Cart
0

Privacy Policy

Privacy Policy

Kustendil BG Ltd values the privacy of its users and is fully dedicated to safeguarding their personal data. This Privacy Policy outlines how Company (“Company,” “we,” “us,” “our,” “designix.org”) and our affiliated entities handle information pertaining to individuals, including personal data, in connection with the utilization of the https://designix.org website and the real-time productivity analysis time tracking service (“Service”). Detailed information regarding the type of information we collect about individuals, the reasons behind such collection, how we utilize it, and our approach to handling such information can be found below.

 

By accessing or using this website or any of our Services, you agree to abide by the terms specified in this Privacy Policy, Cookie Policy, Terms of Service, and other applicable terms and policies published on our website. If you do not consent to this Privacy Policy, you must exit this website and cease all usage of our Services.

 

  1. Introduction

 

1.1 This Privacy Policy governs the handling of Personal Data concerning independent individual users (referred to as the “User” or “you”) of the Company Service, as well as visitors to the Designix.org website (“you”). It also covers the handling of Personal Data by Company on behalf of companies, organizations, institutions, groups of individuals, etc., that monitor the time of their employees or other individuals within their Company account group (referred to as the “Client”) within the Service.

1.2 Company will process Personal Data in compliance with applicable data protection laws. For Data Subjects within the European Economic Area (EEA), Company will adhere to the requirements of the European Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR). The GDPR aims to protect the rights and privacy of individuals in relation to the processing of their personal data and the free movement of such data, while replacing Directive 95/46/EC.

1.3 Within this Privacy Policy, the term “Designix.org” refers to Company, a company incorporated in Bulgaria with registration number 207226527. Our registered address is located Krasna polyana 1, bld. 38a, fl.3, apt. 9, Sofia, 1330, Bulgaria.

1.4 The terms “Personal Data,” “Data Subject,” “Processing,” “Controller,” “Processor,” and “Supervisory Authority” used in this Privacy Policy hold the same meanings as defined in the GDPR.

1.5 Company assumes the role of a Data Controller and determines the purpose and methods of processing the following data:

 

a) Personal Data of Users who are clients of Company and directly provide their Personal Data to us. This category includes freelancers and other individuals who independently register for a Company account for their personal usage.

b) Personal Data of individuals who subscribe to receive commercial communications, news, and updates from Company but are not registered users of the Company Service.

1.6 When Company processes Personal Data that has been transferred to Company by the Clients, Company acts as the Data Processor.

 

  1. Processing of data on behalf of clients by Company as data processor

 

2.1 This section pertains to Company Clients who transfer Personal Data of end-users of the Service, such as personal data of the Client’s employees, to Company. In relation to such data, the Client determines the purpose and methods of processing Personal Data and therefore assumes the role of the Data Controller.

2.2 Company processes the Personal Data of end-users on behalf of the Client. Company only accesses this data for the sole purpose of providing the Service. Therefore, Company acts as the Data Processor in this context.

 

Details of processing

 

2.3 When the Client creates accounts for end-users within its group, the Client transfers the Personal Data of these end-users to Company. By doing so, the Client instructs Company to process the Personal Data for the purpose of providing the Service to the Client, as stipulated in the agreement between the Client and Company.

2.4 It is clarified that this Privacy Policy encompasses comprehensive and definitive instructions from the Client to Company regarding the processing of Personal Data of end-users. This Privacy Policy serves as a binding data processing agreement.

2.5 Company is committed to processing all Personal Data on behalf of the Client in accordance with the Client’s instructions and in compliance with relevant data protection laws and regulations, including the requirements of the GDPR, where applicable.

 

Duration of the processing

 

2.6 Company will process the aforementioned data for the duration of its provision of the Service to the Client and as long as the Client maintains an active Company account.

2.7 In the event that an end-user’s account is deleted by the Client, Company may retain the data of deleted accounts within the Client’s group for statistical and analytical purposes at the Client’s interest. However, this data can be deleted upon the Client’s request at any time.

2.8 Following the termination of the contractual relationship between Company and the Client, we may retain certain Personal Data to the extent necessary, but strictly limited to the minimum required, in order to comply with legal obligations, maintain reliable backup systems, resolve any disputes between the Client and Company, if any, prevent fraud and abuse, enforce Company agreements, and/or pursue legitimate interests of Company or third parties.

