Privacy of personal data is one of the main concerns of the vladmihalcea.com website. As such, we want to ensure the highest standards of confidentiality and transparency regarding the personal data we process in our current work.
1. The personal data controller in relation to your personal data
A. The personal data controller in relation to your personal data, if the data is collected through https://vladmihalcea.com/, by providing the specific services in relation to the concluded agreement or by using our products is MIHALCEA VLAD-ALEXANDRU, with headquarter in Cluj-Napoca, Jupiter 9, Ap 27, Cluj, Romania.
B. The personal data controller in relation to your personal data, if the data is collected through https://courses.vladmihalcea.com/ is Teachable, Inc., 16 W. 22nd Street, 6th Floor, New York, New York 10010
a. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
c. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
d. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
e. ‘visitor’ means any person accessing or using our Site or creating an account within the site;
f. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
g. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
5. Categories of data we process
A. As a visitor to our site
To the extent that you fill out the contact form on our website for information request, you create an account on our website, by subscribing to our newsletter or by sending us an email requesting/submitting us information, we may receive from you the following data: email address, name, surname, phone number, online identifiers, IP, cookies, as well as any other information provided when completing the message form or communicated via e-mail.
B. Data needed to conduct contractual relations
If we enter into a contract with you (eg. sales contract) we will receive a series of personal data such as name, surname, address, email, phone number, bank account.
All of these data will be collected and processed as a result of their communication directly by you at the time of placing an online order on https://sso.teachable.com or at the time of creating an account within the abovementioned platform or as a result of sending them via e-mail.
The basis of the processing is found in art. art. 6 par. 1 lit. b of the GDPR, respectively the data are processed as a result of the conclusion of a contract and have the purpose of executing the contract.
C. Biometric data
In order to carry out our activity, we can collect your biometric data, consisting of personal identification number or facial images collected in the situation where you send us copies of your identification papers.
The basis for such processing is found in art. 6 paragraph 1 lit a GDPR, more specifically, the data is processed and collected as a result of your prior consent.
6. How do we collect your personal data
We can collect your personal data either directly from you if:
- you are our customer, we collect your personal data as a result of your direct communication via the platform, e-mail, fax, direct communications with the staff of our company or as a result of expressing your consent to receive the newsletter.
- you are a visitor to our site, we collect your personal data directly from you as a result of communicating them via email or as a result of creating an account within the platform.
We can collect your personal data either indirectly:
- If you are a user of the teachable’s platform, we can collect your personal data as a result of your personal data being communicated by you to that controller.
- when you are sending this information to the platforms of other collaborators of our company, such as Google Analytics, Google, Facebook.
7. How do we store your personal data
a. Personal data resulting from contractual relationships are stored in digital form only. These data will also be stored electronically by wordpress.com, Teachable, GitHub or other storages where access is also limited.
b. The personal data of our platform visitors and users will be stored in electronic format, as well as on the email address of our company, to which we mainly have access only from the administrative department.
All data stored by departments in a material format is kept in key secure offices, where only people in the administrative department have access.
8. The purpose of data processing
We use the information we collect from you for the following purposes:
1. For the performance of the contractual relationships we have with you (eg. service contract, sale, etc.);
2. To communicate with you and to solve any problems or concerns about the services we are offering;
We have an email list which allows us to communicate with the regular readers of this blog. We use an email marketing tool called MailChimp for this purpose.
MailChimp collects the following data:
- The email address of the subscriber.
- The name of the subscriber
- The location of the subscriber.
- The method that was used to subscribe the newsletter.
- The preferred language.
- The favorite email client and format.
- the last profile update timestamp
- The tags which are used to segment subscribers to different lists. These email preferences are saved by using tags. Also, if the person has purchased my video courses or books, he/she will have tags which identify him/her as a person who has purchased this course.
- A list of emails sent to the subscriber.
- A list of emails which were opened by the subscriber.
- A list of emails which were clicked by the subscriber.
MailChimp collects its data by using these data sources:
- The email address and email preferences (tags) are provided by the subscriber. Also, when a subscriber opens our email or clicks a link found from our email, MailChimp updates the open and click statistics of the email in question.
- A list of emails sent to the student is updated by MailChimp when we send a new email to the subscribers of our newsletter.
