PRIVACY POLICY & DATA SUBJECT’S CONSENT FOR USING PERSONAL DATA
I INTRODUCTION
mBrainTrain LLC Belgrade (in further text: mBrainTrain) is an innovative technology developer and producer of specialized mobile, wearable devices that measure physiological activity of human brain (in further text: Products), with support for mobile phones, tablets and PCs.
This Privacy Policy is made available on our website and provides information on our policies and procedures regarding the collection, use and disclosure of personal information we receive from Users of our Products and services.
By accessing and/or using our Products and services, User consents to our collection, use, storage, deletion and disclosure of information relating to User as set forth in this Policy.
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within Republic of Serbia or internationally.
II WHAT INFORMATION DO WE COLLECT
If you are our User, when you register with us through our website to create and manage your Account and/or when we are providing support for our Products upon your request, we might ask you for personally identifiable information, such as your name, company name, email address, billing address, etc. We use such personally identifiable information (in some cases, in conjunctionwith your non–identifying information, such as your zip code) mainly to provide the support for our Products and services, complete your transactions, administer your inquiries, and contact our Users regarding Account activities, new version and Product offerings, or other communications relevant to the Products.
We do not sell any personally identifiable information of our Users to any third parties. The instances where we may share such information with third parties are described in part III below.
You may review and update the personally identifiable information in your Account by logging in and editing such information in your dashboard. If you decide to delete all your information we may terminate your Account. We may retain an archived copy of your records as required by law or for legitimate business purposes.
III GENERAL
Sharing
We may share and/or disclose information that we collect from our Users in the following instances:
Aggregate Information and Non–Identifying Information.
We may share aggregated information that do not include or represent personally identifiable information and we may otherwise disclose non–identifying information and Log Data with third parties for industry analysis, demographic profiling and other purposes.
Service Providers.
We may employ third party, GDPR compliant, companies and individuals to facilitate or provide our services, to perform Product–related services (e.g., without limitation, maintenance services, database management, analytics and improvement of the Product features) or to assist us in analyzing how our Products and services are used. These third parties have access to information that we collect from our Users only to perform these tasks on our behalf.
Compliance with Laws and Law Enforcement.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information collected from our Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ours or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Security
We are very concerned with safeguarding your information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable laws on security breach notification) to you via email or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
International Transfer
If you are located outside the Republic of Serbia and choose to provide information to us, we transfer personally identifiable information to Republic of Serbia or other place of service rendering and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Our Policy Toward Children
Our Products and services are not directed to children under 14. We do not knowingly collect personally identifiable information from children under 14. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us. If we become aware that a child under 14 has provided us with personally identifiable information, we will delete such information from our files.
Data subject`s rights pursuant to the GDPR
a) Breach Notification
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
b) Right to Access
Part of the expanded rights of data subjects outlined by the GDPR isthe right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronicformat. This change is a dramatic shift to data transparency and empowerment of data subjects.
c) Right to be forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
d) Data Portability
GDPR introduces data portability –the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine–readable format’ and have the right to transmit that data to another controller.
Getting a quote
If you submit inquiries to us via our get a quote form, the information provided in the contact form as well as any contact information provided therein will be stored by us to handle your inquiry and if we have further questions. We will not share this information without your consent.
Hence, the processing of the data entered into quote form occurs exclusively based on your consent (Art. 6 Sect. 1 lit. a GDPR). You have the right to revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e–mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
The information you have entered into the quote form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions –retention periods.
I have read and understood the above data privacy information regarding my personal data that would be collected, the purpose of their collection and my rights as data subject and herewith give my consent to data controller, mBrainTrain LLC, to collect and process my personal data as stated here in this document.
Contacting us
If you have any questions about this Policy, or you wish to exercise any of the rights stated out in this Privacy policy, our practices regarding your personal information related to our Products and services, please feel free to contact our data privacy controller at privacy@mbraintrain.com, mBrainTrain, Savska 19G/3, 11000 Belgrade.
V MODIFICATIONS
This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website. You are advised to consult this policy regularly for any changes.