Privacy policy

The current document represents SeedOn’s ‘Privacy Policy’ and it will be reviewed and updated periodically according to all applicable laws and regulations.

The purpose of this policy is to easily inform you about:

  1. The definitions of the terms provided by the GDPR.
  2. Who is SeedOn?
  3. Where to find us and what is SeedOn’s contact information?
  4. Personal data that we require to process, how SeedOn is storing and processing your personal data, what is the purpose for the stored data, legal basis and period of processing
  5. Third parties personal data disclosure
  6. What are your rights and how can you effectively exercise them
  7. Children’s personal data – we do not process data for children under 16 years old
  8. What security precautions does SeedOn have in place to protect your personal data
  9. Links to other websites
  10. Updates to the privacy policy
  11. Information concerning Data Protection Supervisory Authority

1. GDPR terms definitions

NSAPDP represents The National Supervisory Authority for Personal Data Processing, the Romanian
independent public authority responsible for the compliance with the protection of personal data
requirements.

Personal data represents any information relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online identifier or to
one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person.

Processing represents any operation or set of operations which is performed on personal data or on sets
of personal data, whether or not by automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Restriction of processing represents the marking of stored personal data with the aim of limiting their
processing in the future;

Controller represents the natural or legal person, public authority, agency or other body which, alone or
jointly with others, determines the purposes and means of the processing of personal data; where the
purposes and means of such processing are determined by the European Union or Member State law, the
controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor represents a natural or legal person, public authority, agency or other body which processes
personal data on behalf of the controller;

Recipient represents a natural or legal person, public authority, agency or another body, to which the
personal data are disclosed, whether it is a third party or not. However, public authorities which may
receive personal data in the framework of a particular inquiry in accordance with the European Union or
Member State law shall not be regarded as recipients; the processing of those data by those public
authorities shall be in compliance with the applicable data protection rules according to the purposes of
the processing;

Third party a natural or legal person, public authority, agency or body other than the data subject,
controller, processor and persons who, under the direct authority of the controller or processor, are
authorized to process personal data;

Data Breach represents a breach of security leading to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to, personal data. This means that a breach is more than
just losing personal data.

2. Who is SeedOn?

SeedOn is the owner and administrator of the website: www.seedon.io.

According to the GDPR regulation, considering the personal data processed by our platform, we (SeedOn)
are considered data controller and our visitors and users are considered data subjects.

SeedOn observes the confidentiality and security of the personal data constantly ensuring that all personal
data are processed only for specific, explicit and legal purposes, according with the principles and
provisions of the GDPR.

3. Where to find us and what is SeedOn’s contact information?

With respect to any information regarding the personal data we process you can reach our team out via e-mail at [email protected]

4. Personal data that we require to process, how SeedOn is storing and processing your personal data, what is the purpose for the stored data, legal basis and period of processing

In general, we collect personal data directly from you in view of ensuring your control over the type of
information you provide to us.

Please bear in mind that personal data is considered any data that could directly or indirectly identify you,
as a person. Although a personal data such as your YouTube video preferences collected through our
cookies is not considered, per se, a personal data because it could not lead to your identification. For
example, such data, only combined with other data (for example any data that you provide to us on social
media, YouTube channel, etc) could eventually identify you.

Even so, you have nothing to worry about as we have in place all the security measures to protect any
personal data that we collet through our website, described in section 8 below.

To easily identify the personal data we process, we have combined them in several categories according to
the purpose of processing.

SeedOn processes the users’ personal data who visit the Platforms, as follows:

CATEGORY 1 – USING OUR WEBSITE

Personal data – YouTube video preferences, ads that raised your interest, any other preferences revealed
by cookies existing on our website;

For more information regarding the implemented Cookies please visit our Cookie Policy where you can
find a link to the Privacy Policy of the cookie’s provider.

The purpose of processing – the personal data are processed for the purpose of providing you with
personalised and tailored content based on the data that our cookies collected from you;

The legal Basis – art. 6 paragraph 1 letter a) of the GDPR Regulation, which allows us to process personal data
based on your consent given to us.

The collection method – directly from you, when you access and use our website;

The retention period – as a rule we try to keep less data as possible.

The personal data that we collect through our cookies are kept in accordance with our Cookie Policy.

CATEGORY 2 – Social media platforms

Personal data – related to each user, such as: user’s social media accounts; any other information users
decide to provide us with when they contact us on the social media platforms; any other information users
decide to provide us with when they contact us by e-mail; comments and/or posts on our profiles;

Given that the internet is not a safe space, please do not send us or limit, as much as possible, the personal
data communicated through social platforms or e-mail.

The purpose of processing – the personal data mentioned above are processed for customer support
purposes;

The legal Basis: Art. 6 paragraph 1 letter b) of the GDPR Regulation, which allows us to process personal data
when necessary, for performance of a contract or for the steps prior to its conclusion;

The collection method – personal data are collected directly from users when they decide to contact us;

The retention period – personal data are stored for the purpose of proving the fulfilment of contractual
obligations between the parties for a period between 30 days and 1 year, depending on the nature of the
request (complaint, request for guarantee, contractual request, general request, etc.);

Generally, personal data are kept for a limited period according to the purpose of the processing and the
legal provisions applicable to each category of data.

SeedOn ensures the proper deletion of personal data when such processing is no longer necessary.

5. Third parties personal data disclosure

Throughout its normal course of business, SeedOn will not disclose or transfer, for direct marketing
purposes, your personal data to third parties, regardless if such parties are located in Romania, in EU or
outside EU.

