1. At https://recheck.io and any subdomains of the latter (hereinafter briefly referred to as “our Website”)
2. By using the ReCheck mobile application
Bellow in this document we will explain how we take care of your personal data both in the cases when you use ReCheck’s blockchain-based services and, as well as that, when you provide us with your contact details for the purposes of communication and various subscriptions.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
We are ReCheck OOD, a company registered in Bulgaria under company number 204305695, having its seat and management address 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria /hereinafter in this Policy briefly referred to as “ReCheck” or/and “the Controller”/.
We are the controller of your personal data and, as such, we are responsible for processing and storing your data in a fair, transparent, and secure manner, taking into account your best interest.
If you need to get in touch with us, below you will find our contact details.
Email: [email protected]
Correspondence address: 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria
PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA
2.1. Personal data collected via the contact form on our Website
By using the contact forms on our Website, you can enter your email address, which we will process for one or more of the following purposes:
✓ Registration for early adoption of ReCheck’s products and services on preferential terms;
✓ Subscription to our newsletter;
✓ Subscription for special offers for loyal customers;
✓ Provision of support, customer service and software updates, improvements and potential risks and problems
✓ Communicating with you regarding subscription plans, service rates;
✓ Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
✓ Sending you invoices for the services that you used;
✓ Sending evaluation forms, by which you could rate your satisfaction and user experience and send us your recommendations for improvement and new features;
✓ Direct email marketing.
2.2. Personal data collected upon the use of our blockchain-based services
The ReCheck mobile application is the tool that creates, stores, manages and restores the unique anonymous identity of the smartphone user and thus the mobile application is a mandatory component of the use of any of our blockchain-based services.
When installing the ReCheck mobile app, a unique blockchain identity is automatically created for you, as a user of the app. By default, this blockchain identity is anonymous, i.e. it cannot be linked to the user’s personal information.
However, by your own discretion, you have the opportunity to link your blockchain identity to your real identity, by additionally entering your name and other personal data. This is optional feature – you may take advantage of it, only if you wish to. The purpose of this feature is to increase the credibility of the transactions made and to contribute to more reliable legal consequences of the latter.
Along with the data in the preceding paragraphs, upon the installation of the ReCheck mobile app, a digital token is received from Google Play (resp. – Apple Store) and stored on ReCheck’s server. This digital token is used by us for the purposes of identification of the user’s device when sending push notifications.
Your personal data, obtained upon the use of ReCheck’s services, will be processed for one or more of the following purposes:
✓ Provision of the requested services;
✓ Backing up and restoring the unique blockchain identity;
✓ Provision of support, customer service and software updates;
✓ Sending invoices for the services used;
✓ Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
✓ Informing you about updates and improvements, potential risks and problems;
✓ Sending directly into the app push notifications regarding the services being used (e.g. notifications of received documents, pending actions of the user etc.).
PRIVACY BY DESIGN AND DATA SECURITY
In the course of development of our software services, personal data security takes place among our highest priorities. Here are some of the major advantages of our services in terms of data security:
3.1. Recheck uses decentralized login when users log in with their unique blockchain identity, which is being stored on their smartphone. In this way, users are the owners of their identity, which is anonymous. As explained above, they may or may not link this blockchain identity to their real identity.
3.2. When using our services, exchange of files is completely possible without collecting personal data neither of the sender, nor of the recipient. Files may be sent directly to the anonymous blockchain identity of the recipient. No email, phone, names or other personal information of the users to whom information is being sent is required.
3.3. In order to increase data security, we have introduced pseudonymization mechanism, by giving a nickname or a “handle” to each user.
3.4. All documents that a user shares through the ReCheck services are encrypted with a private key owned and stored only by this user. No passwords and usernames are stored on our servers. Without the personal key of the respective individual user, the uploaded documents cannot be read.
3.5. Users will have the option to register a hash of one document in a blockchain without uploading it to our server – the document remains locally on their machine. Hashing is a cryptographic technique that we use generates a unique string of characters that serves as a digital fingerprint of the respective document. In terms of data security, by its nature this is one of the most reliable encryption techniques.
LEGAL BASIS FOR DATA PROCESSING
We collect your data on grounds allowed by the European and Bulgarian legislation (esp. EU Regulation 2016/679, also known as the GDPR).
We collect and otherwise process your data on the following legal grounds:
4.1. Performance of a contract
As developer and operator of the Recheck blockchain-based services, Recheck collects and uses your personal data in order to deliver the requested software service to you and to keep you informed of any matters related to these services, including their functionality, the terms and pricing for your subscription, the processing of your payments etc.
We act as a party to an agreement for provision of online/software services – ReCheck being the service provider and the data subject – acting as the user of the said services. In this role, we process your data on the grounds of Article 6, para 1, “b” of GDPR, and namely: on the ground that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
4.2. Legitimate interest
We have legitimate interest to use that information of the current users of the ReCheck services for future marketing campaigns and to keep you informed of exciting future improvement, new features of the services etc.
In addition, we will store the data related to your payments and purchases in order to make sure that this information is available in case of official proceedings such as civil litigation (e.g. if we are sued for damages), administrative and criminal investigations (e.g. if we are audited by the tax authorities), consumer claims and disputes etc.
In all cases, when you are not a current user of the Recheck services, but you have subscribed to our newsletters and other bulletins, your email will be processed based on your consent.
You can revoke your consent for data processing at any time by writing a short email to us or by clicking on the “I don’t want to receive any more emails from ReCheck” button in every email you receive from us.
