PLEASEPOINT PRIVACY POLICY
1. DATA CONTROLLER
PLEASE NETWORKS, S.L. is a commercial company ("Pleasepoint") that owns this Website through which online marketing training and online customer management software for companies can be contracted. Therefore, it is responsible for processing the personal information that the User provides in the provision of the services.
PLEASE NETWORKS, SL trading as PLEASEPOINT
VAT Number: B64230832
Address: Avda. Torreblanca, 57 - Office. 2C 2C16 08172 SANT CUGAT DEL VALLÉS (Barcelona)
Email: hello@pleasepoint.com
Website: www.pleasepoint.com
Phone: +34 935 543 029
At PLEASE NETWORKS, SL, we recognize the importance of protecting your personal information and are committed to treating it responsibly and in accordance with data protection laws.
This privacy policy aims to regulate all aspects related to the processing of data of the different users who browse or provide their personal data through the different forms located on the website.
The terms and conditions include: the privacy policy, the legal notice, the cookie policy, the terms of use, and the legal conditions of contracting of PLEASE NETWORKS S.L. When we ask you to accept our terms and conditions, you will be accepting all these policies and conditions.
2. LEGAL BASIS FOR DATA PROCESSING
The processing of data provided by Users through the forms on the Website and other communication channels at their disposal is based on the consent given by each User for the management of their request, for the provision of the contracted services and, where appropriate, for commercial and marketing actions.
Likewise, the legal basis for the processing of your personal data arises from pre-contractual measures and the contracting and execution of the provision of the services described in the Terms of Use.
3. PROCESSING OF PERSONAL DATA
1. Privacy Statement
At Pleasepoint we are responsible for the collection, processing, and use of
the personal data you provide to us through the registration or contact forms
included on the Website or in any communications between the User and
Pleasepoint according to data protection legislation.
On the other hand, in relation to the data you may provide through the use of
our customer management tool, you, the customer, are responsible for such data
(the "Customer") and Pleasepoint, the service provider, is the data processor
on your behalf. In this regard, by accepting this Privacy Policy, you agree to
the data access agreement included in section 5 which regulates access to
Customer-owned data by Pleasepoint within the framework of service provision.
Through this Data Privacy, we want to inform you about what personal data is
collected and stored when you visit our Website or use our services offered
therein. Additionally, you will receive information on how we use your data and
what rights you have regarding their use. This Privacy Policy also applies to
access and use of the Pleasepoint tool, as well as other available services.
The data voluntarily provided by the User during the use of our services will
be included in a file owned by Pleasepoint for processing purposes as indicated
in this Privacy Policy. In accordance with current legislation on the
protection of personal data and in particular, as established in Regulation
(EU) 2016/679 of April 27, 2016, regarding the protection of individuals with
regard to the processing of personal data and the free movement of such data
and repealing Directive 95/46/EC ("GDPR"), Pleasepoint will maintain the
corresponding record of personal data processing activities.
Pleasepoint has taken the necessary technical and organizational measures to
maintain the required level of security, depending on the nature of the
personal data processed and the circumstances of the processing, in order to
prevent, as far as possible and always according to the state of the art, its
alteration, loss, processing, or unauthorized access.
Given the nature of the services provided through the Website, the processed
data can be classified into the following types:
- Identifying data (e.g., name, surname, postal address, email address, phone
number).
- Transaction data for goods and services (e.g., payments for services
rendered).
- Commercial information data (e.g., interests in products or services).