Employees & partners

SeedOn employees and authorized partners having access to personal data have been trained to observe the security and confidentiality of the personal data they have access to in performing the business activity. SeedOn
employees’ and authorized partners’ access to personal data is limited to the information required in performing their specific tasks.

Suppliers

We perform our daily activities at the highest standards thus sometimes we chose to cooperate with other
companies in order to facilitate several technical or administrative processes such as: e-mail hosting
services, storing data, sever hosting, legal services etc.

In case we decide to contract third parties for the supply of specific services, we will ensure that such third
party complies with the provisions of GDPR and we will provide all information required for the proper
performance of their services.

Legal requirements

Your personal data may be communicated to governmental authorities and/or law enforcement agencies if
required by the applicable law.

6. What are your rights and how can you effectively exercise them?

SeedOn as data controller, ensures technical and organizational measures to be sure that your rights (as a
data subject) are observed:

Right of access

You have the right to obtain the confirmation as to whether or not personal data concerning you are being
processed by us, and, where that is the case, access to your personal data and information on how they are
processed.

Right to data portability

You have the right to receive some of your personal data, which you have provided to us, in a structured,
commonly used and machine-readable format and you have also the right to transmit those data to
another controller without hindrance from us, where technically feasible.

Right to object

You have the right to object to processing of your personal data, when processing is necessary for the
performance of a task carried out in the public interest or for the purposes of the legitimate interests
pursued by us. You have the right to object at any time if your personal data are being processed for direct
marketing purposes.

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data
concerning you. The rectification shall be communicated to each recipient to whom the data was sent
unless this proves impossible or involves disproportionate (demonstrable) efforts.

Right to erasure (‘right to be forgotten’)

You have the right to obtain from us the erasure of personal data concerning you without undue delay
and we have the obligation to erase your personal data without undue delay where one of the following
grounds applies: your personal data are no longer necessary in relation to the purposes for which they
were collected or otherwise processed; you withdraws consent on which the processing is based and there
is no other legal ground for the processing; you objects to the processing and there are no overriding
legitimate grounds for the processing; your personal data have been unlawfully processed; your personal
data have to be erased for compliance with a legal obligation; your personal data have been collected in
relation to the offer of information society services.

Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies: you
contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal
data; the processing is unlawful and you oppose the erasure of your personal data and request the
restriction of their use instead; we no longer need your personal data for the purposes of the processing,
but they are required by you for the establishment, exercise or defence of legal claims; you has objected to
processing pending the verification whether the legitimate grounds of the controller override those of the
data subject.

Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to a decision solely based on automated processing, including
profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a
significant manner. Therefore, we hereby state that SeedOn does not use applications, algorithms, artificial
intelligence or automatic process to make automatic decisions (without human intervention) that produces
legal effects.

The exercising of the above rights may be performed at any time. For using these rights we encourage you
to submit your written request (together with your contact details) in electronic format by mail at
[email protected]

To exercise your rights listed above you can send us your request (accompanied by your contact
details) electronically to the e-mail address [email protected]

7. Children’s personal data – we do not process data for children under 16 years old

SeedOn does not collect any personal data from children under the age of 16.

So, if you are under 16 please do not submit to us any personal data.

8. What security precautions does SeedOn have in place to protect your personal data

We have assumed the responsibility to implement proper technical and organizational measures regarding
the protection of privacy and security of your personal data. We have taken all reasonable measures to
protect your Personal Data from damage, loss, misuse, unauthorized access, alteration, destruction, or
disclosure, as following:

  • People who have access to our filing system are only those nominated by SeedOn. To access the system, individual credentials that are changed periodically are assigned.
  • All our employees, collaborators, partners and service providers who are in contact with personal data must act in accordance with the principles and policies regarding to the processing of personal data. They were informed and they have assumed to respect the GDPR applicable regulations by signing the data Processing Agreements or as an effect of the law.
  • Our employees, collaborators and partners access personal data for the performance of their professional duties and only in accordance with the stated purpose of data collection.
  • Electronic devices used for accessing the filing system are password protected, have their disk encrypted and have antivirus, antispam and firewall software installed.
  • Personal data is printed only by authorized users, if it is necessary to perform our activity or to fulfil our legal obligations.

Please also select carefully what personal data do you choose to submit thinking that the internet or emails are not impenetrable spaces, and a technical error can cause an unhappy event anytime with respect
to your personal data.

9. Links to other websites

On our website you may find links to other organizations. This privacy policy does not cover the personal data processed by them.

If you decide to access other organization’s links, we encourage you to carefully read their privacy policies which should be found on their website. In general, privacy policies links are found in the footer section of the websites.

10. Updates to the privacy policy

Believing that we are constantly developing our services, we are confident that our platform may soon
have new functions, so our Privacy Notice will be updated accordingly.

In order to keep you informed, we always publish the latest version of the Privacy Notice on our website,
without any specific notice in this respect.

We assure you that the way we collect and process your personal data is in accordance with the provisions
of the GDPR Regulation.

We encourage you to constantly review this Privacy Policy in order to be constantly informed with respect
to the categories, purposes and manners SeedOn processes your personal data.

If you have any questions about our Privacy Policy, please contact to us at: [email protected]

11. Information concerning Data Protection Supervisory Authority

If you consider that your rights provided by Regulation no. 679/2016 have been violated, you can address
directly to us or to our Data Protection Supervisory Authority: National Authority for the Supervision of the
Processing of Personal Data (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter
Personal) ”ANSPDC” by submitting a complaint.

Contact details of the authority:

Link for compliances: https://www.dataprotection.ro/?page=Plangeri_pagina_principala

Contact link: https://www.dataprotection.ro/?page=contact&lang=ro

Website: https://www.dataprotection.ro/

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucuresti, Romania