PRIVACY POLICY.
Privacy Policy
1. Identification of controller
We inform you that the websites
https://www.bareinternational.com/,
https://www.bareinternational.eu/,
https://www.bareinternational.br/,
https://www.bareinternational.ae/,
https://www.bareinternational.ph/,
https://www.bareinternational.sg/,
https://www.bareinternational.cl/,
https://www.bareinternational.mx/
are run by
Bare Associates International, Inc.
Registration number: 314809
For headquarter and postal address click HERE.
Telephone: +1 800 296 6699
E-mail address: dataprivacy@bareinternational.com
(Controller hereafter).
2. The legal requirement concerning processing, scope of present policy
2.1. The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (GDPR hereafter) shall apply to Controller’s processing activity of present information.
2.2. Present notice covers data management during using the web page (web page hereafter) that can be reached through above mentioned domain address
2.3. In accordance with present information User: a browsing natural person on the web page and who initiates communication.
3. Data management related to the operation of information technology service
3.1. Controller uses ‘cookies’ to run the website and to collect technical data about the visitors of the website.
3.0. Controller represent a specific reference for visitors of the website: ‘Information about the use of cookies’
4. Data management related to sending messages
4.1. Data subjects involved in the processing: Users who have sent an e-mail to Controller by using the e-mail address(es) appeared on the website.
4.2. Legal basis of data management: User’s consent according to GDPR Article 6, Paragraph (1), Point a).
User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
4.3. Scope of handled data:
The following data of User who sent a message:
– name,
– e-mail address,
– content of the message.
4.4. Purpose of data management: to ensure exchange of messages between Controller and User.
4.5. Duration of data management: until answering the request or accomplishing User’s claim. Afterwards, Controller deletes data that is handled for these purposes. If there are more exchanges of messages, data are erased 90 days after the end of the message exchange or 90 days after the claim has been accomplished.
4.6. Method of data storage: on separate data managing lists in the information technology system of Controller until the end of information exchange.
5. Data management related to asking for offers
5.1. Data subjects involved in the processing: users asking for offers by filling out the form after clicking on button „REQUEST A QUOTE” on the webpage.
5.2. Legal basis for processing: User’s consent according to GDPR Article 6, Paragraph (1), Point a).
User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
5.3. Scope of handled data:
Identification and Characteristics: the representative/contact person’s:
– name
– job title/title
– workplace/represented organization
– work telephone number/organization telephone number
– work e-mail address/organization e-mail address
– work postal address/organization postal address
– Country;
Contact background/purpose:
– Where did you here about us?
– Free text field/Contact of msg.
– Selection options (like services, products, subjects).
5.4. Purpose of data management: To make it possible for a User to ask for an offer from Controller.
The sent phone number is used if User’s question which was asked in the sent message is complicated therefore it is more expedient to answer it via phone.
5.5. Duration of data management: the Controller will retain the data for the period determined by the legal system governing the given legal relationship for the limitation of claims related to the performance of the contract.
In case a contract follows the request for offer, Controller gives further information regarding to processing.
5.6. Method of data storage: on separate data managing lists in the information technology system of Controller.
6. Data management related to Evaluators
Controller gives separate information about data management concerning to those registrate as Evaluators.
7. Data management related to requesting a free study
7.1. Data subjects involved in the processing: Users requesting access to free study by completing and sending the boxes under the label ‘FREE ACCESS TO THE STUDY’ after clicking on first button ‘Solutions’ then button ‘Business Intelligence’.
7.2. Legal basis of processing: necessary data management related to completing a service – to provide a free study – according to GDPR Article 6 (1) Point b).
7.3. Scope of handled data:
Identification and Characteristics: the representative/contact person’s:
– name
– job title/title
– workplace/represented organization
– work telephone number/organization telephone number
– work e-mail address/organization e-mail address
– work postal address/organization postal address
– Country;
Contact background/purpose:
– Where did you here about us?
– Free text field/Contect of msg.
– Selection options (like services, products, subjects).
7.4. Purpose of data management: to provide useful information related to Controller’s activity.
7.5. Duration of processing: until the arrival of the free study.
7.6. Method of data storage: on separate data managing lists in the information technology system of Controller.
8. Data management related to free pilot offerings
8.1. Data subjects involved in the processing: Users requesting a free pilot offer by completing the data sheet that appears after clicking on button ‘Solution’ then button ‘Self-Audits (BARE-ify Pulse)’.
