Privacy policy

PRIVACY NOTICE (EFFECTIVE DATE: 24^th August, 2022)

Rebura External Privacy Notice

PRIVACY NOTICE (EFFECTIVE DATE: 24^th August, 2022)

I. Introduction. Your privacy is important. This Privacy Notice (the “Privacy Notice,”) together with its addendums, our Terms and Conditions and any other documents referred to in this Privacy Notice or the Terms and Conditions explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with all personal data that we collect from you, or that you provide to us including via this website and any other websites or applications of Rebura Holdings Limited (United Kingdom) and its subsidiaries (collectively, the “Websites”). Rebura Holdings Limited (United Kingdom), its subsidiaries and our applicable affiliates (collectively, “we,” “us,” “our,” or “Rebura”) include Rebura Limited (United Kingdom), Rebura Inc. (USA), and the Jefferson Frank brand of Frank Recruitment Group Services Limited (United Kingdom). For more information on the privacy practices of our other affiliates not subject to this Privacy Notice including those which operate under Frank Recruitment Group Services Limited (United Kingdom) not mentioned here and its applicable affiliates, please see https://www.frankgroup.com/privacy-notice/.

This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites or through the consulting services that we provide. It therefore applies to personal data that you provide to Rebura telephonically, electronically (including email) and in person.

This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.

This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.

Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights.

This Privacy Notice applies to Rebura globally. The first part of the policy is general and applies globally. The second of the Privacy Notice is comprised of country-specific addendums, and where applicable, Rebura will handle Personal Data relying on certain exemptions under local law. Please be sure to check the addendums below to see if there is one that applies to your country or local jurisdiction. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.

II. Who are we?

Rebura is one of the fastest growing AWS Consulting Partners, AWS End User Computing (EUC) Partners, and AWS Solutions Providers in the world. We are a one-stop-shop for all of your AWS support, cost-optimization, and consulting needs (“AWS Services”).

If you want to contact Rebura or any of its group companies, please click here.

You can contact Rebura’s Chief Privacy Officer (“CPO”) by emailing privacy@rebura.com or by sending written correspondences here:

Rebura Limited
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer

III. Who does this Privacy Notice protect?

This Privacy Notice protects individuals throughout the world who access our Websites or receive AWS services from us. This also includes individuals who are employed by an actual, former or prospective Rebura client. A Rebura “client” is one of (a) a business that Rebura has contracted with to provide AWS services or is in the process of doing so, (b) a business that Rebura may solicit with the intention of providing AWS services or (c) a business to whom Rebura may provide relevant AWS services information. Additionally, Rebura acts as the data controller for Personal Data (as defined below) obtained concerning those protected under this Section III. Notwithstanding the forgoing, Rebura and/or Rebura Limited acts as the data processor for Personal Data (as defined below) obtained concerning those protected under this Section III during the provision of AWS services.

IV. What information will we collect?

Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:

Your name;

Business/company name;

Your gender;
Contact details e.g. street address, email address, cell (or mobile) or home telephone numbers;

Web browser type and version (automatically collected) [a list of URLs starting with a referring site, your activity on our Websites, and the site you exit to (automatically collected);

Job Title; and
IP address (automatically collected).

V. Why do we process your Personal Data?

Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:

A. All users of the Websites and/or our services

To provide our AWS services to you, your employer or your company;
To facilitate the AWS services process, including but not limited to:

To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;
To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);
To send you electronically or by post surveys, reports, Rebura event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);
To identify you, and respond to and process your requests for information and provide you with a product or service;
To amend records to remove personal information;
To use your information on a pseudonymized basis to monitor compliance with our equal opportunities policy, other Rebura policies and any legal or compliance requirements;
To use your information on a pseudonymized basis to create marketing materials; and
To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of Personal Data.

