When you provide us with your business contact information (such as by handing over a business card) we may use this to communicate with you for business purposes only.

Newsletter subscription

If you choose to subscribe to our blog(s) and/or news in order to receive notifications for new articles, news and information about us (“Newsletter”), we will collect and use Personal Information that you provide during the subscription process to send you notifications for new articles and articles` content by email.

Your consent to the use of your Personal Information for these purposes is optional. If you decide not to subscribe to our Newsletter to receive new articles, news, and information, we will not send you any Newsletters, but your use of our Websites will remain otherwise unaffected.

You are entitled to opt-out from receipt of Newsletters at any time. You can do so by using the “unsubscribe” option included in all e-mails. When you unsubscribe, we will keep a record of this, and once your request has been processed, you will stop receiving emails for new articles. You can still use our Websites once you have unsubscribed.

Recruitment

In connection with a job application, inquiry, registration for and/or participation in a Training, whether advertised on our Websites or otherwise (on LinkedIn, www.jobs.bg, our Facebook page etc.), you may provide us with Personal Information about yourself, including your name, family name, e-mail, CV, motivation letter or additional supporting documentation (portfolio, projects description, related pictures, etc.) you elect to provide, where you apply for a role at our company on our Websites or via email, social media sites or other sites as well as any other information that you choose to provide to us when filling out a contact form on our Websites or when attending our events or by contacting us via e- mail or via any of the social media sites like Facebook, Twitter, Messenger, LinkedIn or any other site. We may use this information throughout our departments in order to address your inquiry or consider you for employment purposes. All the information you provide during the process will only be used for the purpose of recruiting for the relevant currently vacant position that you have applied for and shall be kept for a period of no more than 6 months. If you have explicitly consented – your information will be also used for the purpose of recruiting of personnel for future vacant positions for a period of 2 years, which positions according to us are appropriate for you in view of your education, professional qualification, and experience. If we enter an employment relation with you, the submitted information will be stored for the purpose of processing the employment relationship in compliance with legal requirements. We may also use the information you provide during the recruitment process to fulfil other legal or regulatory requirements, if necessary. In addition you may elect for the purposes of the recruitment, to voluntarily provide in your CV Personal Information with a volume greater than the statutory minimum for the conclusion of an employment contract and in such case please be informed that the provision of data beyond than statutory minimum is not mandatory and that the non-provision of these data on your behalf has no negative impact on the selection process. Since you provide your Personal Information voluntarily on the grounds of a consent, you have the right to withdraw your consent at any time by sending an email to: security-incident@rebenefit.bg (please see below in section YOUR RIGHTS AS A DATA SUBJECT more information about your rights as a data subject). We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We may also obtain information about job applicants from other sources to the extent permitted by applicable law, such as through your contact with us, including your interactions with us, or from third parties such as employment agencies and other websites on the Internet. For example, you may choose to provide us with access to certain personal data stored by third parties such as social media sites like LinkedIn. By authorizing us to have access to this information, you agree we may collect, store, and use this information in accordance with this Policy.

People who contact us via social media

We may also collect information posted by you on social media sites if have opted to connect to or otherwise link us with social media accounts including Facebook and Twitter or if you send us a private or direct message via social media. It will not be shared with any other organizations.

Our Business Purposes

We may also use your Personal Information for our business purposes such as:
• record keeping, statistical analysis, internal reporting, and research purposes;
• to ensure network and information security;
• to notify you about changes to our services;
• to investigate any complaint you make;
• to provide evidence in any dispute or anticipated dispute between you and us;
• to customise various aspects of our Websites to improve your experience;
• to host, maintain and otherwise support the operation of our Websites;
• for the detection and prevention of fraud and other criminal offences and for for risk
management purposes;
• for business and disaster recovery (e.g. to create back-ups);
• for document retention/storage;
• for database management;
• to protect our rights, property, and/or safety, our personnel and others; and
• to ensure the quality of the services we provide to our users.

Use of third-party services and Cookies

We collect information relating to your use of our Websites through the use of various technologies. When someone visits one of our Websites, we use our own as well as third party services and technologies to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the Websites. This information is only processed in a way which does not identify anyone. Our Websites utilizes a standard technology called “cookies”and server logs to collect information about how our Website is used and to remember your preferences. Information gathered through cookies and server logs may include the date and time of visits, the pages viewed, time spent at our Websites, and the websites visited just before our own, as well as your IP address and browser. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to our Websites or browse from one page to another. We also use the third-party service Google Analytics – a web analytics service provided by Google, Inc. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our Websites. Google Analytics uses cookies to help us analyze how visitors use our Websites. The information generated by the cookie about your use of the Websites includes your IP address and will be transmitted to and stored by Google, on its servers. Google will use this information for the purpose of evaluating your use of the Websites, creating reports on website activity, and providing other services relating to Internet usage. Google may also pass this information on to third parties when required to do so by law, or when such third parties process the information on Google’s behalf. By using our Websites, you consent to the processing of data about your visit by Google in the manner and for the purposes set out above. If you choose, you can opt out by turning off cookies in the preferences settings in your browser, or by downloading and installing the Google Analytics Opt-out Browser Add-on from https://tools.google.com/dlpage/gaoptout. However, please note that you may not then be able to make full use of all the Websites’ functions.