8.2. Legal basis of processing: necessary data management related to completing a service – preliminary survey – according to GDPR Article 6 (1) Point b).
8.3. Scope of handled data:
Identification and Characteristics: the representative/contact person’s:
– name
– job title/title
– workplace/represented organization
– work telephone number/organization telephone number
– work e-mail address/organization e-mail address
– work postal address/organization postal address
– Country;
Contact background/purpose:
– Where did you here about us?
– Free text field/Contect of msg.
– Selection options (like services, products, subjects).
8.4. Purpose of data management: providing free pilot services.
8.5. Duration of data management: until the information is transferred about the result of the free pilot. Controller will delete data which is handled for this purpose right after handing it over.
In case a contract follows the preliminary survey, Controller will give separate information about any further data management activity.
8.6. Method of data storage: on separate data managing lists in the information technology system of Controller.
9. Data management related to a call for proposal, requesting a free pilot or a free study in case of a natural person on behalf of a company
9.1. Data subjects involved in the processing: natural person Users (or ‘Representors’) on behalf of partner organization that call for a proposal, or requesting a preliminary survey or a free study.
9.2. Legal basis of processing: According to GDPR Article 6, Paragraph (1), Point f), data management is the legitimate interest of the organization (‘Partner Organization’ afterwards) which is represented by User.
It is the legitimate interest of the Partner Organization to call for a proposal or request for a preliminary survey or a free study from Controller. This can be maintained through using a natural person Representor.
Controller processes Representor’s data exclusively in connection with administration in connection with the organization he/she represents, to the extant and time necessary to it and as for the circle of data it is restricted solely to necessary data.
The necessary information exchange calling for a proposal or requesting a preliminary survey or a free request will not be possible without handling the Representor person’s data therefore data management is unavoidable for these above.
A separate documentation is made about considering interests. Representor can ask information about how to reach it from Controller.
9.3. Scope of data handled: those functions will define the specific data which are used by User according to the above chapters of different data managements.
9.4. Source of data: normally the User (Representor). In case it is not the Representor itself, who gives data but someone else from the Partner Organization, the source of data is the Partner Organization. Controller takes over Representor’s data in the legal interest of the Partner Organization. It is the Partner Organization’s duty to notify Representor about data processing: handing over Representor’s data to Controller.
9.5. Purpose of data management: answering the call for a proposal, completing the preliminary survey or providing access to the free study.
9.6. Duration of data management: those functions will define the duration of data management which are used by User according to the above chapters of different data managements
9.7. Method of data storage: On separate processing list within the Controller’s information technology system.
10. Data forwarding
10.1. Controller does not forward data to third parties.
10.2. Controller forwards data solely in case of any legal obligations. In such cases Controller forward data to authorities.
11. Involved data processors
Controller draws on the following businesses to process data.
11.1. Storage space service provider
11.1.1. Scope of those involved in data procession: Users visiting website, regardless of using services.
11.1.2. Controller uses
Microsoft Ireland Operations Limited
Short name: Microsoft Ireland Ltd.
Business registration: 256796
Tax number: IE8256796U
Residence: 70 Sir Rogerson’s Quay, Dublin 2, Ireland
Postal address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Telephone: +1 800 710 200
Website: https://www.microsoft.com/
as website storage place provider (Data Processor hereafter).
11.1.3. Defining the scope of data involved in data processing: this potentially relates to all information mentioned in present policy, the specific data circle is defined by functions used by User according to the above chapters of specific data managements.
11.1.4. Purpose of using data processor: To ensure functioning of website in an information technological way by using electronical host that is necessary for it.
11.1.5. Duration of data processing: It correlates with processing periods indicated in this policy for processing with various objectives.
11.1.6. Method of data processing: it is done electronically; processing data exclusively means to provide storage space that is necessary for the operation of website in an information technological way.
11.2. Website developer
11.2.1. Scope of those involved in data procession: Users visiting website, regardless of using services.
11.2.2. Controller uses
Automattic Inc. (WordPress)
Residence: 60 29th Street #343, San Francisco, CA 94110, USA
Postal address: 60 29th Street #343, San Francisco, CA 94110, USA
Telephone: Telefon: +001 877 273 3049
Website: https://wordpress.com/
as website developer (Data Processor hereafter).