B. Entities or individuals who solicit or participate in AWS Consulting

To contact you, your employer, or your company about AWS Consulting services that Rebura provides, including but not limited to:
- optimisation,
- migration and enablement,
- monitoring and support,
- architecture review,
- audit and risk management,
- resource and professional services, and
- Amazon WorkSpaces implementation;
To communicate with you, your employer, or your company after Rebura has started a consultation to make sure all is going well or to remedy, or attempt to remedy, any problems;
To answer any questions you have about a consultation;
To fulfill any aspect of your employer’s or your company’s contract with Rebura;
To collect any money due, or allegedly due, to Rebura or any Rebura client (or Rebura’s client’s client);
To obtain or inquire about any property (including computers and confidential business information) owned, or allegedly owned, by Rebura or any Rebura client (or Rebura’s client’s client); and
To establish, exercise or defend any legal claims.

VI. Who do we send your Personal Data to?

A. All users of the Websites and/or our services

To third parties where we have retained them to provide services that we or you have requested or that Rebura clients have requested and to verify the details you have provided from third party sources.
To third parties to provide data storage, data cleansing and marketing (via email & SMS, standard SMS and text rates may apply) services to Rebura where such third parties have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.
To third parties to assist with credit control and payment management
To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.

To Rebura affiliates, whose locations can be found at https://www.frankgroup.com/contact . These entities will process your Personal Data in accordance with either this Privacy Notice or the privacy notice available at https://www.frankgroup.com/privacy-notice/, as applicable.

In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of Rebura (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document) and applicable law.

VII. What will Rebura do if my Personal Data is breached?

Rebura has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, Rebura cannot guarantee that your Personal Data will not be breached.

A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.

Once Rebura becomes aware of the breach, Rebura will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. Rebura will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.

If you believe, for any reason, that your Personal Data has been breached while in Rebura’s care, custody or control, please email Rebura immediately at privacy@rebura.com.

If Rebura obtains your Personal Data from someone other than you, this Privacy Notice includes all information required under applicable law except that Rebura shall not provide you with this information if you already possess this information, providing you with such information is against (or not mandatory under) applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, Rebura shall take appropriate measures to protect your rights, freedoms and legitimate interests. If you have any questions, please contact Rebura at privacy@rebura.com.

VIII. Will my Personal Data be transferred to another country?

Yes, Rebura may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to Rebura or the country of collection.

If so, Rebura will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where Rebura may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. Rebura will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.

Under certain circumstances, Rebura may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which Rebura collected your Personal Data. In such cases, Rebura will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.

IX. How long will Rebura store my Personal Data for?

We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations. This period of time will vary based on the law in your country and in the country where Rebura stores your Personal Data.

In addition, Rebura will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with Rebura, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.

X. Sending Rebura Personal Data over the internet

Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom Rebura has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.

XI. How we collect and aggregate information about visitors to our Websites

We also collect information about the way job seekers and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify candidates, clients, or jobs which may be of interest to you. We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.

XII. Technology and Tools

Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our clients and potential clients. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.

We also set out further information below about Cookies and Web Beacons.

A. What are cookies?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies.

Cookies are used are many, many websites, including Rebura’s Websites.

B. How do we use cookies and plug-ins?

We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website; and (2) monitor Website user traffic patterns and Website usage. Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.

C. There are different kinds of cookies with different functions.

The cookies we use are explained below:

Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
Strictly necessary cookies
These cookies are essential to enable you to use the Websites effectively and therefore cannot be turned off. Without these cookies, the services available to you on our Websites cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
Performance cookies
These cookies enable us to monitor and improve the performance of our Websites. For example they allow us to count visits, identify traffic sources and see which parts of the Websites are most popular. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our Websites work.
Functionality cookies
These cookies allow our Websites to remember choices you make (such as your username, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other pages of our Websites that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog.
Personalisation cookies

The Rebura Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular Rebura Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.

For information on how to reject these personalisation cookies, see Section E below

D. Cookies and Plug-ins set by Rebura or Third Parties used by Rebura

Below are tables listing the cookies that you may encounter on our Websites and the purpose for which we use each one and the duration that the cookie remains in place (unless you take action to reject the cookie). Rebura may update these tables from time to time. Most of the cookies on our Websites are set by third parties. Rebura works with several third parties to provide services which help us to keep the Websites tailored to your needs. Some of these vendors use cookies to help them deliver these services.