HubSpot is our email service provider. To deliver this service MailChimp processes the email addresses of visitors to our Websites that have subscribed to our Newsletter. We use it to share our experience with overcoming challenges in the software engineering and IT sourcing business. We do send newsletters periodically to you if you have subscribed to our Newsletter. You can read the HubSpot Privacy Policy here: https://legal.hubspot.com/privacy-policy

We use a third-party service to help maintain the security and performance of our Websites. To deliver this service it processes the IP addresses of visitors to our Websites. In addition, we may use your Personal Information for further specific purposes made clear at the point of collection on pages of our Websites. If you choose not to provide Personal Information requested by us, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information. Aside from this, your visit to our Websites will remain unaffected.

Legal basis for collection and use of Personal Information

We process your Personal Information in relation to your subscription to events, participation in a Survey, a Training, our Newsletter, your use of the contact forms in our Websites and in cases for recruitment purposes, where we have your consent to do so. In other cases, we process your personal information where we need to do so:
• to comply with our legal and regulatory obligations;
• for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms in:
• responding to your queries;
• providing services and/or information to you; and
• our internal business purposes, as set out in section 2.8 above.

You can object to processing based on our legitimate interests at any time by contacting us at security-incident@rebenefit.bg See also in section YOUR RIGHTS AS A DATA SUBJECT “The right to object”.

If you would like to find out more about the legal basis on which we process your Personal Information for a particular purpose you can contact us at info@rebenefit.bg.

Retention Of Personal Information

It is our policy to retain your Personal Information for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Information for a longer time, considering factors including:
• legal obligation(s) under applicable law to retain data for a certain period of time;
• statute of limitations under applicable law(s);
• (potential) disputes and
• guidelines issued by relevant data protection authorities.

Whilst we continue to process your Personal Information, we will ensure that it is treated in accordance with this Privacy Policy. Otherwise, we securely erase your information once this is no longer needed.

We have strict data retention periods determined in our Internal rules for personal data
protection. If you would like to find out how long we keep your Personal Information for a
particular purpose you can contact us at security-incident@rebenefit.bg.

How And When Do We Share Information With Third Parties?

Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your Personal Information is adequately protected. Details about how we share Personal Information with third parties is set out below:

Google Analytics

Our Websites use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics works using cookies. Google Analytics cookies collect your IP address. We use the information collected by Google Analytics cookies to find out about how visitors use our Websites.

The IP address sent by your browser in connection with Google Analytics will not be combined by Google, with other data. If you so choose, you can opt out by turning off cookies in the preferences settings in your browser, or by downloading and installing the Google Analytics Opt-out Browser Add-on from http://tools.google.com/dlpage/gaoptout. However, please note that you may not then be able to make full use of all the Websites’ functions. When we would like to use your Personal Information for a new purpose, we will let you know about this first.

Third party service providers

We also share your Personal Information with our third-party service providers based in the European Economic Area (“EEA”) who we engage to provide support services in relation to our Websites for the purposes of hosting and maintaining our Websites; providing data storage; assisting us with database management, and in order to assist us with related tasks or processes.

We may also share your Personal Information with any other third party if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or to protect the rights, property and/or safety of ReBenefit Ltd, our personnel or others; or with any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a search warrant or court order or acting in accordance with an applicable law or regulation.

Sharing buttons

Our Websites provide sharing buttons that you can click on in order to share content from our Websites on social media channels, e.g., Facebook. We do not use these buttons to share your Personal Information with social media providers. When you click on a sharing button the relevant social media provider will gather Personal Information directly from you. Please read the privacy notice of any social media provider with which you intend to share content before clicking on the corresponding sharing button.

Acquisition

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company will receive all information gathered by us on the Websites. In this event, you will be notified via email and/or a prominent notice on our Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

International Transfers

Some of the third parties described in this privacy policy, which provide services to us, may be based in other countries outside the European Economic Area (“EEA”). In case we are required to undertake any transfer of personal information outside the EEA, we take all reasonable necessary steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy and an adequate level of protection is applied to it, in particular through the implementation the European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

Your Rights As A Data Subject

The following section explains your rights.

The right to be informed

You have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Information and your rights. Therefore we are providing you with the information in this Privacy Policy.

