PRIVACY POLICY OF PLEASEPOINT

PLEASEPOINT PRIVACY POLICY

1. DATA CONTROLLER

PLEASE NETWORKS, S.L. is a commercial company ("Pleasepoint") that owns this Website through which online marketing training and online customer management software for companies can be contracted. Therefore, it is responsible for processing the personal information that the User provides in the provision of the services.

PLEASE NETWORKS, SL trading as PLEASEPOINT

VAT Number: B64230832

Address: Avda. Torreblanca, 57 - Office. 2C 2C16 08172 SANT CUGAT DEL VALLÉS (Barcelona)

Email: hello@pleasepoint.com

Website: www.pleasepoint.com

Phone: +34 935 543 029

At PLEASE NETWORKS, SL, we recognize the importance of protecting your personal information and are committed to treating it responsibly and in accordance with data protection laws.

This privacy policy aims to regulate all aspects related to the processing of data of the different users who browse or provide their personal data through the different forms located on the website.

The terms and conditions include: the privacy policy, the legal notice, the cookie policy, the terms of use, and the legal conditions of contracting of PLEASE NETWORKS S.L. When we ask you to accept our terms and conditions, you will be accepting all these policies and conditions.

2. LEGAL BASIS FOR DATA PROCESSING

The processing of data provided by Users through the forms on the Website and other communication channels at their disposal is based on the consent given by each User for the management of their request, for the provision of the contracted services and, where appropriate, for commercial and marketing actions.

Likewise, the legal basis for the processing of your personal data arises from pre-contractual measures and the contracting and execution of the provision of the services described in the Terms of Use.

3. PROCESSING OF PERSONAL DATA

1. Privacy Statement

At Pleasepoint we are responsible for the collection, processing, and use of the personal data you provide to us through the registration or contact forms included on the Website or in any communications between the User and Pleasepoint according to data protection legislation.

On the other hand, in relation to the data you may provide through the use of our customer management tool, you, the customer, are responsible for such data (the "Customer") and Pleasepoint, the service provider, is the data processor on your behalf. In this regard, by accepting this Privacy Policy, you agree to the data access agreement included in section 5 which regulates access to Customer-owned data by Pleasepoint within the framework of service provision.

Through this Data Privacy, we want to inform you about what personal data is collected and stored when you visit our Website or use our services offered therein. Additionally, you will receive information on how we use your data and what rights you have regarding their use. This Privacy Policy also applies to access and use of the Pleasepoint tool, as well as other available services.

The data voluntarily provided by the User during the use of our services will be included in a file owned by Pleasepoint for processing purposes as indicated in this Privacy Policy. In accordance with current legislation on the protection of personal data and in particular, as established in Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC ("GDPR"), Pleasepoint will maintain the corresponding record of personal data processing activities.

Pleasepoint has taken the necessary technical and organizational measures to maintain the required level of security, depending on the nature of the personal data processed and the circumstances of the processing, in order to prevent, as far as possible and always according to the state of the art, its alteration, loss, processing, or unauthorized access.

Given the nature of the services provided through the Website, the processed data can be classified into the following types:
- Identifying data (e.g., name, surname, postal address, email address, phone number).
- Transaction data for goods and services (e.g., payments for services rendered).
- Commercial information data (e.g., interests in products or services).

