PRIVACY AND CONFIDENTIALITY POLICY

(Privacy Policy)

(current edition as on December 6, 2023) 

This BSG Privacy and Confidentiality Policy (hereinafter referred to as “Privacy and Confidentiality Policy”) has been drafted in accordance with the requirements of European legislation, the General Data Protection Regulation (EU) (GDPR), which came into effect on May 25, 2018. It regulates the legal relations associated with the collection, processing, storage of Personal Data, as well as the rights of individuals to non-interference in their private life and the right to self-expression. 

1. TERMS AND DEFINITIONS 

1.1. In this Privacy and Confidentiality Policy, the following terms are used: 

1.1.1. “BSG ESTONIA OÜ” or “BSG” – a company registered in accordance with the laws of Estonia with its registered office at Pae 25-47, Tallinn, 11414, Estonia (registration number: 12974765), which provides messaging services (tools) and other services through the website https://bsg.world (hereinafter referred to as the “Site”) or based on separately signed contracts. BSG organizes the processing and collection of Personal Data and determines the purposes of processing Personal Data and their composition, which are subject to processing and collection, actions or operations carried out with Personal Data. 

1.1.2. “Personal Data” – any information relating directly or indirectly to a specific identifiable physical person (subject of personal data), including the User of the Site. 

1.1.3. “Processing of Personal Data” or “personal data processing” – any action (operation) or a set of actions (operations) carried out with or without the use of automation tools with Personal Data, including the collection, recording, organization, accumulation, storage, refinement (updating, modification), use, transmission (dissemination, provision, or access), depersonalization, blocking, deletion, or destruction of the User’s Personal Data. 

1.1.4. “BSG Site User” or “User” – a natural person who can be identified, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that physical person (clause 1, Article 4 of GDPR). A User is also a person who orders services from BSG or simply visits the Site. 

1.1.5. “Cookie” – a small piece of data sent by a web server and stored on the User’s computer or other devices, which the web client or web browser sends back to the web server in an HTTP request each time it attempts to open a page of the respective website. 

1.1.6. “IP Address” – a unique network address of a node in a computer network built using the Internet Protocol (IP). 

2. SUBJECT OF THE PRIVACY AND CONFIDENTIALITY POLICY 

2.1. By using the Site or ordering a service from BSG through the Site or based on separate contracts, the User confirms their consent to BSG and its authorized persons for the collection and processing of their Personal Data. Additionally, by performing the above-mentioned actions, the User agrees to the terms of this Privacy and Confidentiality Policy. 

2.2. In accordance with clause 2.1 of the Privacy and Confidentiality Policy, the User provides their consent to BSG for the processing of Personal Data received from the User, including collection, systematization, accumulation, storage, clarification (updating, correction), use, dissemination, depersonalization, blocking, destruction of personal data, including those indicated in the form (contact form), for the purpose of activities aimed at forming a database of participants, compiling statistical reports, conducting marketing research, forming analytics, processing payments, hosting, providing service, technical support, as well as interaction with the User, including through telecommunication networks, including sending SMS and emails, etc., until such consent is revoked by the User. 

2.3. The User confirms their agreement that BSG has the right to interact with the User by making direct contacts using various means of communication, including but not limited to: postal or SMS marketing, email, the Internet, and others. 

2.4. Personal Data allowed for processing and collection within the framework of this Privacy and Confidentiality Policy include, but are not limited to, the following information: 

2.4.1. Data about the User: 

– name and/or surname; 

– email address; 

– phone number; 

– nicknames in messengers (instant messaging systems); 

– name of the enterprise to which the User is related; 

– number and address of the company to which the User is related; 

– User’s social media links; 

– User’s IP address; 

– physical location of the User. 

2.4.2. Data about the User’s transaction: 

– information about payments from the User and other information about services ordered from BSG. 

2.4.3. Financial data of the User: 

– information about the bank account and credit or debit card, invoice information, payment methods. 

2.4.4. Contact data of the User: 

– information or records created as a result of contact with BSG. For example, this could be a phone conversation, online contact, contact via email, physical mail, or messengers such as Viber, Telegram, WhatsApp, and others. 

