Privacy policy and terms of use

INTRODUCTION

This Privacy Policy contains basic information regarding the processing of personal data, obtained:
1. At https://recheck.io and any subdomains of the latter (hereinafter briefly referred to as “our Website”)
2. By using the ReCheck mobile application

This version of ReCheck’s Privacy Policy has been drafted in accordance with the requirements of the General Data Protection Regulation – GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council).
Bellow in this document we will explain how we take care of your personal data both in the cases when you use ReCheck’s blockchain-based services and, as well as that, when you provide us with your contact details for the purposes of communication and various subscriptions.

Chapter 1.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

We are ReCheck OOD, a company registered in Bulgaria under company number 204305695, having its seat and management address 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria /hereinafter in this Policy briefly referred to as “ReCheck” or/and “the Controller”/.

We are the controller of your personal data and, as such, we are responsible for processing and storing your data in a fair, transparent, and secure manner, taking into account your best interest.

Contact details:
If you need to get in touch with us, below you will find our contact details.
In the next chapters of this Privacy Policy you will find detailed information about your rights as data subjects and also – instructions that will ease the submission of your access requests.
Email: [email protected]
Correspondence address: 41 Shesti Septemvri Str., Entr. B, 7012 Ruse, Bulgaria

Chapter 2.
PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA

2.1. Personal data collected via the contact form on our Website
By using the contact forms on our Website, you can enter your email address, which we will process for one or more of the following purposes:
✓ Registration for early adoption of ReCheck’s products and services on preferential terms;
✓ Subscription to our newsletter;
✓ Subscription for special offers for loyal customers;
✓ Provision of support, customer service and software updates, improvements and potential risks and problems
✓ Communicating with you regarding subscription plans, service rates;
✓ Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
✓ Sending you invoices for the services that you used;
✓ Informing you about updates in our terms of service, this Privacy Policy and/or other relevant documents;
✓ Sending evaluation forms, by which you could rate your satisfaction and user experience and send us your recommendations for improvement and new features;
✓ Direct email marketing.

2.2. Personal data collected upon the use of our blockchain-based services

The ReCheck mobile application is the tool that creates, stores, manages and restores the unique anonymous identity of the smartphone user and thus the mobile application is a mandatory component of the use of any of our blockchain-based services.

When installing the ReCheck mobile app, a unique blockchain identity is automatically created for you, as a user of the app. By default, this blockchain identity is anonymous, i.e. it cannot be linked to the user’s personal information.

However, by your own discretion, you have the opportunity to link your blockchain identity to your real identity, by additionally entering your name and other personal data. This is optional feature – you may take advantage of it, only if you wish to. The purpose of this feature is to increase the credibility of the transactions made and to contribute to more reliable legal consequences of the latter.

Along with the data in the preceding paragraphs, upon the installation of the ReCheck mobile app, a digital token is received from Google Play (resp. – Apple Store) and stored on ReCheck’s server. This digital token is used by us for the purposes of identification of the user’s device when sending push notifications.

Your personal data, obtained upon the use of ReCheck’s services, will be processed for one or more of the following purposes:
✓ Provision of the requested services;
✓ Backing up and restoring the unique blockchain identity;
✓ Provision of support, customer service and software updates;
✓ Sending invoices for the services used;
✓ Sending essential information of the blockchain network and the technical infrastructure for hash and data storage;
✓ Informing you about updates and improvements, potential risks and problems;
✓ Sending directly into the app push notifications regarding the services being used (e.g. notifications of received documents, pending actions of the user etc.).


Chapter 3.
PRIVACY BY DESIGN AND DATA SECURITY

In the course of development of our software services, personal data security takes place among our highest priorities. Here are some of the major advantages of our services in terms of data security:
3.1. Recheck uses decentralized login when users log in with their unique blockchain identity, which is being stored on their smartphone. In this way, users are the owners of their identity, which is anonymous. As explained above, they may or may not link this blockchain identity to their real identity.
3.2. When using our services, exchange of files is completely possible without collecting personal data neither of the sender, nor of the recipient. Files may be sent directly to the anonymous blockchain identity of the recipient. No email, phone, names or other personal information of the users to whom information is being sent is required.
3.3. In order to increase data security, we have introduced pseudonymization mechanism, by giving a nickname or a “handle” to each user.
3.4. All documents that a user shares through the ReCheck services are encrypted with a private key owned and stored only by this user. No passwords and usernames are stored on our servers. Without the personal key of the respective individual user, the uploaded documents cannot be read.
3.5. Users will have the option to register a hash of one document in a blockchain without uploading it to our server – the document remains locally on their machine. Hashing is a cryptographic technique that we use generates a unique string of characters that serves as a digital fingerprint of the respective document. In terms of data security, by its nature this is one of the most reliable encryption techniques.