- When a person subscribes our newsletter and he/she has purchased any of my video courses or books, an administrator will add to the correct tags to the subscriber.
You can find more information about MailChimp here
3. To fulfill our obligations as a result of our services or products sold (eg. accounting, tax);
4. To create a user account within the Teachable platform;
5. For the execution of the sales or service agreement concluded with you;
6. For any other purpose that is auxiliary to the above, or for any other purpose for which personal data has been provided to us, in compliance with applicable law;
Sometimes your personal data may be used for a number of secondary purposes (e.g. archiving, internal audit, external audit), which are always consistent with the main purposes for which data was collected.
In cases where we will use your data for purposes other than those mentioned in this Policy, we require you to obtain your consent, unless we have a legal obligation or we have another legal basis for data processing.
9. To whom do we disclose your information
As a rule, the information you provide us as a visitor to our site cannot be disclosed. However, there may be situations where we are obliged to do so, such as:
1. In the case of our contractual partners, these data may be transferred to our service providers, including, but not limited to the following categories: accounting services, insurance companies, lawyers, etc.
2. In the case of users of our website, the personal data you communicate to us in principle will not be transferred to third parties, except for the data required to be used to meet legal obligations such as, for example, accounting obligations.
3. Authorities, institutions and public bodies, if required, in accordance with the tax, labor, social security, or other applicable regulations.
At the same time, the company has the right to disclose in good faith personal data or other information when we consider it necessary to take precautionary measures against our liability, protect us or others from fraudulent, abusive or illegal uses, investigate and we defend against any claims or claims of third parties, protect the security or integrity of our services and any facilities or equipment used to make the services available; to protect our property rights or other rights, as well as the safety of others, or to execute contracts.
As regards the transfer of personal data to third countries The following data is transferred outside the EU or EEA:
- The data collected by Google Analytics. Note that the Google complies with the EU-US and Swiss-US Privacy Shield Frameworks. You can find more information about how Google Analytics processes your personal data here.
- The data collected by MailChimp. Note that MailChimp is a U.S. company and the data that is collected by it is processed in the United States or any other country in which MailChimp or its subsidiaries, affiliates or service providers maintain facilities. You can find more information about how MailChimp processes your personal data here.
- The data collected by Teachable Inc. Note that Teachable Inc is a U.S. company and the data that is collected by it is processed in the United States or any other country in which Teachable Inc or its subsidiaries, affiliates or service providers maintain facilities. You can find more information about how Teachable Inc. processes your personal data here.
10. The period for which your personal data will be stored
The processing of personal data will cease based on the type of data we process as follows:
1. The data provided by you as a result of the conclusion of the contractual reports or the data provided under these reports will be retained until the date of termination of the contract execution, ie until the expiration of the 10-year term stipulated in art. 25 of the Romanian Accounting Law.
2. The data collected at the time of registering a user account within the Teachable platform will be stored until the time of exercising the right of deletion.
We will destroy personal data when it no longer corresponds to the purpose of the processing, providing security for this process.
Your personal data that you provide via the contact form or an e-mail will be stored until your information/communication process is completed.
At the same time, our company will destroy personal data when it no longer corresponds to the purpose of processing, providing sufficient safeguards for the security of this process.
11. Your rights in relation to the processing of personal data
In accordance with the provisions of the General Data Protection Regulation no. 679/2016, you have the following rights:
- The right to information – the right to be informed about the identity of the controller – MIHALCEA VLAD-ALEXANDRU, the purpose of data processing, recipients or categories of data recipients, the existence of the rights provided by the GDPR and the conditions under which rights may be exercised.
- The right of access – the right to obtain from us, on request and free of charge, the confirmation that the data concerning you are processed or not and the right of access to these data, unless these requests are repetitive or made with obvious bad faith;
- The right to rectification – You may request the rectification of inaccurate personal data.
- The right to delete data (“the right to be forgotten”) – deletion of data may take place when processing was not legal or in other cases provided for by law (for example, when data are no longer required in relation to the purpose for which have been processed). However, deletion of data cannot take place when processing takes place under the law;
- The right to Restrict Processing – You may be required to restrict the processing if you dispute the accuracy of the data, as well as in other cases prescribed by law;
- The right of opposition – the right to oppose at any time, for good and legitimate reasons, that your data is processed, except where there are contrary legal provisions or where the processing is based on our legitimate interest;
- Data portability – You may receive the personal data you have provided us in a format that can be read automatically, or you may request that the data be transmitted to another controller.