2.4.5. Technical data: 

– IP address, date and time of the request, content of the request, access status/HTTP status code, website sending the request, browser, operating system and its interface, language and version of the browser software. 

2.5. By joining (agreeing) to this Privacy and Confidentiality Policy, and according to clause 2.1 of the Privacy and Confidentiality Policy, the User understands that they bear personal responsibility for their actions or inaction in the process of using BSG’s services. When using BSG’s services, including for sending messages for marketing purposes to third parties, the User must comply with the GDPR and local legislation. 

3. COOKIE POLICY 

3.1. BSG collects information about the User’s visits to the Site for the purpose of obtaining visitation statistics and the effectiveness of their use, forming a personalized approach and adapting to the interests of each User. BSG does this using various technologies, one of which is Cookies. These are data that the Site can send to the User’s browser and will be stored on the computer or other device for further identification by the Site. 

3.2. Cookies are used to evaluate the effectiveness of websites (for example, to measure the number of visitors and the duration of their stay on the Site), to identify the most interesting and visited topics and pages, and to ensure convenient navigation and use of the Site, without collecting any personal information (data). Cookies can also be used to form a personalized approach based on the existing experience of interaction of the User or any other person with the Site and their preferences. Over time, this information helps to improve the experience. 

3.3. Cookies files are text files sent by the Site to the User’s device, which allows improving the Site. Cookies are unique to the User’s account or browser. 

3.4. The User will be notified about the use of Cookies during their first visit to the Site. If the User objects to the collection of information using Cookies, they can at any time adjust their choice through the Cookie Settings Center. 

3.5. Browsers provide the User with the ability to manage Cookies according to requirements. The User can manage and/or delete, restrict, or block Cookies from the Site at any time by modifying the browser settings. If the User does not wish to use Cookies on the Site, they should first disable Cookies in their browser. 

3.6. Through browser settings, the User can choose which Cookies to accept and which not to. Such settings directly depend on which browser the User is using: 

Cookie settings in Chrome

Cookie settings in Firefox

Cookie settings in Internet Explorer

Cookie settings in Safari

If the User decides to block certain functional Cookies, some BSG services may become unavailable. In addition to the settings that may be available on the Site, the User may refuse the use of individual Cookies. 

4. COLLECTION AND USE OF PERSONAL DATA 

4.1. BSG collects Personal Data in the following cases: 

– when the User fills out their profile data (completes a contact form) on the Site or logs in (authorizes) to their electronic cabinet on the Site; 

– when the User visits the Site or interacts with BSG; 

– when the User fills out contact forms on the Site or registers or orders services in the “Solutions” and/or “Products” sections of the Site; 

– when the User follows a newsletter posted on the Site; 

– when the User contacts BSG by phone, including through messengers, email, site chat, or social networks; 

– BSG may receive personal data of an individual when the User clicks a button on social networks like “like”, “subscribe”, or interacts in other ways with BSG’s official pages on Facebook, LinkedIn, Instagram, and other platforms. 

5. PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA 

5.1. BSG uses the User’s Personal Data for the following purposes: 

5.1.1. Implementation of service provision: 

Contract conclusion and service provision. Contractual information about the User, namely: name and surname, phone number, email, passport details, residential address, etc.; 

Fulfilling the terms of the contract and providing services. Perform, manage, and ensure compliance with the provision of services, including any related contract, additional documents such as appendices, amendments, etc.; 

Contractors. Sharing personal data with BSG partners (technical service providers, postal operators, hosting providers, communication agencies, etc.) without whom the provision of services to the User would be impossible; 

Payment for services. Manage payment or fees and charges in the process of providing BSG services, as well as billing or arranging the deduction of funds from the User’s account; 

Notifications. Informing the User about changes/additions to all services provided by BSG, including through the Site, as well as to the Privacy and Confidentiality Policy or other documents posted on the Site; 

Communication during service provision. Providing the User with information about BSG services, as well as technical support in the process of service provision. This also includes the possibility of BSG or its partners sending the User test SMS or other messages in the process of providing BSG services. 

