Privacy Policy
PRIVACY POLICY
- Use of personal details
Personal details are collected to make communication and use of online and live trainings, coaching and mastermind groups (“Trainings and Groups”) between Participants and My Design Tomorrow SRL (“Service Provider).
The personal details are stored on the servers of third party companies used for the promotion or invoicing of the Trainings and Groups.
- Information content of the register
The information stored, includes but is not limited to:
- Personal details: Name, email address, phone number, address;
- Account details: username, password (stored in encrypted format);
- Personal information and business information about people answering the questions in our assessments;
- Statistical data about service usage, e.g. number times the user has logged in, country of log in and in certain cases more specific information such as sex and age.
- Regular sources of information
Personal details are given by the user on registration to the service or when using it later.
- Transfers of the information outside the EU and the European Economic Area
Information may be stored to a server that may be located inside or outside of the EU and the European Economic Area
- Register protection principles
The information is stored on computers. The access to the information is restricted with passwords and physical access to the computers is restricted by the server hosting company.
- Data protection Agreement
All processing of personal data by My Design Tomorrow SRL shall be subject to the Data Protection Agreement between Participants and My Design Tomorrow SRL, included in the annex attached to the Privacy and Policy conditions.
Annex
DATA PROTECTION AGREEMENT
This Data Protection Agreement "DPA" is entered into by the Parties set out below in connection with the Agreement between the Customer and My Design Tomorrow SRL, including the Terms of Use of My Design Tomorrow SRL.
PARTIES TO THIS DPA
- The customer party to the Agreement, defined in the Terms of Use as You (herein "Customer")
- My Design Tomorrow SRL
Business ID 42130820
Strada Zorilor, Nr. 37, Tarnaveni, 545600 ROMANIA
The Customer and My Design Tomorrow SRL are hereinafter jointly referred to as the "Parties" and each separately as a "Party".
This DPA has been pre-signed on behalf of My Design Tomorrow SRL and shall become effective when electronically agreed to by the Customer.
BACKGROUND AND CONFLICT RULES
This DPA sets out the terms and conditions for the processing of Personal Data by My Design Tomorrow SRL on behalf of the Customer under the Agreement for the purpose of providing the Service to the Customer.
DEFINITIONS
Unless otherwise defined in this DPA, terms used in this DPA, such as "Data Controller", "Data Processor" and "Data Subject" have the meanings as defined in the Data protection Regulation.
- Data Protection Regulation means all applicable laws relating to data protection, including without limitation the laws implementing EU Directive 95/46/EC and EU Directive 2002/58/EC and the GDPR (when applicable) and any amendments to or replacements for such laws and regulations.
- GDPR means the General Data Protection Regulation (EU) 2016/679.
- Personal Data means any information relating to an identified or identifiable natural person, and which My Design Tomorrow SRL has received from the Customer under the Agreement.
- Personal Data Breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by My Design Tomorrow SRL on behalf of the Customer.
- Standard Contractual Clauses ("SCCs") means the contractual clauses issued by the European Commission by the decision 2010/87/EU for international transfers of Personal Data.
PROCESSING OF PERSONAL DATA
To the extent the Customer inputs Personal Data into the software and websites used by My Design Tomorrow SRL for the promotion and invoicing of the Service, the Parties acknowledge that My Design Tomorrow SRL acts as Data Controller.
Processing of Personal Data under this DPA is for the purpose of providing the Service to the Customer. Processing of Personal Data in this context refers mainly to maintenance, storage, technical support and other equivalent processing activities. Type of Personal Data processed contains information, including Personal Data, uploaded to the Service by the Customer, for example contact details and purchase data.
Personal Data may be processed as long as the Service is provided under the Agreement and after that if required by applicable law or contractual obligations or rights of either Party.
CUSTOMER'S INSTRUCTION AND RIGHTS
My Design Tomorrow SRL shall process Personal Data in accordance with the Customer's written instructions as established in this DPA. The Customer agrees that this DPA is its complete written instruction to My Design Tomorrow SRL. Additional instructions require prior written agreement between the Parties.
The Customer hereby acquaint itself with the rights it has as data subject:
- The right to rectify or delete personal data;
- The right to request restriction of the processing of personal data;
- The right to oppose the processing of personal data concerning it;
- The right to appeal to the judiciary and the National Authority for the Supervision of Personal Data Processing;
- The right not to be subject to an automated decision-making process (profile creation).
GENERAL OBLIGATIONS
My Design Tomorrow SRL shall process Personal Data in compliance with Data Protection Regulation and on written instructions from the Customer, unless prescribed otherwise by a provision of Data Protection Regulation applicable to My Design Tomorrow SRL.
My Design Tomorrow SRL shall ensure that its staff with access to Personal Data have committed to appropriate confidentiality.
DATA SECURITY
My Design Tomorrow SRL shall implement and maintain appropriate technical measures to ensure the security, prevention of any unlawful, unauthorized destruction, loss, alteration, disclosure, acquisition or access in respect of the personal data held about the other part. However, if the personal data provided were accessed or obtained by an unauthorized person or any personal data breach violation occurs, each Party shall immediately notify the other Party of such incident and shall cooperate in taking any measures deemed necessary to mitigate any loss or damage caused by such unauthorized access and for the notification of the National Supervisory Authority for Personal Data Processing.
PROCESSORS
My Design Tomorrow SRL is entitled to use processors for the purposes of providing the Service under the Agreement. The Customer hereby consents to My Design Tomorrow's use of processor as described in this section.
My Design Tomorrow SRL shall inform the Customer at least 14 days before it authorizes new processor. If the Customer objects, the Customer shall have the right to terminate the Agreement by written notice before the effective date of the change.
My Design Tomorrow SRL shall use its commercially reasonable efforts to reasonably ensure that its processors are subject to equivalent requirements regarding confidentiality and data protection, as set out in this DPA.
TERM AND TERMINATION
The DPA shall continue in force until the termination of the Agreement. Upon termination of the Agreement or upon the Customer’s written request, My Design Tomorrow SRL shall either destroy or return to the Customer or a third party designated by the Customer in writing the Personal Data processed hereunder. If not instructed otherwise in writing by the Customer, My Design Tomorrow SRL shall have the right to delete and destroy the Personal Data processed hereunder within three (3) months' of the termination of the Agreement. In case the Customer demands that the Personal Data are returned to the Customer or to a third party, the Customer will pay My Design Tomorrow SRL for reasonable costs and expenses arising out such return of the Personal Data.
Last update on 30/08/2023