- The right to lodge a complaint – you can complain about how you process your personal data with the National Supervisory Authority for Personal Data Processing or you can address the courts.
- Right of Withdrawal of Consent – If the basis for data processing is the consent, we inform you that this consent can be withdrawn at any time. Withdrawal of consent will only be effective for the future, with processing prior to withdrawal being valid. However, if the processing is mandatory for the provision of services and this may be done under other legal provisions, MIHALCEA VLAD-ALEXANDRU will process such processing and notify the data subjects.
- The right not to be subject to automatic automated or profiling decisions related to automatic decisions - the right to request and obtain the withdrawal, cancellation or re-evaluation of any decision having legal effect, adopted solely on the basis of the processing of personal data, automatic means designed to evaluate some aspects of personality, such as professional competence, credibility, behavior or other such issues, where appropriate;
If you wish to exercise the above-mentioned rights, please contact us, by written request, dated and signed, to the headquarters located in Cluj-Napoca, Jupiter, nr. 9, Ap. 27, Cluj, Romania. You can also contact us by e-mail at email@example.com if the e-mail contains a certified electronic signature.
Insofar as you exercise your rights, we may ask you to prove your identity by communicating us an identity document or any other information necessary to conduct a prior procedure for verifying the applicant in accordance with the legal obligations of security and confidentiality of our data.
MIHALCEA VLAD-ALEXANDRU undertakes to consider any request or complaint received and to respond within a reasonable time in order to comply with the legal provisions in the matter.
At the same time, we provide you with the deadlines for responding to requests for these rights:
The right to be informed
1. At the time the data is collected
2. No later than within one month – if personal data is not
provided by the data subject
The right of access
The right to rectification
The right of deletion
No unjustified delays
The right to restrict processing
No unjustified delays
The right to portability
The right of objection
At the time of the objection
The right not to be subject to automatic automated or
profiling decisions related to automated decisions
Unspecified – does not have the ability to be limited in
relation to the specificity of the activity
12. Security of personal data
We follow the highest standards to protect processed data, both during transmission to us and afterwards. In order to ensure security, we mention, as a general rule, the ways of securing:
1. Access to personal data is limited and authorized only to persons legally entitled to use them, and it is their duty to ensure the confidentiality of data.
2. Access to the electronic servers used by our company is done through password and other access and authentication controls.
3. No employee or person who comes into contact with personal data or documents containing such data shall have the possibility to disclose such data to third parties.
4. Data held for a client will be kept separate from the data of another customer.
5. This site is hosted on WordPress.com and security is guaranteed by the hosting platform. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology. Being hosted on wordpress.com, automatic takes periodical backups of the vladmihalcea.com website. These backups contain all data that is collected by this website. Once a month, we also take a backup and store it on a private GitHub repository. The backup of the blog is encrypted using a strong password and only the owner of this site knows it. We have to take these backups because have a legitimate interest to be able to recover from accidents that lead to loss of data. Each database backup is stored for one month. When this period is over, the backup is overwritten with the new version of the website.
13. Minimum security measures to be applied by MIHALCEA VLAD-ALEXANDRU.
· Using a password with a high level of protection (consisting of figures, letters, and symbols).
· Any computer, laptop or device left unattended should be disconnected from the network, locked or closed.
· Access to areas where personal data is stored is only allowed to authorized persons;
· Verification of physical data securing by locking, padlock application; checking the security of electronically stored data by not leaving the computer unattended, using a password in accordance with this Policy.
· Change all passwords, when necessary;
· Databases are in secure locations guaranteed by our hosting providers, to which only the people in the department have access.
However, no electronic or physical transmission or storage method is 100% safe. If you believe that your personal data has been compromised, please contact us in writing at our headquarters located in Cluj-Napoca, Jupiter 9, Ap. 27, Cluj, Romania. You can also contact us by e-mail at firstname.lastname@example.org if the e-mail includes a certified electronic signature.
