Data Protection & Privacy Policy

In the following, you can find the BitaBIZ Data Protection & Privacy Policy.

Introduction

BitaBIZ needs to collect and use certain information about individuals to carry out our business ac-tivities. These can include customers, suppliers, business contacts, employees, and other people we have a relationship with or may need to contact.

BitaBIZ is committed to protecting the personal data of our employees, users of our services, contractors, and website visitors. This policy is applicable in situations where we act as a data controller or data processor with respect to this personal data.

This policy describes how this personal data must be collected, handled and stored to meet our data protection standards and to comply with the Regulation (EU) 2016/679 (General Data Protection Regulation) referred to as “the GDPR”.

In this document, “we”, “us”, and “our” refer to BitaBIZ.

Purpose

The purpose of this policy is to protect and promote the data protection rights by informing everyone working for BitaBIZ and any third party to whom this policy applies to of their data protection obligations and of the BitaBIZ procedures that must be followed to ensure compliance with the GDPR.

Scope

This Privacy Policy applies to BitaBIZ online platform (bitabiz.com), including the associated Bita-BIZ mobile apps, Outlook app and Win10 app (collectively, the “BitaBIZ Service”), and other in-teractions (e.g., customer service inquiries, user conferences, etc.) you may have with BitaBIZ.

All BitaBIZ employees, contractors, consultants, freelancers, and any other person who works under the authority of BitaBIZ must comply with this policy, including all personnel affiliated with third parties who may have access to any BitaBIZ network or resource.

This policy applies to BitaBIZ processing of personal data, whether by electronic or manual means.

Privacy Principles

The following sets out the principles that underline our practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing personal data.


Fairness
. BitaBIZ shall process personal data in a lawful, legitimate, and transparent manner.

Purpose Limitation. BitaBIZ shall only collect personal data for specific, explicit, and legitimate purposes.

Proportionality. BitaBIZ shall only process personal data that is adequate, relevant, and not excessive for the purposes which it is processed.

Data Integrity. BitaBIZ shall keep personal data that is accurate, complete, and up to date, as is reasonably necessary to accomplish the purpose for which it is processed.

Data Retention. BitaBIZ shall keep personal data in a form that is personally identifiable for no longer than necessary to accomplish the purpose for which the personal data was obtained unless required by law to retain some information for a period of time.

Data Security. BitaBIZ shall implement appropriate and reasonable technical and organizational measures to safeguard personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, and access.

Individual Rights. BitaBIZ shall process personal data in a manner that respects individuals’ rights as required by the GDPR.

Accountability. BitaBIZ shall implement appropriate governance, policies, processes, controls, and other measures necessary to demonstrate that it processes personal data following this policy and the GDPR.

Legal Basis for Processing Customer and Partner Data

Data processing for contractual relationship. Personal data of the customer or partner can be processed to establish, perform, and terminate a contract.

Consent to data processing. Personal data can also be processed following the consent by the data subject. Before giving consent, the data subject must be informed. The declaration of consent must be obtained in writing or electronically for the purposes of documentation.

Legal authorization or obligation. The processing of personal data is permitted if national legislation requests, requires, or permits this. The type and extent of processing must be necessary for the legally authorized data processing activity and must comply with the relevant statutory provisions.

Legitimate Interest. Personal data can also be processed if necessary, for legitimate interests (e.g., avoiding breaching of contract). Before data is processed, it is needed to determine whether the data subjects’ interests worthy of protection outweigh the legitimate interests

Employment relationship. Personal data can be processed if needed to establish, perform, and terminate the employment relationship. In the existing employment relationship, data processing must always relate to the purpose of the employment. Personal data of candidates can be processed to help to decide whether to enter into an employment relationship. If the candidate is rejected, their data must be deleted, unless the candidate has agreed to remain file for future selection process.

Personal Data We Collect and Receive

BitaBIZ collects and receives customer data. Below are the kinds of data we collect and reasons for doing so. We do not use this data for other purposes.

1. When a BitaBIZ account is created, the following information may be collected:

  • User data. Users (employees) or individuals granted access to a BitaBIZ account by a customer (“Setup Admin user”) routinely submit customer data to BitaBIZ when using the Services. Data like vacation requests, time registrations, sick leave registrations, etc.
  • Customer data. BitaBIZ is also used to collect other customer data. To create or update a BitaBIZ account, you or your employer supply BitaBIZ with an email address, phone number and other staff/ HR/ payroll related information.
  • Billing information. Customers that purchase a paid version of the BitaBIZ Services provide BitaBIZ (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.

