Version 1

Privacy Policy

CONTENTS

  1. VERSION CONTROL
  2. WHO ARE WE
  3. APPLICATION OF THIS POLICY
  4. APPLICABLE LAWS
  5. LEGAL BASES
  6. HOW DO WE COLLECT PERSONAL DATA
  7. WHAT PERSONAL DATA IS COLLECTED
    1. Users of our Website/s
    2. Request for Information
    3. Requests to Receive Updates and Information
    4. Clients using our Services
    5. Collaborators and Suppliers
    6. Prospective Employees
    7. Employees
    8. Testimonials
  8. HOW IS PERSONAL DATA USED
  9. RECIPIENTS OF PERSONAL DATA
    1. Persons/Entities we may Disclose Information to
    2. Transfer of Data Within the EU/EEA
    3. Transfer of Data outside the EU/EEA
    4. Remote Processing
  10. RETENTION OF PERSONAL DATA
  11. AUTOMATED INDIVIDUAL DECISION MAKING, INCLUDING PROFILING
  12. PROCESSING SERVICES FOR DATA CONTROLLERS
  13. SYSTEMS
  14. THIRD PARTY PERSONAL DATA
  15. PROTECTION OF PERSONAL DATA
  16. YOUR RIGHTS
  17. CHANGES TO THIS PRIVACY POLICY
  18. APPROVAL AND REVIEW

1. VERSION CONTROL

Version: 1
Date: 1st August 2020
Summary of Updates: Creation of this policy

2. WHO ARE WE

56Bit Ltd is an entity constituted in Malta, operating internationally, providing cloud infrastructure services, having registration number C 92422 and registered address at 32, Triq il-Gewwinija, Ghaxaq GXQ 1970, Malta.

This privacy policy aims at providing clarity and information about our non-public personal data (as defined below) collection, processing and retention. Should you have any queries, require clarifications or additional information, please feel free to contact us.

Our contact details are the following:
▪ Address: 32, Triq il-Gewwinija, Ghaxaq GXQ1970
▪ Contact number: +356 99787661
▪ Email: legal@56bit.com

56Bit Ltd is the controller and the processor for the non-public personal data it collects and processes for its own use and on its behalf. 56Bit Ltd also acts as processor for its clients and therefore processes personal data on behalf of one or more data controllers (e.g. when offering cloud infrastructure services to customers). In case of uncertainty over who is the data controller, please contact us on the contact details outlined above.

The procedures, terms and conditions of processing of personal data herein apply in all cases, that is, whether processing is being undertaken in our capacity of data controller or as data processor on behalf of another data controller (refer to section 12).

3. APPLICATION OF THIS POLICY

This policy refers and applies to non-public personal data as defined in the GDPR, that is data/information relating to and identifying a natural person, which may be processed by us. In this policy, ‘you’ or ‘user’ refers to an identified or identifiable natural person.

4. APPLICABLE LAWS

56Bit Ltd is established in Malta and therefore the principle privacy laws applicable are the following:

▪ Data Protection Act (Chapter 586 of the Laws of Malta) and the subsidiary legislation issued thereunder;
▪ General Data Protection Regulation or GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC).

5. LEGAL BASES

In line with the principle of data minimization and data economy, we only collect personal data and process it on the following legal bases:

▪ with your consent which shall not be presumed and can be withdrawn by you at any time;
▪ for the performance of a contract or to take steps to enter into a contract in particular when you request our services or you are an employee, a collaborator or a supplier;
▪ in furtherance of any legal obligation or regulation; and/or
▪ for legitimate interest, primarily to protect us from legal action or claims from third parties, including you and/or to protect our legal rights and/or those of our employees, collaborators and/or suppliers.

6. HOW DO WE COLLECT PERSONAL DATA

We collect personal data:

▪ digitally through our site (56bit.com) and the use of cookies and similar technologies (please refer to our Cookies Policy); and
▪ non-digitally, that is, information you give us and/or obtained from other external sources including social media platforms, publicly accessible information/databases, your referees and other third parties.

7. WHAT PERSONAL DATA IS COLLECTED

The non-public personal data that we collect and the processing of such information will vary on the basis of the purpose and scope of the particular use or engagement as outlined below.

a. Users of our Website/s

We operate the website 56bit.com.

