Benme, UAB knows that our users value their privacy and protection of personal data highly. We take the matter or protecting personal data very seriously. Please take a minute to read our privacy notice.
2. What does our privacy notice include?
3. Controller of personal data
The controller of personal data collected via Benme Web Environments is Benme, UAB (Lithuanian Business Register Code 305709325), located in Vilnius, A. Rotundo g. 2-23. Contact information: [email protected], telephone +370 676 43122.
4. Automatically registered data
Over the course of using Benme Web Environments, the following data is registered automatically: the User’s IP address, the pages that the User visits, and actions such as making a purchase, clicking on a link, or interacting with our online environment in any way.
5. Why do we collect data?
We do not sell or rent User data to third parties. We collect data so that Users could employ services in the Benme Web Environment and accounting purposes. The data related to usage of Benme services is collected for auditing, compliance and for anonymized processing (analytics).
6. Personal data transmitted to Benme
Benme receives user’s personal data when the representative of the company (that the User works for) enters it into the Benme web environment. List of data that Benme processes, how it is classified, data retention period and how Benme acquires the data is provided below:
Employees' first and last name (personal data)
Processed to personalize the content for employee and employee's management. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee ID Processed for accounting purposes.
This data is provided by the Employer. The data is stored for up to 7 years for accounting purposes.
Employee email (personal data)
Processed to provide Benme services. This data is provided by the Employer. The data is stored for up to 7 years for accounting purposes.
Employee Birth date (personal data)
Processed for birthday gift options. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee hiring date (personal data)
Processed for anniversary gift options. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee bank account number (personal data)
Processed for receipt reimbursement purposes. This data is provided by the Employee during receipt upload. The data is stored in Benme system only if given explicit consent.
Information about employee’s purchases (personal data)
Processed for accounting purposes. The data is stored for up to 7 years for accounting purposes.
7. Where is Users’ personal data stored and how is it transmitted?
The personal data collected via Benme web environment is not transmitted to countries outside the European Union or to countries that lack personal data protection legislation in compliance with the standards of the European Union. Data is stored in servers located in a European Union member state.
You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under Google Analytics Opt-out Browser Add-on Download Page . You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website: Disable Google Analytics.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
9. How is the User’s personal data protected?
User’s accounts in Benme Web Environment are protected by passwords for ensuring safety and privacy. Be careful as a User and do not give out your password to third parties, do not use passwords that are not easily guessed, and avoid using the same password in several web services. Do not leave your Benme account logged in in unfamiliar devices. Benme data requests are encrypted. Within the company, we employ reasonable technical and organizational administrative solutions for transmitting personal data between employees and cooperation partners. Though we try our hardest and work towards keeping the User’s personal data protected and transmitting it safely every single day, we would like to remind you that transmitting information online is never 100% safe. Our website contains links to other websites that may or may not be our partners. Benme does not guarantee nor is it responsible for the way these websites handle personal data. Should the User move onto other webpages through the links, the User must first specify the privacy settings of those pages. The same procedure applies to logging in through social media or using social media sharing buttons/links.
10. Duration of the storage of personal data
The data is stored until the User has a Benme Web Environment account or in instances when data storage is required by legislation (such as the Accounting Act). After the User or his employer has deleted the account, the User’s data concerning products and services is made anonymous and used for analytic purposes. The data of deleted Users are removed from spare copies and logs within 90 days after deletion. The User’s history of purchases is stored, and it remains accessible to the Suppliers from whom the product and service has been purchased, and the companies whose benefits compensation has been used. However, this data is separated from the user account and all other personal data. If the company cancels Benme subscription (terminates the supply of services from benme to the company), all the company’s employee's data will be anonymized or deleted within 30 days, leaving only the data that is necessary for accounting purposes.
11. Correction and deletion of data
The User reserves the right to demand access, correction, and deletion of the data always collected with the User’s consent. In addition to that, the User has the right to stop unlawful data processing, withdraw consent, or to demand the transfer of the personal data. These procedures can be carried out by sending signed requests to [email protected] It must be considered that it is not possible to use the Benme Web Environment, either personal or uploaded by the employer once the User decides to disallow processing personal data or requests it to be deleted or transferred. Another aspect that must be considered is that data cannot be deleted in its entirety because it may be stored on grounds other than the User’s consent. For example, your purchase history cannot be deleted because it is stored in compliance with the requirements of the Accounting Act. If Benme deleted your User Account owing to a breach of the user agreement, you have the right to demand the deletion of your personal data by sending an e-mail to [email protected] . Benme processes all such claims independently and informs the user of if the claim will be satisfied.
12. Forwarding direct marketing messages
If the User has consented to receive messages about suppliers' products and services as well as news, Benme will oversee forwarding the corresponding messages. Neither Users’ personal data nor contact information is transmitted to Suppliers for the purpose of direct marketing. If the User does not wish to receive direct marketing messages, the User can choose to stop receiving them by visiting the settings section of the Users Benme Web Environment and alternating the settings of how and which messages the User would like to receive. Links for unsubscribing are also included in all the newsletters and direct marketing messages we send out.
13. Third party data processors
Benme, as the Data Processor, acknowledges that in the provision of some services, we may transfer the Personal Data that we control to and otherwise interact with third-party data processors. We agree that if and to the extent such transfers occur, we are responsible for entering into separate contractual arrangements with such third-party data processors binding them to comply with obligations in accordance with Data Protection Requirements. For avoidance of doubt, such third-party data processors are not sub-processors.
14. Alterations to the Privacy Notice
Benme develops, legislation changes, and life goes on. From time to time we may find it necessary to make alternations to this privacy notice. We will notify our Users of such alterations via the web site or e-mail.
15. Data protection officers
You may contact the data protection officer of Benme via e-mail at [email protected] after communicating with our data protection officer the User feels that Benme does not fulfill the obligation of personal data protection with the required diligence and does not act in accordance with the present privacy notice, then you may inform the Lithuanian Data Protection Inspectorate, located in Vilnius, at Liudo Sapiegos street 17, 10312, and may be found online at https://vdai.lrv.lt/
16. Measures taken to protect your data
Benme employs multiple practices and policies to protect the data we control or process:
Data encryption in transit: We use secure (HTTPS or analogous) connections to transmit data between services or service providers.
Data encryption at rest: The data stored by Benme is encrypted during rest (when it is stored in durable storage).
Benme employs some of the best industry practices for its secure microservice design to minimize potential threat vectors. These policies include using secure connections that are internet-facing wherever possible and limiting exposed networking ports to only those absolutely needed for the service to function.
Benme employs mechanisms to automatically mitigate brute force and other suspicious login attempts.
Data is automatically deleted when it is no longer needed and only minimal data is retained for accounting purposes.
Benme employs an access rights management policy so that only employees who work directly with customers or users have access to this data.
Benme employs a policy requiring employees to follow OWASP guidelines for strong passwords, meaning that every Benme employee must only use passwords that are considered secure by OWASP standards for password management.
Benme employs a policy not to make physical copies of any documents containing user or customer information unless required by law. If a copy is made, Benme requires all its employees to destroy it after it is no longer needed.