GDPR Privacy Notice

6. INFORMATION. PURPOSES. LEGAL GROUNDS

When data subjects are browsing on STREAMWIDE’s website, when they are sending a request by e-mail or when they are contacting the company for any other purpose and by any communication channel, they may communicate the following personal data, which are collected directly from them or other sources, as explained below.

Personal data processed	Purpose/purposes	Legal Grounds
·       Name, ·       Address	Other users may contact data subjects through the use of the Application For billing To be legally compliant To prevent fraud and other crimes For direct marketing (only if we have data subjects prior consent). For recruitment management	Concluding or executing a contract – Art. 6 (1) b GDPR. Legal obligation – Art. 6 (1) c GDPR. Legitimate interest – Art. 6 (1) f) GDPR. Consent – Art. 6 (1) a) – (only for direct marketing).
·       E-mail	For billing To be legally compliant To prevent fraud and other crimes For direct marketing (only if we have data subjects prior consent) For recruitment management	Legal obligation – Art. 6 (1) c GDPR.   Legitimate interest – Art. 6 (1) f) GDPR. Consent – Art. 6 (1) a) – (only for direct marketing).
·       IP address	To defend ourselves against cyber attacks To prevent fraud For network functioning	Legitimate interest – Art. 6 (1) f) GDPR
·       E-mail address,      language, country or location	Articles, events, newsletters, communications	Consent – Art. 6 (1) a) – (only for direct marketing). ·       Legitimate interest – Art. 6 (1) f) GDPR
·       Phone number	To operate, maintain, and provide clients the features and functionality of the application (team on the run)	Concluding or executing a contract – Art. 6 (1) b GDPR.
·       Passwords	Whenever we have given you (or where you have chosen) a password that enables you to access parts of the Application	Concluding or executing a contract – Art. 6 (1) b GDPR.

*Although we have made all the efforts to identify all processed personal data and purposes of the processing, the above table is not exhaustive.

 

6.1. ADDITIONAL INFORMATION

STREAMWIDE is collecting most of the information directly from data subjects (for example, by filling out a form on the website, and/or the TOM and TOTR applications), but also there may be situations where the company collects data from third parties (i.e. partners, platforms).

In addition to the information indicated above, we may also collect the following information, depending on the circumstances:

• How you interact with STREAMWIDE’s website (for example, information about how and when you access the website or what device you use to access the website);
• Information provided when filling out forms or questionnaires;
• Information provided when sending applications (directly on the website or by email), namely through a curriculum vitae and/or a cover letter ;
• The content of messages sent through e-mail and messaging systems;
• To alert you about product upgrades, special offers, updated information, and other new services from STREAMWIDE;
• By downloading the Application, the clients will be registered as a team on the run User/Team on Mission (“User”). This means that if clients mobile phone number is stored in the mobile address book or contact list on another User’s mobile device, they may be informed that you are also a User;
• Returned messages as undeliverable may be retained on the company’s servers for a period of up to 30 days (or 7 days where they have a multimedia attachment) for the User to attempt to resend. Following the 30 or 7 day period (as applicable), or where the undeliverable message is successfully redelivered, STREAMWIDE will delete the undeliverable message from its servers;
• If Webchat function is utilized and application is hosted by team on the run;
• STREAMWIDE may copy, store, or archive the contents of messages where it hosts the operation of the service at its location. If this is the case it will be responsible for the copying, storage, and archiving of user’s data on its servers.
• Device Information: STREAMWIDE may collect information about the User’s mobile device, or any computer that may use to download or stream a copy of the Application on his mobile device, including, where available, the mobile device’s or computer’s unique device identifiers, operating system, browser type, and mobile network information as well as the device’s telephone number, for system administration;
• Location Information: Users may voluntarily share their location with other Users via the Application, and if the Geolocation feature is utilized by your Account Holder, your location may be tracked if enabled on your device;
• Log information: When you use the Application, we may automatically collect and process certain information in server logs, including but not limited to internet protocol (IP) addresses, internet service provider (ISP), clickstream data, browser type and language, viewed and exit pages and date or time stamps;
• Cookies: Our Application may use cookies to distinguish you from other Application users. This helps us to improve the quality and design of the Application and to create new features, promotions, functionality, and services by storing, tracking, and analyzing User preferences and trends. More information about cookies is provided by the Cookie Policy on the Site.