For our Rebura Websites generally:

Cookie	Domain	Type ⇅	Description
test_cookie	.doubleclick.net	Advertisement	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user’s browser supports cookies.
_fbp	.rebura.com	Advertisement	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	.facebook.com	Advertisement	The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behaviour of the user across the web on sites that have Facebook pixel or Facebook social plugin.
bscookie	.www.linkedin.com	Advertisement	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
_ga	.rebura.com	Analytics	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	.rebura.com	Analytics	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_gd_svisitor	rebura.com	Analytics	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_hjFirstSeen	.rebura.com	Analytics	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
pardot	.pardot.com	Analytics	The cookie is set when the visitor is logged in as a Pardot user.
lang	.ads.linkedin.com	Functional	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
bcookie	.linkedin.com	Functional	This cookie is set by LinkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lidc	.linkedin.com	Functional	This cookie is set by LinkedIn and used for routing.
lang	.linkedin.com	Functional	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
6suuid	.6sc.co	Other	No description
_an_uid	rebura.com	Other	No description
_gd_visitor	rebura.com	Other	No description
_gd_session	rebura.com	Other	No description
_hjid	.rebura.com	Other	This cookie is set by Hotjar. This cookie is set when the client first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
UserMatchHistory	.linkedin.com	Other	LinkedIn – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.
AnalyticsSyncHistory	.linkedin.com	Other	No description
_hjIncludedInPageviewSample	rebura.com	Other	No description
_hjAbsoluteSessionInProgress	.rebura.com	Other	No description
drift_campaign_refresh	rebura.com	Other	No description
visitor_id661413	.pardot.com	Other	No description
visitor_id661413-hash	.pardot.com	Other	No description
lpv661413	pi.pardot.com	Other	No description
_gat_UA-90769880-1	.rebura.com	Performance	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

E. How to reject cookies

If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the appropriate box at the bottom of any of the Websites, in a link called “Cookie Preferences.”

Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

For more information generally on cookies, including how to disable them or change cookies’ settings, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer. Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

F. Web Beacons

Rebura may use or include web beacons in emails or other electronic communications that Rebura sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email or by emailing privacy@rebura.com. However, you may receive auto generated emails from Rebura after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email privacy@rebura.com if you would like to stop receiving emails from Rebura with web beacons.

Also, Rebura works with third parties to help manage online advertising who embed web beacons in online job postings and job advertisements that Rebura requests these third parties to post online. These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party such as Google Analytics. These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables third parties to learn which advertisements bring users to our Websites or websites on which third parties placed our advertisements. The cookie on your web browser was placed by third party advertisers who work with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or third parties collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com.

XIII. Links to other websites

Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.

XIV. Changes to our Privacy Notice

We reserve the right to change this Privacy Notice from time to time by updating this Privacy Notice on our website. Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any Rebura services shall constitute your acceptance of the revised Privacy Notice.

Rebura will interpret and enforce this Privacy Notice in accordance with all applicable law.

This Privacy Notice was updated on 20th April 2018, March 11, 2021.

This Privacy Notice was last updated on August 24 , 2022.

[1] The “Purposes” listed in this chart are brief summaries and not intended to explain all or every reason why Rebura uses the particular cookie or plug in. If you have any questions about the cookie table, please click the link to the cookie creator’s website and/or email Rebura at privacy@rebura.com.

UNITED KINGDOM AREA ADDENDUM

I. Who is Rebura’s Supervisory Authority for Data Protection Purposes?

Rebura has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act of 2018 (“DPA2018”) and General Data Protection Regulation (“UK GDPR”). This Addendum applies to both United Kingdom only.

II. How do we lawfully process your data?

In order to process your Personal Data lawfully Rebura must have a legal basis to do so. Rebura relies on three main legal bases for processing your Personal Data:

where we obtain your affirmative consent to use your Personal Data in this way;
where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with Rebura.

