Version 1.0, Revision 1
Terms below shall have the following meanings:
- “Provider”, “we”, “us”, “our” means Rush Ltd., having its registered seat and address of management in 13 Knyazhevska Str., block of flats Yuta, entr. B, fl. 2, apt. 14, city of Ruse, 7000, Bulgaria, registered in the Trade Register by the Registry Agency of the Republic of Bulgaria with UIC 206094250 and represented by the Managing director Kiril Kirilov.
- “License” means the Product license granted to the User by the Provider.
- “Website” means https://www.rush.app
- “Third parties” means any other persons, organizations and authorities, besides the Provider and the User.
- “Product” means:
“Rush” – parcel tracking module that connects User’s e-commerce store with various carriers. “Rush” collects and visualizes tracking information in real time and provides the User with a branded tracking page, Order Lookup and an Import/ Export Orders options that have the goal to make the parcel tracking from various carriers easier and more comfortable for the User and his customers.
Basic principles for the processing of personal data
We process personal data lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency“);
We process personal data collected for specific, explicit and legitimate purposes and do not further process them in an incompatible with those purposes manner (“purpose limitation“);
The processed personal data are appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“minimization of data”);
The processed personal data may be kept up to date at any time by taking all reasonable measures to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are being processed (“accuracy”);
The personal data processed by us are stored in a form that allows the data subject to be identified for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
The personal data processed by us are stored in a manner that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures (“integrity and confidentiality”);
In the event you have questions about the privacy of the personal data disclosed to us or you want to contact us about a privacy issue, you may contact us at the following e-mail: [email protected]
What personal data we process
We collect your personal information so that we can provide our goods and services as well as continually improve them.
Here are the types of information we collect:
Information you provide to us: We receive and store any information you provide in connection with the Provider’s Services.
For example: information related to searches on our platform, orders, e-mail, telephone, address, queries, details of requests for access to personal information, etc.
Should a license has been granted to you we shall receive the information that is to be visualized by our Product and which may include personal data of clients of the User’s online store.
Automatic Information: Automatically retrieve and store certain types of information when using https://www.rush.app website.
For example: information on the use of the site, including your interaction with the content and services available through the site.
For example: the Internet Protocol (IP) address used to connect your computer or other device to the Internet; computer, device, and connection information, such as device type and application version or browser type, browser plug-ins types and versions, operating system, or time zone settings; the location of your device or computer; Content interaction information such as content downloads, streams, and playback details, including the duration and number of simultaneous streams and downloads, as well as Streaming and Download Quality Network data, including information about your Internet Service Provider; connectivity data and any errors or unsuccessful events; Site metrics (technical errors, interactions with features and service content, setup preferences, and backup information, etc.)
We may also use device IDs, cookies, and other device, application, and web page technologies to collect browsing, usage, or other technical information for the purpose of preventing fraud.
Information from other sources: We may receive information for you from other sources:
For example: information about the number of page views.
What are cookies?
On what basis do we collect and process your personal data
We collect and process your personal data legally and in accordance with this Policy and the Terms of Service of the website. We process data when you explicitly consent to the processing of personal data, or the processing is necessary for the performance of a contract to which you are a party or for taking steps on your own initiative prior to the conclusion of a contract (such a step is the simple use of the site without having to make a purchase request/ conclude a license agreement). The processing of the data is also necessary for the purposes of our legitimate interest, namely: when without processing a certain type of data we could not provide our services and enter into a contract for providing each of the services on the website, serving our customers and bringing value to our users.
For example: collecting information about site searches, using and analyzing this data is our legitimate interest because it is a basic method of determining the quality of the services we provide and a vital means of improving them.
Due to the above grounds for collecting and processing personal data, in the event that you do not wish to provide the Provider with the personal data that is needed to enter into contractual relationship, the Provider shall be in a factual inability to provide you with the services and products at https://www.rush.app.