PERIOD FOR WHICH PERSONAL DATA IS STORED
Personal data of the users of our services is stored by Recheck for indefinite period of time.
You can request the termination of your account at any time, in which case we will delete from ReCheck systems all data relating to your blockchain identity (except from the hashes, which given the immutability of data in the blockchain network, cannot be erased).
However, certain personal data (in accordance to the principle of minimum data storage) may be transferred to and stored in our company’s archive for cases of possible court claims or administrative proceedings within a period of 5 years as of termination of your account.
AUTOMATIC COLLECTION OF INFORMATION VIA COOKIES
OTHER COMPANIES AND INDIVIDUALS RECEIVING YOUR INFORMATION
1, Payments and accounting
In order to process your payment, your payment data is be shared with our money transfer service providers.
An external accounting company will have access to any invoices and receipts, issued in relation to the use of the ReCheck services.
2. Marketing services and business development
For the purposes of email marketing champagnes, direct marketing and business development, your email address may be transferred to an external marketing agencies and/or other providers of such services. Online ID data (e.g. collected from website visits) may also be used and transferred for marketing purposes.
For such and similar purposes, personal data may also be transferred to RECHECK B.V., a related party to Recheck, registered in Netherlands.
4. Official authorities and legal advice
Your personal data may be transferred or made accessible to various state authorities /investigation and administrative authorities, tax authorities, court/ in relation to official proceedings, including court, administrative and investigation proceedings.
If necessary, in such or similar cases your data may also be made available to companies or individuals, providing the respective legal services and advice to ReCheck in the course of these proceedings.
Upon explicit request by the data subjects, we will gladly provide any additional information regarding the above-mentioned data recipients.
YOUR DATA OUTSIDE OF THE EU
If the recipients of your data are located outside of the EU, we will provide appropriate safeguards that your data is processed with care and diligence that would be required of any EU-based recipient.
Such transfers will be subject to binding corporate rules, standard data protection clauses adopted by the EU Commission, and other data protection mechanism that take into account your rights.
YOUR RIGHTS REGARDING DATA PROTECTION
According to GDPR уou have the right to:
· Right to access;
· Right to rectification;
· Right to erasure (right to be forgotten);
· Right to restrict processing;
· Right to data portability;
· Right to object against the processing;
· Right to withdraw consent at any time.
Right to access
You have the right to obtain access to the personal data held about you by your request; you also have the right to request a copy of the personal data undergoing processing.
Right to rectification
You have the right to ask for incorrect, inaccurate or incomplete personal data to be corrected;
Depending on the purposes of the processing, you may have the right to have incomplete personal data completed.
Right to erasure (right to be forgotten)
You have the right to request personal data to be erased when it’s no longer needed or if processing it is unlawful; Please note that Art. 17 of GDPR outlines the cases where we are obliged to erase your data. In some cases we would need to keep your data, even if erasure has been requested /for example for the purposes compliance with a legal obligation which requires processing by Union or Bulgarian Law/. You should also keep in mind, that given the immutability of data in the blockchain network, data posted on a the blockchain ledgers cannot be erased.
Right to restrict processing
Under certain circumstances you may have the right to request from us the restriction of processing your personal data. For example, you may exercise this right, when we no longer need your personal data for the purposes of the processing, but we still need to store it in our systems and use it for situations like exercise or defense of legal claims.
Right to data portability
Under certain circumstances you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.
Right to object against the processing
Under certain circumstances you may have the right to object against the processing of your personal data and we can be required to no longer process your personal data. You can exercise this right for example when we use your email address for direct marketing purposes – in such cases once you object, we will no longer be able to send you any marketing materials.
Right to withdraw consent
When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
How to exercise your rights:
To exercise your rights, you can contact us by email or by regular post, using the contact details in the beginning of this document. We will respond to your requests without undue delay and at the latest – within 1 month as of the date of its receipt.
Your written request under this Chapter can be filed on paper or electronically and should include:
· Your name;
· The email address by which you are registered in your personal account /optional, but highly recommendable/;
· Description of your request;
· Preferred communication channel /e.g. regular or electronic mail/;
· Signature /in case filed on paper/;
· Date of the request;
· Correspondence address;
· Power of Attorney – if filed on somebody else’s behalf.
* You may be asked to provide information to confirm your identity (such as clicking a verification link or providing a verification code) in order to exercise your rights.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Тhe Personal Data Protection Commission (PDPC) supervises how we handle your personal data. The PDCP is an independent government authority, which monitors the lawfulness of data processing activities.
All data subjects are entitled to bring a complaint before PDPC in regard to the processing of their personal – contact information and more about the procedure may be found at https://www.cpdp.bg/.
AUTOMATED DECISION MAKING
Your personal data will not be used for automated decision-making, including profiling.
POLICY FOR MISCONDUCT
We aim to ensure that the information, present on this website, is accurate and up to date. We cannot, however, accept any responsibility for any loss or inconvenience caused by reliance on any material contained in this site.
Right to modify Terms and Conditions
Copyright © 2017-2019, ReCheck BV. All Rights Reserved.
“ReCheck” is a registered trademark of ReCheck B.V. All trademarks, logos, designs and images used in connection with the ReCheck mobile application, website and services remain the property of ReCheck or their respective owners. If you have any queries regarding us, the website, application and/ or Services, please contact us by email at [email protected] or you can contact us by post at:
Brightlands Smart Services Campus
6411 CR Heerlen