- A) website https://ro.mindclass.eu (the „Site”), a presentation site for Mindeclass, a SaaS software application,
- B) Mindclass, a SaaS (Software as a Service) software application (hereinafter “Mindclass App”)
offered by High-Tech Systems & Software SRL, a limited liability company, operating under Romania Law, with its headquarters in Bucharest, District 1, Bucurestii Noi Boulevard, nr. 25A, registered with the Trade Registry under no J40/4847/2012, having Sole Registration Code 30126940 (hereinafter the “Company” or “HTSS”).
The Site allows interested parties (“Data Subject”) to find out information about HTSS, its partners, to consult the solutions and services offered by the Company and to consume the content published by the Company on the Site.
- GENERAL PROVISIONS REGARDING THE COLLECTION AND PROCESSING OF PERSONAL DATA
- This document aims to detail how your personal data is collected and processed and the rights you have with regard to it.
- The security of your personal data is of particular importance to us and we ensure that the personal data collected and processed through the Site is kept secure and is not used for purposes other than those mentioned herein or agreed by the parties.
- This purpose may include, as appropriate, the following:
- Browsing the Site;
- Requests from data subjects;
- Initiating and conducting contractual relationships;
- Commercial communications (advertising, marketing, publicity, newsletter), if applicable.
- DEFINITION OF TERMS
- PERSONAL DATA/ DATA – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or to one or more specific elements, belonging to their own physical, physiological, genetic, mental, economic, cultural or social identities, within the meaning of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”).
- CONTROLLER: HTSS, as owner of the Site, which collects and processes personal data belonging to the Data Subject, being a Personal Data Controller within the meaning of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”).
- DATA SUBJECT – the natural person accessing the Site and/or wishing to enter into a contractual relationship with HTSS, subject to the processing of personal data.
- MINDCLASS APP – an e-learning solution dedicated to companies, to be used within their organisation, to provide training opportunities, skilling plans and courses for the personnel.
- SERVICES: represents all the functionalities made available to the User through the Site, including, but not limited to, accessing the dedicated pages and sections of the Site, the possibility of creating a demo account for Mindclass App, the possibility to contact the Company to obtain more information about Mindclass App.
- TYPES OF PERSONAL DATA COLLECTED AND PROCESSED
- SIMPLY ACCESSING THE SITE DOES NOT LEAD TO THE PROCESSING OF YOUR PERSONAL DATA, BUT DATA MAY BE OBTAINED AUTOMATICALLY FROM THE CATEGORY MENTIONED IN PARAGRAPH 3.4 BELOW, WITHOUT, HOWEVER, BEING LINKED TO A PERSON. THE PERSONAL DATA THAT WE COLLECT AND PROCESS ARE THE RESULT OF YOUR VOLUNTARY COMMUNICATION.
- The Controller collects, records, processes, archives and finally deletes the personal data of the Data Subject as described in Article 4.
- The data referred to in Article 3.2 may be transmitted in whole or in part to third parties for the purposes of processing.
- As the access to the Site is made online, the software application (internet browser) on the devices used by the Users automatically communicates to the Controller one, several or all of the following data:
- software application type and version (internet browser);
- IP address;
- the type of device used to access the Site;
- date and time of access;
- domain name;
- domain host.
- CATEGORIES OF DATA PROCESSED, LEGAL BASIS AND PURPOSE OF PROCESSING OF PERSONAL DATA
- Browsing the Site:
- User Requests:
Following the correspondence sent through the dedicated form available on the Site, in order to answer your requests, we will process your personal data according to the purpose and the grounds mentioned below.
|Purpose||Categories of data processed||Legal basis||Duration|
|Submission of requests by the Users through the dedicated form||Company name, Name, Surname of company representative, e-mail address, telephone number,||Conclusion and/or performance of a contract||3 years from the date of transmission of the response|
- PROCESSING OF PERSONAL DATA THROUGH DATA PROCESSORS
- In order to achieve the purposes described above, HTSS may use the services of several contractual partners. These contractors have the capacity of authorised persons and may be provided with your personal data for use within the limits of the obligations they have assumed towards HTSS. The personal data that we disclose to the data processors is limited to the minimum personal information that is necessary for the provision of those services, and we ask them not to use personal data for any other purpose. We make every effort to ensure that all entities we work with store your personal data in a safe and secure manner.