2. Collection of Personal Data

1. If you visit our Website

```

3. PROCESSING OF PERSONAL DATA

2. Collection of Personal Data

· Manage user registration on the website. The legal basis for processing the data will be the consent given by the user when registering through the registration form and by selecting the checkbox accepting our privacy policy before submitting their request. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

· Service Contracting: Manage the contracting of products and services offered through the Website, as well as for managing the contractual relationship between Pleasepoint and the Clients. During the contracting process, financial data (bank cards) or insurance data may be collected for the purpose of communicating them to the entities that manage the payment. This purpose is based on the free and legitimate acceptance of the legal relationship between the Client and Pleasepoint, which implies the connection of that processing with third-party files for the fulfillment of the specified purposes.

The legal basis for processing the data will be the consent given by the user when registering through the registration form and by selecting the checkbox accepting our privacy policy before submitting their request. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

· Access to the private area: Manage the registration and subsequent data that Users may generate through said area in order to carry out the general administration of their account, maintenance, control, and management of Client requests, as well as the management of their relationship with Pleasepoint.

· Advertising of own Products and Services and creation of profiles. We collect analysis data of the user's purchases, interests, and preferences. This way, we can offer products and services that may interest them. The legitimate basis for profile creation is the user's consent given by accepting the corresponding checkbox. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

· Manage the curriculum vitae submitted by the interested party through the form enabled for this purpose and include it in the company's candidate database.

The legitimate basis for managing and processing the interested party's curriculum vitae is their consent, which they manifest by taking an affirmative action to submit it and selecting the checkbox accepting our privacy policy prior to its submission. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

· Enhance your browsing experience on the web.

The legitimate basis for enhancing your browsing experience on the web is the consent given by the user when accepting cookies. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

· Manage our social networks and send you information about our activities and products. The legitimate basis for managing our social networks and sending you our activities and news is the consent you give us for this purpose. The user has the right to revoke their consent at any time without affecting the lawfulness of the processing based on the prior consent withdrawal.

4. Data Retention

Users and/or Customers are informed that their personal data will be kept for the time strictly necessary for the purposes of the processing for which they were provided, provided that the User and/or Customer has not revoked their consent and, in any case, following the principle of data minimization contemplated in the applicable regulations. In particular, personal data provided by Users and/or Customers will be kept for the period determined based on the following criteria: (i) legal obligation to keep; (ii) duration of the contractual relationship and attention to any responsibilities arising from said relationship; (iii) request for deletion by the interested party in cases where appropriate.

5. Rights of Users and/or Customers

The User and/or Customer has the right to access their data and to obtain confirmation of their treatment, as well as a copy of the personal data subject to treatment. They have the right to update them and request the rectification of data that are inaccurate or request deletion when the data are not necessary for the purposes for which they were collected. They may request restriction in the processing of their data and object to the processing of the same by revoking their consent, as well as exercise the right to data portability. Likewise, they have the right not to be subject to decisions based solely on the automated processing of their personal data. They may exercise their rights by contacting us at Avda. Torreblanca, 57 Dpcho. 2C 2C16 - 08172 SANT CUGAT DEL VALLÉS (Barcelona). Email: hello@pleasenetworks.com

If you believe your rights have not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency www.aepd.es

or to our Data Protection Officer at the email dpo@pleasepoint.com

6. Data Shared with Third Parties

Personal data collected through the Website will not be transferred to any third party. That is, Pleasepoint will not disclose personal information contained in its files to third parties without the express consent of the User and/or Customer, except in specific cases where such transfer is established by data protection regulations.

7. Data Update

It is important that in order for us to keep personal data updated, the user always informs us of any changes to them; otherwise, we do not guarantee the truthfulness of the same.

The user guarantees that the personal data provided are truthful, guaranteeing that all the information provided corresponds to the real situation, is up to date and accurate, and undertakes to communicate any modification.

4. DATA PROCESSING

The present agreement constitutes the legal basis of the contractual relationship between you, the Client, as the Controller of personal data, and Pleasepoint, the service provider, in its capacity as Processor of such data.

