Privacy Policy

Introduction

This Privacy Policy contains basic information regarding the processing of Personal Data, obtained:

At https://recheck.io and any subdomains of the latter (hereinafter briefly referred to as "our Website")
By using the ReCheck mobile application

This version of ReCheck's Privacy Policy has been drafted in accordance with the requirements of the General Data Protection Regulation – GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council). Below in this document we will explain how we take care of your Personal Data both in the cases when you use ReCheck's blockchain-based services and, as well as that, when you provide us with your contact details for the purposes of communication and various subscriptions.

1. DEFINITIONS

In this Privacy Policy, the following definitions of the terms, deriving from Art. 4 of the Regulation, are used:

"Regulation" – General Data Protection Regulation of 27 April 2016, repealing Directive 95/46/EC on the protection of Personal Data. It has direct effect and implies an amendment to the legislation of the member states in the field of Personal Data protection. Its purpose is to protect the "rights and freedoms" of natural persons and to guarantee that their Personal Data is not being Processed without their knowledge, and where possible, Processing is subject to their consent.

"Personal Data" – can be any information that may be related to a natural person who is identified, or a natural person who might be identified, directly or indirectly, through the use of one or more specific features or identifiers associated with that natural person. From the point of view of the nature of the information, the term "Personal Data" includes any kind of statement concerning a person. This entails "objective" information and "subjective" information, opinions or assessments. With regards to the form or medium in which this information is contained, the term "Personal Data" includes information in any form, whether alphabetical, digital, graphic, photographic or acoustic. For example, it includes information stored on paper as well as information stored in computer memory.

"Special Categories of Personal Data" means a particular type of Personal Data due to the specific nature of the information it discloses about the natural person. In particular, this information reveals racial or ethnic origin, religious and philosophical beliefs, political views, membership in trade union (or professional) organizations, data concerning the health of the individual, biometric data for the sole purpose of identifying the natural person.

"Controller" means Flexible Bit, which determines the purposes and means of the Processing of Personal Data of natural persons.

"Processing" means any operation or set of operations carried out with Personal Data, such as the collection, recording, organization, structuring, storage, modification, use, disclosure by transmission and access, arrangement, erasure or destruction. In practice, any activity involving the use of Personal Data in some form may involve the Processing of Personal Data.

"Data Subject"– any living natural person, who is subject to Personal Data stored by the Controller.

2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

We are ReCheck OOD, a company registered in Bulgaria under company number 204305695, having its seat and management address 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria /hereinafter in this Policy briefly referred to as "ReCheck" or/and "the Controller"/.

We are the controller of your personal data and, as such, we are responsible for processing and storing your data in a fair, transparent, and secure manner, taking into account your best interest.

Contact details:

If you need to get in touch with us, below you will find our contact details. In the next chapters of this Privacy Policy, you will find detailed information about your rights as Data Subjects and also – instructions that will ease the submission of your access requests.
Email: info@recheck.io
Correspondence address: 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria

3. PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA

3.1. Personal data collected via the contact form on our Website

By using the contact forms on our Website, you can enter your email address, which we will process for one or more of the following purposes:

Registration for early adoption of ReCheck's products and services on preferential terms;
Subscription to our newsletter;
Subscription for special offers for loyal customers;
Provision of support, customer service and software updates, improvements and potential risks and problems
Communicating with you regarding subscription plans, service rates;
Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
Sending you invoices for the services that you used;
Informing you about updates in our terms of service, this Privacy Policy and/or other relevant documents;
Sending evaluation forms, by which you could rate your satisfaction and user experience and send us your recommendations for improvement and new features;
Direct email marketing;

3.2. Personal data collected upon the use of our blockchain-based services

The ReCheck mobile application is the tool that creates, stores, manages and restores the unique anonymous identity of the smartphone user and thus the mobile application is a mandatory component of the use of any of our blockchain-based services.