You may visit our website without submitting any personal data. However, to use certain features of the website (such as the fill-in forms to request information), personal data may be required (see the section entitled ‘Request for Information’ below).

Additionally, personal data on users of the website may also be collected by automated means. This information is collected through the use of cookies and other similar technologies. You can read more about this in our Cookies Policy.

b. Request for Information

What personal data is collected?

Through our website you may fill in an online form and request information. The information collected through the request for information function is the following:

▪ information you provide in the fields of the online form;
▪ IP address and other online identifiers;
▪ date, time and data of our website/s access; and
▪ identification data of the used browser.

You can also contact us and request information through email, phone, or social media. In such cases we will be collecting any information you provide to us or available on the relative media used. In all cases, we will also collect any correspondence in furtherance of the request.

Is it necessary?

This information is necessary for us to be able to respond to your request. General and preliminary information will be provided to you without the requirement of any other additional personal information.

c. Requests to Receive Updates and Information

What personal data is collected?

We keep in touch with our clients and try to keep them updated on developments that affect their business or the services we are providing. If you consent to receive news and information from us, we will collect your contact details and keep a record of the information we have sent you as well as any interactions related to such information sent to you.

Is it necessary?

If you do not provide the information outlined under this section, we will not be able to provide you with news and information.

d. Clients using our Services

What personal data is collected?

When we are providing a service, we collect personal data as to be able to provide the services. The information collected varies depending on the service/s being provided. As a minimum, the following personal data is collected on every customer (if a natural person) or customer’s contact person:

▪ name and surname;
▪ contact details (mailing address, email address, contact numbers); and
▪ bank account and bank related details (for customers that are natural persons only).

Is it necessary?

If you are not able or unwilling to provide us such information, we may not be able to provide the service/s.

e. Collaborators and Suppliers

What personal data is collected?

On collaborators and suppliers, we collect information as required by statutory obligations, principally information required by rules and regulations and information required for the collaboration or the provision of the service by the supplier to us. As a minimum, the following personal data is collected on every supplier (if a natural person) or supplier’s contact person:

▪ name and surname;
▪ contact details (mailing address, email address, contact numbers); and
▪ bank account and bank related details (for suppliers that are natural persons).
▪ Address
▪ VAT Number

Is it necessary?

If a collaborator or supplier is unable or unwilling to provide us such information, we will not be able to collaborate or use the services.

f. Prospective Employees

What personal data is collected?

In those cases where persons apply for a job with any of the 56Bit entities, the following information will be collected:

▪ name and contact details;
▪ your previous experiences and details of your previous jobs;
▪ education details and transcripts;
▪ referees’ names and contact details; and
▪ answers to questions made to you during the recruitment process.

We work with various recruitment agencies and such information may be obtained from agencies you would have applied with. Please note that we are not responsible and do not undertake any responsibility or liability in relation to the collection and processing of your personal information by such agencies.

We may request you to allow us to process your personal information to contact you for any other vacancy that may arise. Should you consent, we may contact you whenever a suitable vacancy will arise.

Is it necessary?

Candidates are free to provide the information they deem fit. Whilst we will still process your application for a job, should the information outlined herein not be provided in whole or in part, your application may be affected.

The information required on acceptance of an employment offer on the other hand is necessary to finalize your employment and onboarding process.

g. Employees

What personal data is collected?

On acceptance of an employment offer of an employee, we may collect the following information:

▪ identification document;
▪ police conduct certificate or equivalent;
▪ banking, tax and other details;
▪ health Information to ensure you are fit to work and to cater for any special conditions; and
▪ emergency contact details.

During your employment with us, other information will be collected:

▪ records of your employment performance;
▪ answers to questions we make to you during assessments;
▪ health information obtained through medical certificates and the employer’s medical doctor;
▪ other information required for clearance of employees, where necessary, by our customers.

We may also collect general information about you such as your hobbies and interests with the aim of enhancing your working experience with us.

Is it necessary?

Except for the general information collected which is optional, the information outlined herein is required and will affect your employment if not provided.

h. Testimonials

What personal data is collected?

