Privacy Policy

Revision as of June 02, 2026

 

1. General Provisions

1.1. This Privacy Policy of Benefits Plus for Partners (hereinafter — the Policy) defines the procedure for processing personal data processed by Benefits Plus (LLC "BENEFITS PLUS"; Location: 01042, Ukraine, Kyiv, Pechersk District, Saperne Pole Street, Building 12, Room 1014; State Registration Number: 45935270) (hereinafter — the Platform) in connection with Partners' access to the Platform, the conclusion and performance of B2B relationships, communication with Partners' representatives, administration of integrations, and support of Platform use.

1.2. This Policy is an informational document published on the website and is not a separate public contract. It applies to the data of Partners, their representatives, employees, contact persons, and other authorized persons whose data Benefits Plus receives within the B2B interaction.

1.3. Separate aspects of personal data processing may additionally be regulated by agreements with Partners, data processing agreements, security policies, internal procedures, and other documents of Benefits Plus.

 

2. Definitions

2.1. Benefits Plus — the administrator and operator of the Platform, which determines the purposes and means of personal data processing within the processes described by this Policy, unless otherwise expressly follows from the nature of a specific processing activity or separate contractual documents.

2.2. Platform — the website, personal accounts, API, software, integration interfaces, databases, event logs, and other components of the Benefits Plus ecosystem used to organize interaction between Partners and Providers.

2.3. Partner — a legal entity or individual entrepreneur that interacts with Benefits Plus in a B2B model, including transmitting data regarding End Users to initiate access to Providers' services.

2.4. Provider — a person who actually provides a service, work, digital product, or access to it to the End User and may receive from Benefits Plus data necessary for the technical and organizational support of such access.

2.5. Data Subject — a natural person whose personal data are processed under this Policy.

2.6. Partner Personal Data — any information about a natural person who is a contact person, authorized person, responsible person, or other related person of the Partner, by which such person is directly or indirectly identified.

2.7. End User — a natural person for whom the Partner initiates activation, modification, or termination of access to the Provider's service through the Platform. The procedure for processing End User data in relevant scenarios is described separately, depending on Benefits Plus's role in such processing.

 

3. Data Processed

3.1. Benefits Plus may process the following categories of personal data of the Partner's representatives:

  • Name, surname, patronymic, or other identification information of the contact person.

  • Position, functional role, company name, and other information about affiliation with the Partner.

  • Email address, phone number, messengers, and other contact details.

  • Data for creating and administering the Partner Account.

  • Correspondence data, support requests, meeting records, technical tickets, and official communications.

  • Technical and log data related to access to the Platform, use of the account, API, or other integration tools.

  • Contractual, accounting, compliance, and administrative data if they contain personal data of natural persons.

3.2. Benefits Plus does not request Partners to transmit special categories of personal data, excessive information, or data that are not necessary for B2B interaction, unless otherwise expressly provided by law or separate written agreement.

 

4. Purposes and Legal Bases

4.1. Benefits Plus processes personal data of Partners and their representatives for the following purposes:

  • Establishing, maintaining, and administering business relations with the Partner.

  • Creating, supporting, and protecting the Partner Account.

  • Providing access to the Platform, API, statistics, messages, and technical capabilities.

  • Integration, testing, diagnostics, error correction, and technical support.

  • Documenting arrangements, performing contracts, compliance procedures, and internal administration.

  • Ensuring information security, preventing fraud, abuse, and unauthorized access.

  • Protecting the rights and legitimate interests of Benefits Plus in the event of disputes, inspections, or claims.

  • Sending service messages related to Platform operation, service changes, security, integrations, or contractual matters.

  • Sending informational or marketing messages only if there is a proper legal basis under applicable law.

4.2. Legal bases for processing may include:

  • The necessity to take steps before entering into a contract or to perform a contract to which the Partner is a party.

  • Compliance with a legal obligation.

  • The legitimate interest of Benefits Plus in the proper operation of the Platform, business protection, relationship administration, and security.

  • The consent of the Data Subject in cases where such consent is truly necessary.

 

5. Roles in Data Processing

5.1. With respect to Partner representative data, Benefits Plus generally acts as the owner of personal data or controller within the meaning of applicable law, as it independently determines the purpose and essential means of such processing.

5.2. With respect to End User data, the role of Benefits Plus is determined separately for each scenario, taking into account the actual interaction model between the Partner, Benefits Plus, and the Provider, as well as the content of the relevant agreements.