The right of access

You have the right to obtain a copy of your Personal Information (if we are processing it), and other certain other information (like that provided in this Privacy Policy) about how it is used. This is so you are aware and can check that we are using your information in accordance with data protection law.

We can refuse to provide information where to do so may reveal Personal Information about
another person or would otherwise negatively impact another person’s rights.

The right to rectification

You can ask us to take reasonable measures to correct your Personal Information if it is
inaccurate or incomplete. E.g. if we have the wrong name or address for you.

The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where have legal obligation to keep your Personal Information or we need to use your Personal Information in defence of a legal claim.

The right to restrict processing

You have the right to ‘block’ or suppress further use of your Personal Information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Information, but may not use it further. We keep lists of people who have asked for further use of their Personal Information to be ‘blocked’ to make sure the restriction is respected in future.

The right to data portability

You have the right to obtain and reuse certain Personal Information for your own purposes across different organisations. The right to object You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party.

We will be allowed to continue to process your Personal Information if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims.

The right to complain to a data protection authority You have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available at http://ec.europa.eu/justice/article 29/structure/data-protection-authorities/index_en.htm.) Contact details of the Bulgarian data protection authority (CPDP) are available at https://www.cpdp.bg/en/index.php?p=pages&aid=6 and are as follows:

Security Measures

Our Websites are hosted on servers in the EEA. We have adopted and implemented a security standard ISO 27001. Information storage is on secure computers in a locked and certified information centre and information is encrypted wherever possible. We undergo periodic system testing and reviews of our security policies and procedures to ensure that our systems are secure and protected. We use extensive and sophisticated secure technology to protect your data and transmissions between you and us.

Transmission between browsers and our web server is implemented using Secure Sockets Layer (SSL)
technology. Although we have taken these reasonable and appropriate measures to ensure
that your Personal Information is delivered and disclosed only in accordance with your
instructions, as the transmission of information via the Internet is not completely secure we
cannot and do not guarantee the security of your information transmitted to our Websites
and we cannot and do not guarantee that the Personal Information you provide will not be
intercepted by others and decrypted.

Confidentiality

We acknowledge that the information you provide may be confidential. We do not sell, rent, distribute or otherwise make Personal Information commercially available to any third party, except that we may share information with our service providers for the purposes set out in this Privacy Policy. We will maintain the confidentiality of and protect your information in accordance with our Privacy Policy and all applicable laws.

Links

To allow you to interact with other websites on which you may have accounts (such as Facebook and other social media sites) or join communities on such sites, we may provide links or embed third-party applications that allow you to login, post content or join communities from our websites. We may also provide you with general links to non-ReBenefit Ltd websites.

When you use those links, you leave the Websites and we are unable to control how the owners of the websites or applications you link to handle any information they gather about you, including their privacy practices and use of cookies.

This Privacy Policy applies only to the Websites and does not govern activities on linked websites or applications Your use of these links and applications is subject to the third parties’ privacy policies, and you should become familiar with the third-party sites’ privacy policies before using the links or applications. We are not responsible for the privacy practices or the content of those other websites.

Privacy Policy Acceptance

If you do not agree to the terms of this Privacy Policy, please do not provide us with any information and do not use the Websites. By using the Websites and voluntarily providing information to us, you consent to our collection and use of the Personal Information as set forth in this Privacy Policy.

Effect Of Privacy Policy And Changes To This Privacy Policy

This Privacy Policy does not form a contract between an individual and us. The Privacy Policy may also be subject to change from time to time. Whenever we change our Privacy Policy, we will publish the updated policy on our Websites.

Please check this Privacy Policy regularly. Subject to applicable law, all changes will take effect as soon as we publish the new Privacy Policy, but where we have already collected information about you and/or where legally required to do so, we may take additional steps to inform you of any material changes to our Privacy Policy and may request that you agree to these changes.

However, please be assured that if this Privacy Policy changes in the future, we will not use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy, without your prior consent.

Contact Us

If you have a question about this Privacy Policy or our handling of your Personal Information, you can send an email at security-incident@rebenefit.bg If you no longer wish to receive newsletter e-mails from us, please follow the unsubscribe instructions included in each email. If you no longer wish to receive e-mails for vacant positions from us, please send an e-mail to security-incident@rebenefit.bg.

If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Information, contact us here: security-incident@rebenefit.bg. Please provide as much information as possible to help us identify the information you are requesting, the action you want us to take and why you believe this action should be taken.

If you are not satisfied with our response to your complaint or believe our processing of your Personal Information does not comply with data protection law, you can make a complaint to the relevant EU data protection authority where you are located. The contact details for each EU data protection authority can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm Contact details of the Bulgarian data protection authority (CPDP) are available at https://www.cpdp.bg/en/index.php?p=pages&aid=6 and are as follows.

Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

“Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

This Privacy Policy is effective as of 17 January 2023.