Your privacy is important to us
This Privacy Notice applies to the processing of personal data by the SEG EU OÜ (registered in the Republic of Estonia under registry code 16255825 and registered office at Narva mnt 5, 10117 Tallinn, Estonia; hereinafter SEG, we or us).
The following terminology is used in this Privacy Notice in the following meaning:
- Data Subject is a natural person on who SEG has data or information that can be used to identify the natural person. Data Subjects are, for example, Clients who are natural persons, co-operation partners and individuals associated with them, individuals associated with the course providers (e.g. representatives or employees);
- Personal Data is any information relating to an identified or identifiable Data Subject, including the Client or natural persons related to the course provider;
- GDPR is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
- Client is any natural who uses, has used or has expressed an intention to use the services provided by SEG or is otherwise associated with our services;
- Third Party is a natural or legal person, public authority, agency or body, and any person other than the Data Subject, SEG, an authorized employee of SEG, or a person who may process the Personal Data of the Data Subject under the authority of SEG or Processor of SEG;
- Agreement is a contract with any content concluded between SEG and the Client, primarily Terms and Conditions;
- Processing means any operation or set of operations, which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, regardless of the method of operation or the used means;
- Processor means a natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of SEG, the controller.
SEG takes the security of all data in its possession very seriously. SEG ensures the confidentiality Personal Data under applicable law and implements appropriate technical and organisational measures to protect Personal Data from unauthorized access, unlawful Processing or disclosure, accidental loss, alteration or destruction.
SEG may use Processors for Processing of Personal Data. In such cases, SEG will ensure that the Processing of Personal Data is carried out in accordance with SEG’s instructions and in accordance with the applicable law and this Privacy Notice. We apply contractual and appropriate security measures to protect your Personal Data and maintain confidentiality.
As soon as we receive your data, we implement reasonable security measures and procedures to avoid unauthorised access from any third party. However, the transmission of such data over the Internet using personal computers or mobile devices is not completely safe and, therefore, we cannot guarantee the absolute security of all information submitted to our website and/or to us. Any transmission of such information and documents is at your own risk.
1.3. How we collect your Personal Data?
SEG collects Personal Data primarily in the following ways:
- we mainly collect Personal Data from the Client or other Data Subject itself or from the persons acting on the Client’s or other Data Subject’s instructions (e.g. through requests, applications, conclusion and performance of Agreements);
- in the context of providing services, (e.g. promotion, distribution and sale of online courses and eBooks);
- Personal Data, including e-mail correspondence, emerged as a result of normal communication between the Data Subject and SEG;
- Personal Data clearly disclosed by the Data Subject (e.g. in social media);
- • Personal Data generated by the use of services provided by SEG (e.g. executing transfers, provision of online courses);
- Personal Data received from Third Parties (e.g. from third-party online course platforms or providers, the commercial register or other databases and national registers);
- Personal Data combined by SEG (e.g. history of provided services and Data Subject communication).
1.4 Which Personal Data we Process?
The categories of Personal Data that SEG mainly, but not exclusively, collects and processes are the following:
- person’s identification data (e.g. name, personal identification code, date of birth, details of the identification document (e.g. copy of passport, ID card and/or driving license));
- contact details (e.g. address, phone number, e-mail address, language of communication);
- any financial and tax information;
- data about the Data Subject’s relationships with legal persons (e.g. information submitted by the Data Subject or retrieved from public registers or received through Third Parties for making a transaction on behalf of a legal person);
- information on the Data Subject’s authorisations;
- information relating to the provided services (e.g. performance or non-performance of Agreements, concluded and terminated Agreements, submitted applications, queries and complaints);
- Client’s satisfaction data (e.g. activeness of using the services, data on services used, Client’s complaints, Client´s reviews);
- data connected with the website and account usage such as member ID, user ID, user PIN, login status, services which you plan to use, log information, device information, browser information, location information (if enabled), activeness of using services, Internet Protocol (IP) address;
- communication data (e.g. data collected via e-mail, messages and other communication means (incl. social media)).