6.1.1. WHAT HAPPENS IF DATA SUBJECTS DON’T PROVIDE PERSONAL DATA

When STREAMWIDE asks data subjects to fill in their information to give them access to certain functionalities or services of the website and applications, will mark some fields as mandatory, because the information is necessary to provide their access to that functionality or services of the website and applications.  

6.2.   ADDITIONAL PURPOSES

STREAMWIDE is also processing personal data for the following purposes:

• For answering to data subject questions (as Users) and requests, and provide them with customer support;
• For marketing purposes, but only if STREAMWIDE is having data subjects prior consent, or when there is a legal exception for obtaining consent;
• For providing and improving STREAMWIDE’s products;
• For diagnose or remedy of technical problems;
• For defending ourselves against cyber attacks;
• For being legally compliant;
• For subscribing to STREAMWIDE’s newsletter:

https://www.STREAMWIDE.com/en/newsletter;

• For requesting information from STREAMWIDE (regarding a product, partnership etc.): https://www.STREAMWIDE.com/en/contact
• To manage the recruitments following the applications sent by the persons concerned;
• In the unlikely event of a dispute, for finding or claiming a right in court.

6.3.     OTHER INFORMATION ABOUT LEGAL GROUNDS

(a) Legitimate interest. If STREAMWIDE uses the legitimate interest, then must perform a legitimate interest analysis (balancing test) through which it can balance its interest and data subject’s interests. If STREAMWIDE’s interests prevail, then it will use the legitimate interest. If the data subject’s interests prevail, then STREAMWIDE will not use the legitimate interest, and to the extent, fail to identify another correct legal basis, STREAMWIDE will not perform that processing activity.

(b) Consent. Obtaining consent is not mandatory, and STREAMWIDE obtains consent from data subjects only in situations where it fails to use another legal basis, like the performance of a contract or taking steps before concluding a contract, compliance with a legal obligation, protection of vital interest, the public interest of official authority and legitimate interest.

(c) Vital interest. In the unlikely event of a medical emergency or another exceptional event, processing may be necessary to protect the vital interests of you or another individual.

7.  DATA SUBJECTS RIGHTS

Data subjects’ rights, under the GDPR Regulation, are as follows and they can be exercised by sending a written, signed, and dated request to the e-mail address: dpo@streamwide.com

(a) The right to be informed about data processing;

(b) The right to have access. The data subjects have the right to obtain from the company a confirmation that personal data concerning them are processed or not and, if so, access to the respective data and the information provided by article 15 (1) of the GDPR;

(c) The right to rectify inaccurate or incomplete data. The data subjects have the right to obtain from STREAMWIDE, without undue delay, the rectification of inaccurate personal data concerning them;

(d) The right to be deleted (“the right to be forgotten” – which is not an absolute right). In the situations provided in article 17 of the GDPR, data subjects have the right to request and obtain the deletion of their data;

(e) The right to restrict processing. In the situations provided in article 18 of the GDPR, data subjects have the right to request and obtain the restriction of processing;

(f ) The right to transmit the data that STREAMWIDE has, about the data subjects, to another controller (“the right to portability”);

( g) Data subjects right to oppose the data processing, in the cases provided in art. 21 of the GDPR;

( h) The right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles with legal effects or similar significant effects on data subjects;

( i) The right to go to court for the protection of data subjects’ rights and interests;

( j) The right of a complaint to a Supervisory Authority.

The rights listed above are not absolute. There are exceptions, each request will be analyzed so that STREAMWIDE can decide whether it is justified or not. To the extent that the request is substantiated, STREAMWIDE will facilitate the data subject’s exercise of their rights. If the request is unfounded, it will reject it, but the data subject will be informed about the reasons for the refusal and of the rights to lodge a complaint with the competent Supervisory Authority and to go to court.

STREAMWIDE is trying to respond to the request within a month. However, the time limit may be extended depending on various aspects, such as the complexity of the request, the large number of received requests, or the inability to identify the data subject on time.

If the company fails to identify the data subject and it does not provide additional information to be identified, the company is not obliged to comply with the request.

8. DATA SECURITY

STREAMWIDE understands the importance of the security of personal data and takes the necessary measures to protect customers and other persons whose data they process, from unauthorized access to personal data, as well as from unauthorized modification, disclosure, or destruction of data processed in the current activity.

