Legal and Privacy

Forbytes' Web Privacy Policy
Data Protection Policy
Crisis Management Plan

Forbytes' Web Privacy Policy

1. Policy purpose

The purpose of this policy is to define processes and practices that are to be followed by Forbytes, its employees, and contractors to limit the usage of personal data received through our website and protect it according to the principles set in article 5 of GDPR.

2. Personal data that we collect

Forbytes may collect the following information for further processing limited to its legitimate interests:

  • Name
  • Title
  • Email/company email
  • Address (including company address) and phone number
  • Company
  • CV or other relevant data to assess your suitability for employment
  • IP
  • Geolocation data
  • Device identifier

3. Sources of personal data

We receive your personal data when you choose to visit our website or to give your data to us by submitting it via our website.

We use cookies on our website to collect data about your interaction with different pages for marketing purposes and also to improve the quality of our website.

4. Purpose of collecting and processing of personal data

Forbytes’ website collects personal data for legitimate purposes and interests. We don’t process data in a manner that is incompatible with these purposes.

Legitimate interests are a key need for Forbytes. They help our company to function, develop, and offer a better user experience to our website visitors.

These interests include:

  • Fraud detection and prevention
  • Compliance with the law, foreign law, law enforcement, court, and regulatory bodies’ requirements
  • Information, system, network, and cybersecurity
  • Employment data processing
  • Supplier data processing
  • General corporate operations and due diligence
  • Product (service) development and enhancement
  • Communication, marketing, and intelligence
  • Human resource management and team building

5. Storing of personal data

Collected personal data is stored within information systems used by Forbytes. We keep personal data for a limited period depending on the type of data, the purposes of processing, and legal requirements.

6. Sharing of personal data

All obtained personal data is kept strictly confidential.

Forbytes may share your data with our technical partners (Microsoft, Hubspot, Google, Cleverstaff) but only within the limits to maintain our daily operations and satisfy our legitimate interests.

7. Rights of data subject

As a website visitor, you have the following rights:

  • Right to obtain confirmation whether personal data concerning you is being processed
  • Right to access your data
  • Right to withdraw consent for personal data collection and processing
  • Right to rectification
  • Right to be forgotten
    (erase your data)
  • Right to data portability
  • Right to restrict processing
  • Right to be aware of the existence of automated individual decision-making and to object in this regard.

Data Protection Policy

This policy covers GDPR compliance processes and rules.

1. Context

Starting from the 25th of May, the General Data Protection Regulation (GDPR) came into force, obliging the organizations across the EU and those working with EU companies to enforce Personal Data protection and implement processes to comply with the requirements of GDPR.

2. Purpose of the policy

The purpose of this policy is to define processes and practices that are to be followed by Forbytes and its employees and contractors to limit the usage of personal data and protect it according to the principles set in article 5 of GDPR and listed in s. 3 of this Policy.

Information that is being collected by Forbytes is listed in The Statement of the information Forbytes collects and processes, and the purpose of processing (Appendix A).

3. Principles relating to the processing of personal data

Personal data shall be:

  • processed lawfully, fairly, and in a transparent manner about the data subject (‘lawfulness, fairness and transparency);
  • collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes by Article 89 (1) of GDPR subject to implementation of the appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

4. Definitions of key terms

Data subject
A data subject is a natural person. Examples of a data subject can be an individual, a customer, a prospect, an employee, a contact person, etc.

Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Processing
Any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor
A natural or legal person, public authority, agency, or another body that processes personal data on behalf of the controller.

5. Key requirements and controls

Key requirements and controls that define compliance with principles set in GDPR are described in Appendix.

 

APPENDIX A

Statement of the information Forbytes collects and processes, and the purpose of processing

Information that is being collected by Forbytes:

1. Operations department (responsible role — COO)

Purposes:

  • software development (discovery, design, development, delivery)
  • software failure recovery (situations when a client’s systems/applications are not working or working improperly causing financial damage to a client which requires access to the production environment)

2. Marketing and sales department (responsible role — CEO)

Purposes:

  • to know who contact in a prospective client-partner organization
  • advertisement and content marketing

3. Financial department (responsible role — CEO)

Purposes:

  • payment of wages
  • payment of fees
  • bookkeeping

4. Human resources department (responsible role – CHRM)

Purposes:

  • recruiting of potential employees/suppliers (candidates)
  • human resource management

Legitimate interests

Legitimate interests are the key needs of Forbytes that enable company functioning and development, and they include:

  • fraud detection and prevention;
  • compliance with the law, foreign law, law enforcement, court, and regulatory bodies’ requirements;
  • information, system, network, and cybersecurity;
  • employment data processing;
  • supplier data processing;
  • general corporate operations and due diligence;
  • product (service) development and enhancement;
  • communication, marketing, and intelligence;
  • human resource management and team building.

 

APPENDIX B

Key requirements and controls

Control 1 – Identify a Lawful basis

Processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary to protect the vital interests of the data subject or another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller;
  • Processing is necessary for the legitimate interests pursued by the controller or by a third party. Where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Control 2 — Identify and document the purpose

According to Article 5(1) “b” of GDPR “personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)”.
The collected data and legitimate purposes are listed in Appendix A.

 

Crisis Management Plan

1. Purpose of the document

A crisis management plan (CMP) is a document that outlines the processes an organization will use to respond to a critical situation that would negatively affect its profitability, reputation, or ability to operate. CMP is used by business continuity teams, emergency management teams, crisis management teams, and damage assessment teams to avoid or minimize damage and to provide direction on staffing, resources, and communications.

2. Definition of crisis

A crisis is an issue that poses a threat to the strategic objectives of the business on a fundamental level. It is something that could have a disastrous effect on the business, whether it is effectively managed.

3. Types of crisis

  • Crises that put the lives of employees in danger
  • Other crises that prevent the company from normal operation

4. Crisis management team

  • C-Level executives
  • PMs

5. Plan of actions

5.1 Crisis that put the life of employees in danger

5.2 Crisis that prevents the company from normal operation

Scroll Up

This website is using cookies to give you the best experience.
Continue using this site you agree with our Privacy and Cookies Policy.