In this section, we explain how the data for which you are responsible can be processed and its purpose.

Due to our volume of clients, it would be impossible to individually sign agreements with all our Clients - Data Controllers - therefore, the acceptance of this Privacy Policy implies the conclusion of the data access agreement (DAA), in compliance with what is established in the GDPR.

This DAA ensures that Pleasepoint, as data processor, complies with the requirements set forth in data protection regulations.

By contracting our services, you, as the Client and Controller of the Treatment of the data, accept that Pleasepoint acts as the data processor and the following obligations are hereby indicated.

1. Pleasepoint Responsibilities as Data Processor

Pleasepoint must process all personal data following the instructions of the Data Controller. By entering into this Agreement, it will process the personal data of the Client (i) in accordance with all national and European laws; (ii) complying with its obligations under the terms of the service application; iii) according to the instructions of the Client, as described in the agreement.

As the party that provides the customer management tool, Pleasepoint is required to will provide the Client with the appropriate solutions to accompany the development continuing your business by using the service. Pleasepoint will track how the client uses the client management tool to make the best suggestions, provide relevant services at all times and commit to send the most accurate communications in order to achieve ease of use and Customer satisfaction. To the extent that the processing of personal data from the customer management tool is part of this, are processed only in accordance with the provisions of this AAD and applicable law. and will be shared only when necessary to provide a better experience in the Client in relation to the services.

Taking into account the available technology and the cost of implementation, as well such as the scope, context and purpose of the processing, Pleasepoint is required to take all reasonable measures, including technical and organizational measures, to ensure a sufficient level of safety in relation to risk and category of personal data to be protected. Pleasepoint must help the Client with appropriate technical and organizational measures as necessary and taking into account the nature of the processing and the category of information available to Pleasepoint to ensure compliance with obligations of the client or data controller under data protection laws applicable.

Pleasepoint, within the framework of the provision of services, undertakes to:

(i) Process such data following at all times the documented instructions from the client for the exclusive purpose of carrying out necessary communications;
(ii) Ensure that authorized persons handling personal data commit to respecting their confidentiality;
(iii) Take the necessary measures to ensure the security of the data to which access is granted;
(iv) Not engage another processor without the express prior written authorization from the Client. In the event Pleasepoint, acting as the Data Processor, engages another processor to perform certain processing activities on behalf of the Client, such other processor shall be bound by a contract or legal act imposing the same data protection obligations as those set forth in this agreement, particularly providing sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with this agreement;
(v) Assist the Client, taking into account the nature of the processing, through appropriate technical and organizational measures, wherever possible, so that the Client can fulfill the obligation to respond to requests aimed at exercising the rights of data subjects;
(vi) Help the Client ensure compliance with obligations regarding data security, notify the AEPD in the event of security breaches, and communicate such breaches to the data subjects;
(vii) Not disclose such data to any third party without the Client's authorization, not even for their retention. The transmission of data to Public Authorities in the exercise of their public functions is not considered data disclosure, so Pleasepoint's authorization is not required if such transmissions are necessary to achieve the purpose of the assignment;
(viii) Adopt, implement, and comply with, in accordance with current regulations and their development standards, the technical and organizational measures necessary to ensure the security of personal data and prevent their alteration, loss, unauthorized processing, or access, in line with the security level appropriate to the nature of the personal data subject to access or processing;
(ix) Upon completion of the services provided under this Agreement, Pleasepoint undertakes to destroy all personal data received from the Client, as well as the media or documents containing personal data, and
(x) Provide the Client with all necessary information to demonstrate compliance with the obligations set forth in this section, as well as to enable and contribute to audits by the Client.

2. Client Responsibilities as Data Controller

The Client represents and warrants, by accepting this Agreement, that, by using the customer management tool, it will be able to process its data freely according to all legal data protection requirements, including the GDPR. The Client gives explicit consent to the processing of their personal data at all times when using the service.

The Client may revoke this consent at any time, doing so will result in the termination of the contractual relationship between the Client and Pleasepoint.

The Client has a legal basis for processing personal data with Pleasepoint (including subprocessors) through the use of Pleasepoint's services.

The Client is responsible at all times for the accuracy, integrity, content, and reliability of the personal data processed through Pleasepoint's customer management tool.