2. Collection of Personal Data
1. If you visit our
Website 3. PROCESSING OF PERSONAL DATA 1. Privacy Statement 2. Collection of Personal Data ·
Manage user registration on the website. The legal basis for processing
the data will be the consent given by the user when registering through the
registration form and by selecting the checkbox accepting our privacy policy
before submitting their request. The user has the right to revoke their consent
at any time without affecting the lawfulness of the processing based on the
prior consent withdrawal. ·
Service Contracting: Manage the contracting of products and services
offered through the Website, as well as for managing the contractual
relationship between Pleasepoint and the Clients. During the contracting
process, financial data (bank cards) or insurance data may be collected for the
purpose of communicating them to the entities that manage the payment. This
purpose is based on the free and legitimate acceptance of the legal
relationship between the Client and Pleasepoint, which implies the connection of
that processing with third-party files for the fulfillment of the specified
purposes. The legal basis for processing the data will be the consent given by the
user when registering through the registration form and by selecting the
checkbox accepting our privacy policy before submitting their request. The user
has the right to revoke their consent at any time without affecting the
lawfulness of the processing based on the prior consent withdrawal. ·
Access to the private area:
Manage the registration and subsequent data that Users may generate through
said area in order to carry out the general administration of their account,
maintenance, control, and management of Client requests, as well as the
management of their relationship with Pleasepoint. ·
Advertising of own Products and
Services and creation of profiles. We collect analysis
data of the user's purchases, interests, and preferences. This way, we can offer
products and services that may interest them. The legitimate basis for profile
creation is the user's consent given by accepting the corresponding checkbox. The
user has the right to revoke their consent at any time without affecting the
lawfulness of the processing based on the prior consent withdrawal. ·
Manage the curriculum vitae submitted by the interested party through
the form enabled for this purpose and include it in the company's candidate
database. The legitimate basis for managing and processing the interested party's
curriculum vitae is their consent, which they manifest by taking an affirmative
action to submit it and selecting the checkbox accepting our privacy policy
prior to its submission. The user has the right to revoke their consent at any
time without affecting the lawfulness of the processing based on the prior
consent withdrawal. ·
Enhance your browsing experience on the web. The legitimate basis for enhancing your browsing experience on the web
is the consent given by the user when accepting cookies. The user has the right
to revoke their consent at any time without affecting the lawfulness of the
processing based on the prior consent withdrawal. ·
Manage our social networks and send you information about our activities
and products. The legitimate basis for managing our social networks and sending
you our activities and news is the consent you give us for this purpose. The
user has the right to revoke their consent at any time without affecting the
lawfulness of the processing based on the prior consent withdrawal. 4. Data Retention 5. Rights of Users and/or Customers If you believe your
rights have not been properly addressed, you have the right to lodge a complaint
with the Spanish Data Protection Agency www.aepd.es or to our Data
Protection Officer at the email dpo@pleasepoint.com 6. Data Shared with Third Parties Personal data collected
through the Website will not be transferred to any third party. That is,
Pleasepoint will not disclose personal information contained in its files to
third parties without the express consent of the User and/or Customer, except
in specific cases where such transfer is established by data protection
regulations. 7. Data Update 4. DATA PROCESSING
```
At Pleasepoint we are responsible for the collection, processing, and use of
the personal data you provide to us through the registration or contact forms
included on the Website or in any communications between the User and
Pleasepoint according to data protection legislation.
On the other hand, in relation to the data you may provide through the use of
our customer management tool, you, the customer, are responsible for such data
(the "Customer") and Pleasepoint, the service provider, is the data processor
on your behalf. In this regard, by accepting this Privacy Policy, you agree to
the data access agreement included in section 5 which regulates access to
Customer-owned data by Pleasepoint within the framework of service provision.
Through this Data Privacy, we want to inform you about what personal data is
collected and stored when you visit our Website or use our services offered
therein. Additionally, you will receive information on how we use your data and
what rights you have regarding their use. This Privacy Policy also applies to
access and use of the Pleasepoint tool, as well as other available services.
The data voluntarily provided by the User during the use of our services will
be included in a file owned by Pleasepoint for processing purposes as indicated
in this Privacy Policy. In accordance with current legislation on the
protection of personal data and in particular, as established in Regulation
(EU) 2016/679 of April 27, 2016, regarding the protection of individuals with
regard to the processing of personal data and the free movement of such data
and repealing Directive 95/46/EC ("GDPR"), Pleasepoint will maintain the
corresponding record of personal data processing activities.
