1.1. www.Bizar.com (“Website”) and the mobile apps, web interfaces, APIs, documentation, servers and all other Intellectual Property, software and infrastructure (individually referred to as“Bizar Product”and collective as “Bizar Bussiness Platform”are owned, registered and operated by Beta Software d.o.o. ("Company"), a company, incorporated under the laws of Croatia and having its corporate office at Masarykov put 3c, 20000 Dubrovnik, Croatia.
1.4. The administrator is the controller for all information related to the domains created by the customer and the users invited to Bizar by them. The Company is the controller for all the information related to the administrators themselves and for other individuals for whom data is collected directly by us.
For the purposes of this Policy, the key terms are defined as follows:
“Personal Data” means any information relating to User or identifiable to User; an identifiable to User is one who can be identified, directly or indirectly, in particular by reference to User such as name, email, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and Payment information (including payment card numbers, billing address, and bank account information);
“Processing”means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Controller”means the company, or administrator. The administrator is the controller for all information related to the domains created by the customer and the users invited to Bizar by them. The company is the controller for all the information related to the administrators themselves;
“Processor”means a company or third parties engaged by the company. The company is a processor for all data entered into Bizar by users.
“Recipient”means a Company or any legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“Third party”means a natural or legal person, public authority, agency or body other than the User, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data;
“Consent”of the User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
“Personal Data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
“Representative”means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
“Binding corporate rules”means Personal Data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of Personal Data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
“Sensitive data” refers to the various categories of Personal Data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from User. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
“Supervisory authority”means an independent public authority which is established by a Member State pursuant to Article 51;
‘Supervisory authority concerned’ means a supervisory authority which is concerned by the processing of Personal Data because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
Administrators/Users residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
a complaint has been lodged with that supervisory authority;
“Cross-border processing”means either:
Processing of Personal Data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
Processing of Personal Data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect Users in more than one Member State.
“Relevant and reasoned objection”means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of Users and, where applicable, the free flow of Personal Data within the Union;
2.1. Company protects Personal Data in accordance with applicable laws and our data privacy policies. In addition, Company maintains the appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We collect information directly from administrator, as well as automatically through use of our Website, services through the Bizar Bussiness Platform and, in some cases, from third parties.
2.1.1. Information That Our Customers Give is:
First and last name;
(Email address is used as an identificator for Bizar services, as well as attribute for Gmail Sync feature in which the other Bizar users, members of the same company are able to view all of the emails they’ve exchanged.)
Physical Address *;
Date of birth *;
User Profile photos that you upload
Organization information *;
Messages exchanged through any Bizar Product;
Files and rich media exchanged through any Bizar Product;
Mobile device information, including, without limitation, device type, ID, model number, operating system, application, and related information;
Calls placed using any Bizar Product *;
Payment information, including credit/debit card or other payment account information (payment information is submitted and payment is processed through a secure connection.) *;
Any other required account or other information to utilize the Bizar Bussiness Platform.
When users sign-up for a company account they provide us with:
2.1.2. Information Collected Automatically: When User use or interact with our Website and services, we receive and store information generated by activity, like Usage Data, and other information automatically collected from browser or mobile device. This information may include browser type and version; preferred language; geographic location using IP address; operating system and computer platform. We also may log the length of time of visit and the number of times User visit and use the services. We may assign User one or more unique identifiers to help keep track of future visits.
2.1.3. Information from Other Sources: If we receive any information about User from other sources, we may add it to the information we already have about User. For example, if we receive a list of subscribers to a Bizar Product and we note that User is a user of our products and also a subscriber, we may combine that information. Examples of information we may receive from other sources includes updated delivery or payment information which we use to correct our records, purchase or redemption information, customer support or enrollment information, page view, search term and search result information from business partners, and credit or identity information which we use to help prevent and detect fraud.
2.1.4. Information from our website visitors: Our website visitors contact us for more information or request for product demos. For this purpose, we generally request for first name, last name, email, company name and contact number.
3.1. Lawful Basis of processing
We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
3.2. Use of Customer Data – We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you.
The information collected by Us when customers use the Website and services, shall be used in the manner described below:
Facilitate use of the Bizar Bussiness Platform, its upgrades, its replacements and to maintain the Bizar Bussiness Platform.
Process payment and verify payment information;
Contact and communicate with Customers and Users with respect to Bizar Bussiness Platform;
Provide technical service and support, including updates;
Respond to legal requirements, exercise our legal rights or defend against legal claims, to protect our interests, fight fraud or illegal activity, to enforce our policies, or to protect third party rights, property, or safety.
Customize and/or tailor the Bizar Bussiness Platform and user experience, which may include displaying information based on their search or content from other users.
Responding to our customer on queries and support issues
Responding to our Customer’s end users on queries and support issues
As part of our contractual agreements with our customers, we also provide their end users with support on queries and technical support. In doing so, we act as processors for our customers and any data collected from such end users is collected on behalf of our customers.