Chapter 4.
LEGAL BASIS FOR DATA PROCESSING

We collect your data on grounds allowed by the European and Bulgarian legislation (esp. EU Regulation 2016/679, also known as the GDPR).
We collect and otherwise process your data on the following legal grounds:

4.1. Performance of a contract
As developer and operator of the Recheck blockchain-based services, Recheck collects and uses your personal data in order to deliver the requested software service to you and to keep you informed of any matters related to these services, including their functionality, the terms and pricing for your subscription, the processing of your payments etc.
We act as a party to an agreement for provision of online/software services – ReCheck being the service provider and the data subject – acting as the user of the said services. In this role, we process your data on the grounds of Article 6, para 1, “b” of GDPR, and namely: on the ground that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.

4.2. Legitimate interest
We have legitimate interest to use that information of the current users of the ReCheck services for future marketing campaigns and to keep you informed of exciting future improvement, new features of the services etc.
In addition, we will store the data related to your payments and purchases in order to make sure that this information is available in case of official proceedings such as civil litigation (e.g. if we are sued for damages), administrative and criminal investigations (e.g. if we are audited by the tax authorities), consumer claims and disputes etc.

3. Consent
In all cases, when you are not a current user of the Recheck services, but you have subscribed to our newsletters and other bulletins, your email will be processed based on your consent.
You can revoke your consent for data processing at any time by writing a short email to us or by clicking on the “I don’t want to receive any more emails from ReCheck” button in every email you receive from us.

Chapter 5.
PERIOD FOR WHICH PERSONAL DATA IS STORED

Personal data of the users of our services is stored by Recheck for indefinite period of time.
You can request the termination of your account at any time, in which case we will delete from ReCheck systems all data relating to your blockchain identity (except from the hashes, which given the immutability of data in the blockchain network, cannot be erased).
However, certain personal data (in accordance to the principle of minimum data storage) may be transferred to and stored in our company’s archive for cases of possible court claims or administrative proceedings within a period of 5 years as of termination of your account.

Chapter 6.
AUTOMATIC COLLECTION OF INFORMATION VIA COOKIES

We may also collect personal data via cookies. For more details, please consult our cookie policy.

Chapter 7.
OTHER COMPANIES AND INDIVIDUALS RECEIVING YOUR INFORMATION

1, Payments and accounting
In order to process your payment, your payment data is be shared with our money transfer service providers.
An external accounting company will have access to any invoices and receipts, issued in relation to the use of the ReCheck services.

2. Marketing services and business development
For the purposes of email marketing champagnes, direct marketing and business development, your email address may be transferred to an external marketing agencies and/or other providers of such services. Online ID data (e.g. collected from website visits) may also be used and transferred for marketing purposes.
For such and similar purposes, personal data may also be transferred to RECHECK B.V., a related party to Recheck, registered in Netherlands.

4. Official authorities and legal advice
Your personal data may be transferred or made accessible to various state authorities /investigation and administrative authorities, tax authorities, court/ in relation to official proceedings, including court, administrative and investigation proceedings.
If necessary, in such or similar cases your data may also be made available to companies or individuals, providing the respective legal services and advice to ReCheck in the course of these proceedings.
Upon explicit request by the data subjects, we will gladly provide any additional information regarding the above-mentioned data recipients.

Chapter 8.
YOUR DATA OUTSIDE OF THE EU

If the recipients of your data are located outside of the EU, we will provide appropriate safeguards that your data is processed with care and diligence that would be required of any EU-based recipient.
Such transfers will be subject to binding corporate rules, standard data protection clauses adopted by the EU Commission, and other data protection mechanism that take into account your rights.

Chapter 9.
YOUR RIGHTS REGARDING DATA PROTECTION

According to GDPR уou have the right to:
· Right to access;
· Right to rectification;
· Right to erasure (right to be forgotten);
· Right to restrict processing;
· Right to data portability;
· Right to object against the processing;
· Right to withdraw consent at any time.

Right to access
You have the right to obtain access to the personal data held about you by your request; you also have the right to request a copy of the personal data undergoing processing.

Right to rectification
You have the right to ask for incorrect, inaccurate or incomplete personal data to be corrected;
Depending on the purposes of the processing, you may have the right to have incomplete personal data completed.

Right to erasure (right to be forgotten)
You have the right to request personal data to be erased when it’s no longer needed or if processing it is unlawful; Please note that Art. 17 of GDPR outlines the cases where we are obliged to erase your data. In some cases we would need to keep your data, even if erasure has been requested /for example for the purposes compliance with a legal obligation which requires processing by Union or Bulgarian Law/. You should also keep in mind, that given the immutability of data in the blockchain network, data posted on a the blockchain ledgers cannot be erased.