The Client must have an accurate list of the categories of personal data it processes.

3. Security Measures

Pleasepoint declares to be aware of the obligations arising from data protection regulations, especially regarding the implementation of security measures for the different categories of data and processing established in article 32 of the GDPR.

Pleasepoint guarantees that such security measures will be properly implemented and will cooperate with the client to ensure compliance.

The client will conduct an analysis of the potential risks arising from the processing to determine appropriate security measures to ensure the security of the information processed and the rights of data subjects, and if it identifies risks, it will provide Pleasepoint with an impact assessment report for the implementation of adequate measures to prevent or mitigate them.

Pleasepoint, for its part, must analyze potential risks and other circumstances that may affect the security attributable to it, and if any, inform the client to assess their impact.

Nevertheless, Pleasepoint guarantees that, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, it will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk posed by the processing, which may include, among others:

• Pseudonymization and encryption of personal data.

• Ensure the permanent confidentiality, integrity, availability, and resilience of processing systems and services.

• Restore availability and access to data quickly in the event of a physical or technical incident.

• Regular verification, assessment, and evaluation procedures of the effectiveness of technical and organizational measures to ensure the security of processing

4. Security Breach

Security breaches known to Pleasepoint must be reported to the Client without undue delay and within a maximum of 24 hours, for their knowledge and implementation of measures to remedy and mitigate the effects. Notification will not be required when it is unlikely to result in a risk to the rights and freedoms of individuals.

Notification of a security breach must contain, at a minimum, the following information:

• Description of the nature of the breach.

• Categories and approximate number of affected data subjects.

• Categories and approximate number of affected data records. Potential consequences.

• Measures taken or proposed to remedy or mitigate the effects.

• Contact information where more information can be obtained (DPO, Security Client, etc.).

5. Agreement for the transfer of data and the use of subcontractors:

To provide the service to the Client, Pleasepoint must subcontract to third parties that provide services to you. These subcontractors can be suppliers external both inside and outside the EU/EEA. Pleasepoint guarantees that All subcontractors comply with the obligations and requirements of this AAD; specifically, that its level of data protection meets the standard required by relevant data protection laws. Yes one jurisdiction falls outside the EU/EEA and is not on the list approved by the European Commission of satisfactory levels of data protection under the GDPR, then a specific agreement is established between Pleasepoint and said subcontractor to ensure that it will maintain all personal data in accordance with the requirements of current EU data protection laws.

The service provider's subcontractors are as follows:

Amazon: Server hosting
Stripe: Payment gateway
PayPal: Payment gateway
Intercom: User communications (support)
Mailchimp: Email campaigns
Slack: Internal communications
Google Analytics: Web analytics tool from Google
Jetbrains: Integrated Development Environment (IDE)
New Relic: Web performance monitoring and management.

This agreement constitutes the specific and explicit prior consent of the Customer for Pleasepoint's use of subcontractors, which may sometimes be outside the EU/EEA or territories approved by the European Commission.

The Customer may revoke this consent at any time, but doing so will result in the termination of this agreement and consequently, Pleasepoint will no longer be able to provide the service.

The Customer will be informed before Pleasepoint replaces its subcontractors.

6. Duration of the agreement

The agreement continues being valid as long as Pleasepoint processes personal data with the use of the service application data processor and unless replaced by another signed AAD that communicates its primacy over this agreement.

7. Right of the Data Subjects

Pleasepoint will create, whenever possible and taking into account the nature of the processing, the necessary technical and organizational conditions to assist the client in its obligation to respond to requests from data subjects' rights.

in the event that Pleasepoint receives a request for the exercise of such rights, it must notify the client immediately and in no case later than the following business day after receiving the request, along with any other information that may be relevant to resolve the request.

8. Liability

in accordance with article 82 of the gdpr, the client shall be liable for any damage caused in any processing operation in which it participates, and Pleasepoint shall only be liable for damages caused by the processing when it has not complied with the obligations of the gdpr specifically directed to Pleasepoint or has acted outside or contrary to the client's legal instructions. Likewise, Pleasepoint shall be exempt from liability if it proves that it is in no way client responsible for the damages and losses caused.

9. Termination of Services

Upon completion of the service provision, Pleasepoint will delete all personal data to which it has had access except those that it is required to retain according to applicable legal requirements, and in such case, they will be stored in accordance with technical and organizational safeguards within Pleasepoint.