SEG primarily uses the following Personal Data for marketing purposes:
- e-mail address and name of the Data Subject;
- information on the provided services, the courses, and the discounts;
- general demographic location.
In addition to the categories of Personal Data explicitly stated in this Privacy Notice, SEG may collect additional and other Personal Data in accordance with the law, if needed.
The provision of Personal Data for using services, e.g. registering an account, is statutory and required to enter into Agreement, therefore, Data Subject is obligated to provide required Personal Data. Without providing required Personal Data it is not possible to use services or some services are limitedly accessible, and SEG could refuse to provide services.
1.5. For which purposes and on which legal bases we Process your Personal Data?
SEG processes your Personal Data primarily to:
- manage customer relations in general, in particular, to keep data updated and corrected by verifying and enriching data, respond to your requests and questions, notify about changes to services, contacting you, provide customer support, based on:
performance of Agreement or in order to take steps at the request of the Data Subject prior to entering into Agreement or compliance with a legal obligation;
- provide access to services, provision of services, in particular, to conclude and execute Agreement, establish an account, keep data updated and corrected by verifying and enriching data, based on:
performance of Agreement or in order to take steps at the request of the Data Subject prior to entering into Agreement or compliance with a legal obligation;
- complying with requirements set out to us by law,based on:
compliance with a legal obligation;
- prevent misuse of website and/or services and ensure adequate provisions of website and/or services, in particular, to authorize and control access to and functioning of digital channels, prevent unauthorized access and misuse of those and to ensure the safety of information, based on:
performance of Agreement or take steps at the request of the Data Subject prior to entering into Agreement or compliance with a legal obligation or SEG’s legitimate interests to have control over authorizations, access to and functioning of website and services;
- protect the interest of SEG, based on:
performance of Agreement or in order to take steps at the request of the Data Subject prior to entering into Agreement or compliance with a legal obligation or SEG’s legitimate interests to prevent, limit and investigate any misuse or unlawful use or disturbance of website and/or services;
- establishing, exercising, and defending legal claims, based on:
performance of Agreement or in order to take steps at the request of the Data Subject prior to entering into Agreement or compliance with a legal obligation or SEG’s legitimate interests to exercising legal claims;
- send marketing and useful information by e-mail, incl. market SEG’s and online courses service provider’s services, special offers, promotions, contests or entitlements that may be of interest to you, based on:
consent of Data Subject or SEG’s legitimate interest;
- administrate and improve the website and/or services, for our internal records, for statistical analysis, based on:
SEG’s legitimate interests to improve its services;
- improve technical systems and structure of information technology, based on:
SEG’s legitimate interests to improve its services.
In the case that we are going to use your personal data for other purposes as provided above, we will communicate it to you in a timely manner.
1.6. To whom we transfer your Personal Data?
SEG transfers Personal Data to the following recipients:
- employees authorised by SEG for such purpose;
- public authorities (e.g. law enforcement agencies, courts, bailiffs, tax authorities, and supervisory authorities);
- persons related to the provision of services and performance of Agreement concluded with the Client (e.g. third party online course service providers, payment intermediaries, providers of communication, IT, data backup, translation, courier and postal services, IT application providers, advertising and marketing partners);
- business partners (e.g. third party online course or materials providers);
- auditors, accounting service providers, financial consultants or other SEG’s consultants;
- the debt collection service providers, courts and trustees in bankruptcy if the Client has violated Agreement;
- participants and/or parties involved with payment systems and payment solutions.
1.7. Where Your Personal Data is being processed?
As a general rule, SEG Processes Personal Data within the European Union / European Economic Area (EU/EEA). However, some course providers are located outside the EU/EEA, therefore, Personal Data may be transferred outside the EU/EEA, for example to the United States of America, where the data protection level may not be the same as it is within EU/EEA. If there is a need to Process Personal Data outside EU/EEA, SEG has implemented the following appropriate safeguards to keep Data Subject´s Personal Data safe:
- SEG will only transfer Personal Data to the country outside of the EU/EEA where an adequate level of data protection is in place in accordance with the decision of the European Commission;
- SEG has concluded a valid agreement containing standard contractual clauses developed by the EU.
