Privacy Policy and Processing of Personal Data


Brim is concerned about the privacy and security of the data that the company has at its disposal at any given time. The policy states the purpose for which personal information is collected and how the data is handled.

Brim mainly processes personal data provided to the company as a responsible party. Our goal is for employees, customers and other individuals, as appropriate at any given time, to be informed about how the company collects and processes personal data.

Collection and processing of personal data

Brim collects information about employees, customers, and suppliers that the company is obliged to preserve in accordance with laws and regulations, wage agreements, employment contracts, the consent of the data subject or due to other legitimate interests of the responsible party.

Brim does not use automated decision-making, including the creation of personal profiles, in connection with the processing of personal information. If automatic decision-making is to be used, the company will inform about such use in accordance with the provisions of the relevant law.

Brim only collects information that is necessary to provide consultation or services at any given time. If the customer chooses not to provide personal information, there is a possibility that Brim will not be able to provide the parties in question with products or provide services.

Security and storage of data

Brim emphasizes ensuring the safe storage of personal information through appropriate technical security measures. Brim stores personal information and other information on the company’s computer systems or others with approved hosting. Brim does not use personal information for purposes other than those for which it was collected. The Company will not use the information for any other purpose or disclose it to third parties, except on the basis of legal authority (e.g. police), government directives, court rulings, written processing agreement or employee consent. Brim reserves the right, however, to provide non-identifiable information to third parties for lawful purposes.

Retention period

Data collected for electronic monitoring is stored in accordance with the provisions of the rules of the Data Protection Authority no. 837/2006, on electronic monitoring and processing of personal information generated by electronic monitoring. The company does not store other personal information for longer than is necessary and information is deleted when its practical value is exhausted.