Purposes of processing of personal data
We process your personal data in order to provide and improve the goods and services on the website. These purposes include:
Purchase and providing of SaaS. We use your personal information to handle your order, provide our Product and services, make payments, and communicate with you in relation to the licensed SaaS, and in certain cases after your explicit consent, to send promotional offers, bulletin, news, etc.
Provide, troubleshoot, and improve Provider’s services. We use your personal information to provide functionality, analyze performance, correct errors, and improve usability and site and product performance.
Recommendations and personalization. In some cases we may use your personal information to recommend features, products, and services that may be of interest to you, identify your preferences, and personalize your site/ product experience.
Implementation of statutory obligations. In some cases, we have a legal obligation to collect and process your personal data.
For example: We process personal data to fulfill obligations arising from accounting and tax legislation.
To communicate with you. We may use your personal information to communicate with you in relation to the products and services we provide through various channels (e.g., by phone and e-mail).
Prevention of fraud and credit risks. We process personal information to prevent and detect fraud and abuse to protect the security of our clients.
Purposes for which we seek your consent. We may also request your consent to process your personal data for a particular purpose that we are reporting to you. When you agree to process your personal information for a particular purpose, you may withdraw your consent at any time and we will terminate its processing. However, this does not apply if the processing is necessary for another legitimate purpose.
Categories of persons to whom we disclose user personal information
We can share personal information of our Users with third parties who are Data processors. Data processors are persons who process personal data on behalf of us on the basis of a written agreement. They are not allowed to process the personal data they have been provided with for purposes other than the performance of the work assigned to them by us. Data Processors are required to follow all of our instructions.
We take the necessary steps to ensure that the engaged processors strictly adhere our personal data protection policies and instructions and that they have taken appropriate technical and organizational measures to protect personal data.
Examples of Data processors are:
- Providers of web based data storage services;
- Service providers for deploying and / or maintaining information systems that are sometimes required to access personal data processed in the respective systems for the purpose of providing the services;
- Payment service providers may process personal information in some cases;
- Carriers may process personal information in some cases.
We may share personal information of our Users with attorneys, account houses, or other consultant service providers in case of dispute or for optimization purposes;
We can share personal information of our Users with banks and payment institutions. In connection with the servicing of consumer payments made by bank transfer or through a payment institution, it is necessary to exchange data between the Provider and the respective bank or payment institution.
Third persons in connection with a transformation (e.g. merger or acquisition) or transfer of an enterprise. In the event of Provider’s transformation, as well as in the event of transfer of assets in accordance with the applicable law, it is possible that the personal data of the Users administered by us may be provided to a third person who is the legal successor.
Authorities. The legislation of the Republic of Bulgaria requires form us to store certain User personal data for a certain period of time. Where legally established preconditions exist, such personal data processed by us should be provided to the competent authorities.
What methods we use to protect your personal information
We work hard to protect the security of your information during the transmission by using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter.
In addition, we maintain physical, technical and procedural guarantees regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we can sometimes ask for proof of identity before disclosing personal information to you.
Devices that store your personal data offer security features to protect against unauthorized access and data loss.
Please note that it is also important to protect yourself against unauthorized access to your own computers and devices.
How long do we store your personal data?
For example: In order to meet our tax and accounting obligations, purchasing of a license data is stored for a period of 11 years.
Upon the expiration of the deadlines for the processing of personal data, they are anonymized or deleted/ destroyed unless:
- are required for pending court, arbitration, administrative or enforcement proceedings, or upon appeal by the User concerned, to be dealt with by the Provider; or
- a User has exercised his/ her right to request a limitation of the processing of his/her personal data;
We make all efforts to ensure that processed User data is updated (and corrected if necessary) and that unnecessary data is not being stored.
General Information on the Rights of Individuals
We take actions at the request of an individual to exercise the rights under this section only if we are able to identify the person concerned.
