Document Reference: RS-DCA-2025-12-001 | Effective Date: December 16, 2025 | Version 3.2.1
This Data Processing and Collection Agreement (hereinafter referred to as "Agreement", "Terms", "Policy", or "Document") constitutes a legally binding agreement between RocketBrush Studio Ltd., a company duly incorporated and registered under the laws of the Republic of Cyprus, with its registered office located at the address specified in the corporate registry (hereinafter referred to as "Company", "We", "Us", "Our", "Controller", or "RocketBrush Studio"), and any individual, entity, or authorized representative thereof who accesses, uses, browses, or otherwise interacts with the RocketBrush Studio Employee Portal, including but not limited to all associated web pages, subdomains, applications, interfaces, and digital services (hereinafter referred to as "User", "You", "Your", "Employee", "Data Subject", or "Authorized Personnel"). The provisions set forth herein shall govern, regulate, and define the terms and conditions under which personal data, as defined by applicable data protection legislation including but not limited to the General Data Protection Regulation (EU) 2016/679 and the Cyprus Law on the Protection of Natural Persons with Regard to the Processing of Personal Data, shall be collected, processed, stored, transmitted, and otherwise handled by the Company in connection with the User's access to and use of the Portal.
By accessing, logging into, or otherwise utilizing the Portal, the User hereby acknowledges, confirms, represents, and warrants that they have carefully read, fully understood, and unconditionally agree to be bound by all terms, conditions, provisions, and stipulations contained within this Agreement in their entirety. Furthermore, the User acknowledges that this Agreement may be amended, modified, updated, or otherwise changed by the Company at any time and without prior notice, and that continued use of the Portal following any such modifications shall constitute the User's acceptance of and agreement to such modified terms.
For the purposes of this Agreement and unless the context otherwise requires or a contrary intention appears, the following terms shall have the meanings ascribed to them herein: "Personal Data" shall mean any information relating to an identified or identifiable natural person, including but not limited to network identifiers such as Internet Protocol addresses, device characteristics, browser configurations, and biometric data; "Processing" shall mean any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction; "Portal" shall mean the RocketBrush Studio Employee Portal and all associated services, features, and functionalities; "Biometric Data" shall mean personal data resulting from specific technical processing relating to physical, physiological, or behavioral characteristics of a natural person, which allows or confirms unique identification of that person, including but not limited to facial images and related data derived therefrom through automated verification processes; "Security Verification" shall mean the process by which Users are required to authenticate their identity through various means including, without limitation, the capture and processing of photographic images via device-integrated camera systems.
In accordance with the Company's legitimate interests in maintaining the security, integrity, and proper functioning of its systems and in compliance with applicable legal and regulatory requirements, the Company collects and processes various categories of Personal Data from Users who access the Portal. The categories of data collected include, but are not necessarily limited to, the following: network and connection data, which encompasses the User's Internet Protocol (IP) address, which may be used to derive approximate geographical location information, connection timestamps, session duration metrics, and related technical parameters; device and system information, which includes the User's browser type, version, and configuration settings, operating system type and version, screen resolution and display characteristics, device type classification, hardware identifiers where available, and user agent strings; behavioral and session data, which comprises timezone settings, language preferences, navigation patterns within the Portal, referring URLs where applicable, and interaction logs; and identity verification data, which includes, where Security Verification is required as a precondition for accessing certain Portal features such as file download functionality, photographic images captured via the User's device camera for the purpose of identity confirmation and fraud prevention, which images shall be transmitted to and stored on Company servers for audit, compliance, and security purposes.
The User expressly acknowledges and agrees that the collection of photographic images through the device camera constitutes an essential security measure designed to protect Company assets and prevent unauthorized access, and that such collection shall occur automatically upon the User granting camera access permission through their browser or device, with captured images being immediately transmitted to Company servers. The User further acknowledges that multiple images may be captured during a single verification session and that all such images shall be retained in accordance with the retention periods specified elsewhere in this Agreement.
The Company processes Personal Data on the basis of one or more of the following legal grounds as applicable: the User's explicit consent, as manifested by their affirmative action of accepting this Agreement and utilizing the Portal; the Company's legitimate interests in protecting its systems, assets, and personnel from unauthorized access, fraud, and security threats, provided that such interests are not overridden by the User's fundamental rights and freedoms; compliance with legal obligations to which the Company is subject, including but not limited to obligations arising under applicable cybersecurity laws, employment regulations, and corporate governance requirements; and the performance of a contract to which the User is party, namely the employment relationship between the User and the Company and the associated provision of access to Company systems and resources.
Personal Data collected pursuant to this Agreement shall be processed for the following purposes: verification of User identity and authorization status; prevention, detection, and investigation of unauthorized access attempts, fraudulent activities, and security incidents; maintenance of comprehensive audit trails and access logs for compliance and evidentiary purposes; monitoring of Portal usage patterns to identify potential security vulnerabilities and anomalous behavior; cooperation with law enforcement authorities and regulatory bodies in connection with investigations of suspected illegal activities; and improvement of Portal security measures and user experience through analysis of aggregated usage data.
Personal Data collected pursuant to this Agreement shall be retained for periods determined by the Company in accordance with applicable legal requirements, legitimate business needs, and the specific nature of the data concerned. Without limiting the generality of the foregoing, access logs, verification photographs, and associated metadata shall generally be retained for a period of ninety (90) days from the date of collection, provided that this period may be extended where necessary for ongoing security investigations, legal proceedings, or compliance with regulatory requirements. Session cookies and related authentication tokens shall expire after thirty (30) days of inactivity, subject to earlier termination at the Company's discretion. The Company implements appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, accidental loss, destruction, or damage, which measures are reviewed and updated periodically to address evolving security threats and technological developments.