11.2.3. Defining the scope of data involved in data processing: this potentially relates to all information mentioned in present policy, the specific data circle is defined by functions used by User according to the above chapters of specific data managements.
11.2.4. Purpose of using data processor: To ensure functioning of website in an information technological way by using software that is necessary for it.
11.2.5. Duration of data processing: It correlates with processing periods indicated in this policy for processing with various objectives.
11.2.6. Method of data processing: it is done electronically, processing data exclusively means to provide functionality of the software that is necessary for the operation of website in an information technological way.
11.3. Data procession in connection with the software and host of electronical mails.
11.3.1. Scope of those involved in data procession: those who are marked in present notice, those with whom Controller keeps contact via e-mails.
11.3.2. Controller uses
Microsoft Ireland Operations Limited
Short name: Microsoft Ireland Ltd.
Business registration: 256796
Tax number: IE8256796U
Residence: 70 Sir Rogerson’s Quay, Dublin 2, Ireland
Postal address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Telephone: +1 800 710 200
Website: https://www.microsoft.com/
and
Campaign Monitor Pty Ltd.
headquarters: 11 Lea Ave, Nashville, TN 37206, USA
postal address: 11 Lea Ave, Nashville, TN 37206, USA
e-mail address: DPO@campaignmonitor.com
website: https://www.campaignmonitor.com/
as Data Processor which is the developer and maintainer of the service provider of host and developer of software used for electronical mails. (Data Processor hereafter)
11.3.3. Defining the scope of data involved in data processing: first of all, the name and e-mail address of those concerned, secondly further data of those concerned that has been sent in electronical mails.
11.3.4. Purpose of using data processor: to ensure functioning electronical mails.
11.3.5. Duration of data processing: it will last until deleting electronical mails, Controller deletes mails following the final e-mail related to a correspondence.
11.3.6. Method of data processing: Messages are stored in a software environment provided by Controller during retention time, therefore data management exists during this period.
11.4. Controller makes use no other Processor apart from those described above or those mentioned in document of ‘Information about using cookies’[VT2] .
11.5. Controller enters into data processing contracts with mandatory content with data processors used by Controller in order to comply with relevant legislation and to guarantee an adequate level of data security.
12. Data protection, data safety
12.1. Controller assures the safety of data and through technical and organizational actions, as well as internal rules of procedure ensures that laws and other data and secret protection rules are kept. Controller protects data especially against illegal access, change, forwarding, making public, deletion or effacement of data, moreover, it protects against accidental effacement and damage, as well as inaccessibility of data as a result of change in applied technology.
12.2. Data related to measuring number of visitors of the website and habits describing use of website are handled in Controller’s information technological system in a way that prevents Controller to link data to anyone, right from the beginning.
12.3. Processing takes place to reach articulated and legal goals described in present policy to a necessary and proportional degree, based on relevant laws and recommendations, keeping appropriate safety measures.
12.4. In order to achieve these, Controller uses “https” protocol to reach the website, through which web communication can be encrypted and individually identifiable. Controller stores information in encrypted data stocks on separate lists insulated from each other based on processing goals to which certain Controller employees – performing tasks indicated in present policy – have access to, who have to protect data and it is their responsibility to handle this policy and relevant laws in an appropriate manner.
12.5. Passwords are stored with encryption codes by Controller’s system as a result of which Controller cannot learn User’s password.
13. User’s rights concerning data management
13.1. Right to access: Controller gives information for User’s request about data being handled by itself and by Data Processor, their sources, goals of data processing, its legal basis, period, name and address of Data Processor, its activities related to data processing, consequences and effects of a possible data protection incident and actions done in order to avoid such cases, furthermore, in case of forwarding concerned person’s personal data, about the legal basis and addressee of data forwarding. Controller provides information without any unreasonable delay, within maximum one month after the arrival of the request.
Within the framework of the right to access, Controller provides User with a copy of personal data involved in processing, within maximum one month after the arrival of the request. For further demands from User, Controller calculates a reasonable fee based on administrative costs (see Chapter 14).
