Privacy Policy
Instalează!

Personal data protection policy

The protection of your personal data is important to us, therefore, we pay special attention to protecting the privacy of visitors who access the website www.tutorina.com, hereinafter referred to as the Site, as well as persons who use the Tutorina educational platform, hereinafter referred to as the TUTORINA PLATFORM.

As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as "GDPR", is applicable.

Personal data are those data that directly identify a natural person such as name, surname, home address, e-mail address, or telephone number but also any other data which allow indirect identification such as, in certain cases, the pupil roll number.

The GDPR is applicable to any legal entity that processes personal data during their business.

Please pay particular attention to reading the following Policy to understand how your personal data will be handled.

Through this Policy, we inform you about our practices regarding the application of the GDPR provisions but also about the nature of the personal data we process on the Site and on the TUTORINA PLATFORM, the purposes and grounds of the processing, the rights of the data subjects.

1. DEFINITIONS:

  • ANSPDCP stands for the National Supervisory Authority for Personal Data Processing;
  • "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
  • "processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data and which is performed upon him or her whether or not by automatic means, such as collection, recording, organization, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • "restriction of processing" means the marking of stored personal data with the aim of limiting their further processing;
  • "controller" means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;
  • "processor" means the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
  • "recipient" means the natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or national law shall not be regarded as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
  • "consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject signifies his or her agreement, by way of a statement or unequivocal action, to the processing of personal data relating to him or her.

2. WHO WE ARE

We are SABS Innovation SRL, RO37542078, with a registered office at Str. Colonel Langa No. 17, 700065, Iasi, Romania, Iasi County, registered at the Trade Register Office under No. J22/1740/2004.

SABS Innovation SRL is the author, owner, and administrator of the TUTORINA PLATFORM so all the information contained in this Policy is related and valid in relation to the activity on the PLATFORM.

3. IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO) OR (DPD)

Tutorina has appointed a Data Protection Officer ("DPO"), who is responsible for verifying compliance with the GDPR in data processing operations carried out by Tutorina and for representing Tutorina in relation to data subjects and the ANSPDCP.

Data subjects may at any time directly contact the Data Protection Officer at the following e-mail address: contact@tutorina.com.

4. PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA

Tutorina is committed to complying with the principles of personal data protection set out in the GDPR to ensure that all data are:

  • Processed fairly, lawfully, and transparently;
  • Collected for specified, explicit and legitimate purposes;
  • Adequate, relevant, and limited in relation to the purposes for which they are processed;
  • Accurate and up-to-date;
  • Kept in a form that does not enable identification of data subjects for longer than is necessary for the purposes of the processing;
  • Processed in accordance with the rights of the data subject, in a way that ensures adequate security of the processing so that the data are integral, confidential, and available.

5. WHAT TYPES OF PERSONAL DATA DO WE COLLECT

We inform you that we process the following personal data through forms on the Site:

  1. Name, surname, e-mail address, telephone number, belonging to the parent;
  2. Name, surname, month and year of birth, gender, image, location, text messages from the WhatsApp application, information about the web content accessed, belonging to the minor.

No complete profile of the child or parent is available or visible to other children or parents through the TUTORINA PLATFORM.

TUTORINA may access the data when necessary to provide support and help in using the PLATFORM. Data about parents and children is not transmitted to third parties.

6. PURPOSE FOR WHICH WE PROCESS PERSONAL DATA

We request and process personal data for:

  1. To receive and analyze your comment once you have given your consent to data collection;
  2. To send you newsletters, invitations, materials related to our services, and information related to events or programs we organize or promote once you have consented to data collection;
  3. To enable the creation of your account on the TUTORINA PLATFORM;
  4. To ensure the proper functioning of the TUTORINA PLATFORM;
  5. To prevent spam, fraud, and abuse and to assist in the recovery of your account, account username.
  6. WhatsApp text messages are used to detect bullying. Messages are analyzed using artificial intelligence directly on the child's devices. Only messages detected as having offensive content are sent to the server in anonymized format to be validated.
  7. Information about the web content accessed by children is collected in order to provide parents with a detailed and up-to-date report on their children's online activity, including the web pages accessed and the time spent on them. In addition, this information may be used to filter web content accessed by children in accordance with the preferences and requirements set by parents or legal guardians.

7. THE GROUNDS FOR PROCESSING PERSONAL DATA

Tutorina processes personal data on the PLATFORM:

  1. on the basis of the consent given by the persons entrusting us with the data ((art. 6 para. 1 sentence 1 lit. a GDPR;
  2. for the performance of a contract to which you are a party (art. 6 para. 1 sentence 1 lit. b GDPR);
  3. in order to fulfill a legal obligation incumbent on us (Art. 6 para. 1 sentence 1 lit. c GDPR);
  4. in accordance with the legitimate interest of Tutorina (Art. 6 para. 1 sentence 1 lit. f GDPR).