In the absence of appropriate safeguards, SEG has the right to transfer Personal Data outside the EU/EEA in situations where:
- the Data Subject has given an explicit and informed consent about the lacking protection measures;
- it is necessary for the conclusion or performance of Agreement between the Client and SEG or for the implementation of pre-contractual measures taken at the request of the Data Subject;
- it is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between SEG and another natural or legal person;
- it is necessary for the establishment, exercise or defence of legal claims;
- it is necessary in order to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent;
- the transfer is made from a register which according to European Union or national law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or national law are fulfilled in the particular case;
- the transmission is not repetitive, concerns only a limited number of Data Subjects, is necessary to protect SEG’s legitimate interests, for which the interests, rights or freedoms of the Data Subject are not predominant, and if SEG has assessed all data transfer circumstances and established based on the assessment appropriate safeguards for Personal Data protection. SEG will notify the supervisory authority of the transfer.
For receiving more information about the transfer of Personal Data outside the EU/EEA, please contact us by e-mail: firstname.lastname@example.org.
1.8. How long we store your Personal Data?
SEG does not Process Personal Data for longer than it is necessary for the purposes related with such data and/or to comply with the statutory data storing obligations. The retention period may also be based on the Agreements with the Client (e.g. to settle a dispute arising from the Agreement concluded with the Client), SEG’s legitimate interest or applicable law (e.g. legislation about accounting or limitation period).
As a general rule, the retention period for Personal Data and documentary evidence used in the course of the provision of our services is a maximum of 3 years from the termination of the user account and/or the Agreement. Personal Data Processed under your consent will only be Processed until the consent is withdrawn.
1.9. Responsible persons and SEG’s contact details
SEG EU OÜ is the controller for the Processing activities described in this Privacy Notice. If you have any questions regarding the Processing of your Personal Data, please contact us in the following ways:
address: Narva mnt 5, 10117 Tallinn, Estonia
e-mail address: email@example.com
SEG will reply to the request within 30 days after receiving the request. If more time is needed to reply to the request, SEG may extend the term for responding by a reasonable time.
1.10. Which right you have and how to use them?
The Data Subject has the following rights in connection with the Processing of his/her Personal Data:
- to obtain information about the Processing of their Personal Data and the right to request a copy of the Personal Data being Processed;
- to request the rectification of their Personal Data if it has changed or is otherwise inaccurate;
- to object to the Processing of their Personal Data if the Processing of Personal Data is based on a legitimate interest. For example, the Data Subject may prohibit the use of their contact information for sending offers, to use it, the Data Subject can remove itself from the list of the recipients upon receipt of the marketing email;
- to request restriction of the Processing of their Personal Data, for example at a time when SEG assesses whether the Data Subject is entitled to delete its Personal Data;
- to withdraw their consent for Processing of Personal Data. Upon withdrawal of the consent, SEG will no longer Process the Personal Data of the Data Subject for the purpose of the respective consent. The consent is valid until it is withdrawn;
- data portability right;
- to request deletion of their Personal Data, for example, if SEG has no right to Process such data or if the Processing of Personal Data is based on a consent and the consent has been withdrawn. Such right does not apply (or to such an extent) if Processing of Personal Data that is requested to be deleted has also been Processed for other legal bases, for example, under Agreement or for the performance of legal obligations;
- to contact us at any time regarding the use of their Personal Data. To do so, please send us an e-mail at firstname.lastname@example.org. You also have the right to lodge a complaint to the Estonian Data Protection Inspectorate (website: www.aki.ee) or to a competent court.
The Data Subject can exercise its rights by contacting us at email@example.com. We will respond to the request without delay, but no later than within one month from receiving the request.
1.11. Validity and Changes to Privacy Notice
SEG has the right to unilaterally amend the Privacy Notice at any time in accordance with the applicable law.
SEG will notify the Data Subject of any changes to the Privacy Notice via the website and by the e-mail at least one month before the changes take effect, except if the Privacy Notice is amended as a result of changes in legislation.