The Client has full capability to retrieve all of their personal data from Pleasepoint's customer management tool. If the Client requests assistance for data retrieval, the associated costs will be mutually agreed upon between the parties and will be based on the complexity of the requested process and the time to fulfill it in the chosen format.

The deletion of data will not proceed when its retention is required by a legal obligation, in which case PLEASEPOINT will proceed to their custody, blocking the data and limiting their processing as long as liabilities could arise from their relationship with the CLIENT.

PLEASEPOINT will maintain the duty of secrecy and confidentiality of the data even after the termination of the relationship subject to this contract.

1. Accounts in arrears

PLEASEPOINT will maintain the duty of secrecy and confidentiality of the data even after the termination of the relationship subject to this contract.

1. Accounts in arrears

In the event that the Client incurs in non-payment of the services, and therefore cannot access them, Pleasepoint will follow the following data processing process that the client has stored in their Pleasepoint account:

- When the account enters the "unpaid" state, account users can only access the page to enter or edit their payment method in Pleasepoint, without access to the rest of their Pleasepoint account.

- On the 15th day of the account being in the "unpaid" state, the account moves to the "suspended" state, where account users cannot access anything in their account. In the event that the user wants to access the account, they must contact Pleasepoint through the contact form on the Pleasepoint home page (https://www.pleasepoint.com/) or through the email hello@pleasepoint.com so that the Pleasepoint team can reactivate the account so that the user can access to enter or edit their payment method.

- On the 27th day of the account being in the "unpaid" state, the account moves to the "closed" state.

In any case, Pleasepoint will contact via the email provided by the Client, informing about the process and its consequences.

2. Cancelled Accounts

In the event that the Client cancels their account, Pleasepoint will follow the following data processing process that the client has stored in their Pleasepoint account:

- At the moment when the Client cancels their account, they will continue to have access to their Pleasepoint account for the remaining unconsumed but paid time.

- At the moment when the account enters the "cancelled" state, meaning it has consumed all the already paid period, account users cannot access anything in their account. In the event that the user wants to access the account, they must contact Pleasepoint through the contact form on the Pleasepoint home page (https://www.pleasepoint.com) or through the email hello@pleasepoint.com so that the Pleasepoint team can reactivate the account so that the user can access to enter or edit their payment method.

In any case, Pleasepoint will contact via the email provided by the Client, informing about the process and its consequences.

10. Applicable Law and Competent Courts

In the absence of provisions in this contract, as well as in the interpretation and resolution of conflicts that may arise between the parties as a consequence thereof, Spanish law shall apply.

And for the record, for the appropriate purposes, in evidence of the agreement of the parties, they sign this contract, in duplicate, in the place and on the date indicated in the heading of the service provision contract.

5. COMMUNICATIONS SENDING

Pleasepoint informs its Users that when they contract the services, at the moment of registration, they will receive a transactional email confirming the contract and providing the necessary instructions to use the tool. Likewise, we may contact the User in order to inform them of any modification or addition of a new functionality in the client management tool.

In order to offer the best possible service provision and to fulfill the commitments derived from the commercial relationship with the Client, Pleasepoint will periodically send information about its products, services, or news, as well as information regarding Pleasepoint's Blog or Sales Course, as they seek to promote training advantages and benefits for the Client.

The User may unsubscribe at any time from receiving any type of commercial communication by sending an email to hello@pleasepoint.com expressing such intention to unsubscribe. Likewise, this possibility will be offered to the User in each commercial communication received via email

6. COOKIES

As described in our Cookie Policy, we use cookies and similar technologies (e.g., web beacons, pixels, ad tags, and device identifiers) to recognize the User and/or their device/s across different services and devices. We also allow third parties to use cookies as described in our Cookie Policy. You can control cookies through your browser settings and other tools. The User may also block their activation from the beginning of navigation on the Website so that Pleasepoint does not use cookies or similar behavioral tracking technologies.

7. MINORS

The services offered through the Website are only available to adults. Therefore, those who do not meet this condition must refrain from providing personal information on the Website to be included in Pleasepoint's databases. However, with the prior consent of their parents or guardians, they may proceed to include their personal data in the Website's forms.

8. CHANGES TO THE PRIVACY POLICY

Pleasepoint reserves the right to modify this Privacy Policy in accordance with the applicable legislation at all times, of which it will duly inform on the Website, so it recommends that the User review it periodically to be informed of how Pleasepoint protects their information.

PRIVACY POLICY OF PLEASEPOINT

Selecciona las cookies