5.1.2. Legal purpose: 

– for statistics, market analysis, and research; 

– to analyze and improve the provision of BSG services; 

– to report the User’s Personal Data to authorized government authorities in accordance with the law; 

– to monitor, verify, and record the User’s communication with BSG; 

– to occasionally send the User useful information, newsletters, new offers, BSG’s work schedule. Additionally, BSG may receive information about when the User received or read the respective message from BSG; 

– to inform the User about the results of claims consideration (if any); 

– to notify about the BSG contact person who will communicate with the User; 

– for the possibility of BSG conducting various promotions, programs, loyalty systems, etc., including the registration of the User in its own database of participants in such actions, programs, loyalty systems, etc.; 

– for the possibility of joining the User to various policies, rules, regulations, instructions, etc., regulating BSG’s conduct of promotions, programs, loyalty systems, service provision, etc.; 

– to inform Users about the procedure of conducting promotions, programs, loyalty systems, etc., organized by BSG, as well as to inform about changes to policies, rules, regulations, instructions, etc., regulating the conduct of BSG’s promotions, programs, loyalty systems, etc.; 

– To comply with other legal obligations. 

5.2. In some cases, and in the process of providing services to the User, BSG may request certain permissions, which will allow access to the User’s device and personal data. BSG declares that such permissions can only be requested when it is truly necessary and affects the quality or possibility of providing BSG services. The User understands that rejecting such a request may lead to non-provision or improper provision of BSG services to the User. The User has the right to revoke the above permission at any time. 

6. USER RIGHTS 

6.1. With respect to their Personal Data processed by BSG, the User has the following rights (subject to other provisions of the Privacy and Confidentiality Policy): 

– to know about the sources of data collection, the location of their Personal Data, and the purpose of its processing; 

– to receive information about the conditions of access to their Personal Data; 

– to access their Personal Data; 

– to receive confirmation about the processing of their Personal Data; 

– to receive information regarding whether their Personal Data is being processed; 

– to present a motivated demand objecting to the processing of their Personal Data; 

– to request the correction or deletion of their Personal Data or the restriction of its processing, and to object to such processing; 

– to protect their Personal Data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or delay in providing it, as well as to protect against providing information that is inaccurate or defamatory of honor, dignity, and business reputation; 

– to file complaints about the processing of their Personal Data with the supervisory authority body; 

– if Personal Data is transferred to a third country or an international organization, the data subject (User) should have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR regarding the transfer; 

– to apply legal remedies in case of violation of personal data protection legislation; 

– to revoke their consent to the processing of Personal Data in cases provided by law; 

– to know the mechanism of the automatic processing of their Personal Data; 

– to make changes to incomplete or inaccurate Personal Data; 

– to delete Personal Data if the individual (User) successfully exercised the right to object to data processing; 

– to refuse consent to the processing of their Personal Data at any time; 

– to object to the use or processing of their Personal Data if the individual (User) believes it affects their rights and freedoms. 

6.2. To exercise the rights mentioned above, it is necessary to contact BSG at the email address: [email protected]. If BSG receives a request from the User to exercise any of the above rights, BSG may ask the User to verify their identity before acting on the request. This is necessary to ensure the protection and security of personal data. 

7. TRANSFER AND DISCLOSURE OF PERSONAL DATA OF AN INDIVIDUAL 

7.1. BSG does not transfer or disclose any Personal Data about the User without their consent, except for purposes mentioned in this Privacy and Confidentiality Policy, or as required by law. 

7.2. BSG may use third-party services to provide services to the User. All processors acting on behalf of BSG process the User’s data only in accordance with BSG’s instructions and strictly adhere to this Privacy and Confidentiality Policy, as well as the legislation of the European Union. 

7.3. BSG may transfer the User’s Personal Data outside the European Union in accordance with the obligations of this Privacy and Confidentiality Policy, and or law, in the following cases: 

– the European Commission or another authorized body has recognized that the country of destination for the transfer of personal data provides an adequate level of personal data protection; 

– the service provider/seller of goods, according to this Privacy and Confidentiality Policy, is bound by specific contractual obligations required under current data protection legislation. 