When installing the ReCheck mobile app, a unique blockchain identity is automatically created for you, as a user of the app. By default, this blockchain identity is anonymous, i.e. it cannot be linked to the user's personal information.

However, by your own discretion, you have the opportunity to link your blockchain identity to your real identity, by additionally entering your name and other Personal Data. This is an optional feature – you may take advantage of it, only if you wish to. The purpose of this feature is to increase the credibility of the transactions made and to contribute to more reliable legal consequences of the latter.

Along with the data in the preceding paragraphs, upon the installation of the ReCheck mobile app, a digital token is received from Google Play (resp. – Apple Store) and stored on ReCheck's server. This digital token is used by us for the purposes of identification of the user's device when sending push notifications.

Your personal data, obtained upon the use of ReCheck's services, will be processed for one or more of the following purposes:

Provision of the requested services;
Backing up and restoring the unique blockchain identity;
Provision of support, customer service and software updates;
Sending invoices for the services used;
Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
Informing you about updates and improvements, potential risks and problems;
Sending directly into the app push notifications regarding the services being used (e.g. notifications of received documents, pending actions of the user etc.).

3.3. Personal data collected upon the use of our blockchain-based services

The services provided by ReCheck (i.e., mobile application) and the provided functionalities in the Website are not intended for storage and Processing of Special Categories of Personal Data pursuant to Art. 9 and Art. 10 of the Regulation.

4. PRIVACY BY DESIGN AND DATA SECURITY

In the course of development of our software services, personal data security takes place among our highest priorities. Here are some of the major advantages of our services in terms of data security:

4.1. Recheck uses decentralized login when users log in with their unique blockchain identity, which is being stored on their smartphone. In this way, users are the owners of their identity, which is anonymous. As explained above, they may or may not link this blockchain identity to their real identity.

4.2. When using our services, exchange of files is completely possible without collecting personal data neither of the sender, nor of the recipient. Files may be sent directly to the anonymous blockchain identity of the recipient. No email, phone, names or other personal information of the users to whom information is being sent is required.

4.3. In order to increase data security, we have introduced pseudonymization mechanism, by giving a nickname or a "handle" to each user.

4.4. All documents that a user shares through the ReCheck services are encrypted with a private key owned and stored only by this user. No passwords and usernames are stored on our servers. Without the personal key of the respective individual user, the uploaded documents cannot be read.

4.5. Users will have the option to register a hash of one document in a blockchain without uploading it to our server – the document remains locally on their machine. Hashing is a cryptographic technique that we use generates a unique string of characters that serves as a digital fingerprint of the respective document. In terms of data security, by its nature this is one of the most reliable encryption techniques.

5. LEGAL BASIS FOR DATA PROCESSING

We collect your data on grounds allowed by the European and Bulgarian legislation (esp. EU Regulation 2016/679, also known as the GDPR).

We collect and otherwise process your data on the following legal grounds:

5.1. Performance of a contract

As developer and operator of the Recheck blockchain-based services, Recheck collects and uses your personal data in order to deliver the requested software service to you and to keep you informed of any matters related to these services, including their functionality, the terms and pricing for your subscription, the processing of your payments etc.

We act as a party to an agreement for provision of online/software services – ReCheck being the service provider and the data subject – acting as the user of the said services. In this role, we process your data on the grounds of Article 6, para 1, "b" of GDPR, and namely: on the ground that "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract".

5.2. Legitimate interest

We have legitimate interest to use that information of the current users of the ReCheck services for future marketing campaigns and to keep you informed of exciting future improvement, new features of the services etc.

In addition, we will store the data related to your payments and purchases in order to make sure that this information is available in case of official proceedings such as civil litigation (e.g. if we are sued for damages), administrative and criminal investigations (e.g. if we are audited by the tax authorities), consumer claims and disputes etc.

5.3. Consent

In all cases, when you are not a current user of the Recheck services, but you have subscribed to our newsletters and other bulletins, your email will be processed based on your consent.

