How sensitive customer details can leak in outsourcing

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.4

OutsourceBG Services Ltd (“Outsource.bg”) values the privacy of visitors to our website and individuals whose personal information we receive through the use of form submissions and other related services. This privacy policy explains how we collect personal information on our website, and how we use and disclose that personal information. This privacy policy also describes our collection and use of personal information on behalf of our customers (“Clients”) who subscribe to our Customer Identity Management Platform and related services.

By providing your personal information to our website, you consent to the information handling practices described in this privacy policy. We encourage you to read the section titled “Your Choices” below to understand the choices you have with regard to your personal information.

This Privacy Policy also applies to personal information that we collect by other means, which we combine with personal information collected on our Outsource.bg Websites or through the operation and delivery of our Services.

This Privacy Policy is incorporated into and is subject to the Outsource.bg Terms of Service. Any capitalized terms not defined herein have the meaning set forth in the Outsource.bg Terms of Service.

1. Websites Covered

This privacy policy covers the information practices of websites that link to this privacy policy, including, but not limited to, outsource.bg.  Outsource.bg’s websites may contain links to websites operated by third parties. Outsource.bg is not responsible for the privacy practices or the content of such other websites. We encourage you to learn about such third parties’ privacy and security policies before providing them with personal information.

2. Information We Collect

We collect the following data about users: (1) information that you voluntarily submit to us (“User-Supplied Information”); (2) technical data automatically collected from all visitors to the Outsource.bg Website (described below under “Passive Data Collection”); (3) information we collect through our Services; and (4) information we collect from third-party sources.

User-Supplied Information. We may collect user-supplied information when you choose to provide us with your Personal information via the Outsource.bg Websites, including when you send us an email asking a question, register to attend an event, submit a form to receive marketing materials or email newsletters, or request any research or whitepapers.

Passive Data Collection. Like most web-based services, we automatically receive and record information in on our server logs from your browser when you use the Outsource.bg Websites. We may use a variety of methods, including clear GIFs or Pixels (also known as “web beacons”) and “cookies”, to collect this information. We use both session and persistent cookies. The information that we may collect with these automated methods may include, for example, your IP address, cookie information, a unique device or user ID, browser type, system type, the content and pages that you access on the Outsource.bg Websites, the frequency and duration of your visits to the Outsource.bg Websites, and the “referring URL” (i.e., the page from which you navigated to the Outsource.bg Websites). We may also use cookies on the Outsource.bg Websites to store session validators on your hard drive. If we directly combine any information gathered through passive means with Personal information, we treat the combined information as Personal information under this Privacy Policy. Otherwise, we use information collected by passive means in aggregated forms.

For additional information about the technologies that we use and how they operate, please see our Cookie Policy below.

3. Use of Collected Information

We use personal information to establish and enhance our relationship with you. We may use personal information to operate, provide, improve, and maintain the Outsource.bg Websites; to prevent abusive and fraudulent use of the Outsource.bg Websites; to personalize and display content on the Outsource.bg Websites; where permitted by applicable law, to send you information, including via email, about our products and Services in which we believe you may be interested; to respond to your inquiries and for other customer service purposes; and for other administrative and internal business purposes.

We may use your e-mail address, including any email address provided at www.gdpr-wp.com or through the Outsource.bg Websites as set forth in the “Communications and Unsolicited Marketing Communications” section.

On the Outsource.bg Websites, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Outsource.bg Websites; and (b) monitor aggregate website usage metrics such as total number of visitors and pages viewed.

4. Disclosure of Collected Information

We do not sell or rent email addresses and other personal information that we collect directly through the Outsource.bg Websites. Please be aware, however, that any information that you voluntarily choose to display on any publicly available portion of the Outsource.bg Websites, or on any Service, becomes publicly available and may be collected and used by us or others without restriction. We share your information, including personal information, as follows:

Outsource.bg Service Providers

We may provide personal information to third parties for their use in performing internal business functions (e.g., maintenance, security, data analysis, email transmission, CRM, database management services, email marketing, surveys, or data hosting) on our behalf. We require such third parties to agree to only use your personal information in accordance with this Privacy Policy and for no other purpose than to provide us with necessary services.

Legal Requirements

We may disclose personal information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose personal information where we, in good faith, deem it appropriate or necessary to prevent violation of the Outsource.bg Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Outsource.bg, any individual, or the general public; maintain and protect the security and integrity of our Services or infrastructure; protect ourselves and our Services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.

Aggregate Information and Non-Identifying Information

We may share aggregated information with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Outsource.bg Services.