We may rely on one or more legal bases to process your Personal Data.

A. All users of the Websites and/or our services

Legitimate Interests: Rebura uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our clients; to enhance their experience, to improve our services and to contact clients.

B. Individuals who work for Rebura clients (i.e. a client contact)

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to Rebura processing your Personal Data for this purpose. Rebura may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us.

Legitimate Interest: Rebura has a legitimate interest in processing your Personal Data in order to provide AWS services at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the AWS services marketplace and relevant technologies and to enhance the standing and recognition of our brands. Rebura also has legitimate interest to process your Personal Data if you seek or obtain further information about Rebura or an Rebura client.

Necessary for the performance of a contract: Rebura can process your Personal Data in the performance of its contract with your company or employer.

With respect to actual or prospective client contacts, if Rebura obtains your Personal Data from someone other than you, Rebura shall inform you of the identity and contact details of the person or entity from whom Rebura obtained your Personal Data, whether Rebura obtained your Personal Data from publicly available sources, the categories of Personal Data that Rebura obtained and, if Rebura is processing your Personal Data based on its legitimate interest (see Section III below), the nature of Rebura’s legitimate interest. Rebura shall provide you with the information listed in this paragraph by the earlier of (1) one month after Rebura obtains your Personal Data or (2) if Rebura uses your Personal Data to communicate with you, the first time that Rebura communicates with you.

Rebura shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, Rebura shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that Rebura deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com.

Please note that your right to erasure is not absolute. Rebura will remove your Personal Data when:

the Personal Data is no longer necessary in relation to the purpose for which Rebura originally collected and/or processed it;
if Rebura is processing your Personal Data on the basis of your consent and you withdraw consent;
you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
the Personal Data was unlawfully processed; and
the Personal Data must be erased to comply with a legal obligation.

Rebura can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise Rebura’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay. Please note that, for your and Rebura’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.

B. Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

obtain confirmation that your Personal Data is being processed;
a copy of your Personal Data being processed;
the purposes of the processing;
the categories of personal data being processed;
the recipients or categories of recipients to whom Rebura has disclosed your Personal Data; and
the criteria Rebura uses to determine how long it will store your Personal Data.

You can exercise this right by sending an email to Rebura at privacy@rebura.com.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, Rebura may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If Rebura so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to Rebura electronically, Rebura will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If Rebura did not collect your Personal Data from you, Rebura will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, Rebura will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that Rebura may extend this time period for up to two additional months if your request is complex or numerous. If Rebura exercises this extension of time, Rebura will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, Rebura may ask you to specify the particular information or category of information you seek.

Please note that, for your and Rebura’s protection, Rebura cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by Rebura for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

Rebura’s processing is based on its legitimate interest; or
where Rebura is using your Personal Data to directly market to you.

You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com.

If Rebura receives an objection request from you for reasons unrelated to direct marketing, Rebura will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If Rebura receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from Rebura and you do not wish to receive future direct marketing communications from Rebura, you may request to unsubscribe from future marketing communications by sending Rebura an email at privacy@rebura.com In addition, if the direct marketing communication you received was via email and has an “Unsubscribe” link, you can click the “Unsubscribe” link at the bottom of the email and fill out the required form. Whether through email or by clicking the “Unsubscribe” link, Rebura will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.

D. Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com. When you exercise this right, Rebura may continue to store your Personal Data but cannot further process it. Rebura will cease processing your Personal Data in the following circumstances:

when you file a rectification request with Rebura (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as Rebura has verified the accuracy of the Personal Data that is the subject of your rectification request;
where Rebura is processing your Personal Data based on its legitimate interest and you file a notice with Rebura objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, Rebura will cease processing your Personal Data until such time as Rebura has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
when the processing is unlawful and you do not seek or want erasure and you file a restriction request with Rebura in accordance with this Privacy Notice and applicable law instead; and
if Rebura no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, Rebura may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

Rebura will inform you if it decides to lift a restriction on processing.