Testimonials/reviews provided by you may have personal data including name and other information that may make you identifiable. If you provide a testimonial and provide the necessary consent, we will post testimonials/review on our Website and/or publish them for general public access online or offline.

Is it necessary?

We will request your consent for the publishing/use of testimonials/reviews. We will not use such testimonials/reviews without the necessary consent.

8. HOW IS PERSONAL DATA USED

Depending on the information collected, any personal non-public information so collected will be used to:

▪ provide you with news and information, reply to requests, provide services and follow-up;
▪ provide information to your representatives/intermediaries, access and progress job applications;
▪ in case of employees progress their employment, access performance and training;
▪ to implement and enhance collaboration or receive services in case of collaborators or suppliers;
▪ for marketing purposes in those cases where consent is provided;
▪ comply with any legal or regulatory requirement;
▪ to protect us from legal action and claims; and
▪ for our internal purposes including the administration of the flow of such information, market research and data analytics, internal record keeping, financial and market research and/or to improve our products and people’s experiences.

9. RECIPIENTS OF PERSONAL DATA

a. Persons/Entities we may Disclose Information to

We may disclose personal information legally in the following scenarios:

▪ with your consent;
▪ for the performance of a contract or to take steps to enter into a contract;
▪ to enforce our contractual terms;
▪ to protect us and our employees from legal action or claims from third parties, including you;
▪ in cases of merger or acquisition of our business or parts of it to the new owners;
▪ to group entities;
▪ when there is a legal requirement to do so; and
▪ if we are requested to do so by a governmental or regulatory authority or by a court of competent jurisdiction. In this context, persons/entities, to whom personal data may be disclosed include the following:
▪ to our customers (including information on subcontractors if required by the customer and employee details for any due diligence/clearances processes our customers may require to undertake on us and our people);
▪ our legal advisors, accountants, auditors and other advisers;
▪ IT services providers, including cloud service providers we use for the provision of services;
▪ subcontractors;
▪ public authorities, government departments, or courts of law.

A list of providers to which your information is or may be disclosed as necessary and subject to legal basis is available on request. Kindly contact us on details outlined above in section 1 above should you require further details.

b. Transfer of Data Within the EU/EEA

The free exchange of personal data between Member States is a fundamental aspect of the EU’s basic principles. This principle is also reflected in the GDPR, which allows for the transfer between EU/EEA companies subject to the legal bases as provided above under the ‘Legal Bases’ section.

As a general rule, therefore, the personal data we process will be so processed within the EU/EEA, subject to the legal basis for processing outlined herein.

c. Transfer of Data outside the EU/EEA

Subject to legal basis, personal data may be transferred to non-EU/EEA countries deemed by the European Commission to offer an adequate level of legal of protection. In the absence of such status as declared by the European Commission, the GDPR provides that a transfer can take place through the provision of appropriate safeguards and on condition that enforceable rights and effective legal remedies are available for individuals. Such appropriate safeguards include contractual arrangements with the recipient of the personal data, using, the standard contractual clauses approved by the European Commission. For this purpose, when transferring data to such countries and subject to legal basis, we ensure that contractual arrangements based on contractual provisions as approved by the European Commission are in place.

d. Remote Processing

Personal data sent via remote means may be transmitted across international borders irrespective of where the sender and receiver are located. This may include transfers of personal data from you to us via a country outside the EU/EEA and not recognised by the European Commission as having adequate standards of personal data protection. In this context, we shall not be responsible for any act of omission by you or any third party that may affect your personal data prior to us receiving it. We accept no responsibility for information in transit.

10. RETENTION OF PERSONAL DATA

We retain the personal information that we collect from you only for as long as required for statutory, business, tax or legitimate interest purposes. Your information is retained in electronic or paper format or both. When it is no longer required, it will be anonymised or deleted and destroyed. Should you wish to obtain information on the specific retention period of any personal information we hold on to, please contact us on the contact details outlined above in section 1.

11. AUTOMATED INDIVIDUAL DECISION MAKING, INCLUDING PROFILING

We do not undertake fully automated individual decision-making, including profiling.

