This document is intended to inform you on the processing of your personal data by the Data Controller.
DENTCOF COURSES S.R.L.is Data Controller (herein after named ”Dentcof”). In case you have any questions regarding this Policy or about our processing of your personal data, you can contact us anytime at the email address email@example.com or using the postal address Timișoara, no.2 Martin Luther street, 4th floor, Timiș county.
Through this Policy, we explain to you how Data Controller collects, uses and manages personal data, so please read carefully in order to understand what categories of personal data we process and for what purposes, as well as the rights you have regarding your personal data, in accordance with European Regulation 2016/679 on the protection of personal data and national provisions on the protection of personal data.
Please check for updates to this Policy. If we make any changes that we consider important, you shall be able to check them in this section, the latest version of the Policy being published, bearing the date of the last update.
Terms with the following meanings are used in this Policy:
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more specific elements of his physical, physiological, genetic, mental, economic, cultural or social identity;
"Genetic data" means personal data relating to the inherited or acquired genetic characteristics of a person, which provide unique information on the physiology or health of that person and which result in particular from an analysis of a sample of biological material collected from the person;
"Biometric data" means personal data resulting from specific processing techniques related to the physical, physiological or behavioural characteristics of a natural person that allow or confirm the unique identification of that person, such as facial images or dactyloscopy data
"Health data" means personal data relating to the physical or mental health of a person, including the provision of healthcare services, which disclose health information;
"Processing" means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
"Restriction of processing" means the marking of stored personal data in order to limit their further processing;
"Consent of the data subject" means any free, specific, informed and unambiguous expression of the data subject's consent by which the person consents, by an unequivocal statement or action, to the processing of the personal data;
"Controller" - The entity that establishes the purposes and means of processing personal data, when the purposes and means of processing are established in accordance with the applicable legal provisions
"Processor" - means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Online Platform" - the website developed under the domain name owned by Dentcof - https://masterclass.dentcof.com/;
"Cookies" - small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including the.
Collection and processing of personal data
Dentcof process your personal data for carrying out its activity and for providing complete services.
The purposes for which we may process your personal data, based on the adequate legal ground and retention period for each of them are:
- Purpose: Creating an account on the website to access the presentations Categories of processed personal data: email address; if you choose to log in with your Gmail account, Google LLC will transfer us your email address Legal grounds: processing is necessary in order to take steps at the request of data subject prior to entering into a contract Retention period: during the existence of the account
- Purpose: Paying the subscription fee Categories of processed personal data: debit/credit card number, name on the card, expiry date, CVV/CVC, date of payment Legal grounds: processing is necessary for the performance of a contract to which data subject is party Retention period: during the subscription. Payment of subscription is due every six months, by directly debiting the account for which the debit/credit card data was registered. If you wish to unsubscribe, please use the option available in your account. Recipients: payment processor Stripe (more information on how Stripe processes personal data may be found here).
- Purpose: Issuing tax invoices Categories of processed personal data: name, surname, postal address, debit/credit card, issuing country Legal grounds: compliance of a legal obligation to which the Controller is subject (debit/credit card issuing country is required in order to verify the correspondence with data related to the card, in order to correctly issue the invoice, according to VAT rates applicable in different states). Retention period: 10 years, according to financial-accounting legislation Recipients: payment processor Stripe (more information on how Stripe processes personal data may be found here).
- Purpose: Providing answers to questions sent by email or phone Categories of processed personal data: name, surname, email address, phone number Legal grounds: legitimate interest in answering to your questions Retention period: 3 years from the date the answer was delivered.
- Ensuring a better functioning of the website;
- Correct display of content;
- Customizing the interface, ensuring the security of the site against fraud or illegal use;
- Creating statistics to know the reactions of users in relation to the content of the website;
For information on specific cookies placed on the website, as well as information on the possibility to control or deactivate cookies, see the Cookies Policy.
Transfer of personal data to Non-EU countries
Dentcof states that any data transfer, if necessary, is made in strict compliance with the relevant legislation, respectively with all the legal requirements provided by Regulation 2016/679. Your personal data may be transferred to European Union (“EU”) countries and the European Economic Area (“EEA”).
Security measures for data processing
Dentcof is committed to constantly evaluating and updating the security measures implemented to ensure that they are adequate to protect the rights and freedoms of natural persons. In this regard, Dentcof implements the latest technical solutions to maintain security at an appropriate level.
