Forbytes' Web Privacy Policy
1. Policy purpose
The purpose of this policy is to define processes and practices that are to be followed by Forbytes, its employees, and contractors to limit the usage of personal data received through our website and protect it according to the principles set in article 5 of GDPR.
2. Personal data that we collect
Forbytes may collect the following information for further processing limited to its legitimate interests:
- Name
- Title
- Email/company email
- Address (including company address) and phone number
- Company
- CV or other relevant data to assess your suitability for employment
- IP
- Geolocation data
- Device identifier
3. Sources of personal data
We receive your personal data when you choose to visit our website or to give your data to us by submitting it via our website.
We use cookies on our website to collect data about your interaction with different pages for marketing purposes and also to improve the quality of our website.
4. Purpose of collecting and processing of personal data
Forbytes’ website collects personal data for legitimate purposes and interests. We don’t process data in a manner that is incompatible with these purposes.
Legitimate interests are a key need for Forbytes. They help our company to function, develop, and offer a better user experience to our website visitors.
These interests include:
- Fraud detection and prevention
- Compliance with the law, foreign law, law enforcement, court, and regulatory bodies’ requirements
- Information, system, network, and cybersecurity
- Employment data processing
- Supplier data processing
- General corporate operations and due diligence
- Product (service) development and enhancement
- Communication, marketing, and intelligence
- Human resource management and team building
5. Storing of personal data
Collected personal data is stored within information systems used by Forbytes. We keep personal data for a limited period depending on the type of data, the purposes of processing, and legal requirements.
6. Sharing of personal data
All obtained personal data is kept strictly confidential.
Forbytes may share your data with our technical partners (Microsoft, Hubspot, Google, Cleverstaff) but only within the limits to maintain our daily operations and satisfy our legitimate interests.
7. Rights of data subject
As a website visitor, you have the following rights:
- Right to obtain confirmation whether personal data concerning you is being processed
- Right to access your data
- Right to withdraw consent for personal data collection and processing
- Right to rectification
- Right to be forgotten
(erase your data) - Right to data portability
- Right to restrict processing
- Right to be aware of the existence of automated individual decision-making and to object in this regard.
Data Protection Policy
This policy covers GDPR compliance processes and rules.
1. Context
Starting from the 25th of May, General Data Protection Regulation (GDPR) came into force, obliging the organization across the EU and those working with EU companies to enforce Personal Data protection and implement processes to comply with the requirements of GDPR.
2. Purpose of the policy
The purpose of this policy is to define processes and practices that are to be followed by Forbytes and its employees and contractors to limit the usage of personal data and protect it according to the principles set in the article 5 of GDPR and listed in s. 3 of this Policy.
Information that is being collected by Forbytes is listed in The Statement of the information Forbytes collects and processes, and the purpose of processing (Appendix A).
3. Principles relating to the processing of personal data
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (‘data minimization’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of GDPR subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
4. Definitions of key terms
Data subject
A data subject is a natural person. Examples of a data subject can be an individual, a customer, a prospect, an employee, a contact person, etc.
Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
A natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.
5. Key requirements and controls
Key requirements and controls that define compliance with principles set in GDPR are described in Appendix.
APPENDIX A
Statement of the information Forbytes collects and processes, and the purpose of processing
Information that is being collected by Forbytes:
1. Operations department (responsible role – COO)
Purposes:
- software development (discovery, design, development, delivery)
- software failure recovery (situations when client’s systems/applications are not working or working improperly causing the financial damage to a client which requires access to production environment)
PURPOSE | PERSONAL DATA COLLECTED |
---|---|
Software development (discovery, design, development, delivery) |
No personal data collected. |
Software failure recovery |
Forbytes employees or contractors may get temporary access to production environment (including Database, logs and sessions) to resolve the problem. In this case, the following personal data can be accessed (but not collected):
|
2. Marketing and sales department (responsible role – CEO)
Purposes:
- to know who contact in a prospective client-partner organization
- advertisement and content marketing
PURPOSE | PERSONAL DATA COLLECTED |
---|---|
To know who contact in a prospective client-partner organization |
No personal data collected. |
Advertisement and content marketing |
|
3. Financial department (responsible role – CEO)
Purposes:
- payment of wages
- payment of fees
- bookkeeping
PURPOSE | PERSONAL DATA COLLECTED |
---|---|
Payment of wages |
|
Payment of fees |
|
Bookkeeping |
|
4. Human resources department (responsible role – CHRM)
Purposes:
- recruiting of potential employees/suppliers (candidates)
- human resource management
PURPOSE | PERSONAL DATA COLLECTED |
---|---|
Recruiting of potential employees | suppliers (candidates) |
|
Human resource management |
|
Legitimate interests
Legitimate interests are the key needs of Forbytes that enable company functioning and development, and they include:
- fraud detection and prevention;
- compliance with the law, foreign law, law enforcement, court and regulatory bodies’ requirements;
- information, system, network and cybersecurity;
- employment data processing;
- supplier data processing;
- general corporate operations and due diligence;
- product (service) development and enhancement;
- communication, marketing and intelligence;
- human resource management and teambuilding.
APPENDIX B
Key requirements and controls
Control 1 – Identify Lawful basis
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Control 2 – Identify and document purpose
According to Article 5(1) “b” of GDPR “personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)”.
The collected data and legitimate purposes are listed in Appendix A.
Crisis Management Plan
1. Purpose of the document
A crisis management plan (CMP) is a document that outlines the processes an organization will use to respond to a critical situation that would negatively affect its profitability, reputation, or ability to operate. CMP is used by business continuity teams, emergency management teams, crisis management teams, and damage assessment teams to avoid or minimize damage and to provide direction on staffing, resources, and communications.
2. Definition of crisis
A crisis is an issue that poses a threat to the strategic objectives of the business on a fundamental level. It is something that could have a disastrous effect on the business, whether it is effectively managed.
3. Types of crisis
- Crises that put the lives of employees in danger
- Other crises that prevent the company from normal operation
4. Crisis management team
- C-Level executives
- PMs
5. Plan of actions
5.1 Crisis that put the life of employees in danger
5.2 Crisis that prevents the company from normal operation