Privacy Policy

GDPR Policy

I. Operator’s Identity and Contact Information

1.1. S.C. TOFMIND CREATIVE S.R.L. (hereinafter referred to as the “Company” or “Operator”) is the data controller in accordance with the provisions of EU Regulation No. 2016/679 (hereinafter referred to as the “Regulation”), regarding the beneficiaries of the goods and services provided through the website https://digitalsiesta.com/ (hereinafter referred to as “Beneficiaries”).

1.2. The identification details of the company are as follows:
Registered Office: ILFOV, ROMANIA
Registration Number in the Trade Register at the Court of J23/1552/2022
Unique Registration Code: 45759931, VAT NO: RO45906331

1.3. In any matters related to the processing of personal data, the Company can be contacted at the following coordinates:_
Email: digitalsiesta@gmail.com

II. Purposes and Legal Grounds for Processing

2.1. The main purpose of processing the personal data of Beneficiaries is to provide the Company’s services in the context of:

  • Processing and completing your orders (digital products);
  • Managing subscriptions and access to the video library;
  • Operating the affiliate marketing program, managing commissions, and discount codes;
  • Providing technical support and assistance services;
  • Sending notifications or commercial/promotional communications (newsletter) regarding the presentation and promotion of goods and services made available to the Beneficiaries, according to Article 6(1)(a) and Article 6(1)(f) of the Regulation (only with your explicit consent);
  • Improving the user experience on our website and personalizing content;
  • Complying with legal obligations, in accordance with Article 6(1)(c) of the Regulation;
  • Protecting and/or pursuing our legitimate interests, in accordance with Article 6(1)(f) of the Regulation.

2.2. The legitimate interests of the Company relevant to the processing of personal data include:

  • Processing data to carry out the Company’s activities (accounting, indirect marketing, management, storage of electronic databases, etc.);
  • Collecting statistical data to improve the services provided through the website;
  • Archiving data to ensure the execution of contracts;
  • Processing data in the context of legal actions.

2.3. The Company processes personal data of Beneficiaries for direct marketing communications. Data processing for this purpose is done only with the consent of the Beneficiaries. Consent may be withdrawn at any time by submitting a request to the Company through one of the contact details above, which does not affect the legality of the processing until that moment.

2.4. In performing its activities, the Company does not engage in automated decision-making concerning Beneficiaries.
2.5. We collect your personal data in various ways, such as:

  • When you register on our website;
  • When you make a purchase or subscribe to a service;
  • When you fill out a contact form or subscribe to the newsletter.

III. Categories of Data Processed

3.1. The categories of data processed by the Company mainly include data provided by Beneficiaries. If the data is not collected directly from Beneficiaries, the Company will transparently inform them about the categories of data processed and the processing conditions.

3.2. The categories of data processed by the Company include:

  • Personal identification data (name, surname, email address, phone number, home/contact address, payment information) – video library subscriptions;
  • Data necessary for purchase and delivery (email, payment data) – digital products;
  • Payment information and data required for commission payments (name, email, payment accounts) – affiliate program;
  • Contract identification data (unique contract number, personal identification number);
  • Payment instrument identification data (cardholder’s name, card number, expiration date, security code);
  • Financial data (payment and billing details);
  • Browsing data (IP, location, accessed pages, browser type, browsing data);
  • Name and email address for responding to inquiries – contact form;
  • Email address – newsletter subscription.

IV. Recipients of the Data

4.1. The Company discloses personal data to authorized employees and third parties through whom it delivers goods or provides services, such as couriers, accountants, partners, collaborators.
4.2. In all cases, the Company has taken appropriate technical and organizational measures to ensure the secure, confidential, and transparent transmission and processing of data by these third parties.
4.3. In some cases, the Company may disclose personal data to state authorities and institutions to fulfill its legal obligations or as part of actions undertaken by these third parties in the exercise of their legal duties.
4.4. Beneficiaries may request the Company to indicate all third parties to whom personal data is disclosed by submitting a request to any of the contact details above.

V. Data Retention Period

5.1. The Company will store processed personal data securely for the minimum period required by law or to fulfill its legitimate interest, depending on the categories of data processed.
5.2. We retain personal data only for as long as necessary to fulfill processing purposes or to comply with legal and business obligations. The retention periods for various types of data are as follows:

  • Inactive accounts: Retained for 2 years.
  • Pending orders: Retained for 2 months.
  • Failed orders: Retained for 2 months.
  • Cancelled orders: Retained for 2 months.
  • Completed orders: Retained for 10 years to meet legal and tax requirements.
  • Stripe data: Retained for 10 days to address payment-related queries or disputes.