 

Sub-processors

 

2.9 The Client agrees that, in order to provide the Service to the Clients, Company may utilize sub-processors who offer services as outlined in Paragraph 7. Company guarantees that it will only engage sub-processors who adhere to the same data protection obligations stated in this Privacy Policy. This includes ensuring that sub-processors provide adequate guarantees, implement suitable technical and organizational measures, and comply with the requirements of the GDPR, where applicable. In the event that a sub-processor fails to fulfill its data protection obligations, Company will remain liable to the Client.

 

Assistance to the controller

 

2.10 Considering the nature of the processing, as a Data Processor, Company will assist the Client to the best of its abilities in implementing technical and organizational measures to fulfill the Client’s obligations as a Data Controller concerning the following:

  • Handling requests made by the Client’s end-users regarding access, rectification, erasure, restriction, portability, blocking, or deletion of their Personal Data processed by Company on behalf of the Client. If a Data Subject directly contacts Company with such a request, Company will promptly redirect the request to the Client.
  • Investigating Personal Data breaches and notifying the Supervisory Authority and the Client’s end-users regarding any such breaches.
  • When applicable, preparing data protection impact assessments and engaging in consultations with relevant Supervisory Authorities as required.

 

Company will assist the Client in these matters, recognizing the respective responsibilities of the Data Controller and the Data Processor.

 

Return and deletion of data

 

2.11 Unless otherwise mandated by applicable law, Company is not obligated to retain the Client’s data following the termination of the agreement and the deletion of the Client’s account and all associated accounts.

2.12 Upon the Client’s request, Company will either delete or return all Personal Data to the Client upon the conclusion of the Service related to processing. Additionally, Company will delete any existing copies of the data, unless retention is required by applicable law. The choice between deletion and return of the Personal Data will be at the discretion of the Client.

 

  1. Purposes and grounds for processing

 

3.1 As a Controller, Company processes your Personal Data to provide you with the Service, enhance the Service, address any Service-related issues you may encounter, and ensure you have the best customer experience possible.

3.2 Company collects and processes your Personal Data for various purposes, including but not limited to:

 

  • Registering you for the Service by creating your Designix.org account and providing you with access to the Service.
  • Sending invoices and processing payments for the Service.
  • Personalizing your use of the Service based on your account settings.
  • Analyzing your performance within our Service as a feature.
  • Communicating with you to inform you about Designix.org Service, provide Service-related support, answer your questions, and process your requests.
  • Improving the Service and developing new features.
  • Conducting analytics and measurements to understand how our Services are utilized. For instance, we analyze data regarding your Service usage to optimize product design, generate reports, and create statistics about the use of Designix.org
  • Delivering personalized ads, promotions, and offers to you.
  • Safeguarding the legal interests of Designix.org, its Clients, Users, and other third parties, as well as fulfilling legal obligations such as enforcing our Terms & Conditions or Privacy Policy, complying with applicable laws, and assisting law enforcement authorities.

 

Please note that we will seek your consent before utilizing your information for purposes not covered in this Privacy Policy.

 

3.3 Company ensures that the collection and processing of your Personal Data are based on lawful grounds. The legal basis for processing your Personal Data may vary depending on the specific data group and the purposes of processing. It’s important to note that we may process the same Personal Data for multiple purposes simultaneously, each with its own legal basis.

 

Contract: In most cases, the legal basis for processing your Personal Data is the contractual relationship between you as a User of the Service and Company. We require certain information to establish the contract and fulfill our obligations arising from it.

 

Legitimate interests: Processing your Personal Data may be necessary to pursue the legitimate interests of Company or third parties, provided that such processing does not outweigh your rights and freedoms. For example, we may process your data for marketing purposes to grow and improve our business. Other legitimate interests include maintaining the Service to meet the needs of our Users and Clients, making the Service freely available through advertising, detecting and preventing fraud, abuse, security and technical issues, fulfilling obligations to our partners, and enforcing legal claims, among others.