If Rebura has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, Rebura will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

Rebura will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and Rebura’s protection, Rebura cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which Rebura acts on your restriction request.

E. Do I have a right to Personal Data portability?

Yes. You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from Rebura to another data controller.

This right applies where Rebura is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, Rebura will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, Rebura will respond to your portability request without undue delay and within one month of its receipt of your request, provided that Rebura may extend this time period for up to two additional months if your request is complex or numerous. If Rebura exercises this extension of time, Rebura will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that Rebura transmit your Personal Data to another data controller.

F. Do I have a right to object to decision been taken by automated means?

If Rebura uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by Rebura that is necessary for entering into or the performance of a contract between you and Rebura, is authorized by law or is based on your explicit consent.

If Rebura makes any Automated Decisions to which this right applies, Rebura will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If Rebura engages in “profiling” by automated means, Rebura will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?

Yes. You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com.

Generally, Rebura will respond to your rectification request within one month of its receipt of your request, provided that Rebura may extend this time period for up to two additional months if your request is complex. In rare cases, Rebura may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If Rebura so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If Rebura has disclosed any of your Personal Data to a third party and you submit a rectification request to Rebura that Rebura is going to honor, Rebura will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

H. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), Rebura will notify the ICO without undue delay, and if feasible, within one business day of Rebura’s becoming aware of the Breach. Rebura will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, Rebura will notify you without undue delay. To be clear, the threshold requiring Rebura to notify you of a Breach is higher than the threshold requiring Rebura to notify the ICO of a Breach so it is possible that Rebura will notify the ICO of a Breach but not you. Rebura will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by Rebura will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the information security manager (“ISM”) (or other Rebura contact representative if Rebura does not have a ISM at the time that Rebura issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that Rebura has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

I. Will my Personal Data be transferred outside the UK?

Rebura may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the UK, Switzerland, or European Economic Area (“EEA”). If so, Rebura will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the UK, Switzerland, or EEA where your Personal Data may be transferred will be on the ICO’s list of countries that it has deemed to have adequate security controls in place (the “Approved List”). Given the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”) and absent consent from the Data Subject (or any other reason provided in UK GDPR Article 49(1)(b)-(f), UK law as may be amended from time to time), if Rebura transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List or not in the UK (“Third Countries”), then Rebura shall determine whether each processor (and each subprocessor that a processor has provided Rebura formal notice of) can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List.

If Rebura determines that the processor (and each subprocessor that a processor has provided Rebura formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in the UK, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.
If Rebura determines that the processor (and each subprocessor that a processor has provided Rebura formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in the UK, then:
- Rebura will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by the ICO under S119A(1) Data Protection Act 2018, including but not limited to the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses VERSION B1.0, as in force 21 March 2022, any successor version thereto, and any other valid transfer mechanism promulgated by the ICO (collectively for this Addendum, “Model Clauses”). When relying on the Model Clauses, Rebura shall (a) monitor the laws and regulations of Third Countries for the adequate protections of UK Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed Rebura of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(b)(i)(b)(i) or (ii) occur, Rebura will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
Rebura shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List.

If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List, then Rebura shall contractually require the processors (and require processor to require its subprocessors to) do so.
If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then Rebura shall require its processors (and require processor to require its subprocessors to) to be bound by the Model Clauses. When relying on the Model Clauses, Rebura shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of UK Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(c)(2)(b)(i) or (ii) occur with respect to your Personal Data (and if Rebura has formal notice that the events described in III(I)(c)(2)(b)(i) or (ii) have occurred), Rebura will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.

Under certain circumstances, Rebura may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, Rebura will comply with its DPAs. The DPAs are incorporated by reference into this Addendum

J. How long will Rebura store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.

With respect to UK GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) Rebura concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of Rebura’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.

Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.

K. What Protections do I have if Rebura transfers my Personal Data to the U.S.?

In short, you have the protections of the Model Clauses, defined above. In addition to the Model Clauses, Rebura has additional contractual clauses that may apply to its United States clients and vendors which are in the United States of America Addendum below.

