Personal Data Processing and Privacy Policy

31th of October, 2022
Limassol

1. General terms and conditions

1.1. Personal Data Processing and Privacy Policy (hereinafter - the Policy) applies to all personal information that can be obtained about the User by Neuroart Ltd. (Unique TAXISnet registration number 10433947202206064) during the use of the website - mindfulline.com (hereinafter referred to as the Website), as well as when using platforms, social networks, services that are necessary to ensure the functioning and development of the Platform, providing the User with remote access to the educational materials of the course/webinar, information about which is presented on the Website and which have been paid for by the User in accordance with the established order.
1.2. Processing of Personal Data is carried out by: Neuroart Ltd. (Unique TAXISnet registration number 10433947202206064) (hereinafter - the Operator), as well as persons empowered by the Operator to manage the Website and the Platform (the Platform Administration).
1.3. This Policy is prepared in accordance with the current legislation of the Cyprus in the field of processing and protection of personal data, in accordance with GDPR (The General Data Protection Regulation (EU) (2016/679). This Policy determines the processing of personal data and security measures of personal data, and aims to ensure the safety and security of personal data in order to observe and protect the rights and freedoms of every citizen to privacy, personal and family secrets, and protection of their honor and good name.
1.4. All issues related to the processing of Personal Data, not regulated by this Policy, shall be resolved in accordance with the current legislation of the Cyprus in the field of processing and protection of personal data, in accordance with GDPR (The General Data Protection Regulation (EU) (2016/679).
1.5. The usage of the Platform by the User means consent to this Policy, i.e. the User confirms that he accepts the terms and conditions of the Policy and consents to the processing of his Personal Data by the Operator and the Administration of the Platform.
1.6. In case of disagreement with the terms and conditions of the Policy, the User shall stop using the Platform.
1.7. The Administration does not check the accuracy of the Personal Data provided by the User. Responsibility for the accuracy of the provided data lies on the User. The Operator and the Administration of the Platform proceed on the basis that Personal Data is provided by the User on ex gratia basis, in good faith, with free will and in its own interest in order to gain access to the materials of the Platform, as well as that the User:
1.7.1. The User consciously uses the Website and Platform materials on his/her own behalf and truthfully provides information about himself/herself and to access and use the Website and the Platform as required by the Registration.
1.7.2. The User consciously determine and control the settings of the software that he uses according to his preferences regarding the protection of information stored on the browser side, information about his own hardware and Internet connection.
1.7.3. The User has read and has the opportunity to read the terms and conditions of the Policy at any time by clicking on the link posted on the Website.
1.8. By providing third parties' data required to use the Website and/or Platform, the User confirms that they have received the consent of such parties to process their Personal Data, or that the User has the power to express consent on behalf of such parties, which is an assurance of the circumstances.
1.9. An up-to-date version of the Personal Data Processing and Privacy Policy is freely available at https://mindfulline.com/privacypolicy
1.10. The User can get any explanations on questions of interest concerning the processing of his Personal Data by sending a request to the Operator by e-mail to support@mindfulline.info