5. Your Choices

On the Outsource.bg Websites

Privacy Preferences

You may, as a visitor to our website, choose not to provide us with personal information. You may also, at any time, access your personal information to update, correct, or delete certain personal information about you by contacting us at office@outsource.bg or at the address set forth below in the “Contact Us” section. You also have the right to obtain from Outsource.bg the erasure of personal data about you in accordance with applicable data privacy laws. You may exercise your rights with the following requests:

Exercise Your Rights

Request to be removed:

Top of Form

 

Bottom of Form

Request Access to your data:

Top of Form

 

Bottom of Form

Submit a complaint:

Top of Form

Bottom of Form

Request rectification:

Top of Form

Bottom of Form

In addition, you may decide not to opt–in, either when you first provide Outsource.bg with any personal information, to receive marketing information from Outsource.bg about products and Services (including our products and Services and those of third parties). See also Section 6, “Communications and Unsolicited Marketing Communications”, for additional information regarding changing your preferences or opting out of receiving marketing information.

Please be aware that even if you update or remove personal information that you have provided to us, your personal information may be retained in our backup files and archives for a reasonable period of time for legal purposes.

6. Communications and Unsolicited Marketing Communications

If you opted in to receive communications from us, including through office@outsource.bg, we may send you administrative messages and updates regarding your account, updates regarding the Outsource.bg Websites, and, where permitted by applicable law, information regarding our offer, products and Services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial email messages, you may indicate your preferences regarding commercial email messages by taking the steps described in such messages. Also, you may indicate your preferences regarding commercial email messages and postal mail messages by contacting us using the information in the “Contact Us” section below.

7. Client Data

We collect, use, and retain certain information at the direction and on behalf of our Clients from individuals (“End Users”) who use the Client website (Client Data). Outsource.bg has no relationship with such End Users whose Client Data we process on behalf of our Clients. We also do not decide how the Clients use such Client Data. Outsource.bg does not access and use the Client Data, except at directed by our Clients or required by law.

Information Collected Directly Through Use of the Services about End Users: We collect two types of data about End Users: (1) information that is passed through the Service as a result of use of the Website and (2) technical data automatically collected from all visitors to pages of your website that load the Services. The information that we collect on your behalf depends on the particular Services to which you subscribe and your preferences. Social network and/or identity providers are hosted by a third party and on our Client’s service. The Client’s and the End User’s interaction with these features are governed by the privacy statement of the company providing it.

End User Information: We maintain no rights to use any End User Personal Information transmitted to us on your behalf through the Outsource.bg Website or received from the social networks, except to make the Services available to you and/or End User.

We use the information that we collect automatically about the use of our Website to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.

If you are a customer of one of our Client’s, and you want to edit or delete any information captured about you on that Client’s website, you should contact the Client directly.

8. International Users

The Outsource.bg Websites are hosted in Bulgaria, and we may use service providers in Bulgaria and elsewhere to process personal information on our behalf. If you use the Outsource.bg Websites outside Bulgaria, please note that your personal data may be transferred outside of your home jurisdiction to Bulgaria and to other jurisdictions where our affiliates and service providers are located. Some of these jurisdictions, including Bulgaria, do not have equivalent data protection laws as the European Union and other jurisdictions. By using our Websites, you are agreeing that your personal data may be transferred to Bulgaria and other jurisdictions, as explained in this Section.

For EU residents, see Section 9, “EU and the Privacy Shield” below, for information regarding (i) Outsource.bg’s participation in the EU-US Privacy Shield Program through its Solution Partnership with Gigya and (ii) Outsource.bg’s handling of Personal information received from the European Union as a Subprocessor of Clients for its cloud Services.

9. EU, Switzerland and the Data Privacy Shield Framework

Outsource.bg complies with the E.U.- U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries and Switzerland in conjunction with its contractual relationship with Gigya. Outsource.bg is a sub-processor for Clients websites that utilize our Services and certifies its processing of personal information from E.U. member countries and Switzerland is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the “Principles”). You may view the certification for which Outsource.bg adheres to through its Solution Partnership with Gigya here https://www.privacyshield.gov/list. Gigya and its subsidiaries are subject to the investigatory and enforcement authority of the Federal Trade Commission.

Information We Process. We collect, in accordance with the Privacy Shield principles, the categories of information described in sections 2 and 7 above. We process personal information about website users for the purposes described in section 3 above. Please note: additional information about Outsource.bg’s participation in the Privacy Shield program, with regard to data collected in a capacity as a processor to our Clients, is available by contacting office@outsource.bg.

Accessing Personal information. The Privacy Shield Principles provide individuals located in the E.U. and Switzerland whose personal information we process with the right to access their personal information in order to review, correct, amend or delete information processed under the Principles. E.U. and Swiss individuals who use our Site and would like to access their personal information may contact Outsource.bg at office@outsource.bg or at the address set forth in the “Contact Us” section. Additionally, anyone with a registered account on the Outsource.bg Websites may, at any time, review, update or correct the Personal information in their registration profile by using the tools provided within this privacy policy to make a request.

