1. Scope and Consent
Thank you for your interest in our online presence and the offerings on our website.
Protecting your personal data (abbreviated as “data” in the following) is a very important concern for us. In the following, we would like to give you comprehensive information about the data that is collected while you visit our site and use our offerings, how we process or use this data as well as the technical and organisational measures we have taken to protect your data.
The purpose of this policy is to ensure that MTGO Academy, LLC complies with applicable United States (US) federal and state regulations, and European Union (hereinafter, “EU”) data protection laws such as the General Data Protection Regulation (hereinafter, “GDPR”).
We updated our policy because of the new regulations (GDPR) for users and customers located in the EU become effective at May 25, 2018. Because all the GDPR regulations are also covering (or exceeding) US data protection regulations we concede them to all users of our website regardless where they are located from.
2. Controller/service supplier
The controller in terms of article 4 of the EU General Data Protection Regulation (GDPR) is MTGO Academy, LLC, 2510 Warren Avenue, Cheyenne, Wyoming 82001, firstname.lastname@example.org. The controller is represented by Mr Marin Baraba.
The position of data protection officer is held by Mr Marin Baraba, 2510 Warren Avenue, Cheyenne, Wyoming 82001, e-mail email@example.com.
3. Collection and usage of your data
We only collect, process and use personal data that we learn about you during your visit to our website for the stated purposes. We make sure that these actions are in accordance with legal regulations and occur only with your consent.
According to the EU General Data Protection Regulation (GDPR), you have the right to receive information about your stored data at no cost as well as a right to correct this data, limit how it is processed or delete it. Please contact us by e-mail or send us a request by post.
Data is processed only inside of the EU and the European Economic Area unless notification is provided during or subsequent to the data collection that a data transfer to other countries is to occur. Such notification includes relevant legal information and, if required, permission for the data transfer is requested. Upon request, we will send the legal regulations regarding international data transfer and information about the relevant conditions.
We will not make any automated individual decisions about the processing of personal data.
The data that we collect about you differs in extent and type according to whether you visit our website for informational purposes or for usage of our services:
a) Usage for informational purposes
For visits to our website that have only informational purposes, it is not required that you provide personal data.
In such cases, we collect and use only data that is automatically transferred to us by your Internet browser, such as:
- the date and time that you access our website
- your browser type
- the browser settings
- the operating system you are using
- the sites you have recently visited
- the transferred data volume and the access status (file transferred, file not found etc.) as well as
- your IP address.
This data is stored in our system’s logfiles. Such data is not stored together with any of the user’s other personal data.
The legal basis for temporary storage of data and logfiles is article 6 paragraph 1 f) GDPR.
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this reason, the user’s IP address must be stored for the duration of the session.
Storage in logfiles takes takes place in order to ensure the website’s functionality. This data also helps us to optimise the website and to ensure the security of our information technology systems. Data is not analysed for marketing purposes in this context.
The data is deleted as soon as it is no longer necessary to achieve the purposes for which it was collected. Data that is collected in order to deliver the website is deleted once the session is completed.
Data that is stored in logfiles is deleted at the latest after seven days. It is possible that data might be stored for a longer period. In such cases, the user’s IP address is deleted or distorted in a manner that makes identification of the client impossible.
Collection of data for the purpose of delivering the website and storage of data in logfiles is necessary for the operation of the website. For this reason, the user has no possibility to opt out.
b) Usage of offerings
If you would like to use the services on our website or contact us for another purpose, it might be necessary for you to provide further data. This concerns the data that is necessary for processing in terms of article 6 I b) GDPR; without this data, it is not possible for us to provide the desired services. Further services are described in Annex 2.
You can provide additional information on a voluntary basis; we mark fields with such optional information accordingly.
Your data is collected or used for the purpose of providing you the desired service. This includes requests made via our contact form.
We will inform you if a disclosure of data is legally required.
For the purposes mentioned above, your data is transferred to a service provider that we have carefully chosen and that observes the EU General Data Protection Regulation (GDPR).
Your data is only transferred to third parties in other countries if legally permitted or with explicit consent.
4. Declaration of consent
In order to process your data, we might require a declaration of consent in accordance with article 6 I a) GDPR. We ensure that we process and use such data solely to achieve the purposes for which it was collected.
You can provide your consent for specific cases in connection with the respective data collection. You can revoke this consent for future processing at any time.
Consent in regards to newsletters is described in § 5 of this Declaration; consent for cookies and ad trackers is described in § 6.