2. Terminology and Definitions

In this Policy, unless otherwise expressly defined herein, the following terms shall have the meanings set forth below:
"AXL Account" means the total information, text, graphics, design, images, photos, videos and other intellectual property and computer programs contained within the AXL educational platform owned by the Operator.
"Automated processing of Personal Data" means processing of Personal Data by means of computer technology, including through CRM systems and specialized services.
"Platform Administration" means persons authorized by the Operator to manage the Platform, who organize and/or conduct the Personal Data processing, as well as determine the purposes of Personal Data processing, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.
"Blocking of Personal Data" means temporarily stopping the processing of Personal Data (unless the processing is necessary to clarify the Personal Data).
"Depersonalization of Personal Data" means actions that make it impossible to determine whether Personal Data belongs to a particular User or another subject of Personal Data without the use of additional information.
"Personal Data processing" means any action (operation) or set of actions (operations) performed with or without the use of any means of automation with Personal Data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.
«Operator» or «Controller» means Neuroart Ltd. (Unique TAXISnet registration number 10433947202206064).
"Confidentiality of Personal Data" means the requirement that the Operator or any other person who has access to Personal Data must not disseminate it without the User's consent or any other legal basis.
"Personal Account" means a set of secure pages on the Website, created as a result of the User's registration on the Website, through which the User has the ability to use the functions of the Website to the extent and under the terms of the Agreement. Access to the Personal Account is made by using the credentials (login and password) of the User after their registration on the Website. Legally significant actions, made by the User through his Personal Account, are made with his basic electronic signature, where the identifier and key of the electronic signature is his authentication data.
"Dissemination of Personal Data" means any actions aimed at disclosure of Personal Data to an indefinite circle of persons (transfer of Personal Data) or at familiarization with Personal Data to an unlimited circle of persons, including disclosure of Personal Data in mass media, placement in information and telecommunication networks or providing access to Personal Data in any other way.
"Registration" means the User's actions of filling in and sending the registration form posted on the Website, which entails the creation of the User's account with the assignment of a login and password, if the Operator has no objections to the User's registration.
"Personal Data" means any information relating to a directly or indirectly identified or identifiable individual (the Personal Data owner = the User)).
"Personal data provision" means actions aimed at revealing of Personal Data to a certain person or a certain circle of persons.
"Platform" means the multimedia product of the Operator "Neuroart Ltd." available at https://mindfulline.com, as well as in the Personal Account on the educational platform AXL, as well as in social networks, services that are necessary to ensure the functioning and development of the Platform, providing the User with remote access to the educational materials of the course/webinar, information about which is provided on the Website which were paid by the User in the permitted manner, consisting of the aggregate of educational materials of courses/webinars of the Operator presented in an objective form, information of informational and advertising nature about the courses/webinars, including textual, photo and audio-visual materials, feedbacks and results of Users, as well as other information related to the functioning and development of the multimedia product.
"User" means a recipient of the Operator's services or a visitor to the Website as a Personal Data owner.
"Website" means a set of programs for electronic computers and other information that provides access to the multimedia product of the Operator "Neuroart Ltd." by means of information and telecommunications network "Internet" within the domain zone mindfulline.com.
"Cross-border transfer of Personal Data" means the transfer of Personal Data to a foreign country to a foreign governmental authority, a foreign individual or a foreign legal entity.
"Destruction of Personal Data" means any action resulting in the destruction of Personal Data irretrievably with the impossibility of further restoration of the content of Personal Data in the information system of Personal Data and (or) the destruction of tangible media of Personal Data.
"User" means a person who accesses the Website through the Internet and uses the information, materials and products of the Platform, including for the purpose of receiving educational services.
"Cookies" means a piece of data sent by a web server and stored on a user's computer, which the web client or web browser sends to the web server each time it makes an HTTP request to open a page on the corresponding website.
"IP address" means the unique network address of the host on the computer network through which the User accesses the Website.


3. Subject of the Policy

3.1. This Policy sets out the obligations of the Operator and the Administration of the Platform for non-disclosure and confidentiality of Personal Data, which the User provides when registering on the Website, and other data that appears in the User's Personal Account.
3.2. Personal data permitted to be processed under this Policy is provided by the User by filling out the registration form posted on the Website when creating or subsequently using the Personal Account, and includes:
- first name, last name, middle name;
- email address (e-mail);
- cell phone number;
- date of birth;
- ID in social networks and messengers.
- In addition to the information specified in this paragraph, the Operator also records data about the services paid for by the User on the Website (if available).
3.3. Cookies and data about visitors from attendance statistics services are used on the Website (IP address; information from cookies, browser information, time of access to the site, address of the page on which the ad unit is located, referrer (address of the previous page) and other data).
This data is used to collect information about the actions of Users on the Website in order to improve its content, improve the functionality of the Website and, as a result, create quality content and services for visitors.
The User can change the settings of his browser at any time so that all cookies can be blocked or the notification of their sending will be performed. In this case, the User must understand that some functions and services of the Website will not work properly.
3.4. The Operator does not intentionally process the Personal Data of non-adult persons. Responsibility for the actions of non-adult persons, including their purchase of services on the Website, lies with the statutory representatives. All visitors under the age of 18 are required to obtain permission from their statutory representatives before providing any personal information about themselves.
If the Operator becomes aware that it has obtained the Personal Data of a non-adult person without the consent of his/her statutory representatives, such information will be deleted as soon as possible.


4. Purposes and principles of Personal Data processing

4.1. The Administration of the Platform processes the User's personal data for the following purposes, but not limited to:
4.1.1. Identifying the User on the Website and the Platform for further interaction with it.
4.1.2. Providing the User with access to the materials on the Platform.
4.1.3. Providing advertising and marketing materials on the Platform, including via email and SMS messages to email and phone, messages in the Telegram messenger.
4.1.4. Informing and advising the User of the information provided on the Website in relation to courses/webinars.
4.1.5. Establishing feedback with the User, including sending notices, requests regarding the use of the Website and materials of the Platform.
4.1.6. Processing orders from the User.
4.1.7. Notifying the User by e-mail, messengers and other instant messaging systems, as well as by telephone in connection with the actions performed by the User on the Website and within the Platform.
4.1.8. Providing Personalized Offers to Users.
4.1.9. Sending notifications to the User regarding the provided educational information and consulting services.
4.1.10. Exchange of documents in electronic document management systems.
4.1.11. Preparing and sending answers to User's requests and comments.
4.1.12. Providing effective technical support to the User when problems arise related to the use of the Website and the Platform.
4.1.13. Ensuring the safety and security of the User's Personal Data while working with the Website and Platform.
4.1.14. Forming reviews and ratings.
4.1.15. Protecting the security and integrity of the Website and the Platform.
4.1.16. Fulfilling the requirements of the legislation of the Cyprus and GDPR (The General Data Protection Regulation (EU) (2016/679).
4.1.17. Detection, prevention, mitigation and investigation of fraudulent or illegal actions against the Operator.
4.2. The anonymized User data collected through Internet statistical services serves the purpose of collecting information about Users' actions on the Website, improving the quality of the Website and the Platform and their content.
4.3. If there are any inaccuracies in the Personal Data, the User can update them on their own by changing the data in the Personal Account or by sending a notice to the Operator's e-mail address support@mindfulline.info marked "Updating of Personal Data".
When processing Personal Data, the Operator adheres to the following principles:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’);
- avoid combining databases containing Personal Data that are processed for purposes incompatible with each other.