12. PROCESSING SERVICES FOR DATA CONTROLLERS

In the provision of our services, we may be acting as processors on behalf of data controllers. In such cases, the terms, provisions and limitations herein apply. When acting as data processors for others, our processing activities are limited to having access to personal data through the cloud infrastructure services provided to our customers, to possibly store such data and to use/process such data in relation to specific instructions from our customers. We will never access or process the data in any other manner. In this context, the customer shall ensure that any processing of personal data by the customer as the data controller (particularly our access to such data and instructions from the customer relating to the use/processing of such data by us on the customer’s behalf) shall be covered by the necessary consents or legal basis on the customer’s end, and undertaken by the customer according to law, in particular data protection law and the GDPR. The customer shall indemnify and hold us harmless to the fullest extent permitted at law with respect to all claims, damages or losses resulting from a breach of this.

13. SYSTEMS

We maintain physical, electronic and procedural safeguards to protect personal non-public data. We attempt to protect your personal data from unauthorized access by third parties by means of precautions such as pseudonymization, data minimization and observing deletion periods. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties. Additionally, we use various systems in our collection, processing and storing of data. To the best of our capabilities, we ensure that third-party systems we use are GDPR compliant. Please contact us on the details outlined above in section 1 should you require more information on the systems used.Third party Websites Occasionally, we may provide links to other websites for your convenience and information. This privacy policy does not cover the links within our websites linking to other websites. We are not responsible for such other website/s and/or any products or services they may offer. It is your responsibility to check how these websites treat your personal data and we encourage you to read the privacy statements on the other websites you visit.

14. THIRD PARTY PERSONAL DATA

In those cases where you provide to us personal data on third parties, you warrant that prior to processing or transferring any personal data to us, you would have obtained consent for such processing or transfer from the third party and can therefore lawfully provide such data to us. You shall indemnify and keep indemnified the firm to the full extent permitted at law against any loss or damage incurred by us, in relation to this.

15. PROTECTION OF PERSONAL DATA

We undertake reasonable efforts to ensure that any personal data we hold/process is safeguarded from unauthorised access, improper use/disclosure, and/or accidental loss or unlawful destruction. We however cannot guarantee such will not occur. We operate IT and managerial security policies and procedures to protect personal data which are regularly reviewed and kept up to date. To the best of our capabilities, we undertake reasonable efforts to carefully select the systems we use and third parties we will collaborate with and ensure that these operate privacy policies, security procedures, rules and IT organisational measures that are in line with GDPR requirements.

16. YOUR RIGHTS

Your principal rights under data protection law are:

▪ right to be informed about the personal non-public data we collect and how we process it - this policy aims at providing you with this information;
▪ right to access – you have the right to obtain confirmation that your personal non-public data is being processed and have the ability to access it;
▪ right to modification – you have the right to request the modification of any personal non-public data we hold on you if it is incorrect or incomplete;
▪ right of portability – you may ask us to forward to you the personal data we hold on you and which is portable at law in a structured, commonly used and machine-readable format or to transmit that data to another data controller, where it is technically feasible to do so
▪ right to erasure – you have the right to request the removal of your personal data, which shall be deleted, unless there is a legal requirement or reason for us to continue processing or storing it;
▪ right to restrict processing – you have a right to restrict or withdraw consent to the processing of your personal data. In such cases we are permitted to store your data, but not to process it further unless there is a legal requirement or reason for us to continue processing it;

▪ right to object to processing for specific reasons at law, being the following:
a. processing based on legitimate interests or the performance of a task in the public interest or in the exercise of official authority,
b. direct marketing, including profiling to the extent that it is related to such marketing activities,
c. processing for scientific or historical research purposes or for the purpose of statistics; and

▪ right to file a complaint with supervisory authorities if your information has not been processed in compliance with GDPR.

17. CHANGES TO THIS PRIVACY POLICY

We keep our privacy policy under regular review. If any change in this privacy policy is significant and will affect the way we collect or process any personal data, you will be provided with prior notice via email. A notice on our website will be uploaded in cases of other changes not deemed significant. Your continued use of services or websites after any change to this privacy notice will constitute your acceptance of such change.

18. APPROVAL AND REVIEW

This policy has been approved by the board of directors/partners without change on the 1st of August 2020. This policy will be reviewed when necessary and at least on an annual basis.