If we find out about a security breach, we will notify both you and the authorities about the occurrence of the violation in accordance with applicable law, within 72 hours at most, term in which we communicate the relevant information about security incidents.
14. Security breaches.
Since our company’s policy is to be fair and to respect the principle of proportionality when considering the actions that we must take to inform those affected by the security incident that is likely to result in a risk to the rights and the freedoms of individuals, in the event of a breach, we will notify both the Supervisory Authority and the person or persons concerned of the breach.
15. Applicable provisions in the situation where Teachable or other partner is the data controller.
If you are not a citizen of the European Union or the European Economic Area, and MIHALCEA VLAD-ALEXANDRU is not a data controller, the following provisions or any other legal acts, apply:
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
COPPA (Children Online Privacy Protection Act)a
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under 13.
A. What are cookies?
We use the term “cookie” to refer to cookies or similar technologies through which information can be collected automatically.
An “internet cookie” also known as “cookie browser” or “HTTP cookie” or “cookie”, is a small file of letters and numbers that will be stored on your computer, mobile device or other equipment of the user, through whom, the Internet is accessed.
The cookie stores important information that enhance Internet browsing (language settings to access a site, online banking security, etc.). The cookies themselves do not require the personal information to be used. However, the web server that sent the cookie can access it again when a user returns to the website associated with that web server.
B. For what purposes cookies are used through our site
Since this site is hosted on WordPress.com, there are several cookies that might be used by WordPress as documented on their site.
We have enabled the Google Analytics support offered by WordPress.com for tracking how users interact with this website. If you want to know what cookies are set by Google Analytics, you should read this article: How Google uses data when you use our partners’ sites or apps .
When you leave a comment on our website, WordPress might set a cookie to your browser. This cookie ensures that you don’t have re-type your information when you want to leave another comment. You can get more information about this by reading this article: WordPress Cookies.
C. What type of information is stored and accessed through cookies?
Cookies store information in a small text file that allows for browser recognition. Our website will recognize your browser until the cookie expires or is deleted.
D. Where are cookies placed by third parties?
Certain sections of content on our website may be provided through third parties, in which case these cookies are referred to as cookies placed by third parties (“third-party cookies”).
E. What types of cookies are used through our site?
By using/visiting https://vladmihalcea.com/, our site can place performance cookies, functional cookies, social media plug-ins. This type of cookies stores visitor’s preferences so that re-setting preferences for later page visits is no longer required, and these cookies are also be used to enhance your experience by memorizing your choices, logging in our visitors to social media sites.
These are web analytics services provided by Google, which help analyze the use of the site. The information provided by cookies regarding the modality in which the site is used, such as standard Internet usage log, your IP address, information about the behavior of the visitor/user in an anonymous form, is sent to Google and stored by Google. Before your information is sent to Google, the IP address is anonymized.
F. How can cookies be stopped?
Disabling and refusing to receive cookies can make the site difficult to use, resulting in limitations on the user’s ability to use it.
If you want to delete cookies already in your computer, consult your browser’s instructions by clicking “Help” in the same browser menu.
Transfer of data outside of the EU or EEA
The following data is transferred outside the EU or EEA:
- The data collected by Google Analytics. Note that the Google complies with the EU-US and Swiss-US Privacy Shield Frameworks.
- The data collected by MailChimp. Note that MailChimp is a U.S. company and the data that is collected by it is processed in the United States or any other country in which MailChimp or its subsidiaries, affiliates or service providers maintain facilities.
- The data collected by Teachable. Note that Teachable is a U.S. company and the data that is collected by it is processed in the United States or any other country in which Teachable or its subsidiaries, affiliates or service providers maintain facilities.
The Data Stored in Backups
Being hosted on wordpress.com, Automattic takes periodical backups of the vladmihalcea.com website. These backups contain all data that is collected by this website.
Once a month, we also take a backup and store it on a private GitHub repository. The backup of the blog is encrypted using a strong password and only the owner of this site knows it.
We have to take these backups because have a legitimate interest to be able to recover from accidents that lead to loss of data.
Each database backup is stored for one month. When this period is over, the backup is overwritten with the new version of the website.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
Third party links
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser add-on.
We reserve the right to modify this page at any time by updating it and will notify you about an updated version of this page.