top of page

Privacy Policy

PRIVACY POLICY OF THE BENME, UAB

 

1. Introduction

Benme, UAB (hereinafter “Company” or “we”) respects your privacy and is committed to protecting it through compliance with this Privacy policy (hereinafter “Privacy policy”).

In the Privacy Policy, we explain how we process the Personal data of our clients (“you”) when you use the Company website, when you communicate with us by phone, e-mail, social media and otherwise. 

In this Privacy policy we provide information on how we process clients’ Personal data while carrying out the Company’s business, concluding and executing agreements, and providing services. 

We commit ourselves to be transparent with you by providing clear information about what Personal data we process, the purpose of the processing, the retention period of the Personal data as well as the legal basis for the processing, your rights, and other information that we are required to provide under applicable legislation.

If you use the Website, it means you have read this Privacy policy and understood the purposes, methods, and procedures for processing your Personal data specified herein. If you do not agree with the Privacy policy, do not use the Website.

 

2. Definitions

Company (or we / us) Benme, UAB, legal entity code 305709325, registered office address A. Rotundo str. 2-23, LT-01400 Vilnius, Republic of Lithuania, email support@benme.io.

Consent of the data subject any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of Personal data relating to him.

Data controller a natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of Personal data. In this Privacy policy, the Data controller is the Company.

Data processing any operation or set of operations performed with Personal data carried out with or without automated means, such as collection, registration, organization,                                                    structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, distribution or otherwise making available, alignment or  combination, restriction, erasure, or destruction.
 

Data processor a natural or legal person, public authority, agency, or other body which processes Personal data on behalf of and for the account of the Data controller.

Data recipient means a natural or legal person, public authority, agency, or another body, to which the Personal data are disclosed, whether a third party or not.


Data subject (or you) An identified or identifiable natural person whose Personal data are being processed. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as his or her name, identification number, location, online identifier, or one or more factors specific to the physical, physiological, genetic, religious, economic, cultural, or social identity of that natural person.
 

Direct marketing an activity aimed at offering goods or services by post, telephone, or other direct means and/or inquiring about their opinion on goods or services offered.


Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


Personal data any information relating to an identified or identifiable natural person.


Website the Company's website https://www.benme.io/

Other terms shall have the meanings assigned to them and defined in the Regulation.

3. The legal basis of the processing of Personal data in the Company

The Company collects and processes Personal data in compliance with European Union legal acts which regulate the protection of Personal data.   

The Company process your Personal data on these bases:

Data subjects’ consent.

Which is expressed by your active actions, when you contact us and provide Personal data, or by other proactive actions. When we have your consent, we send information about our services, proposals, and advertising for consumers or client’s businesses, and organizations and we collect information on whether the information we send is relevant. 

We collect the data regarding newsletter interaction (whether the newsletter was read, when it was read, how many times it was read (or opened), whether it was forwarded to someone, what operating system was used, what email server was used, including server location).

For pursuing the legitimate interests of the Company.

To monitor and guarantee the proper functionality of the Website, for instance. When the Company conducts its own operations. To protect the Company's rights, for instance, to guarantee the collection of debts and other fees.  

For the conclusion, execution, management, and modification of agreements, contracts, and other comparable documents. 

To comply with legal obligations imposed by legal acts applicable to the Company and to safeguard your or another individual's vital interests.

 

4. The objectives and scope of the processing of Personal data in the Company

The Company is committed to ensuring that Personal Data is processed accurately, lawfully, and only for the purposes for which it was collected. Personal data shall only be processed for the explicit and lawful purposes outlined in the applicable legislation.

The Company processes your Personal data for these objectives:

  • For the conclusion and performance of the agreement.

We are processing your Personal data in order:

- to conclude the agreement with you;

- to supervise the performance of the agreement;

- to manage the payments under the agreement;

  • The legitimate interests of the Company.

The data we are processing under this objective: 

- to ensure legal requirements, including a collection of the debts applying out-of-court dispute settlements procedures;

- to protect against lawsuits, legal demands and claims; 

- Personal data processed for prevention of fraud, misuse of the services or money laundering and damage to your physical safety;

- to secure information systems and our network;

- to ensure convenient and friendly use of the equipment and services of the Company. 

  • The legal requirements applicable to the Company.

