PRIVACY POLICY

1. Introduction

This Privacy Policy is intended to help you understand what information we collect about you and how we process your personal data.

The Operator of https://wisebits.com/ (“Operator, Company”) is committed to protecting your personal data and privacy. The personal data we collect depends on the service requested and agreed in each case by the Company and/or its Affiliates and/or related companies (collectively referred to as the “Company” or “we” or “us” or “our” in this Privacy Policy). For all purposes of this Privacy Policy, Affiliate means any entity directly or indirectly, through one or more intermediaries, controlling, controlled by or under common control with the Company or by each other.

This Privacy Policy is directed to:

(a) candidates/job applicants;

(b) natural persons who have a contractual relationship with the Company.

2. Who we are

The Operator of https://wisebits.com/ is the controller responsible for the processing of your personal data for the purposes of the General Data Protection Regulation (the "GDPR").

For any inquiries about this Privacy Policy or your personal data, please contact us via email at: [email protected].

3. Definitions

For the purposes of this Privacy Policy, the following terms shall have the following meanings:

Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Collection and Use of Your Personal Data

If you are a candidate/job applicant, we may collect the following personal data that you provide directly when applying through our contact form:

(a) Identity data, such as first name, maiden name, last name, ID number, passport number, title, date of birth (city and country) and gender.

(b) Contact data, such as residential or business address, email address and telephone numbers.

(c) Other information, such as your IP address, marital status, insurance information, family member information, nationality, credit reference agency data, residence or work permit in case of non-EU nationals, employment position, educational background, employment history, tax information (e.g. tax identification number, tax residency).

If you are a person having a contractual relationship with us, or a prospective client or a non-client counterparty, we may collect the following personal data:

(a) Identity Data, such as first name, maiden name, last name, ID number, passport number,

username or similar identifier, marital status, title, date of birth (city and country) and gender.

(b) Contact Data, such as residential or business address, email address and telephone numbers.

(c) Marketing and Communications Data, such as your preferences in receiving marketing from us.

(d) Other information, such as banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, residence or work permit in case of non-EU nationals, employment position, educational background, employment history.

We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).

If you are a referee (person who can provide a reference for a candidate/job applicant), we may collect the following personal data that you provide directly when contacted via email:

(a) Identity Data, such as first name, maiden name, last name, username or similar identifier, title;

(b) Contact Data, such as residential or business address, email address and telephone numbers;

(c) Position Data, such as current position and company name where this position is held.

We collect and process different types of personal data, which we receive from you directly or from our contractors, in person or via their representative, in the context of the contractual relationship we have with you.

To the extent permitted by the law and for the fulfilment of our contractual or potential contractual relationship, we may collect and process personal data which has been lawfully obtained from third parties e.g. public authorities or companies that introduce you to us and/or from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers, the press, media and the internet).

5. Background Checks

When applicable, before making a final decision to recruit you or to enter into a contractual relationship with you, we may collect and process information relating to your criminal record in order to ensure that there is nothing in your criminal convictions history which will prevent us from hiring you or entering into a contractual relationship with you. We seek to ensure that our information collection and processing is always proportionate.

6. Legal basis for Processing Your Personal Data

We will process your personal data if one or more of the following applies:

(a) Where you have provided your consent.

(b) Where it is necessary for the performance of a contract.

(c) When it is necessary for the purposes of the legitimate interests we pursue.

(d) When complying with our legal obligation or cooperating with the authorities.

(e) When protecting the vital interests of any individual.

We note that when conducting the recruitment process, your personal data may be retained and used to process your application for other open positions within the Company which may be suitable, if you had consented to such processing.

7. Transfer of Your Personal Data and Personal Data Recipients

During the performance of our contractual and statutory obligations, your personal data may be provided to different departments within the Company and/or to third parties providing services to us. If it is necessary to share your personal data with a third-party service provider to perform our services and/or legal obligations, we enter into a contractual agreement with such third-party to ensure that they comply with the data protection law and GDPR. We require all third-party service providers to ensure the security of your personal data and to treat it in accordance with the law. We only permit our third-party providers to use your personal data for specified purposes and in accordance with our instructions and we only provide the necessary information they need to perform specific services.

Your personal data may be transferred to countries outside the European Economic Area if this is necessary for the performance of our contractual relationship or if such transfer is required by the law. To protect your personal data, we implement at least one of the following safeguards:

• We may enter into specific contracts as provided by the European Commission (such as the Standard Contractual Clauses).

• We may transfer personal data to countries for which the European Commission has issued Adequacy Decisions (available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_el) as they ensure an equivalent level of personal data protection.

Recipients of personal data may include third-party/ies service provider/s, income tax authorities, auditors and accountants, legal consultants and external legal consultants, service

providers, suppliers, agents, business partners, financial and business advisors, file storage

companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.

8. Security of Your Personal Data

The Company uses appropriate administrative, technical, personnel, and physical measures to protect your personal data. Authorised personnel and third parties service providers may have limited access to your personal data and they will only process your data according to our instructions. We also have a data breach procedure in place, and we commit to notify you and the competent authority for any breach or any suspected personal data breach where we are obliged by the law to do so.

9. Data Retention

We will retain your personal data for as long as necessary, to fulfil the purposes we collected it for, and to comply with a regulatory or statutory obligation.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the services to you.

• Whether there is a legal obligation to which we are subject.

• Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).

If the personal data were collected from a referee of for the purposes of hiring, but the process was not completed, such data will be deleted from our databases in accordance with applicable retention policies (24 months).

10. Your Rights

You have the right to:

(i) information about the processing of your personal data;

(ii) request access to your personal data;

(iii) request correction of your personal data;

(iv) request erasure of your personal data;

(v) object to the processing of your personal data;

(vi) request restriction of the processing of your personal data;

(vii) data portability;

(viii) withdraw your consent;

(ix) not to be subject to automated decision making and profiling, if applicable.

If you would like to exercise any of your rights or need further information, please contact us by sending an e-mail at: [email protected]

We will address your request regarding your rights within a maximum period of thirty (30) days, taking into account the specific circumstances and complexity of the request.

You also have the right to lodge a complaint at any time to the Data Protection Supervisory Authority of your country of residence.

11. Changes to the Privacy Policy

This version was last updated on 18.03.2025

We reserve the right to update, revise, amend or modify this Privacy Policy as necessary to reflect any changes in our data processing practices or evolving legal requirements.

We encourage you to periodically review this document to stay informed about how we are processing and protecting your personal information.