Benme, UAB knows that our users value their privacy and protection of personal data highly. We take the matter or protecting personal data very seriously. Please take a minute to read our privacy notice.
2. What does our privacy notice include?
3. Controller of personal data
The controller of personal data collected via Benme Web Environments is Benme, UAB (Lithuanian Business Register Code 305709325), located in Vilnius, A. Rotundo g. 2-23. Contact information: [email protected], telephone +370 676 43122.
4. Automatically registered data
Over the course of using Benme Web Environments, the following data is registered automatically: the User’s IP address, the pages that the User visits and actions the Users performs in our online environment.
5. Why do we collect data?
We do not sell or rent User data to third parties. We collect data so that Users could employ services in the Benme Web Environment and accounting purposes. The data related to usage of Benme services is collected for auditing, compliance and for anonymized processing (analytics).
6. Personal data transmitted to Benme
Benme receives user’s personal data when the representative of the company (that the User works for) enters it into the Benme web environment. List of data that Benme processes, how it is classified, data retention period and how Benme acquires the data is provided below:
Employees' first and last name (personal data)
Processed to personalize the content for employee and employee's management. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee ID Processed for accounting purposes.
This data is provided by the Employer. The data is stored for up to 7 years for accounting purposes.
Employee email (personal data)
Processed to provide Benme services. This data is provided by the Employer. The data is stored for up to 7 years for accounting purposes.
Employee Birth date (personal data)
Processed for birthday gift options. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee hiring date (personal data)
Processed for anniversary gift options. This data is provided by the Employer, and it is optional. The data is deleted after an employee is removed from Benme system.
Employee bank account number (personal data)
Processed for receipt reimbursement purposes. This data is provided by the Employee during receipt upload. The data is deleted from Benme system after the receipt is reimbursed.
Information about employee’s purchases (personal data)
Processed for accounting purposes. The data is stored for up to 7 years for accounting purposes.
7. Where is Users’ personal data stored and how is it transmitted?
The personal data collected via Benme web environment is not transmitted to countries outside the European Union or to countries that lack personal data protection legislation in compliance with the standards of the European Union. Data is stored in servers located in a European Union member state.
Cookies are small pieces of information that are stored by the User’s browser on the hard drive of the User’s device. These cookies are needed to enable usage of third-party analytics tools that help us improve the web environment. Each User may disable cookies in their web browser and delete the cookies that have already been saved. However, in such a case we are not able to guarantee the flawless functioning of Benme Web Environments.
9. How is the User’s personal data protected?
User’s accounts in Benme Web Environment are protected by passwords for ensuring safety and privacy. Be careful as a User and do not give out your password to third parties, do not use passwords that are not easily guessed, and avoid using the same password in several web services. Do not leave your Benme account logged in in unfamiliar devices. Benme data requests are encrypted. Within the company, we employ reasonable technical and organizational administrative solutions for transmitting personal data between employees and cooperation partners. Though we try our hardest and work towards keeping the User’s personal data protected and transmitting it safely every single day, we would like to remind you that transmitting information online is never 100% safe. Our website contains links to other websites that may or may not be our partners. Benme does not guarantee nor is it responsible for the way these websites handle personal data. Should the User move onto other webpages through the links, the User must first specify the privacy settings of those pages. The same procedure applies to logging in through social media or using social media sharing buttons/links.
10. Duration of the storage of personal data
The data is stored until the User has a Benme Web Environment account or in instances when data storage is required by legislation (such as the Accounting Act). After the User or his employer has deleted the account, the User’s data concerning products and services is made anonymous and used for analytic purposes. The data of deleted Users are removed from spare copies and logs within 90 days after deletion. The User’s history of purchases is stored, and it remains accessible to the Suppliers from whom the product and service has been purchased, and the companies whose benefits compensation has been used. However, this data is separated from the user account and all other personal data. If the company cancels Benme subscription (terminates the supply of services from benme to the company), all the company’s employee's data will be anonymized or deleted within 30 days, leaving only the data that is necessary for accounting purposes.
11. Correction and deletion of data
The User reserves the right to demand access, correction, and deletion of the data always collected with the User’s consent. In addition to that, the User has the right to stop unlawful data processing, withdraw consent, or to demand the transfer of the personal data. These procedures can be carried out by sending signed requests to [email protected] It must be considered that it is not possible to use the Benme Web Environment, either personal or uploaded by the employer once the User decides to disallow processing personal data or requests it to be deleted or transferred. Another aspect that must be considered is that data cannot be deleted in its entirety because it may be stored on grounds other than the User’s consent. For example, your purchase history cannot be deleted because it is stored in compliance with the requirements of the Accounting Act. If Benme deleted your User Account owing to a breach of the user agreement, you have the right to demand the deletion of your personal data by sending an e-mail to [email protected] . Benme processes all such claims independently and informs the user of if the claim will be satisfied.
12. Forwarding direct marketing messages
If the User has consented to receive messages about suppliers' products and services as well as news, Benme will oversee forwarding the corresponding messages. Neither Users’ personal data nor contact information is transmitted to Suppliers for the purpose of direct marketing. If the User does not wish to receive direct marketing messages, the User can choose to stop receiving them by visiting the settings section of the Users Benme Web Environment and alternating the settings of how and which messages the User would like to receive. Links for unsubscribing are also included in all the newsletters and direct marketing messages we send out.
13. Third party data processors
Processor acknowledges that in the provision of some services, Processor on receipt of instructions from controller, may transfer Controller’s Personal Data to and otherwise interact with third party data processors. Processor agrees that if and to the extent such transfers occur, Processor is responsible for entering into separate contractual arrangements with such third-party data processors binding them to comply with obligations in accordance with Data Protection Requirements. For avoidance of doubt, such third-party data processors are not sub-processors.
14. Alternations to the Privacy Notice
Benme develops, legislation changes, and life goes on. From time to time we may find it necessary to make alternations to this privacy notice. We will notify our Users of such alternations via the web site or e-mail.
15. Data protection officers
You may contact the data protection officer of Benme via e-mail at [email protected] after communicating with our data protection officer the User feels that Benme does not fulfill the obligation of personal data protection with the required diligence and does not act in accordance with the present privacy notice, then you may inform the Lithuanian Data Protection Inspectorate, located in Vilnius, at Liudo Sapiegos street 17, 10312, and may be found online at https://vdai.lrv.lt/
16. Measures taken to protect your data
Benme employs multiple practices and policies to protect the data benme controls or processes: a. Data encryption in transit: benme uses secure (HTTPS or analogous) connections to transmit data between services or service providers.
Data encryption at rest: the data stored by benme is encrypted during the rest (when it is stored in durable storage).
Benme employs some of the best industry practices for its secure micro service design and minimize potential threat vectors. These policies include using communications that are exposed to the internet wherever possible and limiting exposed networking ports to only the ones are absolutely needed for service to function.
Benme employs mechanisms to automatically mitigate brute force and other suspicious login attempts.
Data is automatically deleted when it is no longer needed and only the minimal data is retained for accounting purposes.
Benme employs access right management policy so that only the employees who work directly with customers or users would have access to these user or customer data.
Benme employs a policy requiring employees to follow OWASP guidelines for strong passwords, meaning that every benme employee must only use passwords that are considered secure by OWASP standards for password management.
Benme employs a policy not to make physical copies of any documents containing user or customer information unless required by law. If the copy was made, benme demands all its employees to destroy it after it is no longer needed.