In order to register you for our e-mail newsletter service, we require both your consent in terms of data protection in accordance with article 6 I a) GDPR and the e-mail address to which you would like the newsletter sent. Any other information is voluntary and is used to give you personalised newsletter content and to answer inquiries concerning your e-mail address. We use this data exclusively for sending the newsletter.
As a general rule, we use the double opt-in procedure for sending the newsletter; i.e. we will only send you the newsletter once you have confirmed your registration in a link contained in a confirmation e-mail. This is to ensure that you are the owner of the e-mail address provided for the newsletter. This confirmation must take place soon after receipt of the confirmation e-mail; otherwise your newsletter registration will be automatically deleted from our database.
If you provide your e-mail address for the purchase of our products or services, it can be used for sending a newsletter. In such a case, the newsletter will be sent exclusively for direct advertisement of a few similar products or services. The legal basis for the sending of a newsletter following the purchase of products or services is s. 7 paragraph 3 UWG.
You can cancel your subscription to any of our newsletters at any time. This can take place in the form of an informal e-mail to firstname.lastname@example.org or via the link at the end of the newsletter.
6. Usage of cookies
Analysis cookies or web beacons (small graphics for log analysis) are used in order to improve the quality of our website and its content and to recognise returning visitors. Analysis cookies allow us to see how the website is used and to optimise our offering.
We do not allow third parties to place cookies on our website.
We do not give anyone permission to transfer information from cookies to other firms.
You can determine whether cookies are allowed to be placed and retrieved in your browser’s settings. In your browser, you can deactivate the storage of all cookies, limit it to certain websites, or you can configure your browser to automatically notify you as soon as a cookie is sent and ask for your permission. However, it is necessary for technical reasons that session cookies are allowed in order to provide full functionality of our website.
When using a log-in area on the homepage, the account name and accuracy of the password entry is logged and the user is sent a session cookie that is deleted after the maximum session duration (within a few hours).
We do not offer the possibility of logging into our website via a third-party service provider.
According to article 13 of the EU Data Protection Regulation, we will first obtain your consent for the usage of cookies as described in article 6 I a) GDPR.
7. Right of refusal
According to article 21 EU-GDPR, you can refuse to allow the processing of your data in the above-mentioned cases. This applies particularly to cases where data is processed for reasons stated in article 6 I e) or article 6 I f) or in the form of direct advertisement or profiling.
8. Data security
We also take technical and organisational security measures to protect produced or collected personal data, in particular against accidental or deliberate loss, damage or attack by unauthorised persons. We improve security measures on an ongoing basis in line with technological developments.
We offer various online forms and services that you can use to send us personal data. These forms are protected from being viewed by third parties by TLS encryption. We can store and process data that you enter or send to us in files if you permit us to do so. If usage and processing of data requires consent from the user or from third parties, such consent can be revoked at any time without statement of reasons. In such cases, our ability to fulfil orders may be aversely affected.
Depending upon the service, you might be asked to provide various information for identification purposes or prevention of misuse:
a) For identification purposes, a user-defined code or other form of authentication may be required for the delivery of data. This data is protected against being accessed by third-parties via SFTP or HTTPS in accordance with article 32 I a) and b) GDPR if the user uses the data transfer methods that we recommend.
b) In order to prevent usage by machines, CAPTCHAS can be used in accordance with article 32 I b) GDPR. These contain images or tasks that cannot be processed by computer scripts.
9. Deletion periods
In accordance with article 17 GDPR, we store personal data only for the period of time required to achieve the purpose of the data storage. This does not apply if the user has voluntarily consented to a longer processing period for the data or if legal retention periods or pursuance of legal claims within non-expired periods of limitation prevent such deletion. If there are retention periods or periods of limitation that prevent deletion, it might be necessary to limit the processing of data in accordance with article 18 EU-GDPR.
10. User rights
According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification.
In the following, you will find an overview of your rights.
a) Right to confirmation and information
You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information:
- the purposes for the processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
- if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
- any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
- any rights to file a grievance with a supervisory authority;
- if the personal data was not collected from you, all available information about the source of the data;
- the existence of any automated decisions, including profiling in terms of article 22 paragraphs 1 and 4 GDPR and – at least in such cases – significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.
If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the respective guarantees in terms of article 46 GDPR in connection with such transfer.
b) Right to correction
You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data – including by means of a supplemental declaration.
c) Right to deletion (“right to be forgotten”)
You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:
- The personal data is no longer required to achieve the purposes for which it was collected.
- You revoke the consent that allowed the processing according to article 6 paragraph 1 GDPR a) or article 9 paragraph 2 a) GDPR and there is no other legal basis for the processing.
- You submit an objection to the processing of your data in accordance with article 21 paragraph 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with article 21 paragraph 2 GDPR.