8. MEASURES TO PROTECT THE USER’S PERSONAL DATA 

8.1. BSG takes measures to ensure the protection and security of the User’s personal data at all stages of processing, including through organizational and technical measures. 

8.2. BSG takes all necessary precautions to prevent accidental loss, misuse, or unauthorized access, alteration, or disclosure of the User’s Personal Data. 

8.3. BSG has implemented a process for addressing breaches of Personal Data security or accidents and will inform the User and any relevant regulator of a suspected breach or incident if legally required to do so. 

8.4. If BSG transfers the User’s Personal Data, it will require third parties to take measures to protect the Personal Data. BSG does not grant any rights to third parties to use Personal Data for their own purposes. A third party may use the User’s Personal Data for a specific purpose and according to BSG’s instructions. 

9. ADDITIONAL INFORMATION ABOUT THE USER’S PERSONAL DATA 

9.1. BSG is not obligated to provide the User’s personal data to third parties, except as specified in this Privacy and Confidentiality Policy or as required by law. 

9.2. BSG retains Personal Data only as long as necessary. In storing personal data, BSG considers the following: 

– the duration of the purposes for which BSG collects Personal Data, and the duration for which BSG is obligated to provide services; 

– ensuring and managing relationships between BSG and the User; 

– BSG also retains the User’s Personal Data for compliance with regulatory requirements, accounting and reporting requirements, and legal directives or instructions; 

– the statute of limitations according to local law. 

9.3. Processing is only lawful if the data subject (User) has consented to the processing of their Personal Data for one or more specific purposes in accordance with section 2.1 of the Privacy and Confidentiality Policy. Occasionally, BSG may offer the User to agree to the Privacy and Confidentiality Policy through push notifications, subscribing to BSG, checking a box indicating familiarity with the Privacy Policy, etc. 

9.4. According to clause 1, Article 8 of the GDPR, the processing of a child’s personal data is lawful if the child is at least 16 years old. If the child is under 16, such processing is lawful only if consent is given by the parents or by a person responsible for the child. 

9.5. BSG’s Site may contain links to other websites. However, if the User uses these links, they should be aware that BSG does not control these websites. Therefore, BSG is not responsible for the protection and confidentiality of any information the User provides while visiting such websites, and these sites are not governed by this Privacy and Confidentiality Policy. Users should be cautious and review the applicable policy for the relevant website. 

10. ADDITIONAL CONDITIONS 

10.1. BSG reserves the right to make changes to the Privacy and Confidentiality Policy without the User’s consent, notifying 30 (thirty) calendar days before the changes take effect. Changes to the Privacy and Confidentiality Policy are made by posting a new current version of the Privacy and Confidentiality Policy at the following link: https://bsg.world/privacy-policy/. The current and effective version of the Privacy and Confidentiality Policy can always be found at the same link. 

10.2. The new Privacy and Confidentiality Policy comes into effect from the moment it is posted on the BSG website, unless otherwise provided by the new version of the Privacy and Confidentiality Policy. 

10.3. If the User disagrees with the changes to this Privacy and Confidentiality Policy, they must contact BSG at the email address: [email protected]. If the User continues to visit the Site and use BSG’s services, it means that the User agrees with the new version of the Privacy and Confidentiality Policy. 

10.4. In case of disagreement with any changes made to the Privacy and Confidentiality Policy, the User must stop using the Site and BSG’s services and has the right to request that BSG delete the User’s Personal Data. Such deletion takes place considering other provisions of the Privacy and Confidentiality Policy. If BSG does not receive a refusal from the User regarding the new version of the Privacy and Confidentiality Policy, it means that the User agrees with the new version of the Policy. 

10.5. The User can file a complaint about BSG’s violations of the General Data Protection Regulation to the court or the European Data Protection Supervisor. Contact details of the above-mentioned supervisor can be found at the following link: https://edps.europa.eu/about-edps/contact_en

10.6. Additionally, the User may file a complaint about BSG’s violations of personal data protection legislation to the Data Protection Inspectorate (Andmekaitse Inspektsioon). Contact details of the above-mentioned inspectorate can be found at the following link: https://www.aki.ee/et/inspektsioon-kontaktid/inspektsioonist.