 

Consent: We may process certain Personal Data based on your explicit consent. This applies to information that is not required for the performance of the contract but that you voluntarily provide. By taking clear affirmative actions such as uploading your photo to your Company account, entering notes, entering your email address in the blog subscription field, and clicking “subscribe,” you indicate your consent to the processing of the respective Personal Data. Similarly, by using the absence calendar and adding “away time,” you actively make this information available in your Company account. It’s important to note that you have the right to delete this information and withdraw your consent at any time.

 

We ensure that the legal grounds for processing your Personal Data are appropriately established and respected based on the specific circumstances and purposes of processing.

 

  1. Information we collect from Company users

 

4.1 When using the Company Service, we collect, generate, and receive information through various means. Some of this information may include Personal Data.

 

Information provided during account creation:

 

4.2 As a User of Company Services, you provide us with information that contains your Personal Data. When you register and create your profile, you provide us with the following information:

 

  • Full name
  • Email address
  • Password
  • Payment information
  • Phone number

 

4.3 It’s important to note that certain features within the Service allow Users to voluntarily disclose additional Personal Data, such as uploading a profile photo or entering data into notes. There may also be instances where special category data, such as health-related information, is provided when using the absence calendar function. Please be aware that Company does not require Users to submit such data, as it is not essential for the provision of the Service. Users are able to utilize the Service without providing the aforementioned optional data.

 

Third-party integrations

 

4.4 Within the Company Service, you have the option to integrate third-party services for certain functionalities. These third-party services are software applications that can be connected to the Service, and you have the ability to enable or disable these integrations for your Company account.

 

Information generated when using the Service

 

4.5 When using the Company Service, some of the information processed is generated by you and may include Personal Data. Company captures the following information during your use of the Service:

 

  • IP address from which you logged in
  • Browser type and software version
  • Names of applications used
  • Names of tasks to be worked on
  • Websites visited
  • Company client version
  • Path to the application
  • Start and end times of usage

 

Please note that while Company may record the number of keystrokes or mouse movements, it does not record the specific content of what you type or where you click.

 

4.6 If you are an end-user and not the Client of the Service, the information mentioned above is provided to Company by the Client (e.g., your employer).

 

  1. Information we collect from Designix.org website visitors

 

5.1 Upon visiting our website we may collect and process the following information that may contain your Personal Data:

 

  • Your device and browser
  • Your IP address
  • Other information that is collected from cookies and similar technology we use.

 

5.2 When you subscribe to our blog or newsletter we will process your e-mail address to send you informative materials, such as newsletters, advertisements and others. At any point in time you can unsubscribe from receiving the above-mentioned information in your e-mail footers.

 

  1. Retention period

 

6.1 Company will retain your Personal Data associated with your Designix.org account for as long as you maintain your account or as required to provide you with the Service.

 

6.2 In the event that you, as a User, terminate your relationship with us by deleting your Designix.org account or ending the contract for Company Service, we may retain certain information to fulfill our legal obligations, resolve any disputes that may arise, prevent fraud and abuse, enforce our agreements, and protect our legitimate interests.

 

  1. Sharing your personal data with third parties

 

7.1 In order for Company to provide you with the Service, we collaborate with third-party service providers who assist us in various aspects of our business operations. As a result, we may share your Personal Data with these third-party service providers, who process your personal data on behalf of Company.

7.2 The recipients of your Personal Data may include hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics providers, email distribution and monitoring service providers, session recording service providers, marketing service providers, legal and financial advisors, and others (“Third-Party Service Providers”).

7.3 We only share the strict minimum amount of Personal Data necessary for these Third-Party Service Providers to perform the requested services. Company only shares Personal Data with Third-Party Service Providers who can demonstrate that they have implemented appropriate measures to ensure that Personal Data is processed in compliance with GDPR and other applicable laws and regulations.

7.4 In certain situations, Company may have a legal obligation to share your information with third parties. This may occur when sharing your Personal Data with a third party is required by law or when information is requested by public authorities.

7.5 Company may share your Personal Data with its parent company, subsidiaries, affiliates, distributors, and resellers for the provision of Services and other purposes outlined in this Privacy Policy. Company may also share your Personal Data in the event of a sale, purchase, merger, acquisition, partnership, or restructuring of the company, or if Company is undergoing reorganization, liquidation, or bankruptcy.