Right to restrict processing
Under certain circumstances you may have the right to request from us the restriction of processing your personal data. For example, you may exercise this right, when we no longer need your personal data for the purposes of the processing, but we still need to store it in our systems and use it for situations like exercise or defense of legal claims.

Right to data portability
Under certain circumstances you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.

Right to object against the processing
Under certain circumstances you may have the right to object against the processing of your personal data and we can be required to no longer process your personal data. You can exercise this right for example when we use your email address for direct marketing purposes – in such cases once you object, we will no longer be able to send you any marketing materials.

Right to withdraw consent
When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise your rights:

To exercise your rights, you can contact us by email or by regular post, using the contact details in the beginning of this document. We will respond to your requests without undue delay and at the latest – within 1 month as of the date of its receipt.

Your written request under this Chapter can be filed on paper or electronically and should include:
· Your name;
· The email address by which you are registered in your personal account /optional, but highly recommendable/;
· Description of your request;
· Preferred communication channel /e.g. regular or electronic mail/;
· Signature /in case filed on paper/;
· Date of the request;
· Correspondence address;
· Power of Attorney – if filed on somebody else’s behalf.

* You may be asked to provide information to confirm your identity (such as clicking a verification link or providing a verification code) in order to exercise your rights.

Chapter 10.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Тhe Personal Data Protection Commission (PDPC) supervises how we handle your personal data. The PDCP is an independent government authority, which monitors the lawfulness of data processing activities.
All data subjects are entitled to bring a complaint before PDPC in regard to the processing of their personal – contact information and more about the procedure may be found at https://www.cpdp.bg/.

Chapter 11.
AUTOMATED DECISION MAKING
Your personal data will not be used for automated decision-making, including profiling.

Chapter 12.
NOTIFICATION OF CHANGES TO THIS PRIVACY POLICY

You will be notified by email for any changes of this Privacy Policy and you will be able to object to any such changes. The changes can also be communicated to you, when you visit our website.

 

POLICY FOR MISCONDUCT

We aim to ensure that the information, present on this website, is accurate and up to date. We cannot, however, accept any responsibility for any loss or inconvenience caused by reliance on any material contained in this site.
ReCheck.io and The ReCheck mobile phone application promote product and document authenticity and strongly advise against the upload of fake data, facts from untrusted sources or any information that contradicts with the product or documents related legitimacy. We reserve the right to deny access to services, to flag or to limit functionalities for users that are in breach our Privacy Policy. Regulations will generally apply for publishing false or misleading information, for claiming products that are not owned by users, or for publishing image materials that do not represent the actual items they visualize.

 

LIABILITY POLICY

By the applicable law, ReCheck does not assume any responsibility or liability for any indirect or exemplary damages including (but not limited to): income or revenue loss, data loss, omissions, malfunctions, any bug or malware related technical. issues. We provide users with the option of subscription for our website with the intent to keep them updated for any new services we may provide, news and updates for our mobile application or changes to current Terms of use and Privacy policy. Should users decide to unsubscribe and now longer receive updates for our website, product or services, users can do so at their will. In accordance with the Data Erasure regulation, we are obliged to delete every record and entry of users who opted to unsubscribe. ReCheck takes all necessary measures to be compliant with the General Data Protection Regulation introduced by the European Commission, within the European Union. We DO NOT own any of the information or personal data provided by the users related to the usage of the website or the ReCheck mobile application.

This Privacy Policy does not apply to websites which are owned and operated by someone else that are accessible through the ReCheck website. Other websites apply their own privacy policies and, use and disclosure practices, which we are not responsible for. Users are advised to read their policies carefully.

 

Right to modify Terms and Conditions

ReCheck reserves the right, at its sole discretion, to change, modify, add or remove portions of these Terms of Use, at any time. It is your responsibility to check these Terms of Use periodically for changes. Your continued use of the ReCheck.io website following the posting of changes will mean that you accept and agree to the changes. As long as you comply with these Terms of Use, ReCheck grants you a personal, non-exclusive, non-transferable, limited privilege to enter and use the ReCheck.io website.

 

Copyright

Copyright © 2017-2019, ReCheck BV. All Rights Reserved.

“ReCheck” is a registered trademark of ReCheck B.V. All trademarks, logos, designs and images used in connection with the ReCheck mobile application, website and services remain the property of ReCheck or their respective owners. If you have any queries regarding us, the website, application and/ or Services, please contact us by email at [email protected] or you can contact us by post at:

 

ReCheck BV
Urmonderbaan22
Gate 2
6167RD Geleen,
Netherlands