Pleasepoint has taken the necessary technical and organizational measures to
maintain the required level of security, depending on the nature of the
personal data processed and the circumstances of the processing, in order to
prevent, as far as possible and always according to the state of the art, its
alteration, loss, processing, or unauthorized access.
Given the nature of the services provided through the Website, the processed
data can be classified into the following types:
- Identifying data (e.g., name, surname, postal address, email address, phone
number).
- Transaction data for goods and services (e.g., payments for services
rendered).
- Commercial information data (e.g., interests in products or services).
Users and/or Customers are informed that their personal data will be kept for
the time strictly necessary for the purposes of the processing for which they
were provided, provided that the User and/or Customer has not revoked their
consent and, in any case, following the principle of data minimization
contemplated in the applicable regulations. In particular, personal data
provided by Users and/or Customers will be kept for the period determined based
on the following criteria: (i) legal obligation to keep; (ii) duration of the
contractual relationship and attention to any responsibilities arising from
said relationship; (iii) request for deletion by the interested party in cases
where appropriate.
The User and/or Customer has the right to access their data and to obtain
confirmation of their treatment, as well as a copy of the personal data
subject to treatment. They have the right to update them and request the
rectification of data that are inaccurate or request deletion when the data are
not necessary for the purposes for which they were collected. They may request
restriction in the processing of their data and object to the processing of
the same by revoking their consent, as well as exercise the right to data
portability. Likewise, they have the right not to be subject to decisions based
solely on the automated processing of their personal data. They may exercise
their rights by contacting us at Avda. Torreblanca, 57 Dpcho. 2C 2C16 - 08172
SANT CUGAT DEL VALLÉS (Barcelona). Email: hello@pleasenetworks.com
It is important that in order for us to keep personal data updated, the user
always informs us of any changes to them; otherwise, we do not guarantee the
truthfulness of the same.
The user guarantees that the personal data provided are truthful, guaranteeing
that all the information provided corresponds to the real situation, is up to
date and accurate, and undertakes to communicate any modification.
The present agreement constitutes the legal basis of the contractual relationship between
you, the Client, as the Controller of personal data, and Pleasepoint, the service provider, in its capacity as Processor of such data.
In this section, we explain how the data for which you are responsible can be processed and its purpose.
Due to our volume of clients, it would be impossible to individually sign agreements
with all our Clients - Data Controllers - therefore, the acceptance of this Privacy Policy
implies the conclusion of the data access agreement (DAA), in compliance with
what is established in the GDPR.
This DAA ensures that Pleasepoint, as data processor, complies with the requirements set forth in data protection regulations.
By contracting our services, you, as the Client and Controller of the Treatment
of the data, accept that Pleasepoint acts as the data processor
and the following obligations are hereby indicated.
1. Pleasepoint Responsibilities
as Data Processor
Pleasepoint must process all personal data following the instructions of the
Data Controller. By entering into this Agreement, it will process the personal data
of the Client (i) in accordance with all national and European laws; (ii) complying with its obligations under the terms of the
service application; iii) according to the instructions of the
Client, as described in the agreement.
As the party that provides the customer management tool, Pleasepoint is required to will provide the Client with the appropriate solutions to accompany the development continuing your business by using the service. Pleasepoint will track how the client uses the client management tool to make the best suggestions, provide relevant services at all times and commit to send the most accurate communications in order to achieve ease of use and Customer satisfaction. To the extent that the processing of personal data from the customer management tool is part of this, are processed only in accordance with the provisions of this AAD and applicable law. and will be shared only when necessary to provide a better experience in the Client in relation to the services.
Taking into account the available technology and the cost of implementation, as well such as the scope, context and purpose of the processing, Pleasepoint is required to take all reasonable measures, including technical and organizational measures, to ensure a sufficient level of safety in relation to risk and category of personal data to be protected. Pleasepoint must help the Client with appropriate technical and organizational measures as necessary and taking into account the nature of the processing and the category of information available to Pleasepoint to ensure compliance with obligations of the client or data controller under data protection laws applicable.