E.U. and Swiss End Users whose personal information we process on behalf of a Outsource.bg Client (as a data processor) should first contact the Outsource.bg Client, who is the controller of your personal information, to access their personal information; Outsource.bg will work with its Clients to provide End Users the necessary access about what personal information is processed.

Transfers to Third Parties. As described in the “Disclosure of Collected Information” section above, we may transfer personal information from the E.U. and Switzerland to third parties. We contractually require third parties to whom we transfer personal information to provide the same level of protections as the Principles. Outsource.bg remains responsible for the personal information we receive and transfer under Privacy Shield as it relates to our Services.

In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.

Contacting Us, Complaints and Dispute Resolution. E.U. and Swiss individuals who have questions or complaints about how we process their personal information may contact us at office@outsource.bg. We will work to resolve your issue and respond no later than 45 days of receipt.

10. Security

The security of your information is important to us, including, but not limited to, the personal information collected via the Outsource.bg Websites and Services. We use reasonable security measures to protect against the loss, misuse, and alteration of Personal information under our control, both during the transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. Although we make good faith efforts to maintain the security of such personal information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.

If we learn of a security breach involving your personal information, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Outsource.bg Websites or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Outsource.bg Websites. If a security systems breach occurs, we may post a notice on our homepage (outsource.bg) or elsewhere on the Outsource.bg Websites and may send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach, involving your personal information, in writing. This notice paragraph applies to users of the Outsource.bg Websites and our Clients who utilize our Services on their third party websites only. Should there be a breach that affects End Users of Clients, the Client will be responsible for disseminating notice of such a breach to those End Users.

11. Children

The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. Outsource.bg’s Websites are not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide personally identifying information through our websites. Additionally, we do not knowingly collect or maintain personal information from anyone under the age of 13, unless or except as permitted by law. If we learn that personal information has been collected from a user under 13 years of age on or through the Outsource.bg Websites, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Outsource.bg Websites or you believe has otherwise provided personal information to Outsource.bg, please contact Outsource.bg at office@outsource.bg to have that child’s account terminated and information deleted.

12. Analytics

In addition, we use Google Analytics to analyze our users’ use of the Outsource.bg Websites. Google Analytics is currently on outsource.bg and www.gdpr-wp.com. Google Analytics provides us with aggregated data in order to help us make informed business decisions. Ultimately, Google, as a third party, controls information collected through Google Analytics and you should check and be comfortable with its privacy practices prior to using the Outsource.bg Websites. You may review information about Google’s privacy practices with respect to Google Analytics at http://www.google.com/analytics/learn/privacy.html.

13. Third-Party Ad Networks

We use third parties such as network advertisers to assist us in displaying advertisements on third party websites, and to evaluate the success of our advertising campaigns. Network advertisers are third parties that display advertisements based on your visits to our Website as well as other websites. This enables us, and these third parties, to target advertisements by displaying ads for products and services in which you might be interested. Third party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third-party advertisers with information about your usage of our Websites, as well as aggregate information about visitors to our Website.

You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).

Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Site or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.

14. Updates to This Privacy Policy

We may occasionally update this privacy policy. If we do, we will change the “effective date” at the top of the privacy policy. Before making any update that would make this privacy policy materially less restrictive in our use or disclosure of personal information collected prior to the update, we will provide prior notice of the update by posting notice on our website at the top or bottom of the then-current privacy policy. We encourage you to periodically review this privacy policy to stay informed about our collection, use, and disclosure of personal information. Your continued use of our websites constitutes your agreement to our then-current privacy policy.

15. Contact Us

If you have questions about this privacy policy, you may contact us at office@outsource.bg.

Cookie Policy

Like most web based services, OutsourceBG Services Ltd (“Outsource.bg”, “we” or “us) may automatically receive and record information when you use the Outsource.bg Websites and Services. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information.

This Cookie Policy aims to inform you about our use of such cookies and clear GIFs, but does not govern the use of the Outsource.bg Websites nor the processing of Personal Information on the Outsource.bg Websites. The Cookie Policy should therefore be read in conjunction with our Privacy Policy and the Outsource.bg Terms of Service. Any capitalized terms in this Cookie Policy are defined in the Privacy Policy or, in lack thereof, in the Terms of Service.

1. Cookies and Other Automated Means of Passive Data Collection

In this Cookie Policy, cookies and other automated means (e.g. web beacons) will be jointly referred to as ‘Cookies’ throughout this policy, except as set forth in this section.

This section provides more information about some of those technologies and how they work.

Cookies.

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Most major websites use cookies. Because the browser provides this cookie information to the website at each visit, cookies serve as a sort of label that allows a website to “recognize” a browser when it returns to the website.

