GDPR Statement

General Provisions

VENBEST (hereinafter referred to as the “Company”) undertakes commitments to protect personal data in accordance with the requirements of the General Data Protection Regulation (GDPR)(Regulation (EU) 2016/679). This document defines the procedures for processing, storing, and protecting the personal data of the Company’s clients, partners, and employees.

Scope

This GDPR Statement is developed to ensure transparency and to inform data subjects about their rights and the ways to exercise them, as well as about the measures taken by the Company to protect personal data.

Definitions

Personal data: any information relating to an identified or identifiable natural person (data subject).
Processing: any operation or set of operations performed on personal data, whether or notby automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller: a natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data.
Data subject: a natural person whose personal data are being processed.

Principles of Personal Data Processing

Company processes personal data in compliance with the following principles:

Lawfulness, fairness, and transparency: processing is conducted on lawful grounds, fairly,and transparently for data subjects.
Purpose limitation: personal data are collected for specific, explicit, and legitimate purposes only.
Data minimization: only personal data necessary to achieve the specified purposes are processed.
Accuracy: personal data must be accurate and, where necessary, kept up to date.
Storage limitation: personal data are kept no longer than necessary for the purposes for which they are processed.
Integrity and confidentiality: an appropriate level of security of personal data is ensured, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage.

Purposes of Personal Data Processing

Company processes personal data for the following purposes:

Providing services to clients.
Fulfilling contractual obligations.
Conducting marketing activities (upon consent).
Maintaining communication with partners and clients.
Complying with legal requirements.
Internal accounting and analysis.
Ensuring the security and protection of the Company’s interests.

Legal Grounds for Processing Personal Data

Company processes personal data based on the following legal grounds:

Consent of the data subject.
Necessity for the performance of a contract.
Necessity for compliance with a legal obligation.
Protection of vital interests of the data subject or another natural person.
Necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interests of the controller or a third party

Rights of Data Subjects

Data subjects have the following rights:

Right to information: the right to know what personal data are processed and for what purpose.
Right of access: the right to obtain a copy of their personal data.
Right to rectification: the right to request correction of inaccurate or incomplete personal data
Right to erasure (“right to be forgotten”): the right to request deletion of their personal data under certain conditions.
Right to restriction of processing: the right to request restriction of processing of their personal data under certain conditions.
Right to data portability: the right to receive their personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
Right to object: the right to object to the processing of their personal data.
Right not to be subject to automated decision-making, including profiling.
Right to withdraw consent: the right to withdraw their consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority

Transfer of Personal Data to Third Parties

Company may transfer personal data to third parties only in cases provided by law or with the
consent of the data subject. Third parties may include:

Service providers supporting the operation of IT infrastructure.
Partners involved in providing services to clients.
Government authorities and institutions (in cases stipulated by law).

When transferring data to third parties, the Company ensures an appropriate level of protection of
personal data, including by concluding relevant contracts and using technical security measures.

International Transfer of Personal Data

In the event of transferring personal data outside the European Economic Area (EEA), Companytakes measures to ensure an adequate level of data protection, including by concluding standard contractual clauses approved by the European Commission or applying other mechanisms provided for by the GDPR.

Personal Data Security

VENBEST implements technical and organizational measures to protect personal data from
unauthorized access, loss, destruction, or damage. These measures include:

Using modern information security technologies.
Implementing policies and procedures on personal data protection.
Regular training of employees on personal data protection.
Restricting access to personal data.
Regular monitoring and evaluation of the effectiveness of security measures.

Storage of Personal Data

Personal data are stored for the period necessary to achieve the purposes for which they werecollected or for the period required by law. After this period expires, personal data are destroyed or anonymized.

Contact Information

For additional information regarding personal data processing or to exercise their rights, data subjects may contact the Company’s Data Protection Officer via the hotline 0800 306 300, where their request will be registered and forwarded to the responsible person.

Changes to this GDPR Statement

VENBEST may periodically update this GDPR Statement. The updated version of the document is published on the Company’s official website.