8. TRANSFERS OF PERSONAL DATA

Whenever we use processors, acting either as data controllers or processors, we ensure that the requirements set out in the GDPR are met and that your personal data is processed in an appropriate manner.

In principle, your personal data will not be transmitted to a third party.

9. HOW LONG DO WE KEEP PERSONAL DATA

We keep the personal data provided by you for a reasonable period of time, as long as necessary to fulfill the purposes described above and to fulfill our legal obligations to which we are subject. If personal data is no longer necessary and useful to us, it is deleted.

Our reasons for retaining personal data are based on compliance with our legal obligations under the GDPR and to defend our rights and interests in possible actions before the competent courts.

10. DISCLOSURE OF DATA

In the event that we are obliged to disclose your personal data by a court order or to comply with other legal requirements, we will notify you by notice before providing such data unless such disclosure is prohibited. We will not sell, disclose, or distribute your personal data without obtaining your consent and permission.

11. HOW DO WE ENSURE THE SECURITY OF PERSONAL DATA

We are committed to adopting appropriate technical and organizational measures in accordance with industry standards. TUTORINA PLATFORM is aligned with GDPR requirements and uses encryption and personal data security technology.

Tutorina will not disclose personal data collected through the TUTORINA PLATFORM except to authorized employees of Tutorina.

Tutorina, together with its collaborators, has assumed responsibility for implementing appropriate technical and organizational measures for the protection of personal data, i.e. for the protection against unauthorized access, use, alteration, or destruction of personal data in accordance with the GDPR, as follows:

  1. Users who have access to the database of personal information are only those who have created an account on the TUTORINA PLATFORM, each of whom benefits from the functions of the TUTORINA PLATFORM with their own account name and password.
  2. All employees, collaborators, and service providers of Tutorina, who come into contact with personal data, must act in accordance with the principles of personal data protection and security policies and procedures by signing privacy statements and agreements with respect to such data.
  3. Computers from which the database is accessed are password protected and have implemented up-to-date anti-virus, anti-spam, and firewall protection solutions.

12. LOCATION OF PERSONAL DATA

Personal data are stored in the cloud, and in physical format, on the territory of Romania, in full compliance with legal requirements and under conditions of maximum security and protection.

13. WHAT RIGHTS DO YOU HAVE IN RELATION TO PERSONAL DATA

We assure you that we respect your rights established by the legislation in force.

  1. The right of access means the right of the data subject to obtain confirmation from the controller whether or not personal data concerning him or her are being processed and, if so, access to those data and to information on how the data are processed.
  2. The right to data portability refers to the right to receive personal data in a structured, commonly used, and machine-readable format and the right to have such data transmitted directly to another controller if technically feasible.
  3. The "right to object" refers to the right of the data subject to object to the processing of personal data when the processing is necessary for the performance of a task carried out in the public interest or in the legitimate interest of the controller. Where the processing of personal data is for the purpose of direct marketing, the data subject has first and foremost the right to object to the processing at any time.
  4. The right to rectification refers to the correction, without undue delay, of inaccurate personal data stored. The rectification must be communicated to each recipient to whom the data have been transmitted unless this proves impossible or involves disproportionate (demonstrable) efforts.
  5. The right to the erasure of data ("right to be forgotten") means the right of the data subject to request the erasure of his or her personal data without undue delay if one of the following grounds applies: they are no longer necessary for the purposes for which they were collected or processed; he/she withdraws his/her consent and there is no other legal basis for the processing; he/she objects to the processing and there are no overriding legitimate grounds; the personal data have been unlawfully processed; the personal data must be erased in order to comply with a legal obligation; the personal data have been collected in connection with the provision of information society services.
  6. The right to restrict processing may be exercised if the data subject disputes the accuracy of the data, for a period allowing verification of the accuracy of the data; the processing is unlawful, and the data subject objects to the erasure of the personal data and requests restriction instead; if the controller no longer needs the personal data for the purpose of the processing but the data subject requests it for the establishment, exercise or defense of legal claims; if the data subject has objected to the processing for the period of time during which it is verified whether the legitimate rights of the controller prevail over those of the data subject.

14. UPDATING OF THE PERSONAL DATA PROTECTION AND PROCESSING POLICY

We have the right to amend or supplement the Personal Data Protection Policy at any time by posting the amended Data Protection Policy.

15. CONTACT DETAILS FOR THE NATIONAL AUTHORITY FOR THE SUPERVISION OF PERSONAL DATA PROCESSING (ANSPDCP)

Address: B-dul G-ral Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania

Mail: anspdcp@dataprotection.ro

Tel: +0318.059.211; +0318.059.212

Tutorina
Hello! 👋
How can we help you?
Chat on WhatsApp