The Company may disclose Personal Data collected pursuant to this Agreement to the following categories of recipients: Company employees, contractors, and agents who require access to such data in the course of their duties and who are bound by appropriate confidentiality obligations; law enforcement authorities, regulatory bodies, and governmental agencies where such disclosure is required by applicable law, necessary for the establishment, exercise, or defense of legal claims, or where the Company reasonably believes that disclosure is necessary to protect the rights, property, or safety of the Company, its employees, or third parties; professional advisors including legal counsel, auditors, and consultants engaged by the Company who are bound by professional obligations of confidentiality; and courts, tribunals, and alternative dispute resolution bodies in connection with legal proceedings to which the Company is party. The User acknowledges and agrees that Personal Data may be transferred to jurisdictions outside the European Economic Area where such transfers are necessary for the purposes described herein, subject to appropriate safeguards as required by applicable data protection legislation.
By accessing and using the Portal, the User hereby represents, warrants, and covenants to the Company that: (a) the User is a duly authorized employee, contractor, or agent of RocketBrush Studio Ltd. with legitimate business purposes for accessing the Portal and the resources contained therein; (b) the User has obtained all necessary authorizations and approvals from their supervisors and the Company to access the Portal; (c) the User is accessing the Portal from a jurisdiction where such access is lawful and in compliance with all applicable local, national, and international laws and regulations; (d) all information and data automatically collected from the User's device in connection with accessing the Portal is subject to the terms herein; (e) the User is not accessing the Portal for any unlawful purpose, including but not limited to unauthorized access to Company systems, data theft, fraud, impersonation, or any other illegal activity; and (f) the User understands and acknowledges that any breach of these representations and warranties may result in immediate termination of access, legal action, and referral to law enforcement authorities.
THE PORTAL AND ALL ASSOCIATED SERVICES, FEATURES, AND CONTENT ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THE COMPANY DOES NOT WARRANT THAT THE PORTAL WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT ANY DEFECTS WILL BE CORRECTED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH THE USER'S ACCESS TO OR USE OF (OR INABILITY TO ACCESS OR USE) THE PORTAL, REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT, STATUTE, OR ANY OTHER LEGAL THEORY, AND REGARDLESS OF WHETHER THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The User hereby agrees to indemnify, defend, and hold harmless the Company and its directors, officers, employees, agents, affiliates, successors, and assigns from and against any and all claims, damages, losses, liabilities, costs, and expenses (including but not limited to reasonable attorneys' fees and court costs) arising out of or relating to: (a) the User's access to or use of the Portal; (b) any breach or alleged breach by the User of this Agreement or any representation, warranty, or covenant contained herein; (c) any violation or alleged violation by the User of any applicable law, regulation, or third-party right; (d) any unauthorized access to the Portal by the User or using the User's credentials; (e) any fraudulent, deceptive, or illegal activity conducted by the User in connection with the Portal; and (f) any claim by a third party arising from or related to the User's actions or omissions in connection with the Portal. This indemnification obligation shall survive the termination of this Agreement and the User's access to the Portal.
The User acknowledges and agrees that unauthorized access to the Portal constitutes a serious breach of this Agreement and may constitute a criminal offense under applicable laws, including but not limited to computer fraud and abuse statutes, data protection regulations, and other cybercrime legislation. In the event of any unauthorized access, attempted unauthorized access, or any other breach of this Agreement, the Company reserves the right, in its sole and absolute discretion, to: (a) immediately terminate the User's access to the Portal without notice; (b) report the incident to appropriate law enforcement authorities, regulatory bodies, and governmental agencies, including the provision of all Personal Data collected pursuant to this Agreement as evidence; (c) pursue all available civil remedies, including but not limited to claims for damages, injunctive relief, and specific performance; (d) pursue criminal prosecution to the fullest extent permitted by applicable law; and (e) publicly disclose information regarding the unauthorized access incident as the Company deems appropriate. The User further acknowledges that by accessing the Portal, all activities conducted during the session are logged, monitored, and recorded, and that such logs and recordings may be used as evidence in legal proceedings.
Subject to applicable legal limitations and exemptions, Users may have certain rights under data protection legislation in relation to their Personal Data, which may include the right to request access to, rectification of, or erasure of Personal Data, as well as the right to restrict or object to certain processing activities. Requests to exercise such rights should be directed to the Company's IT Security department at security@rocketbrush.com, and will be processed in accordance with applicable legal requirements and timeframes. The Company reserves the right to verify the identity of any person making such a request and to refuse requests that are manifestly unfounded, excessive, or otherwise not in compliance with applicable legal requirements.
By clicking "I agree" on the Portal login page or by accessing and using the Portal, the User hereby confirms that they have read this Agreement in its entirety, that they understand and accept all terms and conditions contained herein, and that they consent to the collection, processing, storage, and transfer of their Personal Data as described in this Agreement including, without limitation, the capture and storage of photographic images through device camera systems for security verification purposes. This Agreement shall be governed by and construed in accordance with the laws of the Republic of Cyprus, and the courts of Cyprus shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Agreement. If the User does not agree to any provision of this Agreement, the User must immediately cease all access to and use of the Portal.