- Personal data indicated above may also be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions competent to carry out inspections and controls on HTSS activities and assets, which request HTSS to provide information, by virtue of the latter’s legal obligations. These public authorities or institutions may be the National Supervisory Authority for the Processing of Personal Data, the Labour Inspectorate, police bodies, the Consumer Protection Authority, the National Agency for Tax Administration; (ii) for compliance with a legal requirement or to protect the rights and assets of our Company or other entities or persons, such as courts of law; (iii) third party acquirers, to the extent that HTSS’ business would be transferred (in whole or in part) and the data subjects’ data would be part of the assets subject to such transaction.
- The persons and entities to whom we may share personal data are the following:
- For direct marketing communications, we may transmit personal data to advertising and marketing agencies that carry out the communication on our behalf.
- TRANSFER OF PERSONAL DATA ABROAD
- In the context of the operations described above, your personal data may be transferred abroad to countries in the European Union (“EU”) or the European Economic Area (“EEA”).
- We hereby inform you that any transfer made by HTSS to an EU or EEA member state will comply with the legal requirements set out in the GDPR.
- RIGHTS AND OBLIGATIONS OF DATA SUBJECTS
- The Users are aware of the general rights they benefit from as data subjects under the legislation on the processing of personal data, namely: the right of information and access to personal data; the right to rectification or erasure of data; the right to request restriction of data processing; the right to data portability; the right to object to the processing of personal data concerning them; the right to address the courts and supervisory authority (in Romania the supervisory authority is the ).
- The Users are aware that the rights mentioned above are not absolute rights and accept that there is a possibility that certain data used for the fulfilment of the purpose cannot be deleted (e.g., personal data for which there are reporting obligations to the authorities or for which there is a storage obligation).
- The Users have the following obligations:
- to provide true, accurate and complete data in accordance with the form on the Site, as well as in accordance with HTSS requests. If the data provided is not true, accurate and complete or has changed, the User has the obligation to inform the Controller via the Site or by e-mail at the email address mentioned on the Site of this fact and to provide the correct information as soon as possible;
- to ensure that data is updated whenever necessary;
- not to publish obscene, defamatory, threatening or malicious information, reviews and evaluations towards the Controller, its employees/collaborators, nor material or information prohibited by the legal provisions in force.
- In case of breach of obligations by the Users, the Controller has the right to take all legal measures to ensure the return to the previous situation (deletion of information published by the User, blocking access to the Site, etc.), as well as to hold liable the Data Subject in question.
- DELETION OF PERSONAL DATA
- Certain Data may be stored for the period of time necessary to fulfil the purpose. We may also store certain Data after the purpose for which it was collected has been fulfilled in order to fulfil our legal obligations, settle disputes, etc.
- Once the processing period indicated above expires and HTSS no longer has legal or legitimate grounds to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymization or destruction.
- MODIFICATION OF PRIVACY POLICIES
- Mindclass by HTSS
- Applicable legislation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), Law no 190/2018 for the implementation of GDPR, the relevant decisions / guides issued by EDPB for guidance on the interpretation of GDPR provisions and national legislation regarding the processing of personal data of Data subjects, if it does not come in conflict with any provisions of GDPR. And any other applicable legislation considering the place of main office of the Client and nationality of Client Representatives and Users.
- Client:a legal entity who wishes to benefit from the features of Mindclass App and concludes an agreement with the Company for this purpose;
- Client Representative:representative of the Client with administrative rights in Mindclass App, who can add, edit and manage data regarding the Client, create and add users etc.
- User(s): individuals, employee(s) or end customers of the Client for whom the Client Representative has created an account on Mindclass App. Users’ access to Mindclass App depends on the relationship between the Client and the User, the Company having no control over what Users the Client decides to enrol on its general account. The Users benefit from the e-learning content selected/uploaded by the Client, some may be mandatory and other optional, the User account may be interconnected to the Client’s internal applications. A Client Representative is a User, the vice versa not being applicable.
