The purpose of this Personal Data Processing and Protection Policy (“GDPR Policy”) is to list the data processed, the legal grounds and method of processing (retrieval, storage, erasure etc.), as well as the rights of the Customer, as data subject. If you do not agree with the Site Terms and Conditions and / or the GDPR Policy, please do not use the Site.
SEEDINGFRENZY OÜ is a data controller and we are required by law to inform you of your rights under the GDPR.
GDPR – REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Controller or the Undersigned – SEEDINGFRENZY OÜ, Estonian entity with head office in Harju maakond, Tallinn, Lasnamäe linnaosa, Lasnamäe tn 4b-26, 11412, registration no. 14907809, e-mail GDPR@seedingfrenzy.fun
Data subject or Client- any identified or identifiable natural person whose personal data is processed by the Controller; for example: clients, potential clients or visitors of the Site;
The Website or Site – http://seedingfrenzy.fun/ operated by the Controller;
Services – personal or self-development and/or coaching services, according to the offer presented on the Site;
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Consent – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal data or Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The website http://seedingfrenzy.fun/ is operated by SEEDINGFRENZY OÜ, with head office in Harju maakond, T allinn, Lasnamäe linnaosa, Lasnamäe tn 4b-26, 11412, registration no. 14907809, e-mail GDPR@seedingfrenzy.fun
The Controller is responsible only for processing the Data collected from the Client.
Personal data are processed in accordance with relevant European and national legislation, in particular the GDPR and its principles:
Processing the data lawfully and transparent: the data are processed only in accordance with the law and only in a transparent manner; thus, the undersigned undertakes to any individual Client to use his or her data legally, correctly and to inform him or her accordingly of any relevant changes in this regard (for example in the event of a system error that resulting in the erasure of the customer database);
Proportionality: the data are collected within the limits necessary for the execution of the Services and for the issuance of the invoice related to them; any other data, which requires the consent of the concerned data subject, will be indicated accordingly, depending on the circumstances (e.g. to improve the quality of services);
The right to intervene: you have the right to request to examine, modify and delete your personal data, which were provided for the Services, but you cannot, however, make any abuse of such right;
The scope of the data processing: the data are used strictly for providing the Services, invoicing and marketing.
Data security: the controller has installed series of reasonable security measures for data processing, and the data are as safe as possible.
|MANDATORY DATA||THE SCOPE||THE LEGAL BASIS||DURATION|
|Name, address||– for providing the Services (e.g. enrolling in courses or webinars);- invoicing;- direct marketing.||– providing services according to a contract: art. 6 para. 1 let. b GDPR;- legal obligation: art. 6 para. 1 let. c GDPR;- consent: art. 6 para. 1 let. a GDPR (only for marketing).||10 years for the data used for invoices; 3 years all the other data, starting from the last day of our interaction.|
|E-mail, telephone||– for providing the Services (e.g. enrolling in courses or webinars);- direct marketing.||– providing services according to a contract: art. 6 para. 1 let. b GDPR;- consent: art. 6 para. 1 let. a GDPR (only for marketing).||3 years all the other data, starting from the last day of our interaction.|
|IP Address||– for protection against cybernetic attacks;- fraud prevention;- network function;||– legitimate interest – Art. 6 para. 1 let. f) GDPR||3 years all the other data, starting from the last day of our interaction.|
The data indicated above will be collected directly from the Client, as a result of completing the Contact form/course registration/newsletter registration or free materials.
In addition to the data collected directly from the data subjects, we also collect data regarding their online behaviour on the Website in order to establish future marketing strategies, and to find out how we can improve the Website and the services offered (e.g. cookies, surveys opinion, the content of e-mail messages and the like).
Also, in the case of webinars (live online seminars), there will be situations in which these will be recorded. In order to participate in them, explicit consent will be required for the recording of the image and/or voice. We inform you that these recordings may be used in the future, exclusively for study and research purposes, but also to be used in relation to other customers of the Controller (for example, people who have registered for webinars but who could not participate for various reasons). We reserve the right to modify the recordings (i.e. editing, cutting, etc.) in order to fulfil the latter purpose.