Once these periods expire, the data is securely deleted or anonymized unless required for legal purposes. For more details, please refer to our [Privacy Policy].

VI. Rights of the Data Subject

6.1. The Operator promotes transparency and control in all matters regarding the processing of personal data of its service beneficiaries. In this context, it is important to note that under the Regulation, all Beneficiaries have the following rights in relation to the Operator:

  • The right of access to data – The Operator will, upon request, and in principle free of charge, provide Beneficiaries with information about the categories of personal data processed, the purpose of processing, recipients to whom data has been disclosed or will be disclosed, the legitimate grounds for processing and disclosure, the expected storage period, or the criteria for determining this period, and possibly the existence of automated decision-making and/or profiling.
  • The right to request rectification of data – In case of errors in the processed data, the Beneficiary has the right to request the Operator to rectify or complete the data. The Operator will communicate the rectification request to all third parties processing the data on its behalf and will verify the resolution of the request by these third parties unless this is impossible or requires disproportionate effort.
  • The right to request restriction of data processing – The Operator will restrict the processing of data (except for storage) in the following cases:
    • When data inaccuracies are identified, for the time needed to verify and possibly rectify the inaccuracies;
    • When processing is unlawful and the Data Subject opposes the deletion of data and requests instead the restriction of processing;
    • When the data is no longer necessary for the Operator but the Beneficiary requests it to exercise or defend a legal claim, or
    • While verifying whether the legitimate interest of the Beneficiary outweighs the Operator’s interest in a specific case of processing.
  • The right to request data deletion – The Operator will delete data upon request if the data is no longer necessary for the purposes for which it was collected and no legal basis for processing exists, or if the data has been processed unlawfully.
  • The right to request data transfer to another operator – Upon the Beneficiary’s request, the Operator will transfer the requested data to a third party indicated by them.
  • The right to object to processing for direct marketing purposes, including profiling – Without the Beneficiary’s consent, the Operator will not process their data for marketing purposes.
  • The right to object to automated decision-making.
  • The right to withdraw consent when processing is based on it, with the mention that processing prior to the withdrawal remains valid.

6.2. To exercise these rights, you can contact us at the email address digitalsiesta@gmail.com . We will respond to your requests within 30 (thirty) days.

6.3. In addition to exercising the rights listed above, you can report any issues related to the processing of your data to the National Supervisory Authority for Personal Data Processing at www.dataprotection.ro.

6.4. If you have any questions or concerns regarding this privacy policy or how we manage your personal data, please contact us at the email address: digitalsiesta@gmail.com

6.5. For more information regarding how the Company processes personal data, you can visit https://digitalsiesta.com/, under the “Privacy Policy” section, or contact us directly at any of the contact addresses listed in this notice.

7.Privacy Policies for Specific Regions

This section outlines additional requirements based on specific regional laws.

United States (General)

  • Federal Laws: As there is no single federal privacy law, you are subject to various sector-specific regulations (e.g., HIPAA for healthcare data, COPPA for children’s data).
  • California (CCPA): If you are a California resident, you have the right to:
    • Access your personal information.
    • Request deletion of personal information.
    • Opt-out of the sale of your personal information.
    • Non-discrimination for exercising your privacy rights.
  • For more details, see our California Privacy Notice.

United Kingdom

  • We comply with the General Data Protection Regulation (GDPR), providing rights to:
    • Access, rectify, or erase your personal data.
    • Object to data processing or request restriction.
    • Portability of your personal data.
    • Withdraw consent where applicable.

Asia

  • Japan: We adhere to the Act on the Protection of Personal Information (APPI), requiring us to safeguard personal data and notify you of any data breaches.
  • China: We comply with the Personal Information Protection Law (PIPL), ensuring transparency in how we collect, store, and share your personal data.
  • India: We abide by the principles set out in the Personal Data Protection Bill (PDPB), ensuring your personal information is processed in a lawful and transparent manner.

Middle East

  • UAE: We comply with the UAE Data Protection Law, which governs how we collect and handle personal information.
  • Saudi Arabia: We comply with the Personal Data Protection Law (PDPL), which outlines specific rules for data collection and processing in Saudi Arabia.
  • Qatar: We comply with data protection regulations similar to GDPR for individuals in Qatar.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Effective Date.” If significant changes are made, we will notify you through a more prominent notice (e.g., via email or website banner).

Let me know if you need further adjustments or clarifications!