Effective date: September 2025
Introduction
B.O.T. Ltd ("we", "us", "our") operates the Refresh.Click platform which helps independent workers centralize gig work, automate schedules and receive alerts. Protecting your personal data, maintaining confidentiality and ensuring the security of data processed on our platform are core priorities.
We do not sell your personal data. We collect and process only the information necessary to provide the service, to process payments, to prevent fraud, and to comply with legal obligations.
1. What information we collect
Account & contact data
Name, email address, phone number, username, and other contact details you provide when creating or managing your account.
Payment & billing information
Billing address, invoicing details and transactional metadata. Card data is processed by our third-party payment processors — we do not store full card numbers on our systems.
Usage & device data
IP address, device and browser identifiers, log files, timestamps, usage patterns and other analytics used to deliver and improve our service and to detect abuse or fraud.
Optional information
Any additional information you choose to provide (e.g., company name, profile information, communications with support).
2. How we use your data
- To operate, maintain and provide the platform features you use (account management, scheduling, alerts, analytics).
- To process subscriptions, invoices and payments via secure payment partners.
- To detect, prevent and respond to fraud, abuse or security incidents.
- To communicate with you about your account, billing, and important service updates.
- To analyze usage and improve product functionality and reliability.
- To comply with legal obligations and respond to lawful requests from authorities.
Legal basis for processing
Where applicable under EU/Malta law we rely on:
- Performance of contract — processing required to provide the services you requested;
- Legitimate interests — e.g., fraud prevention, platform security and service improvement;
- Legal obligations — to comply with applicable laws;
- Consent — for optional communications and optional cookies where required.
3. Data sharing and processors
We do not sell or trade personal data. We share data only with:
- Trusted service providers (payment processors, cloud hosting, analytics, customer support tools) who process data on our behalf under contract.
- Affiliates or business partners where necessary to deliver the service (with appropriate safeguards).
- Law enforcement or regulators when required by law or to protect legal rights.
All third parties we engage are required to implement appropriate security measures and process data only according to our instructions.
4. Data security measures
We maintain technical and organizational safeguards designed to protect your information, including but not limited to:
- Encryption in transit (HTTPS/TLS) and encryption at rest for sensitive data where appropriate.
- Access controls and role-based permissions for staff and service accounts.
- Regular security reviews, vulnerability scanning and penetration testing.
- Logging, monitoring and anomaly detection to identify suspicious activity.
- Security awareness and training for employees with access to personal data.
While we take strong measures to protect data, no system can be guaranteed 100% secure. If we discover a security incident affecting your personal data, we will follow our incident response procedures and notify affected users and regulators as required by law.
5. Data retention
We retain personal data only as long as necessary to provide the service, to meet contractual and legal obligations and to resolve disputes. Typical retention periods:
- Account and transactional data — retained while the account is active and for a period thereafter to satisfy legal and accounting obligations.
- Billing and payment records — retained in accordance with applicable Maltese accounting and tax laws.
- Logs and monitoring data — retained for a limited time for security, troubleshooting and analytics.
6. International transfers
Some processing may occur outside the EU/EEA (for example, with cloud providers or analytics partners). When we transfer data internationally we put in place appropriate safeguards such as Standard Contractual Clauses, or rely on an adequate decision where available.
7. Your rights
If you are in the EU/EEA (including Malta) you may have the following rights in relation to your personal data:
- Access your personal data;
- Request correction of inaccurate data;
- Request deletion (subject to legal retention requirements);
- Request restriction of processing;
- Object to processing where applicable;
- Request portability of your data in a structured, commonly used format;
- Withdraw consent where the processing is based on consent.
To exercise any of these rights, please contact us at privacy@refresh.click. We will respond in accordance with applicable law.
8. How to contact us & supervisory authority
Controller: B.O.T. Ltd (Beyond Ordinary Technologies)
Registered: C112580
Office D Block 28 Flat 7, Vicenti Buildings, Strait Street, Valletta, VLT 1421, Malta
Primary contacts
General & support: contact@refresh.click
Data Protection Officer: dpo@refresh.click
Privacy requests: privacy@refresh.click
Supervisory authority (Malta)
If you consider your rights under data protection law infringed, you may lodge a complaint with the Maltese supervisory authority — the Information and Data Protection Commissioner (IDPC) of Malta.
9. Children
Our services are not directed to children under 16. We do not intentionally collect personal information from children. If you believe we have collected data from a child, contact privacy@refresh.click and we will take steps to remove it.
10. Changes to this policy
We may update this Policy over time. We will post the updated policy at www.refresh.click/privacy with the effective date. Material changes will be communicated where required by law.
Last updated: September 2025
Quick summary
We do not sell your data. We collect only the information needed to operate Refresh.Click, to bill and support you, and to protect the platform and users from fraud. For questions or to exercise your rights, email privacy@refresh.click.