- The personal data was unlawfully processed.
- The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
- The personal data was collected in connection to information society services according to article 8 paragraph 1 GDPR.
There is no right to deletion if the processing is necessary
1. to exercise the right to freedom of expression and information;
2. to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise of official authority and requires a transfer of data from the controller;
3. due to public interest in the area of public health according to article 9 paragraph 2 h) and i) or article 9 paragraph 3 GDPR;
4. for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to article 89 paragraph 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
5. for the assertion, exercise or defence of legal claims.
If we have made the personal data public and if we are required by article 17 GDPR to delete it, we will take appropriate measures in consideration of the available technologies and their implementation costs to inform the parties responsible for the processing of the personal data that you have requested that they delete all links to such personal data, including copies or replications.
d) Right to the limitation of processing
You have the right to demand that we limit the processing of your data if one of the following conditions occurs:
- you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
- the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
- we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or
- you have submitted an objection to the processing of your data according to article 21 paragraph 1 GDPR, if it has not yet been determined whether our company’s legitimate purposes override your legitimate purposes.
If the processing of your personal data has been limited, such data – apart from its storage – can only be processed with your consent or for the exercise or protection of legal claims or to protect the rights of another natural or legal entity or for the purposes of an important public interest for the EU or a member country.
e) Right to data portability
You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if
- the processing is being carried out based on a declaration of consent in accordance with article 6 paragraph 1 a) GDPR or article 9 paragraph 2 a) GDPR or an agreement in terms of article 6 paragraph 1 b) GDPR, and
- the processing takes place using automated procedures.
In exercising your right to data portability according to paragraph 1, you have the right to ensure that we transfer the personal data directly to another controller, if technically possible.
The right to data portability does not apply to the processing of personal data that is required for the completion of a task that is in the public interest or takes place as part of the exercise of public authority that has been required of the controller.
f) Right of refusal
You have the right to refuse at any time the processing of your personal data for purposes stated in article 6 paragraph 1 e) or f) GDPR for reasons arising from your personal situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or if the processing serves the assertion, exercise or protection of legal claims.
If we process the personal data for the purpose of direct advertisement, you have the right to enter an objection at any time against the processing of such data for the purposes of such advertisement; this also applies to profiling, if it is in connection to such direct advertising.
You have the right to refuse at any time the processing of your personal data for scientific or historical research purposes or for statistical purposes in terms of article 89 paragraph 1 GDPR for reasons arising from your personal situation, unless such processing is necessary to fulfil a task that is in the public interest.
g) Automated decisions including profiling
You have the right to refuse to be subject to a decision that is based exclusively on automated processing, including profiling, that legally affects you or has any similar significant effect.
h) Right to revocation of a declaration of consent regarding personal data
You have the right to revoke a declaration of consent regarding the processing of personal data at any time.
i) Right to submit grievances to a supervisory authority
You have the right to submit grievances to a supervisory authority, particularly in the EU member country in which you live, where your place of work is located or in the location of the supposed infringement if you believe that the processing of your personal data is unlawful.
j) Right to information
If you have exercised the right to information, deletion or limitation of processing by the controller, such party is required to communicate this information, deletion or limitation of the processing to all recipients of the personal data, unless this is proven to be impossible or disproportionately difficult.
You have the right to be informed by the controller of any such recipients.
Annex 1 Data protection regulations regarding third-party services
We sometimes use third-party services that transfer information in accordance with the above-stated § 6.
We use the following services on the website:
- Google Analytics: This website uses the service “Google Analytics”, which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for analysing user website usage. This service uses “cookies” – text files that are saved on your end device. The information collected by the cookies is generally sent to a Google server in the USA and stored there. IP anonymisation is used on this website. IP addresses of users within the EU member countries and the European Economic Area are truncated. This truncation removes the identifiability of your IP address. In the context of the Agreement on Order-Related Agreements that the website operator has made with Google Inc., Google uses the collected information to perform an analysis of website usage and website activity and provides services connected with Internet usage.
You have the possibility of preventing the storage of cookies on your device by changing the settings in your browser. It is not guaranteed that you will be able to use all of this website’s functions without limitation if your browser does not allow cookies.
You can also use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to this plugin: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser add-on, particularly for browsers on mobile end devices, you can prevent collection of data by Google Analytics by clicking on this link: Opt-Out Cookie. An opt-out cookie will be placed that prevents future collection of your data when visiting this website. The opt-out cookie only applies to this browser and only for our website and will be stored on your device. If you delete the cookies in this browser, you must replace the opt-out cookie.