Pleasepoint, within the framework of the provision of services, undertakes to:
(i) Process such data following at all times the documented instructions from the client for the exclusive purpose of carrying out necessary communications;
(ii) Ensure that authorized persons handling personal data commit to respecting their confidentiality;
(iii) Take the necessary measures to ensure the security of the data to which access is granted;
(iv) Not engage another processor without the express prior written authorization from the Client. In the event Pleasepoint, acting as the Data Processor, engages another processor to perform certain processing activities on behalf of the Client, such other processor shall be bound by a contract or legal act imposing the same data protection obligations as those set forth in this agreement, particularly providing sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with this agreement;
(v) Assist the Client, taking into account the nature of the processing, through appropriate technical and organizational measures, wherever possible, so that the Client can fulfill the obligation to respond to requests aimed at exercising the rights of data subjects;
(vi) Help the Client ensure compliance with obligations regarding data security, notify the AEPD in the event of security breaches, and communicate such breaches to the data subjects;
(vii) Not disclose such data to any third party without the Client's authorization, not even for their retention. The transmission of data to Public Authorities in the exercise of their public functions is not considered data disclosure, so Pleasepoint's authorization is not required if such transmissions are necessary to achieve the purpose of the assignment;
(viii) Adopt, implement, and comply with, in accordance with current regulations and their development standards, the technical and organizational measures necessary to ensure the security of personal data and prevent their alteration, loss, unauthorized processing, or access, in line with the security level appropriate to the nature of the personal data subject to access or processing;
(ix) Upon completion of the services provided under this Agreement, Pleasepoint undertakes to destroy all personal data received from the Client, as well as the media or documents containing personal data, and
(x) Provide the Client with all necessary information to demonstrate compliance with the obligations set forth in this section, as well as to enable and contribute to audits by the Client.
2. Client Responsibilities as Data Controller
The Client represents and warrants, by accepting this Agreement, that, by using the customer management tool, it will be able to process its data freely according to all legal data protection requirements, including the GDPR. The Client gives explicit consent to the processing of their personal data at all times when using the service.
The Client may revoke this consent at any time, doing so will result in the termination of the contractual relationship between the Client and Pleasepoint.
The Client has a legal basis for processing personal data with Pleasepoint (including subprocessors) through the use of Pleasepoint's services.
The Client is responsible at all times for the accuracy, integrity, content, and reliability of the personal data processed through Pleasepoint's customer management tool.
The Client must have an accurate list of the categories of personal data it processes.
3. Security Measures
Pleasepoint declares
to be aware of the obligations arising from data protection regulations, especially regarding the implementation of security measures for the different categories of data and processing established in article 32 of the GDPR.
Pleasepoint guarantees
that such security measures will be properly implemented and will cooperate with
the client to ensure compliance.
The client will conduct
an analysis of the potential risks arising from the processing to determine
appropriate security measures to ensure the security of the information processed and the rights of data subjects, and if it identifies risks, it will provide Pleasepoint with an impact assessment report for the implementation of adequate measures to prevent or mitigate them.
Pleasepoint, for its
part, must analyze potential risks and other circumstances that may affect the
security attributable to it, and if any, inform the client to assess their impact.
Nevertheless, Pleasepoint
guarantees that, taking into account the state of the art, the costs of
implementation, and the nature, scope, context, and purposes of the processing,
it will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk posed by the processing, which may include, among others:
• Pseudonymization and encryption of personal data.
• Ensure the permanent confidentiality, integrity, availability, and resilience of processing systems and services.
• Restore availability and
access to data quickly in the event of a physical or technical incident.
• Regular verification,
assessment, and evaluation procedures of the effectiveness of technical and
organizational measures to ensure the security of processing
Security breaches known to Pleasepoint
must be reported to the Client without undue delay and within a maximum of 24 hours, for their knowledge and implementation of measures to remedy and mitigate the effects. Notification will not be required when it is unlikely to result in a risk to the rights and freedoms of individuals.