In instances where the processing of Personal data is mandated by legal acts of the European Union, the legal obligation to process Personal data applies. The information we process for this purpose:

- by issuing invoices and other financial documents on goods and services;

- to ensure the truthful implementation of the taxation obligations, issuing accounting documentation and declaration to the government institutions;

- when you purchase or order services from us, we are obliged to be able to issue and administer finance documents, such as invoices. 

  • Direct marketing.

We process your Personal data in order to provide you with general and personalized offers (including offers from our partners) and other information. We can send you notifications, offers, and other information via social networks, e-mail and SMS. To select notifications and offers to be sent to you, to better understand your needs, to improve your experience while using our services, to automate the use of marketing tools for the most effective customer engagement, to expand the range of services we offer, and to continually improve them, and to provide you with relevant, interesting, and useful offers and other information about our services, we analyze data relating to customers' behavior on the Website, patterns of service use, and demographic information. We use sophisticated data analytics tools based on automated data analysis for these purposes.

The Company processes your Personal data for Direct Marketing purposes only after receiving permission for such processing, i.e., when you order services or confirm your consent to receive our newsletter. You can unsubscribe from our marketing communications at any time by selecting the link at the bottom of our emails.

  • Due to the objective of the scope of processing your Personal data by the Company.

For the objective of direct marketing, we process your Personal data:

- name, surname (only if you submit the surname);

- email address, telephone number, and address; 

- Newsletter interaction (whether the newsletter was read, when it was read, how many times it was read (or opened), whether it was forwarded to someone, what operating system was used, what email server was used, including server location).

  • For the objective of concluding and performing the agreement, the Company receives your personal data when the representative of the company (that you are working for) enters it into the Website, we process your Personal data:

- name, surname;

- ID;

- bank account number;

- birth date;

- hiring date;

- Information about employee’s purchases;

- other contact details: email address and telephone number;

- IP address;

  • Under the legitimate interest we process the data about your device.

- the information that you provide when you are browsing our website.

- IP address and device type;

- the screen resolution and the operating system of your device and (if you choose to share information with us) your location and information on how you browse the Website.

 

5. Children’s personal information 

If a user suspected of being younger than 18 years old submits personal information, we will remove the information as soon as possible. Please inform us if you are aware of any individuals under the age of 18 who are using the Site, so we can take steps to prevent their access.

 

6. The sources of data obtained and processed by the Company

We receive your Personal data from you when we enter into an agreement with you or when you use the Website. We will not enter into an agreement with you or provide you with any of our products if you do not provide us with all the required information.

  • When you communicate with the Company, we receive the data from you:

- When you use the Company’s services or products;

- When you have a legal relationship with the Company;

- When you are ordering the newsletters;

- When you submit your request for information.

  • We process your Personal data when we receive the data from legitimate sources:

- Public registers;

- Government information systems; 

- Parties of the agreement and contracting partners (the data about the representatives and employees); 

- Public professional social media;

- Public databases, public social networks;

- Third persons;

- Other legal sources.

 

7. Retention period of processing Personal data in the Company

We collect and process your Personal data no longer than it is necessary to implement the purposes for which the data was collected or for a period to be determined by applicable law. 

  • We determine the Personal data storage period based on the following principles:

- how long such information is needed for the objectives for which it was collected and processed;

- how long such information is needed for us to comply with the legal requirements applicable to us;

- how long is such information needed for us to comply with our obligations under the agreement;

- how long you allow us (with your consent or otherwise) to use such information about you.  

With your consent, for the purpose of Direct marketing, the Personal data will be stored until you reject the subscription, but no longer than 2 (two) years after the agreement expires. 

If the agreement was concluded, your Personal data will be stored for 10 (ten) years after the agreement expires or is terminated. 

If the agreement provides for a warranty period that exceeds the processing term of 10 (ten) years, then all Personal data relating to the agreement will be stored until the warranty period expires.

If the agreement is required during the court proceedings, due to which the specified processing period of 10 (ten) years is extended, then all Personal data related to the concluded agreement will be processed for 1 (one) year from the final decision of the relevant institutions. 

If the agreement was not concluded, your Personal data won’t be stored for the purpose of performing the agreement, however, the data may be stored under the consent or other legitimate basis. If your Personal data has been transferred to us by your employer, your first and last name, birth date, and hiring date will be deleted after you’re removed from the Company’s system.   

We will process your data related to your payments for a maximum of 10 (ten) years from the date of the transaction or the expiration of the agreement (depending on whichever is later).

We will process the data of your communication with us history, for example, communication by email or telephone. Such communication data for this purpose will be stored for a maximum of 4 (four) years from the date of the last communication event.

