Privacy statement

This privacy statement sets out which personal data Strypes collect from you through our interaction with you and through our services and products, in which way this takes place, the role of cookies, for which we use the personal data, how long we store personal data, how you can view and change the personal data stored by us and how your personal data is protected by us.

Our company details are:

Kodar EOOD 9N Kuklensko shose str, fl. 3, office 3 and 7, Plovdiv Bulgaria M: +359 893516833 e-mail: office@kodar.net

Questions:

If you have any questions about the privacy and cookie policy of Kodar, as part of Strypes Group, exercising your rights, or requests regarding transparency, please contact Strypes Group by post or phone using the above information. It is also possible to send an email to privacy@strypes.eu Applicability of General Data Protection Regulation (GDPR) When processing data, the General Data Protection Regulation (GDPR) may apply. We refer to it further as the GDPR. The GDPR applies in the case of the fully or partially automated processing of personal data, but also to the manual processing of personal data included in a file or intended for recording therein. To determine whether the GDPR applies, the following questions are important:

1. Is data processed?
2. Is this data personal data?
3. Is this data processed automatically fully or partially, or is it included in a file or intended to be included in a file?
4. Is the data processing within the scope of the GDPR?

How do we obtain personal data?

Personal data is shared with us by employees, potential employees, customers, prospects, suppliers or if you have contact with us. We also obtain personal data by entering into agreements or through other business activities. These may be commercial project agreements for products or services, employment contracts, contracts for hiring in freelancers or temporary workers, subscriptions or licenses.

Which personal data is processed by us?

We collect the following personal data:

• name and address
• PIN
• date of birth and place
• phone number
• e-mail address
• bank account number
• identity card details (passport and citizen service number)
• health information
• any other information required by the bulgarian law

Processing targets: for what purposes do we process personal data?

Strypes uses the data that is processed for:

• business management
• recruitment
• delivery of products and services
• health and safety
• labor relationship
• benefits
• improvement of products and services
• offering events
• marketing campaigns

Business management

Strypes group works for contractors and supplies professionals to hirers. The legal requirement for such cases is that the contractor or the hirer obtains certain data from the identity card of the professional. In addition, as an employer Strypes Group is legally required to collect the information from the identity documents of its personnel in the payroll administration. The information from the identity card is obtained when an employee starts work at Strypes Group. The IDs information processed by Strypes Group is also used for inspections.

Delivery and improvement of Strypes products and services

We collect (personal) data that we receive via websites in order to be able to work effectively and to inform and provide our customers with the best possible information about our products and services. Furthermore, personal data may also be used for communication with customers and users, for example for providing information about user accounts, security updates and product information.

Recruitment for Strypes

We use personal data from our applicants for recruitment purposes. You may find more exhaustive information in Strypes group Applicant Privacy Notice. Strypes website and cookies We use cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site for you. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout. How do we store personal data? Personal data is stored by Strypes in the following databases and companies:

• BambooHR
• Admin tool
• Jira
• G-suite
• Connexys
• SalesForce
• HubSpot
• MailChimp
• Pipedrive
• Aidos
• STM Nadezhda
• Doverie
• I&G Brokers
• Usit Colours
• Benefit System
• Bonusly

This list may be subject to change. With whom can your personal data be shared? Personal data is shared with: Strypes Affiliates ( Up2 Technology EOOD and Kodar EOOD)

• ICT Group and the other subsidiaries from the group.
• Customers, for whom Strypes fulfils service and/or management functions
• Clients, suppliers or subcontractors, government agencies and other business relations.

Basis for providing personal data The provision of personal data is based on:

• a legitimate interest
• legal obligation and/or implementing the agreement in accordance with the aforementioned objectives
• permission
• signed contract/agreement

Strypes deems the following means of communication as permission:

• handing over a business card at an event;
• request for information;
• quotation request;
• execution of an assignment;
• permission for use of data by email.

Rights of data subjects Strypes undertakes to:

• provide data subjects with reasonable information about the processing of their personal data
• provide data subjects with a copy of or otherwise provide insight into their processed personal data
• remove, correct, supplement or protect the personal data of data subjects on request, unless a legal (storage) obligation conflicts with this
• provide evidence that personal data of data subjects has been removed or corrected
• enable data subjects to exercise other rights under the applicable legislation.

Retention periods

Strypes ensures that it retains personal data only if it is necessary for specific purposes and strictly following the European and Bulgarian legislation. Your personal data will be deleted or made anonymous when your personal data is no longer necessary for the purposes for which these personal data were collected. Sharing personal data outside of Bulgaria If personal data is shared outside of Bulgaria, we will only do so if and insofar as this is legally permitted. Provided that transfer of your data outside EEA is needed, we will transfer it only if and insofar is legally permitted and/or have prematurely signed with the entity the data will be shared with all required documents in order to ensure your data and rights are protected. Obviously, we ask our data processors to store the personal data that is processed on our behalf on servers that are located within the European Union. How do we protect your personal data? Strypes does everything necessary to protect your personal data. To this end, Strypes has developed an information security policy based on ISO27001. The Information Security Policy is checked several times a year by an independent authority and an ISO27001 certificate is subsequently issued. Part of this policy includes the performance of a risk analysis for each system where data is collected. In addition to technical protection, people are also important. All our employees have a confidentiality clause in their labor contract. Strypes also invests significantly in raising employee awareness in the area of information security and data privacy.

Policy amendment

Strypes Group may amend this privacy statement from time to time. You can always view the most recent version via the hyperlink “/ Privacy Statement” on the Kodar website.