Our Data Collect Policy describes in detail what data may be collected using the BitaBIZ service. Click here to read our Data Collect Policy.

2. BitaBIZ also collects, generates, and/or receives other information:

  • Cookie information. BitaBIZ uses cookies and similar technologies on our websites and services.
  • Device information. BitaBIZ collects information about devices accessing the services, including the type of device and what operating system is used.
  • Logs. Our servers automatically collect information when you access or use our services and record it in log files. This log data may include the Internet protocol (IP) address.

Click here to read our Cookie policy.

How We Use Information

The information added to BitaBIZ will be used in accordance with the Customer’s instructions. BitaBIZ is a processor of Customer Data and the Customer is the controller. The Data Processor Agreement (DPA) govern how BitaBIZ shall act as the data processor. Click here to read the DPA.

Where We Store and Process Personal Data

BitaBIZ is hosted in a cloud and data we collect is stored in the Microsoft Azure platform. Microsoft enterprise cloud services are independently validated through certifications and attestations, as well as third-party audits. In-scope services within the Microsoft Cloud meet key international and industry-specific compliance standards, such as ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1 and SOC 2. They also meet regional and country-specific standards and contractual commitments, including the EU Model Clauses, UK G-Cloud, Singapore MTCS, and Australia CCSL (IRAP). In addition, rigorous third-party audits, such as by the British Standards Institution and Deloitte, validate the adherence of their cloud services to the strict requirements these standards mandate.

Microsoft has certified to the Department of Commerce that it adheres to the Privacy Shield Princi-ples. Microsoft has stated that it and its controlled U.S. subsidiaries (collectively “Microsoft”) will continue to comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.

Data Subject’s Rights

A data subject has the following rights vis-à-vis the controller:

  • The right to be informed of the circumstances in the processing of their personal data (Right of transparent communication and information)
  • The right to obtain information about how their data is processed and what rights they are entitled to in this respect (Right of access).
  • The right to correct or supplement personal data if data are incorrect or incomplete (Right to rectification).
  • The right to delete their personal data if the legal bases have ceased to apply. Existing retention periods and interests are worthy of protection that prohibit deletion must be observed (Right to erasure).
  • The right to restriction of processing if they dispute the accuracy of processing or the controller no longer needs the data while the data subject needs the data for their legal claims (Right to restriction of processing).
  • The right to receive their personal data which has provided on the bases on a consent or in context in the agreement initiated by them in a commonly used digital format. Data subject has also the right to transfer this data to a third party (Right to data portability).
  • The right to object to direct marketing at any time (Right to object).
  • Right not to be subject to automated decision-making.
  • The right to lodge a complaint

Access to Your Data

All individuals who are the subject of personal data held by BitaBIZ are entitled to:

  • Ask what information BitaBIZ holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up-to-date.
  • Be informed how the companies meeting their data protection obligations.
  •  Request removal

Security

Our Information Security Policy describes our:

  • Hosting security
  • Product security
  • Internal security

Click here to read our Information Security Policy

International Data Transfers

BitaBIZ may transfer personal data added to the BitaBIZ services to countries other than the one in which you live.

BitaBIZ has an EU GDPR compliant data transfer setup:

  • Data storage inside the EU
  • Engages only selected sub-processors that may process personal data submitted to BitaBIZ services.

Click here to read our Sub-processor Policy.

Customers’ Rights

BitaBIZ customers have statutory rights in relation to data stored on the BitaBIZ service.

BitaBIZ provides data management tools to manage and delete personal data according to local law. If you cannot use the settings and tools, contact BitaBIZ online support for assistance.

Your rights to your data stored on the BitaBIZ service is described in our Terms & Conditions.

Contacting BitaBIZ

Please also feel free to contact BitaBIZ if you have any questions about this Data Protection & Privacy Policy or if you are seeking to exercise any of your statutory rights. You may contact BitaBIZ at [email protected] or via online support.

Complaints

If you want to lodge a complaint about our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the national Data Protection Authority.

Definitions

Personal data Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data controller Is the one who determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor Is the one who processes personal data on behalf of the controller.
Personal data processing Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

BitaBIZ Data Protection and Privacy Policy accompanies BitaBIZ Terms & Conditions (Sys-tem2 25.05.2018)