5. Obtaining Personal Data

5.1. Processing of personal data by the Operator and the Platform Administration shall be carried out for the period necessary to fulfill the purposes for which it was collected, by any lawful means with or without the use of automated means via the Internet.
5.2. All Personal Data is provided (collected) directly from the User.
The User independently decides to provide its Personal Data and gives consent to its processing by the Operator and the Administration of the Platform freely, willingly and in its own interest.
5.3. Consent, specified in paragraph 5.2. of this Policy, also means the consent of the User to transfer Personal Data to third parties, to have their Personal Data processed by third parties, the consent of the User to the cross-border transfer of Personal Data via the Internet (when such transfer is necessary for the efficient provision of services by the Operator or necessary to achieve other goals set forth in this Policy), and to receive email and SMS and messenger messages within the scope of the Agreement with the Operator.
5.4. Consent to the processing of personal data is provided at Registration, when applying for the relevant service Agreement (acceptance of the offer) or when paying for services by ticking the box "I agree to the processing of my personal data". No separate written consent from the User is required.
5.5. For the convenience of using the Website or receiving the Operator's services, personal data may be obtained automatically using special software, including from third parties (such as social networks) with notification of the User before sending a request to receive it in this way.


6. Methods and terms of processing and protection of Personal Data

6.1. Processing of Personal Data shall be automated by means of computer technology, CRM-systems, as well as by other legal means.
6.2. The Administration stores and processes Personal Data from the moment of their submission by the User and during the entire period of the relationship between the User and the Administration, as well as for 5 years from the date of their termination. Upon expiry of the specified term, the consent shall be considered extended for the next 5 years, provided there is no information about its withdrawal by the User in order to notify the User about other services of the Operator, by any legal means, including information systems of Personal Data with or without the use of automation means (including the use of CRM-systems).
6.3. Upon expiration of the specified terms, Personal Data shall be deleted from CRM systems and cloud storage and hard copy shall be destroyed.
6.4. Personal data of Users is stored in automated CRM-systems and cloud storages, to which only the Operator and the Platform Administration have access.
6.5. Unless otherwise stipulated by the legislation of the Cyprus and GDPR (The General Data Protection Regulation (EU) (2016/679) or an Agreement with the User, emails, data and documents that the User stores in the Platform systems will be stored for as long as the User has a Personal Account, but they can be deleted by the User at any time.
6.6. If the User wishes to delete any Personal Information from the Platform databases, the User may delete it independently using the Personal Account.
6.7. The User may withdraw their consent to the processing of Personal Data at any time by sending a notification via e-mail to the Operator's e-mail address support@mindfulline.info, marked "Withdrawal of consent to the processing of Personal Data".
6.8. Personal Data of Users shall be stored in the territory of the Cyprus. If the User is located in a territory where the transfer of Personal Data to another jurisdiction requires its consent, then by using the Website and (or) the Platform, the User gives its explicit and unambiguous consent to such transfer or storage, and/or processing of information in other specified jurisdictions, including Cyprus through Registration.
6.9. Administration takes necessary organizational, technical and legal measures to protect personal data of the User from unauthorized or accidental access, destruction, change, blocking, copying, distribution, as well as from other illegal actions of third parties, including, but not limited to:
- Encryption (cryptographic) tools.
- Antivirus protection.
- Detection and prevention of security intrusions.
- Access control.
- Registration and accounting.
- Making backup copies of information.
- Organization of normative and methodical local acts, regulating protection of personal data.
Ensuring the necessary and sufficient security level of Personal Data and the safety of media containing Personal Data at all stages of work with it is the most important condition for organizing the Operator's activities.
6.10. Processing of Personal Data of Users without their consent is carried out in the following cases:
Personal data is publicly available.
At the request of authorized government agencies in cases stipulated by the legislation of the Cyprus and GDPR (The General Data Protection Regulation (EU) (2016/679).
Processing of Personal Data shall be carried out on the basis of the current legislation of the Cyprus establishing its purpose, the conditions of obtaining Personal Data and the range of subjects whose Personal Data is to be processed, as well as defining the Operator's powers.
Processing of Personal Data is carried out for the purpose of conclusion and performance of a Agreement, one party of which is the owner of Personal Data - the User.
In other cases, stipulated by the current legislation of the Cyprus and GDPR (The General Data Protection Regulation (EU) (2016/679).


7. Rights and Obligations of the Parties in Personal Data Processing