Notification of a security breach must
contain, at a minimum, the following information:
• Description
of the nature of the breach.
• Categories
and approximate number of affected data subjects.
• Categories
and approximate number of affected data records. Potential consequences.
• Measures
taken or proposed to remedy or mitigate the effects.
• Contact information where more information can be obtained (DPO, Security Client, etc.).
5. Agreement for the transfer of data and the use of subcontractors:
To provide the service to the Client, Pleasepoint must subcontract to third parties that provide services to you. These subcontractors can be suppliers external both inside and outside the EU/EEA. Pleasepoint guarantees that All subcontractors comply with the obligations and requirements of this AAD; specifically, that its level of data protection meets the standard required by relevant data protection laws. Yes one jurisdiction falls outside the EU/EEA and is not on the list approved by the European Commission of satisfactory levels of data protection under the GDPR, then a specific agreement is established between Pleasepoint and said subcontractor to ensure that it will maintain all personal data in accordance with the requirements of current EU data protection laws.
The service provider's subcontractors are as follows:
Amazon: Server hosting
Stripe: Payment gateway
PayPal: Payment gateway
Intercom: User communications (support)
Mailchimp: Email campaigns
Slack: Internal communications
Google Analytics: Web analytics tool from Google
Jetbrains: Integrated Development Environment (IDE)
New Relic: Web performance monitoring and management.
This agreement constitutes the specific and explicit prior consent of the Customer for Pleasepoint's use of subcontractors, which may sometimes be outside the EU/EEA or territories approved by the European Commission.
The Customer may revoke this consent at any time, but doing so will result in the termination of this agreement and consequently, Pleasepoint will no longer be able to provide the service.
The Customer will be informed before Pleasepoint replaces its subcontractors.
6. Duration of the agreement
The agreement continues being valid as long as Pleasepoint processes personal data with the use of the service application data processor and unless replaced by another signed AAD that communicates its primacy over this agreement.
7. Right of the Data Subjects
Pleasepoint will create,
whenever possible and taking into account the nature of the processing, the
necessary technical and organizational conditions to assist the client in its
obligation to respond to requests from data subjects' rights.
in the event that Pleasepoint
receives a request for the exercise of such rights, it must notify the client
immediately and in no case later than the following business day after receiving
the request, along with any other information that may be relevant to resolve
the request.
8. Liability
in accordance with article 82 of the gdpr, the client
shall be liable for any damage caused in any processing operation in which it
participates, and Pleasepoint shall only be liable for damages caused by the
processing when it has not complied with the obligations of the gdpr
specifically directed to Pleasepoint or has acted outside or contrary to the
client's legal instructions. Likewise, Pleasepoint shall be exempt from liability
if it proves that it is in no way client
responsible for the damages and losses caused.
9. Termination of Services
Upon completion of the
service provision, Pleasepoint will delete all personal data to which it has
had access except those that it is required to retain according to applicable
legal requirements, and in such case, they will be stored in accordance with
technical and organizational safeguards within Pleasepoint.
The Client has full
capability to retrieve all of their personal data from Pleasepoint's customer
management tool. If the Client requests assistance for data retrieval, the
associated costs will be mutually agreed upon between the parties and will be
based on the complexity of the requested process and the time to fulfill it in
the chosen format.
The deletion of data
will not proceed when its retention is required by a legal obligation, in which
case PLEASEPOINT will proceed to their custody, blocking the data and limiting
their processing as long as liabilities could arise from their relationship
with the CLIENT.
PLEASEPOINT will
maintain the duty of secrecy and confidentiality of the data even after the
termination of the relationship subject to this contract.
1. Accounts in arrears
The deletion of data
will not proceed when its retention is required by a legal obligation, in which
case PLEASEPOINT will proceed to their custody, blocking the data and limiting
their processing as long as liabilities could arise from their relationship
with the CLIENT.