When you give you consent to us for contacting you for marketing purposes by signing up for our blog, demo of Bizar or during an event that you attend.
3.4. Users under 16 years of age
The following categories of recipients will most likely receive your data in order for us to provide services to you
Third Party Data Center Services such as AWS *
Third Party helpdesk applications/tools for troubleshooting *
Third party Service Providers *
4.2. We may also disclose certain information to third parties solely to help diagnose technical problems, to customers of the Bizar Bussiness Platform, and improve the quality of the services provided by us through the Bizar Bussiness Platform.
4.3. We reserve the right to disclose any personal information as required by law or to respond to legal process, to protect our customer, to protect lives, to maintain the security of our products, and to protect the rights or property of the Company and when we believe, at our sole discretion that disclosure is necessary to protect our rights, protect someone from injury and/or to comply with a judicial proceeding, court order, or legal process served on the Company.
4.4. We also share data with the Company-controlled affiliates and subsidiaries, with vendors working on our behalf.
4.5. When a User accepts the invite to join a company in Bizar, to access Bizar services, the administrator of the team would: (1) control and administrator Bizar services account and (2) access and process data, including the Contents of communications and files.
Since we are an international company, some of your data can be processed outside of the EU region. Your data will be processed within Third Party Data Centers in USA. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.
Personal Data we collected may be transferred or be accessible internationally throughout Company’s business and between our entities and affiliates. Any such transfers throughout Company’s business take place in accordance with the applicable data privacy laws. It also means that rights stay the same no matter where data are processed by Company.
Customers are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
Request access to the Personal Data: This right entitles customers to know whether We hold Personal Data about them and, if we do, to obtain information on and a copy of that Personal Data.
Request a rectification of Personal Data: This right entitles customers to have Personal Data be corrected if it is inaccurate or incomplete.
Object to the Processing of Personal Data: This right entitles Customer to request that Company no longer Processes Personal Data.
Request the erasure of Personal Data: This right entitles Customer to request the erasure of Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
Request the restriction of the processing of Personal Data: This right entitles Customer to request that Company only processes Personal Data in limited circumstances, including with consent.
Request portability of Personal Data: This right entitles Customer to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that administrators have provided to Company, or request Company to transmit such Personal Data to another data controller.
As a user, you would need to submit a request via your administrator to request for deletion, opt-out or to receive a copy of your data. If we receive a request directly from you, the same will be forward to the administrator for your company for approval.
To the extent that the processing of Personal Data is based on Consent, Customers have the right to withdraw such Consent at any time by contacting Company’s Data Privacy Officer. Please note that this will not affect Company’s right to process Personal Data obtained prior to the withdrawal of consent, or its right to continue parts of the processing based on other legal basis other than consent.
7.2. We may use third party cookies to track visitor behaviour and to improve the quality of our services. However, such cookies will not store any kind of personal information, nor will such information be disclosed to any third party.
7.3. These cookies are intended to be automatically cleared or deleted when the User quits the browser application. User are encouraged to use the “clear cookies” functionality of browser to ensure such clearing / deletion, since it is impossible for us to guarantee, predict or provide for the behaviour of system. User have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Users browser and other choices may impact experiences with our products.
7.4. The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal development and maintenance of the Bizar Bussiness Platform and to retarget and remarket Bizar Bussiness Platform and our partner products to User.
8.1. We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the User’s use of them, or the information practices of their operators.
9.1. We maintain organizational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake to protect any kind of personal sensitive information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
We adopt market leading security measures to protect Personal Data.
9.2. Regarding use of our Websites, User should understand that the open nature of the internet is such that information and Personal Data flows over networks connecting User to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
10.1. We will retain Personal Data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria:
We retain Data as long as we have an ongoing relationship with our Customer. Once our customers choose to close their accounts, the information is deleted within 30 days of such closure. When you decide to close your account, we delete all personal information about you including any user generated content.
We will only keep the data while account is active or for as long as needed to provide services.
We retain data for as long as needed in order to comply with our legal and contractual obligations.
11.1. If the Customer wishes to opt- out of receiving non-essential (promotional, marketing-related) communications from us, after setting up an account, they may choose to do so by making such preference changes within the application or contacting us at email@example.com
You may contact us at our mailing address below:
Beta Software d.o.o
Masarykov put 3c,
20000 Dubrovnik, Croatia.
Please write to us at firstname.lastname@example.org if:
Customers and visitors have a general question about how Company protects Personal Data.
Customers and visitors wish to exercise rights in relation to Personal Data rights.
Customers and visitors wish to make a complaint about Company’s use of data.
You can contact our Data Privacy Officer at email@example.com.
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If, despite our commitment and efforts to protect Personal Data, you believe that your data privacy rights have been violated, We encourage and welcome customer to come to Company first to seek resolution of any complaint. Customers have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Company with a competent court.