You can revoke your consent for data processing at any time by writing a short email to us or by clicking on the "I don't want to receive any more emails from ReCheck" button in every email you receive from us.

6. PERIOD FOR WHICH PERSONAL DATA IS STORED

Personal Data of the users of our services is stored by Recheck as long as the users’ accounts exist. You can request the termination of your account at any time, in which case we will delete from ReCheck systems all data relating to your blockchain identity (except from the hashes, which given the immutability of data in the blockchain network, cannot be erased). However, certain Personal Data may be transferred to and stored in our company's archive (in accordance with the principle of minimum data storage) for cases of possible court claims or administrative proceedings within a period of 5 years as of termination of your account.

7. AUTOMATIC COLLECTION OF INFORMATION VIA COOKIES

We may also collect Personal Data via cookies. For more details, please consult our cookie policy, available on the Website.

8. OTHER COMPANIES AND INDIVIDUALS RECEIVING YOUR INFORMATION

8.1. Payments and accounting

In order to Process your payment, your payment data is shared with our money transfer service providers. An external accounting company will have access to any invoices and receipts, issued in relation to the use of the ReCheck services.

8.2. Marketing services and business development

For the purposes of email marketing campaigns, direct marketing and business development, your email address may be transferred to external marketing agencies and/or other providers of such services. Online ID data (e.g. collected from Website visits) may also be used and transferred for marketing purposes. For such and similar purposes, Personal Data may also be transferred to RECHECK B.V., a related party to Recheck, registered in the Netherlands.

As a Data Subject, you shall have the right to object at any time to Processing of Personal Data concerning you for such marketing. Where you object to Processing for direct marketing purposes, your Personal Data shall no longer be Processed for such purposes.

8.3. Official authorities and legal advice

Your Personal Data may be transferred or made accessible to various state authorities /investigation and administrative authorities, tax authorities, court/ in relation to official proceedings, including court, administrative and investigation proceedings. If necessary, in such or similar cases your data may also be made available to companies or individuals, providing the respective legal services and advice to ReCheck in the course of these proceedings.

Upon explicit request by the Data Subjects, we will gladly provide any additional information regarding the above-mentioned data recipients.

9. YOUR DATA OUTSIDE OF THE EU

If the recipients of your data are located outside of the European Economic Area, we will provide appropriate safeguards that your data is Processed with care and diligence that would be required of any EEA-based recipient.

Such transfers will be subject to binding corporate rules, the standard contractual clauses (SCC) as adopted by the EU Commission and updated on 6 June 2021, or other data protection mechanism that guarantees your rights and control with respect to your data.

10. YOUR RIGHTS REGARDING DATA PROTECTION

According to GDPR уou have the right to:

Right to access;
Right to rectification;
Right to erasure (right to be forgotten);
Right to restrict processing;
Right to data portability;
Right to object against the processing;
Right to withdraw consent at any time.

Right to access

You have the right to obtain access to the Personal Data held about you by your request; you also have the right to request a copy of the Personal Data undergoing Processing.

Right to rectification

You have the right to ask for incorrect, inaccurate or incomplete Personal Data to be corrected; Depending on the purposes of the Processing, you may have the right to have incomplete Personal Data completed.

Right to erasure (right to be forgotten)

You have the right to request Personal Data to be erased when it's no longer needed or if Processing it is unlawful; Please note that Art. 17 of GDPR outlines the cases where we are obliged to erase your data. In some cases we would need to keep your data, even if erasure has been requested /for example for the purposes of compliance with a legal obligation which requires Processing by Union or Bulgarian Law/. You should also keep in mind that given the immutability of data in the blockchain network, data posted on the blockchain ledgers cannot be erased.

Right to restrict processing

Under certain circumstances you may have the right to request from us the restriction of processing your personal data. For example, you may exercise this right, when we no longer need your personal data for the purposes of the processing, but we still need to store it in our systems and use it for situations like exercise or defense of legal claims.