- Personal data – means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Controller – means the Company/Client, who alone or jointly with others, determines the purposes and means of the processing of Personal data.
- Processor– means a natural or legal person, public authority, agency or other body which processes Personal data on behalf of the Controller. The Company is Processor when processing personal data of Data subjects for the Client in order to provide support services as per the Client’s request.
Any reference to the singular also includes the plural and vice versa.
- GENERAL PRINCIPLES
- COLLECTION AND PROCESSING OF PERSONAL DATA BY THE COMPANY
- The Company processes the Personal Data of the Client’s Representatives, as Controller, for the purpose of entering and performance of the agreementbetween the Company and Client in order for the latter to benefit from Mindclass App Services, including maintenance, respectively the Company will process the Personal Data for maintaining the relationship with the Client (correspondence, notifications, service interventions etc.), creation of Client’s Representative account and personalisation. Also, the processing is necessary for the purposes of the legitimate interests (developing Mindclass App and research, advertising and marketing, statistics) pursued by the Company or by a third party or the Data subject has given consent to the processing of Personal data. The Company’s legitimate interests in processing the Personal data do not override the interests or fundamental rights and freedoms of the Data subject. The interests or fundamental rights and freedoms of the Data subject are not in any way affected by the processing done through Mindclass App.
- PERSONAL DATA COLLECTED AND PROCESSED:
- of Client Representative:
- name, surname;
- e-mail address;
- quality within the Client;
- log in and service data regarding the use of Mindclass App;
- Since Mindclass Appcan be accessed via browser and mobile devices, using internet connection, one, more or all of the following Personal data of Data Subjects may be collected when accessing and using Mindclass App:
- IP address;
- type of device used;
- time and date of access;
- time spent on Mindclass App;
- access and use habits;
- internet connection speed;
- sole id number of the used device;
- encrypted password;
- The Personal data mentioned above may be totally / partially disclosed / transferred to third parties in order to achieve the processing scopes. Thus, the Personal data may be shared with one, more or all of the following, on a need-to-know basis as per the scope:
- service providers (companies and individuals that provide services on behalf of the Company or help the Company operate Mindclass Appand its business, such as hosting, technical support, analytics, customer support, email and SMS delivery etc.;
- advisers (this may include lawyers, auditors, bankers, and insurers, if necessary);
- authorities and others (this may include law enforcement, central or local authorities, supervisory authorities when required by law or to help protect the rights and safety of Data subjects or others);
- other companies or individuals, in case of assignment of Mindclass App, business transfer or change of control over the Company.
- THE COMPANY HAS LIMITED ACCES TO THE DATA UPLODED ON MINDCLASS APP, ANY INTERVETION FOR SERVICE PURPOSES WILL BE MADE ONLY IF ALLOWED BY CLIENT. For this purpose, the Company will be a data processor and will follow the Client’s instructions, any access to the Personal data uploaded on Mindclass App will be made as processor, the Company not processing the Personal data for other purposes than providing its support services to Client.
- The storage of the Personal data collected and processed by the Company as Controller or as Processor is made on the Company’s servers or on the sub-processor’s servers.
- COLLECTION AND PROCESSING OF PERSONAL DATA BY THE CLIENT
- The Client collects and processes, as Controller, the Personal data of Client Representative and Users for the purpose of complying with a legal obligation to which the Client is subject, for the performance of the agreement(s) concluded with the Data subjects, consent or legitimate interest, as stated in its internal policies. The Client is the sole responsible for the Users Data, to have the legal grounds for the processing, the Company having no responsibility in verifying such legal basis.
- One, more or all of the following Personal data may be collected, recorded, organised, disclosed, altered, retrieved, consulted, stored and finally erased or destroyed:
- e-mail address;
- job description / position within the organization;
- professional certificates;
- courses where he/she is enrolled/has finished;
- log in and service data regarding the use of Mindclass App;
- other details uploaded onMindclass App.
