Eduticer data privacy terms

Mindworks Industries OÜ (hereinafter Mindworks or we) offers an online software service called Edutizer (in English, software-as-a-service or SaaS), which allows our clients (hereinafter also You) to use and manage various training models, accessible via a web platform. 

In these Data Privacy Terms, we explain how we use your personal data (hereinafter also data) in situations where we act as the controller of your data (see definition below) under the GDPR. Given the nature of our Service, our clients and partners are primarily legal entities. Therefore, the personal data used by Mindworks as the controller typically relates to individuals who communicate with us and/or use our services on behalf of a legal entity (for example, the client’s contact person for the Service who has an Administrator account, or a member of management or employee of another cooperation partner). 

When a client creates new user accounts for its employees while using our service, that client itself is the controller for such new user data, and Mindworks is the processor acting under a data processing agreement concluded with the client. In such cases, these personal data processing terms do not apply. 

We reserve the right to unilaterally amend these personal data processing terms if the laws regulating personal data protection change or if our data processing practices change. We will notify you of any changes on our website one month before they take effect. The most recent version of these Data Privacy Terms is always available on our website at www.edutizer.com. 

Definitions 

To help you better understand our personal data processing terms, below are some key data protection terms we use: 

GDPR: The General Data Protection Regulation of the European Union (Regulation (EU) 2016/679), which became applicable on May 25, 2018, in all EU Member States. 

Personal data: Any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, a personal identification code, location data, an online identifier, or one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity. 

Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making the data available, alignment or combination, restriction, erasure, or destruction. 

Controller: The person who decides why and how personal data is processed. 

Processor: The person who processes personal data on behalf of the controller under instructions set out in a data processing agreement. 

These personal data processing terms apply if: 

● you use Mindworks’ services on behalf of the client as its representative; 
● you are the representative or contact person of our client or another cooperation partner; 
● or you submit an inquiry via our web platform or by email. 

1. Controller of personal data 

Mindworks Industries OÜ Registry code: 10330721 Address: Jahu tn 14-129, 10415, Tallinn, Estonia Email: info@edutizer.com 

2. What type of personal data do we collect, and from what sources? 

As explained above, Mindworks is a B2B company. Therefore, we primarily use your personal data to communicate with the client in order to provide our services. Our legal basis for processing your personal data is our legitimate interest—you act as the representative through whom the client communicates with us, and vice versa. 

When you use our services, you typically provide us with the following data: 

● First and last name 
● Email address 
● Personal identification code 
● Position in the company (i.e., at our client) 
● Language preferences 

You may provide this information when you register as a user of our services, use our services through the web application, give us feedback, leave us a message asking to be contacted, or contact us in other ways. 

We assume that such data is intended for work- and business-related communication, and that it does not include private contact details. 

Automatically Collected Data: When you use our services or visit our website, we may automatically record certain information from your device using various technologies such as cookies and web beacons. Automatically collected data may include: 

● IP addresses (to identify user location) 
● Information about your browser and device 
● Browsing activity on different sites or pages or other content viewed or interacted with 
● Dates and times of visits, access, or use of the service 

Data from public sources: We may also receive information (including personal data) from public sources such as business registries, the internet, and third parties like credit registers to analyze client background and creditworthiness. 

Data collection via integrated services: We may allow you to: 

1. Access Edutizer services using the login credentials (username and password) of certain third-party service providers (for example, your Google account), or 

2. Otherwise authorize a third-party service to upload information (including personal data) into our service or transfer data to us. 

By enabling a connection with such integrated third-party services, you allow us to access data made available by those service providers (e.g., your name, date of birth, gender, email address, etc.), and to store and use such data according to these Data Privacy Terms. To understand what data such third-party providers make available, please refer to their privacy terms and adjust your privacy settings in those services if necessary. 

Data collected by the client of Mindworks: When using our services, clients (i.e., the companies you represent or work for) may upload or process various data (mainly about their employees/participants in trainings) via our services and platform. In such cases, the personal data is under the client’s control, and Mindworks processes it only for the purposes and to the extent necessary to provide services to the client. Mindworks acts as the processor under a data processing agreement concluded with the client. 

3. For what purpose and on which legal basis do we process your data? 

As noted above, we primarily use your data to provide the services requested by the client you represent, and to communicate with that client. Accordingly, we use your data to: 

1. Perform the contract with our client (e.g., identifying the user, communicating about the contract), 
2. Carry out our business operations (service administration, maintenance, improving functionalities), 
3. Foster business development (usage statistics, preferences, analyzing trends for new services or products), and 
4. Conduct marketing (news and offers related to our services and products). 