Only persons who can be identified by us have the ability to exercise their rights under this section. If the purposes for which we process the personal data do not require or no longer require the identification of an individual, we are under no obligation to maintain, obtain or process additional information to identify the person for the sole purpose of taking action on at the request of that person.
We provide individuals with information on the actions taken in connection with their requests for exercising rights under this Section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests. We inform the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay.
In the event of a rejection, we notify the individuals concerned of their rights.
If we do not take action at the request of an individual, we shall notify him/ her without delay within one month of receipt of the request for the reasons not to act and of the possibility of filing a complaint to the Commission for Personal Data Protection and seeking legal protection.
If we have reasonable concerns about the identity of the individual submitting a claim under this section, we may request the provision of additional information necessary to verify the identity of the individual.
The actions taken by us regarding claims for exercising rights under this section are completely free to individuals unless their claims are manifestly unfounded or excessive. When a person’s claim is manifestly unfounded or excessive (for example because of its repeatability), we shall be entitled, in our sole discretion: (a) to refuse to execute the request; or (b) require the payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
Users of the website shall have the following rights:
Right of access by the data subject
Users have the right to obtain information on whether personal data relating to them is being processed. If so, users have the right to access the relevant data.
Right to rectification
In the event that personal data is inaccurate or out of date, users are entitled to require us to correct them.
Right to erasure (‘right to be forgotten’)
Users have the right to request the deletion of personal data related to them in the following cases:
- Personal data are no longer needed for the purposes for which they were collected or processed;
- The user has withdrawn his/ her consent on which the processing of personal data is based and no other legal basis for the processing of the data;
- The user has objected to the processing of personal data based on our legitimate interest, unless there are other legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the user or the processing of data is necessary for the establishment, the exercise or protection of legal claims;
- The user has objected to the processing of personal data for direct marketing purposes and there are no other legitimate grounds for processing this data;
- Personal data relating to the user concerned have been tampered with;
- Personal data must be deleted in order to comply with a legal obligation under the law of the Republic of Bulgaria or the laws of the European Union.
Right to restriction of processing
Users have the right to request from us to restrict the processing of personal data related to them in the following cases:
- The accuracy of personal data is contested by the user for a period that allows us to verify the accuracy of personal data;
- The processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
- The Provider no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defense of legal claim;
- The user has objected to the processing of personal data based on his/her legitimate interest, pending verification that his legitimate grounds has an advantage over our interests.
Right to data portability
Users have the right to obtain the personal data provided by them in a structured, widely used and machine readable format, as well as to transfer this data to another Controller without hindering the Provider, in so far as:
- The Prover processes these data for the purpose of concluding or executing a contract with the User or on the basis of an agreement of the latter; and
- The processing of relevant data is done in an automated manner.
Users have the right to request the Provider to transfer their personal data directly to another Controller when this is technically feasible.
Right to object
Users are entitled, at any time and on grounds relating to their particular situation, to object to the processing of personal data relating to them when the Provider processes their data to protect their legitimate interests.
In certain cases, this right is unconditional and we will always discontinue the processing of data upon User objection.
For example, these are the cases where we process personal data for direct marketing purposes.
In other cases, depending on the nature of the objection and the circumstances exposed by the User, we will conduct an internal review of the objection and will rule thereon in accordance with this section by: (a) informing the consumer that it will cease processing of his/ her personal data; or (b) reasonably refusing to discontinue the processing of his/ her personal data, provided there is a legitimate reason for doing so.
You have the right to access, correct, delete, restrict, and limit your access to your personal information, and your portability through our built-in GDPR module.
Right of appeal to a supervisory authority
Users have the right to file complaints or alerts with the Commission for Personal Data Protection (CPDP) if they believe we violate the respective privacy laws. Instructions for submitting complaints are posted on the CPDP website: https://www.cpdp.bg.
Users may also submit complaints to other supervisory authorities within the European Union as provided for in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) or also called “GDPR”.