5.3. If Benefits Plus receives End User data from the Partner for technical routing, access activation, or another limited scenario, Benefits Plus may act as an independent controller, joint controller, or processor, depending on who determines the purposes and means of the relevant processing.

 

6. Data Sources

6.1. Benefits Plus receives personal data directly from the Partner, its representatives, or authorized persons.

6.2. Data may also be received automatically during Platform use, through API, event logs, log files, authentication tools, monitoring systems, and other technical instruments.

6.3. In cases where this follows from the integration model, Benefits Plus may also receive certain data from Providers or from publicly available sources for verification, cooperation setup, contact information updates, or compliance checks.

 

7. Data Transfer to Third Parties

7.1. Benefits Plus may transfer personal data to the following categories of recipients:

  • Providers, if this is necessary to perform the agreed integration scenario or provide access to the service.

  • Contractors and service providers who provide hosting, cloud infrastructure, development, support, analytics, communications, cybersecurity, or other technical support.

  • Professional consultants, auditors, lawyers, accountants, and other persons engaged under confidentiality obligations.

  • State authorities, courts, law enforcement agencies, or other authorized entities, if such transfer is required by law or necessary to protect the rights of Benefits Plus.

7.2. Benefits Plus transfers personal data only to the extent necessary for the relevant processing purpose.

7.3. If providers or data recipients outside Ukraine are used for interaction, Benefits Plus takes reasonable measures to ensure an appropriate level of data protection, taking into account the requirements of Ukrainian law, Convention 108+, and, where relevant, GDPR requirements.

 

8. Cross-Border Data Transfer

8.1. Within the Platform's operation, personal data may be processed or stored on servers located in Ukraine, EU Member States, or other jurisdictions if this is technically necessary and lawful.

8.2. If recipients in jurisdictions that do not provide an adequate level of personal data protection under applicable law are involved in processing, Benefits Plus seeks to implement appropriate contractual, organizational, and technical safeguards.

 

9. Data Retention Periods

9.1. Personal data are retained no longer than necessary to achieve the purposes for which they were collected, unless another period is required by law, contract, accounting or tax rules, evidentiary requirements, or the legitimate interests of Benefits Plus.

9.2. Criteria for determining the retention period include:

  • The duration of business relations with the Partner.
  • The existence of an active account or integration.
  • The need to fulfill contractual, accounting, tax, compliance, or procedural obligations.
  • Limitation periods and the need to protect rights in a dispute.

 

10. Data Subject Rights

10.1. The Data Subject has rights provided by applicable law, including the right to:

  • Know the sources of collection, the location of their personal data, the purpose of processing, and the location or residence of the owner or controller of the personal data.

  • Receive information about the conditions for granting access to personal data.

  • Access their personal data.

  • Request correction of inaccurate or outdated data.

  • Request deletion of data in cases provided by law.

  • Object to certain types of processing or request restriction in cases provided by law.

  • Withdraw consent if processing is based on consent.

  • File a complaint with the competent authority or with a court.

10.2. Benefits Plus may ask the requester to confirm their identity and clarify the request if this is necessary for proper handling and protection of other persons' data.

 

11. Data Security

11.1. Benefits Plus implements appropriate technical and organizational security measures taking into account the nature, scope, context, and purposes of processing, as well as risks to the rights and freedoms of natural persons.

11.2. Such measures may include access control, event tracking and retention, access segmentation, multi-factor authentication, backups, encryption where appropriate, internal security policies, confidentiality obligations, and incident response procedures.

11.3. No method of transmission or storage can guarantee absolute security; however, Benefits Plus strives to maintain a level of security consistent with modern practices and applicable law.

 

12. Communications

12.1. Benefits Plus may send Partners and their representatives service messages necessary for relationship administration, security, integration support, notifications about functionality changes, handling requests, performing contractual obligations, or complying with the law.

12.2. Marketing or advertising messages may be sent only if there is a proper legal basis and with the possibility to opt out, unless otherwise follows from applicable law.

 

13. Contacts and Requests

13.1. For questions regarding personal data processing, you may contact Benefits Plus through the contact channels listed on the Website.

13.2. For practical use on the Website, it is advisable to additionally specify at least: the company’s full legal name, registration details, address, email for privacy requests, and, if available, a separate contact for the data protection officer or responsible person.

 

14. Changes to the Policy

14.1. Benefits Plus may update this Policy in connection with changes in legislation, product structure, integration model, data recipients, security practices, or personal data processing methods.

14.2. The current version of the Policy is published on the Website with the update date indicated.