PLEASEPOINT will
maintain the duty of secrecy and confidentiality of the data even after the
termination of the relationship subject to this contract.
1. Accounts in arrears
In the event that the
Client incurs in non-payment of the services, and therefore cannot access them,
Pleasepoint will follow the following data processing process that the client
has stored in their Pleasepoint account:
- When the account
enters the "unpaid" state, account users can only access the page to enter or
edit their payment method in Pleasepoint, without access to the rest of their
Pleasepoint account.
- On the 15th day of
the account being in the "unpaid" state, the account moves to the "suspended"
state, where account users cannot access anything in their account. In the
event that the user wants to access the account, they must contact Pleasepoint
through the contact form on the Pleasepoint home page (https://www.pleasepoint.com/)
or through the email hello@pleasepoint.com so that the Pleasepoint team can
reactivate the account so that the user can access to enter or edit their
payment method.
- On the 27th day of
the account being in the "unpaid" state, the account moves to the "closed"
state.
In any case,
Pleasepoint will contact via the email provided by the Client, informing about
the process and its consequences.
2. Cancelled Accounts
In the event that the
Client cancels their account, Pleasepoint will follow the following data
processing process that the client has stored in their Pleasepoint account:
- At the moment when
the Client cancels their account, they will continue to have access to their
Pleasepoint account for the remaining unconsumed but paid time.
- At the moment when
the account enters the "cancelled" state, meaning it has consumed all the
already paid period, account users cannot access anything in their account. In
the event that the user wants to access the account, they must contact
Pleasepoint through the contact form on the Pleasepoint home page (https://www.pleasepoint.com)
or through the email hello@pleasepoint.com so that the Pleasepoint team can
reactivate the account so that the user can access to enter or edit their
payment method.
In any case,
Pleasepoint will contact via the email provided by the Client, informing about
the process and its consequences.
10. Applicable Law and Competent Courts
In the absence of
provisions in this contract, as well as in the interpretation and resolution of
conflicts that may arise between the parties as a consequence thereof, Spanish
law shall apply.
And for the record,
for the appropriate purposes, in evidence of the agreement of the parties, they
sign this contract, in duplicate, in the place and on the date indicated in the
heading of the service provision contract.
5. COMMUNICATIONS SENDING
Pleasepoint informs its Users that when they contract the services, at the
moment of registration, they will receive a transactional email confirming the
contract and providing the necessary instructions to use the tool. Likewise, we
may contact the User in order to inform them of any modification or addition of
a new functionality in the client management tool.
In order to offer the best possible service provision and to fulfill the
commitments derived from the commercial relationship with the Client, Pleasepoint
will periodically send information about its products, services, or news, as
well as information regarding Pleasepoint's Blog or Sales Course, as they seek
to promote training advantages and benefits for the Client.
The User may unsubscribe at any time from receiving any type of commercial
communication by sending an email to hello@pleasepoint.com expressing such intention to unsubscribe.
Likewise, this possibility will be offered to the User in each commercial
communication received via email
6. COOKIES
As described in our Cookie Policy, we use cookies and
similar technologies (e.g., web beacons, pixels, ad tags, and device identifiers)
to recognize the User and/or their device/s across different services and devices.
We also allow third parties to use cookies as described in our Cookie Policy.
You can control cookies through your browser settings and other tools. The User
may also block their activation from the beginning of navigation on the Website
so that Pleasepoint does not use cookies or similar behavioral tracking technologies.
7. MINORS
The services offered through the Website are only available to adults. Therefore,
those who do not meet this condition must refrain from providing personal information
on the Website to be included in Pleasepoint's databases. However, with the prior
consent of their parents or guardians, they may proceed to include their personal
data in the Website's forms.
8. CHANGES TO THE
PRIVACY POLICY
Pleasepoint reserves the right to modify this Privacy Policy in accordance with
the applicable legislation at all times, of which it will duly inform on the Website,
so it recommends that the User review it periodically to be informed of how Pleasepoint
protects their information.