If you do not agree with the provision of the data marked as mandatory in the table above, it will be impossible to register for the courses offered by Undersigned and, implicitly, you will not be able to benefit from the services offered.
As for the data marked for obtaining consent, these are not mandatory, and if you do not provide the consent for processing them you will not participate in marketing campaigns and you will not receive future information on offers, discounts, organization of seminars, etc.
Regarding the storage period, the rule is that all personal data that will not be expressly indicated in the tax invoices, will be deleted within 3 years, calculated from the date of the last interaction with us, and those contained in the invoices must be kept 10 years.
Your data will only be used in order to offer the contracted services, namely for: issuing the invoice, providing the Services and, if you agree, for direct marketing purposes.
There will be the exception of the recorded webinars for which you have expressly consented, and these recordings can be used in the future and in the relationship with other clients. We reserve the right to modify the recordings (i.e. editing, cutting, etc.) in order to fulfil the latter purpose.
In addition to the above, we inform you that we may disclose your data in compliance with the law, to business partners or other third parties. We have contractual clauses with these third parties so that the data is protected. In these situations, we will ensure that any transfer is legitimate under the law.
For example, we may provide personal data to other companies, such as IT (cloud, hosting) or telecommunications service providers, accounting, legal services and other third parties with whom we have a contractual relationship.
We will also be able to provide personal data to the prosecutor’s office, police, courts and other competent state bodies, based on and within the limits of legal provisions and as a result of express requests.
The transfer of personal data to a non-EU third country can only take place if the state to which the transfer is intended provides an adequate level of protection.
We take the necessary measures to protect our customers and other persons whose data we process from unauthorized access, as well as from unauthorized modification, disclosure or erasure of data we process in the current activity.
We have implemented the following technical and organizational measures for the security of personal data:
We constantly adopt and review internal practices for the processing of personal data (including physical and electronic security measures), in order to protect our systems from unauthorized access or other possible threats to their security. These practices are subject to constant scrutiny to ensure that we comply with legal requirements and that the systems are functioning properly.
Your personal data that we process are limited to those that are necessary, appropriate and relevant for the purposes stated in this Policy.
We restrict access to personal data that we process to the minimum necessary: employees, collaborators and other persons who need to access this data in order to process it in order to perform a service.
We use technologies to ensure the security of our customer’s data, always trying to implement the best solutions for data protection. We also back up data regularly so that we can recover it in the event of an incident. However, no site, application or internet connection can be 100% secure, no matter the effort.
We train our employees and collaborators on the legislation and best practices in the field of personal data processing.
Where possible, we anonymize/pseudo-anonymize the personal data we process, so that the natural person concerned is not identifiable.
The rights of the concerned data subject, as a Client of the Controller, according to the GDPR Regulation are the following:
The right to be informed with regard to data processing;
The right to and over their data, materialized into a confirmation from the controller regarding the data processing, if applicable. If the customer so wishes, he or she also has the right to access that data;
The right to modify/correct the inaccurate or incomplete data;
The right to request the erasure of the data or the “right to be forgotten”;
The right to restrict data processing;
The right to transfer the data to another controller;
The right to object to data processing;
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the client or similarly significantly affects the client;
The right to go to court for the protection of personal rights and interests;
the right to lodge a complaint with a Supervisory Authority.
You can retract or withdraw your consent for direct marketing in any moment by following the “Unsubscribe” instructions in each e-mail;
Should you choose to exert any of your GDPR rights, you can do so using a written letter and send it to the following e-mail: GDPR@seedingfrenzy.fun
The answer to any request made according to this GDPR Policy shall be sent via email within one month. If it shall be necessary to prolong the answer, we shall dully notify you.
If we shall not manage to identify you and you do not provide sufficient data for doing so, the Controller to comply with the request is considered finalised.