After you have deleted the account, your data concerning products and services is made anonymous and used for analytic purposes. Such Personal data are removed from spare copies and logs within 90 days after deletion. Your history of purchases is stored, and it remains accessible to the suppliers from whom the product and service has been purchased, and the companies whose benefits compensation has been used. However, this data is separated from the user account and all other Personal data. If the company cancels Company subscription (terminates the supply of services from the Company to the company), all the company’s employee's data will be anonymized or deleted within 30 days, leaving only the data that is necessary for accounting purposes. 

Information about your device. The information that you provide when you are browsing our Website, including the IP address and device type, the screen resolution and the operating system of your device, and (if you choose to share information with us) your location and information on how you browse the Website. For this purpose, we will store your data for a maximum of 2 (two) years from the last connection to our Website.  

 

8. The cases and grounds for transfer and disclosure of Personal data to the third parties 

Since our goal is to earn and maintain your trust, we will only transfer your Personal data when necessary. Your Personal data will not be disclosed to third parties without your prior consent, except as described below.

  • We can disclose your Personal data to:

- auditors, financial and legal advisers;

- companies providing courier services;

- processors, such as an archiving company;

- the company we use to send newsletters, systems maintenance companies, and other similar companies;

- banks or payment service providers;

- public authorities and law enforcement agencies;

- companies for the purposes of debt management or debt recovery;

- To Our business partners who are providing the services for you and where it is necessary for the fulfilment of the agreement and the efficient performance of the services by Us;

- data protection officer service providers. 

In order to secure appropriate security lever, in such a manner that processing Personal data will meet the requirements of the Regulation and ensure the protection of the rights of the Data subject which data is processed, we are cooperating only with those service providers who are obliged to implement necessary technical and organizational measures.  

 

9. Jurisdiction and territory of the processed Personal data

We process your Personal data in the territory of the European Union, except for the exceptions below. We have no intention to transfer, and we are not transferring your Personal data to third countries.  

Please note that some of the data we collect when you are browsing our Website, or data generated by visiting our Website, may be transferred or available to the companies acting only in the European Economic Area (EEA).

 

10. The security of data processed by the Company

To ensure the security of your data, we take the necessary organizational and technical measures. The data is stored securely and is only accessible to those who require it to fulfill their responsibilities and duties. We also require our business partners to implement the necessary technical and organizational measures to protect your data.  

We take the following steps to protect your personal data:

- Data encryption in transit: We use secure (HTTPS or analogous) connections to transmit data between services or service providers;

- Data encryption at rest: The data stored by the Company is encrypted during rest (when it is stored in durable storage);

- The Company employs some of the best industry practices for its secure microservice design to minimize potential threat vectors. These policies include using secure connections that are internet-facing wherever possible and limiting exposed networking ports to only those absolutely needed for the service to function;

- The Company employs mechanisms to automatically mitigate brute force and other suspicious login attempts;

- Personal data is automatically deleted when it is no longer needed and only minimal data is retained for accounting purposes;

- The Company employs an access rights management policy so that only employees who work directly with customers or users have access to this data;

- The Company employs a policy requiring employees to follow OWASP guidelines for strong passwords, meaning that every Company employee must only use passwords that are considered secure by OWASP standards for password management;

- The Company employs a policy not to make physical copies of any documents containing your Personal data information unless required by law. If a copy is made, the Company requires all its employees to destroy it after it is no longer needed.

 

11. Data subject’s rights 

You as the Data subject have the rights under the Regulation and law and you can freely exercise your rights. In this Privacy policy, we are delivering your rights guaranteed to you by Regulation and the main ways to implement your rights.  

Your rights

- The right to obtain information regarding processing Personal data:

- At the moment when we collect your data, we provide you with information regarding processing your Personal data. You can always find the information on how we process your Personal data in this Privacy policy or by submitting your request by email support@benme.io.

The right to access data processed:

- You have the right to access the Personal data and obtain confirmation from us on how we process your Personal data, including the basis for processing data, categories, data processors, and other information. We will provide a copy of your data. You have the right to obtain your Personal data in a structured, commonly used, and computer-readable format. However, you will not be able to exercise this right in cases where it may adversely affect the rights and freedoms of third persons. We have the right to refuse to provide the data we process if there are legal grounds set out in the law under which the Personal data are not provided.