13.2. Right to portability of data: User has the right to get personal data about themselves in an articulate, widely used format, readable on devices, furthermore, has the right to forward these pieces of information to another Controller without the obstruction of Controller that has User’s data according to User’s consent, if:
- a) processing is based on User’s consent or contract; and
- b) processing is automatized.
Practising the right to portability of data, User has the right – if it is technically practicable – to ask Controllers to forward information between each other directly.
13.3. Right to correction: User has the right to ask for correction of their data, which Controller fulfils without any unreasonable delay, within maximum one month after the arrival of the request. Considering the goal of processing, User has the right to ask for completing their missing personal data – for example through an additional declaration.
13.4. Right to limitation of processing: Controller marks personal data in order to limit processing. User may ask for such limitation if one of the following cases occur:
- a) User disputes accuracy of personal data, in this case limitation exceeds for the period that enables Controller to check the accuracy of personal data;
- b) processing is illegal, and User objects against deleting their data and asks for limitation of use;
- c) Controller does not need personal data for processing, however, concerned party lays claim to them in order to propose, realize or protect legal demands; or
- d) User has objected to legal processing done by Controller; in such cases limitation exceeds over a period in which it becomes clear whether Controller’s legal interests dominate over concerned party’s legal interests.
13.5. Right to erasure (‘right to be forgotten’): Controller deletes information if:
- a) personal data is no longer needed for reasons they were recorded, or were handled differently;
- b) User withdraws their consent to processing, and there are no other legal bases for it;
- c) User objects to processing and there are no prior rightful reasons for processing, or User objects to processing with direct sales objectives;
- d) personal data was handled illegally;
- e) personal data must be deleted to fulfil legal obligations claimed by European Union or member state laws;
- f) User requests deletion or objects to processing, and data was recorded to offer services related to information technological society directly to children.
If Controller made personal data public – and according to cases mentioned above – has to erase them and must take reasonable steps, including technical ones – considering technology available and costs of realization – in order to inform Controllers involved about User requesting their personal data and the links referring to them or copies of personal data to be deleted.
13.6. Obligation of noticing: Controller informs User and all Controllers that are provided with information about the correction, limitation and deletion. Notification might be neglected if it seems to be impossible, or requires unreasonable efforts. Controller informs User on demand about these addressees.
13.7. Right to objection: User has the right to object to their data being managed rightfully by Controller at any time because of personal reasons. In such cases, Controller cannot handle personal information any longer, except when Controller proves that there are obligatory rightful reasons for processing, having priority over concerned person’s interests, rights and freedoms, or reasons that are related to proposal, enforcement or defence of legal demands.
14. Fulfilling of User’s requests
14.1. Controller offers notification and taking actions for free, as described in Point 13. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Controller
- a) might charge a reasonable price, or
- b) might deny taking actions based on request,
considering data requested, or administrative costs of measures to be taken to fulfil request.
14.2. Controller informs User without any unreasonable delay, but maximum one month after receiving the request about actions that has been taken, including issuing copies of data. If necessary, considering the complexity of request and numbers of requests this deadline can be made longer with additional two months. Controller informs User about elongation of deadline together with indicating reasons of delay within one month after receiving the request. If concerned User sends their request electronically, Controller provides information electronically, except when concerned User asks for it in a different way.
14.3. If Controller does not take any steps as reaction to User’s request, without delay but within maximum of one month after receiving the request, Controller informs User about reasons why there have been no actions taken, and about the possibility of filing a complaint to the data protection authority competent in his place of residence and can have the right to legal remedy.
14.4. User can hand in their request to Controller in any way that identifies them. Identifying Users who hand in a request is necessary because Controller can deal with only those requests that are entitled. If Controller has justified doubts about the identity of natural person handing in a request it can ask for other pieces of information to assure the identity of concerned User.
14.5. User can send their requests to the Controller’s address (above) or to the e-mail address dataprivacy@bareinternational.com. Controller considers requests sent in e-mail genuine only if it was sent from an e-mail address registered at Controller’s database. However, using another e-mail address does not mean in observance of such requests. Time of receiving e-mails is the first day after the e-mail was sent.
15. Prosecution of rights
Those who are affected can exercise their law enforcement possibilities by turning to the Court of Justice or to the data protection authority competent for the main place of residence.
September 28, 2023
Bare Associates International, Inc.