Legal and Privacy

Forbytes' Web Privacy Policy
Data Protection Policy
Crisis Management Plan

Forbytes' Web Privacy Policy

1. Policy purpose

The purpose of this policy is to define processes and practices that are to be followed by Forbytes, its employees, and contractors to limit the usage of personal data received through our website and protect it according to the principles set in article 5 of GDPR.

2. Personal data that we collect

Forbytes may collect the following information for further processing limited to its legitimate interests:

  • Name
  • Title
  • Email/company email
  • Address (including company address) and phone number
  • Company
  • CV or other relevant data to assess your suitability for employment
  • IP
  • Geolocation data
  • Device identifier

3. Sources of personal data

We receive your personal data when you choose to visit our website or to give your data to us by submitting it via our website.

We use cookies on our website to collect data about your interaction with different pages for marketing purposes and also to improve the quality of our website.

4. Purpose of collecting and processing of personal data

Forbytes’ website collects personal data for legitimate purposes and interests. We don’t process data in a manner that is incompatible with these purposes.

Legitimate interests are a key need for Forbytes. They help our company to function, develop, and offer a better user experience to our website visitors.

These interests include:

  • Fraud detection and prevention
  • Compliance with the law, foreign law, law enforcement, court, and regulatory bodies’ requirements
  • Information, system, network, and cybersecurity
  • Employment data processing
  • Supplier data processing
  • General corporate operations and due diligence
  • Product (service) development and enhancement
  • Communication, marketing, and intelligence
  • Human resource management and team building

5. Storing of personal data

Collected personal data is stored within information systems used by Forbytes. We keep personal data for a limited period depending on the type of data, the purposes of processing, and legal requirements.

6. Sharing of personal data

All obtained personal data is kept strictly confidential.

Forbytes may share your data with our technical partners (Microsoft, Hubspot, Google, Cleverstaff) but only within the limits to maintain our daily operations and satisfy our legitimate interests.

7. Rights of data subject

As a website visitor, you have the following rights:

  • Right to obtain confirmation whether personal data concerning you is being processed
  • Right to access your data
  • Right to withdraw consent for personal data collection and processing
  • Right to rectification
  • Right to be forgotten
    (erase your data)
  • Right to data portability
  • Right to restrict processing
  • Right to be aware of the existence of automated individual decision-making and to object in this regard.

Data Protection Policy

This policy covers GDPR compliance processes and rules.

1. Context

Starting from the 25th of May, General Data Protection Regulation (GDPR) came into force, obliging the organization across the EU and those working with EU companies to enforce Personal Data protection and implement processes to comply with the requirements of GDPR.

2. Purpose of the policy

The purpose of this policy is to define processes and practices that are to be followed by Forbytes and its employees and contractors to limit the usage of personal data and protect it according to the principles set in the article 5 of GDPR and listed in s. 3 of this Policy.

Information that is being collected by Forbytes is listed in The Statement of the information Forbytes collects and processes, and the purpose of processing (Appendix A).

3. Principles relating to the processing of personal data

Personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
  • adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (‘data minimization’);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of GDPR subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

4. Definitions of key terms

Data subject
A data subject is a natural person. Examples of a data subject can be an individual, a customer, a prospect, an employee, a contact person, etc.

Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor
A natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.

5. Key requirements and controls

Key requirements and controls that define compliance with principles set in GDPR are described in Appendix.

 

APPENDIX A

Statement of the information Forbytes collects and processes, and the purpose of processing

Information that is being collected by Forbytes:

1. Operations department (responsible role – COO)

Purposes:

  • software development (discovery, design, development, delivery)
  • software failure recovery (situations when client’s systems/applications are not working or working improperly causing the financial damage to a client which requires access to production environment)
PURPOSE PERSONAL DATA COLLECTED

Software development (discovery, design, development, delivery)

No personal data collected.
Forbytes employees or contractors do not have access to personal information and work with fake | anonymized data.

Software failure recovery

Forbytes employees or contractors may get temporary access to production environment (including Database, logs and sessions) to resolve the problem. In this case, the following personal data can be accessed (but not collected):

  • Name
  • Social security number
  • Delivery Address
  • Billing address
  • Electronic address
  • IP

2. Marketing and sales department (responsible role – CEO)

Purposes:

  • to know who contact in a prospective client-partner organization
  • advertisement and content marketing
PURPOSE PERSONAL DATA COLLECTED

To know who contact in a prospective client-partner organization

No personal data collected.
Forbytes employees or contractors do not have access to personal information and work with fake | anonymized data.