STREAMWIDE has implemented the following technical and organizational measures for the security of personal data:

(a) Dedicated policies. STREAMWIDE adopts and constantly reviews internal practices and policies for the processing of personal data (including physical and electronic security measures), to protect systems from unauthorized access or other possible threats to their security. These policies are subject to constant control to ensure compliance with legal requirements and to ensure that the systems work properly.

(b) Data minimization. STREAMWIDE ensures that the personal data it processes is limited to what is necessary, are appropriate, and relevant for the purposes provided in this Policy.

(c) Restricting access to data. STREAMWIDE seeks to restrict to the minimum necessary access to the personal data it processes through: employees, collaborators, and other people who need to access data to process it and perform a service. The company’s staff, partners, and collaborators are subject to strict confidentiality obligations, either by contract or legally.

(d) Specific technical measures. STREAMWIDE uses technologies that ensure customer security, always trying to implement the best solutions for data protection.

The company also makes regular back-ups to recover data in the event of an incident, secure the passwords, and has implemented periodic audit procedures regarding the security of the equipment is using. However, no website, no application, and no internet connection are completely secure and untouchable.

(e) Ensuring data accuracy. STREAMWIDE may sometimes require data subjects to confirm the accuracy of personal data or to update personal data to ensure they reflect reality.

(f) Staff training. STREAMWIDE constantly trains employees and collaborators on legislation and best practices in the field of personal data processing.

(g) Data pseudonymization. STREAMWIDE pseudonymizes the personal data it processes as one of the most effective data protection measures;

(h) Encryption. STREAMWIDE has encrypted e-mail, servers, messages and files, voice and videos, user credentials on the server-side;

(i) Mobile security. STREAMWIDE has implemented Mobile App Secure Device Monitoring, Mobile App Advanced Threat Protection, Mobile application integrity checks, Secured user credentials, Mobile confining user data, Revoke user credentials, Block or remove user access to service, Data wipe out by admin, Application registration via one-time password.

However, certain features of the team on the run application may involve making user’s information publicly available. When using these features, users should ensure that they do not submit any personal data that they do not want to be seen, collected, or used by other users of the Application.

9. STORAGE PERIOD

Unless the law specifies a different retention period, STREAMWIDE stores data subjects’ personal data only for the time necessary to fulfill the purposes.  After the end of the storage period, personal data will be destroyed or deleted from computer systems and any other evidence.

10. DATA TRANSFERS

10.1.  EXTERNAL DISCLOSURE OF INFORMATION

In general, we keep personal data of European citizens in our locations in France and Romania.

If STREAMWIDE transfers your personal data to a country other than the EEA, will ensure that your data is properly protected.

We will ensure that there is an appropriate agreement on the transfer of data, following the standard contractual clauses approved by the Commission European (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).

Also, if it is considered that there are no laws in the country that are equivalent to EU data protection standards, STREAMWIDE will request the third party to conclude an agreement that will reflect these standards. If the transfer is not based on such an agreement, we will ensure that the transfer has always based on another mechanism provided by law to ensure the protection of your personal data.

11. DIRECT MARKETING

Currently, the company sends commercial e-mail messages (e-mail marketing) to the users in STREAMWIDE’s database, as a result of the interactions with our customers, potential customers, partners, users, or in any other context in which one of the above provided their data to our company representatives, or fill in the online contact form in our website.

11.1.     HOW TO UNSUBSCRIBE FROM DIRECT MARKETING CAMPAIGNS?

The data subjects may oppose direct marketing and/or may withdraw their consent at any time by following the unsubscribe instructions on the website.

12. OTHER SERVICES

The Privacy Policy does not cover applications and sites of other third parties that data subjects may access by using the links on STREAMWIDE’s website which are beyond STREAMWIDE’s control. STREAMWIDE encourages data subjects to review the Privacy Policy on any website and/or application they enter before providing personal data.

13. CHANGES

STREAMWIDE may change this Privacy Policy at any time. All updates and changes to this Privacy Policy are immediately available on the website.

14. QUESTIONS, REQUESTS, AND EXERCISE OF RIGHTS

For questions or concerns regarding confidentiality, processing of personal data, and the exercise of legal rights, you can contact us at the e-mail address: dpo@streamwide.com

Last update: 26.02.2021