Cookies store information about your activities on a website or other platform. For example, cookies can store your session information for easy sign-in to a website or other platform you have previously visited. They enable us to make your use of the Outsource.bg Websites and Services more enjoyable and to improve the functionality of the Service.

Clear GIFs.

Clear GIFs (also known as web beacons) are used in combination with cookies to help website operators understand how visitors interact with their websites. A clear GIF is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website. The use of a clear GIF allows the website to measure the actions of the visitor opening the page that contains the clear GIF. It makes it easier to follow and record the activities of a recognized browser, such as the path of pages visited at a website.

Clear GIFs, which can be embedded in web pages, videos, or emails, can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the Clear GIF, the IP address of your computer, and the URL of the web page from which the Clear GIF was viewed.

For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/cookies/.

2. What Information Do We Passively Collect?

The information that we may collect with these automated methods may include, for example, your IP address, cookie information, a unique device or user ID, browser type, system type, the content and pages that you access on the Outsource.bg Websites or Services, the frequency and duration of your visits to the Outsource.bg Websites or Services, and the “referring URL” (i.e., the page from which you navigated to the Outsource.bg Websites). We may also use cookies on the Outsource.bg Websites and Services to store session validators on your hard drive.

If we directly combine any information gathered through passive means with Personal Information, we treat the combined information as Personal Information under our Privacy Policy. Otherwise, we use information collected by passive means in aggregated forms.

3. How Do We Use Passively Collected Data?


4. On the Outsource.bg Websites

On the Outsource.bg Websites, we may use passively-collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Outsource.bg Websites; (b) monitor your participation in various sections of the Outsource.bg Websites; (c) customize our service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Outsource.bg Websites and our other services and systems, and to provide services and content that are tailored to you.

1. Through the Outsource.bg Services

Our Clients, in implementing Services, may utilize the Services API within their own websites. When you use the Service, servers passively collect data through the implementation of the API including, but not limited to, your IP address, page views, browser type, interactions with Services, the web page you are currently visiting and the web page you were visiting before you came to the Service, and social actions such as sharing and commenting. This information is used to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.

Please note that, as End Users utilizing Services on a Client’s website, that Client may also passively collect data subject to that website’s particular Privacy Policy, including, without limitation, non-Outsource.bg actions such as purchases and videos watched. You should read and be aware of the terms of service, privacy policy, and privacy practices of the website of any Client utilizing our Services.

4. What Cookies Do We Use and Why? We use the following types of cookies:

Strictly necessary cookies – These cookies are used for the sole purpose of either (i) carrying out a transmission of a communication over an electronic communications network, or (ii) to allow the provider of an information society service to provide such service as explicitly requested by you.

Performance cookies – These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. it is only used to improve how a website works.

Functionality cookies – These cookies allow the website to remember choices you make (such as your user name, language or region you are in) and provide enhanced, more personal features.

Social media cookies – These cookies are used based on social connect functionalities or when you make use of a social media add on button (e.g. clicking on the ‘Like’ icon on a webpage)

Advertising cookies – These cookies collect information about web browsing activity in order to inform advertising networks about website traffic in order to provide targeted advertisements based on previous browsing activity.

Whether a cookie is considered as a ‘first’ or ‘third party’ cookie refers to the domain placing the cookie. First-party cookies are those cookies set by a website that is being visited by the user at the time (e.g. cookies placed by [outsource.bg]). Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie.

Session cookies allow website operators to link your actions during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Persistent cookies on the other hand are cookies which remain on your device for the period of time specified in the cookie. We use both session and persistent cookies.

You can find more information about the individual cookies we use, and the specific purposes for which we use them, in the preference window.

5. How To Disable or Remove Cookies

Cookies

You can configure your Internet browser, by changing its options, to stop accepting cookies completely or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions of the Outsource.bg Websites or all functionality of the Services.

Please note that disabling these technologies may interfere with the performance and features of the Services.

You may also disable cookies on the Outsource.bg Sites by modifying your settings here:

Privacy Preferences

6. Changes and Updates to This Cookie Policy

We may occasionally update this Cookie Policy. If we do, we will update the “effective date” at the top of the Cookie Policy. If we make an update to this Cookie Policy that is materially less restrictive in our use or disclosure of passively collected data prior to the update, we will provide you with prior notice of the pending update and seek your consent by posting notice on the Outsource.bg Websites or by contacting you using the email address you provided.

We encourage you to periodically review this Cookie Policy to stay informed about our use of passively collected data. Your continued use of the Outsource.bg Websites constitutes your agreement to this Cookie Policy and any updates.

7. Contacting Us

If you have questions about this Cookie Policy, you may contact us at office@outsource.bg.