The right to rectify your Personal data:

- You have the right to rectify or modify, amend, or correct your Personal data. 

The right to request the erasure (right to be forgotten):

You can exercise this right when: 

- the Personal data are no longer necessary in relation to the objectives for which they were collected or otherwise processed;

- You withdraw consent and there is no other legal ground for the processing;

- You object to the processing pursuant to our legitimate interest or third-party interest;

- data is processed for direct marketing purposes;

- the Personal data have been unlawfully processed;

Personal data must be erased in accordance with the requirements of the law that applies to us. Due to certain exceptions, you will not always be able to exercise your right to be forgotten. These exceptions encompass situations in which the processing of Personal data is required to:

- for exercising the right of freedom of expression and information;

- for compliance with our legal obligation;

- for the establishment, exercise, or defense of legal claims.

Right to restriction of your Personal data processing

You can exercise this right:

- when you challenge data accuracy;

- when Personal data is processed unlawfully, however, you don’t want to delete your Personal data; 

- when there is no need to process your Personal data, however, you request data in order to establish, exercise, or defend legal claims. 

- When you restrict processing your Personal data based on our or third-party legitimate interest, the data will be processed until the ground of your restriction is verified.   

We must point out, that because of the restriction of data processing, during the period of such restriction, we may be continuing to store your data, without processing data, except: 

- for the establishment, exercise, or defense of legal claims;

- to protect the rights of natural or legal persons;

- for important reasons of public interest.

Right to object to data processing

You have the right to object to Personal data processing when Personal data is processed based on our legitimate interests. To exercise the right specified in this paragraph, please submit a written request by email support@benme.io

Right to object to data processing, when direct marketing is the basis for processing.

When you withdraw your consent to process your Personal data for direct marketing purposes, we won’t process data based on your consent for this purpose. 

Right to data portability

You can exercise this right when we process your data by automated measures (computers, etc.) and the legal basis for processing is:

- Your consent;

The performance of the agreement or our actions made with your request before concluding the agreement.   

With your request and where technically possible we will move your data to another data controller.

Right to withdraw the consent to process your Personal data 

In those cases, where we process your data based on your consent, you have the right to withdraw your consent at any time, and data processing based on your consent will be stopped. Withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal.

Right to lodge a complaint to the supervisor authority. 

If you think that we process your data in breach of the requirements of Personal data protection legal acts, we always ask that you contact us directly first. If you are not satisfied with a problem solution, you will have the right to lodge a complaint with the State Data Protection Inspectorate (www.vdai.lrv.lt), address L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania, phone (8 5) 271 2804, 279 1445, fax. (8 5) 261 9494, e-mail ada@ada.lt).

12. Company contacts and communication methods

If you have any questions about how we process data or if you will have any requests or remarks, please contact us by email support@benme.io.

 

13. Examination procedure of requests

To protect our client’s Personal data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity. 

In those cases, when you or your employer didn’t provide us with your Personal data or you don’t have an account to verify your identity, we may ask you to indicate relevant data (e.g., name, date of birth, e-mail address, or telephone number). In the performance of this verification, we may also send a control notification at the last contact (SMS or email), asking to take authorization action, we may also request additional documents or data. If the verification procedure fails, we will be forced to state that you are not the Data subject of the requested data, and we will have to reject your request.

Upon receipt of your request regarding the implementation of any of your rights and have successfully completed the above-mentioned verification procedure, we will inform you of the actions we took in response to your request without undue delay, but no later than one month after receipt of your request and completion of the verification procedure. Regarding the complexity and quantity of requests, we reserve the right to extend the one-month period by two months, notifying you before the end of the first month and providing justification for the extension.

If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g., due to a particularly large scope of information) or when you request us to answer you in some other way.

We reserve the right to deny your request with a reasoned written response in accordance with the conditions and grounds specified in legal acts. We will provide you with information at no cost; however, if your requests are manifestly unfounded or disproportionate, especially due to their repetitive nature, we may charge a reasonable fee to cover administrative costs or refuse to act on your request.

 

14. Final provisions

We reserve the right to periodically update this Privacy policy to accurately reflect how we handle your Personal data. 

If we make substantial changes, we will notify you by publishing them on the Website or by other methods, such as email, so that you can review the changes before accessing our Website. 

If any provision of the Privacy policy is determined to be invalid or unenforceable, this does not affect the legality and enforceability of the remaining provisions.

Privacy policy is effective as of 08 04 2024.

bottom of page