Possible recipients of your personal data
In order to carry out the activity and offer the services available on Dentcof platform, we use the services of some contractual partners, to whom personal data may be provided in order to be used strictly in fulfilling the obligations. For more information regarding our partners, the services provided to our website, and the data transfers, please see our service providers below:
|Service||Role||Data||Link||Location and data transfer|
|Auth0||Authentication and authorization||- Auth0 Data (not sent by Masterclass) Name|
- Avatar (publicly available - it is fetched from other services)
- IP address
- Can be linked to Google
Sent by Masterclass:
- Redirect URL (points to Masterclass)
|AWS||Infrastructure||- EC2 Machines (virtual servers)|
- Maria DB (database)
- Redis (session store)
- Media Convert (video transcoding)
- S3 (storage)
- CloudFront (CDN)
|https://aws.amazon.com||Europe, with transfer to the USA|
|Stripe||Payment gateway||- Email|
- Card details (directly from client - we don’t store anything related to the card)
|https://stripe.com/||Europe, with transfer to the USA|
|Sendgrid||Email server used to send email from Auth0 to customers (email verification email).||- Name||https://sendgrid.com/||Europe, with transfer to the USA|
Our contractual partners have the status of Processors, within the meaning of Regulation 2016/679, and Dentcof, as the Controller, rigorously sets out the instructions that the contractual partners must follow. We make every effort to ensure that all entities we work with process your personal data in a safe and secure manner. Personal data may be disclosed to public authorities and / or institutions if there is an obligation in this regard, at their express written request or if there is a suspicion that an offense has been committed.
Rights of data subjects
Please note that, in accordance with the provisions of Regulation 2016/679, you have the following rights at any time as a data subject:
- Right of access to the personal data processed: you have the right to obtain confirmation that your personal data are or are not processed by Dentcof and, if so, to request a copy of them; In the event that you request copies of the information already communicated and / or in the event of repeated requests to Dentcof, in the event that it has the status of Controller, it has the right to charge a reasonable fee to be communicated in advance. Dentcof, when it has the status of Data Controller, has the right to refuse to respond in the event of excessive, repeated, unfounded requests.
- Right to request the rectification or completion of inaccurate or incomplete personal data; The rectification will be communicated to each addressee
- Right to obtain a restriction on processing, if:
- i. you consider that the personal data processed is inaccurate, for a period that allows Dentcof to verify the accuracy of the personal data;
- ii. the processing is illegal, but you do not want the deletion of the personal data processed, but the restriction of the use of this data;
- iii. if Dentcof no longer needs your personal data for the defined purposes, but you need data to establish, exercise or defend a right in court, or
- iv. you have objected to the processing, for the time necessary to verify that the legitimate grounds prevail over your rights;
- Right to request the deletion of personal data processed concerning you, if one of the following reasons applies:
- i. personal data are no longer necessary for the purposes for which they were collected or processed,
- ii. the data subject withdraws the consent on the basis of which the processing takes place, and there is no other legal basis for further processing,
- iii. the data subject exercises his right to object and the controller has no legitimate reason to prevail in order to continue processing;
- iv. the data has been processed illegally;
- v. deletion is required to comply with European or national law.
- Right to withdraw your consent at any time regarding the processing, when the processing is based on the consent, without affecting the legality of the processing activities carried out up to that moment;
- Right to object to the processing of data for reasons related to the particular situation you are in, when the processing is based on a legitimate interest;
- Right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning the data subject or affects him or her in a similar manner in a significant manner;
- Right to data portability, which means the right to receive your personal data that you have provided to Dentcof in a structured, commonly used and automatically readable form, as well as the right to transfer such data to another Controller, if the processing is based on your consent or the performance of a contract and is performed by automatic means;
- Right to file a complaint with the Profile Authority.
In order to exercise any of the rights regarding the processing of personal data by Dentcof, or to file complaints regarding the data processing, please contact us at the following address: Timișoara, no 2 Martin Luther street, 4th floor, Timiș County or at the e-mail address : firstname.lastname@example.org.
We also mention that from the moment of receiving the request, we will formulate a response within a maximum of 30 days. If there are reasonable suspicions about the person who sent the request, we can take steps to clarify and confirm that the request was submitted by the data subject.
You may contact The National Supervisory Authority for Personal Data Processing at telephone number +40.318.059.211 or email address email@example.com or at the postal address București sector 1, B-dul G-ral. Gheorghe Magheru 28-30.
Changes to this Policy
Date of last modification: 10.05.2022