Right to data portability

Under certain circumstances you may have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of those data to another Controller without hindrance from us, if such transmission is technically feasible.

Right to object against the processing

Under certain circumstances you may have the right to object against the Processing of your Personal Data and we can be required to no longer Process your Personal Data. You can exercise this right for example when we use your email address for direct marketing purposes – in such cases once you object, we will no longer be able to send you any marketing materials.

Right to withdraw consent

When the Processing of your Personal Data is based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of Processing based on consent before its withdrawal.

How to exercise your rights:

To exercise your rights, you can contact us by email or by regular post, using the contact details in the beginning of this document. We will respond to your requests without undue delay and at the latest – within 1 month as of the date of its receipt.

Your written request under this Chapter can be filed on paper or electronically and should include:

Your name;
The email address by which you are registered in your personal account /optional, but highly recommendable/;
Description of your request;
Preferred communication channel /e.g. regular or electronic mail/;
Signature /in case filed on paper/;
Date of the request;
Correspondence address;
Power of Attorney – if filed on somebody else's behalf.

* You may be asked to provide information to confirm your identity (such as clicking a verification link or providing a verification code) in order to exercise your rights.

11. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Тhe Republic of Bulgaria Commission for Personal Data Protection(CPDP) supervises how we handle your Personal Data. The CPDP is an independent government authority, which monitors the lawfulness of data Processing activities.

All Data Subjects are entitled to lodge a complaint before CPDP in regard to the Processing of their Personal Data – contact information and more about the procedure may be found at https://www.cpdp.bg/.

12. AUTOMATED DECISION MAKING

Your personal data will not be used for automated decision-making, including profiling.

13. NOTIFICATION OF CHANGES TO THIS PRIVACY POLICY

ReCheck reserves the right, at its sole discretion, to change, modify, add or remove portions of this Privacy Policy, at any time.

You will be notified by email for any changes of this Privacy Policy and you will be able to object to any such changes. The changes can also be communicated to you, when you visit our Website.

14. POLICY FOR MISCONDUCT

We aim to ensure that the information, present on this Website, is accurate and up to date. We cannot, however, accept any responsibility for any loss or inconvenience caused by reliance on any material contained in this site.

ReCheck.io and The ReCheck mobile phone application promote product and document authenticity and strongly advise against the upload of fake data, facts from untrusted sources or any information that contradicts with the product or documents related legitimacy. We reserve the right to deny access to services, to flag or to limit functionalities for users that are in breach our Privacy Policy. Regulations will generally apply for publishing false or misleading information, for claiming products that are not owned by users, or for publishing image materials that do not represent the actual items they visualize.

15. LIABILITY POLICY

By the applicable law, ReCheck does not assume any responsibility or liability for any indirect, consequential or exemplary damages including (but not limited to): income or revenue loss, data loss, omissions, malfunctions, any bug or malware related technical. issues. We provide users with the option of subscription for our Website with the intent to keep them updated for any new services we may provide, news and updates for our mobile application or changes to current Terms of use and Privacy Policy. Should users decide to unsubscribe and now longer receive updates for our Website, product or services, users can do so at their will. In accordance with the Data Erasure regulation, we are obliged to delete every record and entry of users who opted to unsubscribe. ReCheck takes all necessary measures to be compliant with the General Data Protection Regulation introduced by the European Commission, within the European Union and European Economic Area. We DO NOT own any of the information or Personal Data provided by the users related to the usage of the Website or the ReCheck mobile application.

This Privacy Policy does not apply to websites which are owned and operated by someone else that are accessible through the ReCheck Website. Other websites apply their own privacy policies and, use and disclosure practices, which we are not responsible for. Users are advised to read their policies carefully.

Copyright

"ReCheck" is a registered trademark of ReCheck B.V. All trademarks, logos, designs and images used in connection with the ReCheck mobile application, website and services remain the property of ReCheck or their respective owners. If you have any queries regarding us, the website, application and/ or Services, please contact us by email at info@recheck.io.