7.6 Personal Data processed by Company may be transferred to recipients located outside of the European Economic Area (EEA). If Company transfers Personal Data outside of the EEA, Company will only transfer Personal Data to recipients who have implemented adequate data processing and protection measures or provided adequate guarantees to ensure an appropriate level of data protection.

 

  1. Data subject’s rights

 

8.1 Individuals located in certain countries, including the European Economic Area, have specific rights regarding their Personal Data under applicable data protection laws. These rights may include the right to access, update, delete, or correct your Personal Data, the right to restrict or object to the processing of your data, and the right to data portability, subject to any exemptions provided by law.

8.2 You can exercise these rights by logging into your Company account or by contacting Company using the contact information provided in Paragraph 12 of the Privacy Policy.

8.3 If you believe that Company has unlawfully processed your Personal Data, you have the right to lodge a complaint with Company using the provided contact information. You may also submit a complaint to the data protection supervisory authority in your country.

8.4 If you are an individual whose Personal Data has been provided to Company by the Client (e.g., an employee of the Client), please contact the Client directly to exercise your rights as a Data Subject as stated above.

8.5 In the event that Company receives a complaint or request from an individual whose Personal Data has been provided to Company by the Client and that individual is exercising their rights as a Data Subject, Company will not respond to such complaint or request without prior written authorization from the Client.

 

  1. Personal data security

 

9.1 Company implements reasonable organizational, technical, and administrative measures to safeguard the confidentiality, integrity, and availability of Personal Data. Users, Clients, and their end-users are also encouraged to take precautions to protect their own Personal Data, such as using strong passwords for their Company accounts, limiting access to their computers and browsers, signing out after each session, and avoiding the disclosure of sensitive information that could potentially cause harm to the Data Subject.

9.2 Only authorized personnel of Company who are involved in the processing of Personal Data have access to such data and are bound by confidentiality obligations. They are prohibited from accessing or processing Personal Data without proper authorization unless it is necessary for the intended purposes of data processing.

9.3 In the event of a Personal Data breach, Company will comply with the obligations set forth in applicable laws and regulations. This includes notifying affected parties, such as Users, Clients, and supervisory authorities, as required by law. Company will also provide reasonable assistance in investigating the breach and notifying the relevant parties about the breach and its potential impact on Personal Data.

 

  1.  Data processing audit

 

10.1 Upon the Client’s written request, Company agrees to provide the Client with sufficient information to demonstrate compliance with the obligations stated in this Privacy Policy and applicable laws and regulations. Company will disclose the information within its control as long as it is not prohibited by applicable law, confidentiality obligations, or any other obligations to third parties.

10.2 If the information provided to the Client is insufficient to confirm Company’s compliance with this Privacy Policy, Company agrees to allow and contribute to data processing audits.

10.3 These audits may be conducted by an independent third party with a reputable market reputation, provided they possess the necessary experience and competence to carry out data processing audits. The selection of the auditor must be mutually agreed upon by the Client and Company.

10.4 The timing and practical aspects of such audits or inspections are determined by Company. The Client is responsible for the cost and expenses associated with the audit, and Company reserves the right to charge the Client for any additional work or costs incurred in connection with the Client exercising these rights. The Client is entitled to request an audit once every two years.

10.5 The chosen auditor will be required to sign a confidentiality agreement that includes an obligation not to disclose business information in their audit report. The final audit report must also be provided to Company.

 

  1. Privacy policy changes

 

11.1 Company reserves the right to occasionally modify this Privacy Policy, especially when introducing new services or features. The updated Privacy Policy becomes effective and applicable as soon as it is uploaded to this page.

11.2 Therefore, we recommend checking this page periodically. By continuing to use our Services or providing Personal Data to us after the amendments to this policy have been implemented, you agree to the updated terms of the Privacy Policy.

 

Contact Information

 

If you have any questions about this Privacy Policy or our data processing practices, or if you wish to exercise any of your rights as a Data Subject regarding your Personal Data, please contact us via email at info@designtime.com or using the following contact details:

 

Company: Kustendil BG Ltd

Address: Krasna polyana 1, bld. 38a, fl.3, apt. 9, Sofia, 1330, Bulgaria

Email: info@designix.org

 

Please note that the above contact information is subject to change, and it is always recommended to refer to the most up-to-date contact details provided on the Company website or in the Privacy Policy itself.