Advertisement and content marketing

  • Name of employee | supplier
  • Employee’s | supplier’s photos

3. Financial department (responsible role – CEO)

Purposes:

  • payment of wages
  • payment of fees
  • bookkeeping
PURPOSE PERSONAL DATA COLLECTED

Payment of wages

  • Name of employee
  • Age of employee
  • Employee’s address
  • Employee’s banking information

Payment of fees

  • Supplier’s name
  • Supplier’s address
  • Supplier’s banking information

Bookkeeping

  • Name of employee | supplier
  • Age of employee
  • Employee’s | supplier’s address
  • Employee’s | supplier’s banking information

4. Human resources department (responsible role – CHRM)

Purposes:

  • recruiting of potential employees/suppliers (candidates)
  • human resource management
PURPOSE PERSONAL DATA COLLECTED

Recruiting of potential employees | suppliers (candidates)

  • Name of candidate
  • Date of birth of candidate
  • Candidate’s address
  • Candidates contact details (phone number, e-mail, skype account)
  • Candidate’s banking information
  • Photo (when present on provided CV)
  • CV information (including education, working experience, interests)

Human resource management

  • Name of employee | suppliers
  • Age of employee | suppliers
  • Employee’s | supplier’s address
  • Employee’s | supplier’s banking information
  • Employee’s | supplier’s personal interests
  • Employee’s | supplier’s photos
  • Employee’s | supplier’s wife name and phone number

Legitimate interests

Legitimate interests are the key needs of Forbytes that enable company functioning and development, and they include:

  • fraud detection and prevention;
  • compliance with the law, foreign law, law enforcement, court and regulatory bodies’ requirements;
  • information, system, network and cybersecurity;
  • employment data processing;
  • supplier data processing;
  • general corporate operations and due diligence;
  • product (service) development and enhancement;
  • communication, marketing and intelligence;
  • human resource management and teambuilding.

 

APPENDIX B

Key requirements and controls

Control 1 – Identify Lawful basis

Processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
LAWFUL BASIS

Consent

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Processing is necessary for compliance with a legal obligation to which the controller is subject.

Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

USAGE | REQUIREMENTS

The controller must inform the data subject about:
what personal information is collectedand stored;
what is the purpose of collecting, storing and processing personal information.
The controller must be able to demonstrate that the data subject has consented to processing of his or her personal data.
The data subject shall have the right to withdraw his or her consent at any time

Data subject shall be clearly informed about the need to process his/her personal data for the performance of a contract.

If contract is signed, it is highly recommended to include consent clause into the contract.

This basis is also applicable to processing invoices and other documents that are required according to contracts.

The controller must not keep the personal data longer than is needed to protect the vital interests of the data subject or of another natural person.

The register of personal data obtained under this basis shall be created and maintained.

Not applicable at the time.

The list of legitimate interests when personal data processing may occur is created and maintained. List of legitimate interest is enclosed in Appendix A.

The controller must ensure that the personal data collected is used for the legitimate interests pursuing.

The register of personal data obtained under this basis shall be created and maintained.

ACTIONS | DOCUMENTS

The controller must obtain a written consent.

All written consents must be kept as long as personal data of data subject is being processed or stored.

Register of written consents shall be created and maintained to provide easy search of consents.

The controller must ensure that the personal data collected is used for the purpose of performing of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The register of personal data obtained under this basis shall be created and maintained.

The register of personal data obtained under this basis shall be created and maintained.

Not applicable at the time.

The collector must ensure that:

legitimate interests when personal data processing may occur are identified.
only necessary data is collected;
whenever it is possible – inform data subject about the data that is processed and reasons;
ensure that sensible and effective retention policy is used.

The controller must inform the data subject about:
what personal information is collectedand stored;
what is the purpose of collecting, storing and processing personal information.
The controller must be able to demonstrate that the data subject has consented to processing of his or her personal data.
The data subject shall have the right to withdraw his or her consent at any time

Control 2 – Identify and document purpose

According to Article 5(1) “b” of GDPR “personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)”.
The collected data and legitimate purposes are listed in Appendix A.

PURPOSE LIMITATION

Purposes are specified.

Personal data is collected or processed for specified purposes

USAGE | REQUIREMENTS

Statement of the information Forbytes collects and processes, and the purpose for processing.

When collecting or processing any personal data collector/processor must check if it is collected/processed for the purposes that are specified in Appendix A.

ACTIONS | DOCUMENTS

The collector/processor must ensure that purposes according to which personal data is collected or processed are specified in Appendix A. If any new purpose arises – it must be informed to Responsible person to add it to the Appendix A before collecting or processing the data starts.

The collector/processor must ensure that personal data is collected or processed only according to specified purposes.

Crisis Management Plan

1. Purpose of the document

A crisis management plan (CMP) is a document that outlines the processes an organization will use to respond to a critical situation that would negatively affect its profitability, reputation, or ability to operate. CMP is used by business continuity teams, emergency management teams, crisis management teams, and damage assessment teams to avoid or minimize damage and to provide direction on staffing, resources, and communications.

2. Definition of crisis

A crisis is an issue that poses a threat to the strategic objectives of the business on a fundamental level. It is something that could have a disastrous effect on the business, whether it is effectively managed.

3. Types of crisis

  • Crises that put the lives of employees in danger
  • Other crises that prevent the company from normal operation

4. Crisis management team

  • C-Level executives
  • PMs

5. Plan of actions

5.1 Crisis that put the life of employees in danger

5.2 Crisis that prevents the company from normal operation

Scroll Up

This website is using cookies to give you the best experience.
Continue using this site you agree with our Privacy and Cookies Policy.