Mindworks’ legitimate interest is the legal basis for processing your personal data for these purposes. We assume that by acting as a representative of a legal entity, your interests, rights, and freedoms are not overridden by our need to process such data. If our processing is based on legitimate interest, you always have the right to object. If you do object, we will inform our client, request a new contact person, or otherwise address your objection in cooperation with the client. 

Depending on your role or area of responsibility, we may occasionally send you direct marketing offers or notices—for example, if the company you work for is our client or if you have previously ordered our services on behalf of your company. Such direct marketing is also done on the basis of Mindworks’ legitimate interest. If you receive such messages and do not wish to continue receiving them, you can always opt out by clicking the “unsubscribe” link at the end of the message. 

4. Who may we disclose your data to? 

Within Mindworks, access to your personal data is given only to those employees who need it for their work tasks (the “need-to-know” principle). Outside of Mindworks, we may share your data when necessary with: 

● Service providers: Your data may be accessible to entities that provide services to us and process your data on our behalf (our processors), and only to the extent necessary to provide such services. For example, providers of hosting and backup services, accounting, invoicing, customer support and analytics software, and development and marketing services. 

● Public authorities and government agencies (e.g., the Police and Border Guard Board, the Data Protection Inspectorate): We disclose your data only where and to the extent required by law. 

● Professional advisors: We may need to share your data with our professional advisors such as auditors or lawyers. 

● Third parties in connection with business transactions: We may share your data with third parties in connection with Mindworks’ business transactions, such as the sale of Mindworks’ shares or assets to another company, or in the context of forming a joint venture, merger, or other corporate reorganization. 

As a general rule, we do not store your personal data outside the European Economic Area (EEA) or transfer data outside the EEA. If such a transfer becomes necessary, we will comply with the requirements of Chapter 5 of the GDPR. 

5. How long do we store your data? 

We store your data for as long as necessary to fulfill the purposes described in these Data Privacy Terms and to meet our legal obligations. For example: 

● Administrator account data: Stored for as long as the client remains an active user, plus 6 months thereafter. 

● Potential client inquiries: Retained for 12 months. 

● Invoice data and underlying documents: Retained for 7 years, as required by law. 

● Information on legal transactions between Mindworks and clients: Retained for the statutory limitation period for civil claims (3 years; 10 years in cases of intentional breach) so that we can protect ourselves against legal claims and file any necessary claims. 

If you would like more information about the retention of your personal data, please send an inquiry to the email address specified in Section 1 of these Data Privacy Terms. 

6. What are your rights regarding your data? 

1. Right of access: You have the right to know which data we collect about you, for what purpose, to whom we disclose it, how long we store it, and what your rights are regarding the restriction, rectification, erasure, and processing of your data. We must first verify your identity before responding to prevent unauthorized disclosure. We have the right to respond to your request within 30 days. 

2. Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data concerning you. 

3. Right to erasure: In certain cases, you have the right to request that we delete your personal data, especially if the legal basis for processing is your consent and you withdraw that consent. 

4. Right to restriction of processing: In certain circumstances, you may request that we restrict the processing of your personal data for a certain period (for example, if you have objected to the processing). 

5. Right to object: You have the right to object to processing based on Mindworks’ legitimate interest. In such a case, Mindworks will cease processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to the processing of your personal data for direct marketing purposes. Upon receiving such an objection, we will stop processing your personal data for direct marketing. 

6. Right to data portability: If the processing of your personal data is based on your consent or on a contract with us, and the data is processed by automated means, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit the data directly to another service provider, if technically feasible. 

If you wish to exercise any of the above rights, please contact us at the email address specified in Section 1 of these Data Privacy Terms. 

For clarity, the provisions of this Section 6 do not apply to personal data that Mindworks processes on behalf of its clients as a processor (for example, data that a client enters into the Edutizer software while using Mindworks’ services). In such cases, the client is the controller of your personal data, and data is processed according to the client’s data privacy terms. Therefore, any data subject requests should be addressed directly to the client. 

7. Right to lodge a complaint with the data protection inspectorate or the court 

If you want more information about your personal data or about exercising your rights, please contact us at the email address specified in Section 1 of these Data Privacy Terms. 

If you believe that your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with the Data Protection Inspectorate or seek judicial remedy in court.