- The Personal data, together with any other information the Data subject may send to the Client, in relation to Mindclass App, will be stored on the sub-processors’ servers (Cloud Computing Services | Microsoft Azure).
- The personal data is processed by the Client for one, more or all of the following scopes:
- arranging the setting for the personnel to be able to attend course, exchange feedback for their permanent learning process;
- add and manage Users and their Data;
- notify Data subjects about announcements, updates, security alerts, and support and administrative messages, if applicable;
- reply to the Data subjects’ requests, questions, feedback.
- The Personal data may be shared with one, more or all of the following, on a need to know basis as per the scope:
- with the Client Representative and other Users of Client (based on hierarchical status);
- service providers (companies and individuals that provide services on behalf of the Company/Client or help the Company/Client operate Mindclass Appand its business, such as hosting, technical support, analytics, customer support, email and SMS delivery etc.);
- advisers (this may include lawyers, auditors, bankers, and insurers, if necessary);
- authorities and others (this may include law enforcement, central or local authorities, supervisory authorities when required by law or to help protect the rights and safety of Data subjects or others).
- DATA SUBJECTS’ RIGHTS AND OBLIGATIONS
- Data subjects are aware of the general rights they enjoy as data subjects under the Applicable legislation, respectively: the right to be informed; the right of access to the Personal data; the right to rectification; the right to erasure (“the right to be forgotten”); the right to restriction of processing; the right to data portability; the right to object the processing of Personal data; the right to bring an action before the competent court of law or before a supervisory authority, if available under the provisions of the Applicable legislation.
- Data subjects are aware that the aforementioned rights are not absolute rights and accept that there is a possibility that certain Personal data used to achieve the scopes may not be erased (for example, Personal data for which there is an obligation to report to the authorities or for which there is an obligation to store).
- Data subjects have the following obligations:
- to provide true, accurate and complete Personal data, in accordance with Mindclass Apps’ forms;
- to update their Personal data, whenever necessary;
- to refrain from posting obscene, defamatory, threatening or malicious information, reviews and evaluations towards the Controller, its employees / collaborators or towards another Data subject, or any materials or information prohibited by the legislation in force.
- In the event that a Data subject is in breach of his/her obligations, the Controller has the right to take all legal measures to ensure the return to the previous situation (erasure of information published by the Data subject, blocking access to Mindclass App), and holding the Data subject responsible, under penalty of law.
- TERM OF PROCESSING. ERASURE OF THE PERSONAL DATA
- The Personal data will be stored for the necessary period of time in order to achieve the scopes for which it was collected, respectively for the period necessary to provide Mindclass App, the existence of the account, as well as for a subsequent period of time, necessary for reporting to the competent authorities. In the event that the national legislation requests that the Controller stores some Personal data, in particular with regard to employment, the Controller will comply to such provisions and the Personal data will be stored for the mentioned period. If the Client is subject to such obligations, the Controller will take reasonable measures to assist the Controller in this matter.
DATA SUBJECTS FULLY UNDERSTAND AND AGREE THAT ALL THE PERSONAL DATA OF DATA SUBJECTS IS PROVIDED VOLUNTARILY, EITHER BY THE CLIENT, THE CLIENT REPRESENTATIVE AND/OR THE USER AND THAT THE COMPANY TAKES NO LIABILITY IN THE ACCURACY OF THE PERSONAL DATA PROVIDED. IN THE EVENT THAT THE PERSONAL DATA IS PROVIDED BY THE CLIENT OR THE CLIENT REPRESENTATIVE, THE DATA SUBJECT FULLY UNDERSTANDS AND AGREES TO THE FACT THAT THE CLIENT OR THE CLIENT REPRESENTATIVE HAS THE RIGHT TO DISCLOSE SUCH PERSONAL DATA TO THE COMPANY AND / OR THE SUB-PROCESSORS. THE COMPANY CANNOT BE HELD LIABLE FOR ANY LOSS OR DAMAGE CAUSED TO THE DATA SUBJECT, AS A RESULT OF THE PROCESSING OF PERSONAL DATA PROVIDED BY THE CLIENT, THE CLIENT REPRESENTATIVE AND/OR THE USER.