Rebura discloses Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients.

Rebura may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Any questions, complaints, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@rebura.com. If Rebura has not been able to satisfactorily resolve the issue, then you may raise it with your data protection authority (see paragraph immediately below).

L. UK residents. Should your complaint remain unresolved and you reside in the UK, then you should contact the UK Supervisory Authorities (the “SAs”) who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either to the UK SAs panel secretariat or individual UK SAs.

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)

Fax: 0162 552 4510

Or via below link :

https://ico.org.uk/make-a-complaint/

ICO regional offices

Scotland

Information Commissioner’s Office
45 Melville Street
Edinburgh
EH3 7HL

Tel: 0303 123 1115
Email: scotland@ico.org.uk

Wales

Information Commissioner’s Office
2nd floor
Churchill House
Churchill way
Cardiff
CF10 2HH

Tel: 0330 414 6421
Email: wales@ico.org.uk

Northern Ireland

Information Commissioner’s Office
3rd Floor
14 Cromac Place
Belfast
BT7 2JB

Tel: 028 9027 8757 or 0303 123 1114
Email: ni@ico.org.uk

EUROPEAN ECONOMIC AREA & SWITZERLAND ADDENDUM

This Addendum applies to the European Economic Area (“EEA”) and Swiss residents.

I. Who are Rebura’s Supervisory Authorities and EU Representative for Data Protection Purposes?

Rebura is not established in the EEA or Switzerland. Therefore, the supervisory authority for Rebura in the EEA is located in the EEA country in which you reside or where your Personal Data is processed under this Addendum as defined in Section III(L) below (the, “EEA SAs”). If you live in Switzerland, Rebura’s supervisory authority is the Federal Data Protection and Information Commissioner (“FDPIC”). Collectively for this Addendum, the EEA SAs and the FDPIC are the “SAs”). Rebura has appointed its Dutch affiliate, Frank Recruitment Group B.V., as its European Union Representative (“EU Rep.”).

II. How do we lawfully process your data?

In order to process your Personal Data lawfully Rebura must have a legal basis to do so. Rebura relies on three main legal bases for processing your Personal Data:

where we obtain your affirmative consent to use your Personal Data in this way;
where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with Rebura.

We may rely on one or more legal bases to process your Personal Data.

A. All users of the Websites and/or our services

Legitimate Interests: Rebura uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our clients; to enhance their experience, to improve our services and to contact clients.

B. Individuals who work for Rebura clients (i.e. a client contact)

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to Rebura processing your Personal Data for this purpose. Rebura may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us.

Legitimate Interest: Rebura has a legitimate interest in processing your Personal Data in order to provide AWS services at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the AWS services marketplace and relevant technologies and to enhance the standing and recognition of our brands. Rebura also has legitimate interest to process your Personal Data if you seek or obtain further information about Rebura or an Rebura client.

Necessary for the performance of a contract: Rebura can process your Personal Data in the performance of its contract with your company or employer.

With respect to actual or prospective client contacts, if Rebura obtains your Personal Data from someone other than you, Rebura shall inform you of the identity and contact details of the person or entity from whom Rebura obtained your Personal Data, whether Rebura obtained your Personal Data from publicly available sources, the categories of Personal Data that Rebura obtained and, if Rebura is processing your Personal Data based on its legitimate interest (see Section III below), the nature of Rebura’s legitimate interest. Rebura shall provide you with the information listed in this paragraph by the earlier of (1) one month after Rebura obtains your Personal Data or (2) if Rebura uses your Personal Data to communicate with you, the first time that Rebura communicates with you.

Rebura shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, Rebura shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that Rebura deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to Rebura at privacy@rebura.com.

Please note that your right to erasure is not absolute. Rebura will remove your Personal Data when:

the Personal Data is no longer necessary in relation to the purpose for which Rebura originally collected and/or processed it;
if Rebura is processing your Personal Data on the basis of your consent and you withdraw consent;
you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
the Personal Data was unlawfully processed; and
the Personal Data must be erased to comply with a legal obligation.