Privacy policy

Mail to our Office:	By E-Mail:
Plytix SLU Att: Data Protection (GDPR) Alameda Principal 24, 2º Planta 29005 Malaga / Spain	gdpr@plytix.com

We will respond to your request(s) at the latest within one (1) month of receipt. In case your request is i) very complex or ii) we have received numerous requests from you, or both, we have the right under the GDPR to extend the time to respond to you by a further two (2) months upon prior notification to you. Plytix is subject to the authority of the Spanish Data Protection Agency. If at any point you feel that we may have violated your rights under the GDPR you can also file a claim with the Spanish Data Protection Agency (www.aepd.es).

As a data subject as defined under the GDPR, you have the rights to:

• Be informed about our identity as a controller and our contact details (see above), the purposes of processing your Personal Data and transfers of your PII to a third country or international organization. As well you have the right to know the source of Personal Data we may have obtained not from you directly.

• Request access to information whether data about you is being processed by us. If that is the case you have the right to information about the purposes of data processing, the categories of data processing and the data storage limits.

• Request rectification of inaccurate Personal Data we hold about you.

• Request the erasure of Personal Data which is no longer required for the purposes it was collected for or your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.

• Restrict processing. This is the right to ask for a temporary halt to processing of your Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.

• Object to processing of your Personal Data if i) the accuracy of your data is contested ii) the data processing is unlawful iii) we no longer need the data for the purposes they were collected for iiii) you objected to the data processing on public interest grounds or our legitimate interests grounds.

• Request data portability of your Personal Data in a structured, commonly used and machine readable format in order to transmit it to another data controller. We reserve the right to provide only one such request after your account closure with Plytix.

• To not be subjected to decision making that is exclusively based on automated processing. Our Service does not engage in any such automated decision making and profiling.

The GDPR requires us to explain to you the legal basis on which we process your PII. In accordance with the law we process your Personal Data because:

• You have given us your consent to process it for one (1) or more specific purposes. You have the right to withdraw consent at any time by contacting us via the contact information provided above. We may not stop processing your PII after you withdraw consent in instances where we have another legal basis for such processing (e.g. legal obligations).

• It is necessary in order to perform our contract with you or to take steps to enter into a contract with you upon your request.

• It is necessary to protect your or another natural person's vital interests.

• It is necessary in furthering our legitimate interests of using the data provided by you to us, given your interests and fundamental rights do not override those interests.

• We need to comply with a legal obligation.

If you are a resident of California / USA your rights to privacy are protected under the California Consumer Privacy Act 2018 [1798.100 - 1798.199.100].

When exercising your rights under the CCPA we will ask you to provide a piece of government issued identification in order to be able to identify you, protect your data with us and to process your request(s).

Mail to our Office:	By E-Mail:
Plytix SLU Att: Data Protection (CCPA) Alameda Principal 24, 2º Planta 29005 Malaga / Spain	privacy@plytix.com

We will respond to your request(s) at the latest within forty five (45) days of receipt. In case your request is i) very complex or ii) we have received numerous requests from you, or both, we have the right under the CCPA to extend the time to respond to you by a further forty five (45) days upon prior notification to you.

As a “Data Subject” as defined under the CCPA, you have the rights to:

• Request the deletion of your Personal Data. We are legally not obliged to comply with your request to delete your data if the data is necessary for the business in order to a) complete the transaction b) ensure security and integrity c) debug and repair errors d)
  exercise free speech e) comply with the California Electronic Communications Privacy Act Ch.3.6 f) engage in public or peer reviewed scientific, historical or statistical research g) enable internal uses reasonably aligned with the consumer relationship h) comply with a legal obligation.
• Request correction of incorrect personal information.
• To know what personal information is being collected, including its a) categories b) the
  source from which it was obtained c) purpose for collecting and c) the specific pieces of
  personal information.
• To know what personal information is shared and with whom.
• Opt out of the sharing of personal information.
• Limit the use and disclosure of sensitive personal information.
• To not be discriminated against due to the exercise of your rights.

3.1 Data minimization. We strive to limit the amount of data we collect from you and only collect the data we need to carry out the agreed processing.

3.2 Data we do not collect. We do not collect and nor process special category data defined by the GDPR as a) race b) ethnicity c) political opinions d) religious beliefs, e) philosophical beliefs, f) trade union memberships g) genetic data h) biometric data i) health data j) sexual orientation.

3.3 What data we collect. During your use of the Plytix Service, we may request specific PII about you in order to add you as a User, add you to our email list, facilitate your payments for the Service, or fulfill your requests for services or information.

The types of PII that we collect and save include:

• Contact and account information, such as name, work mailing address, work email address, and work phone number;
• Technical information, collected in our logs and via cookies. Such information may include standard web log entries that contain your device identifiers and information, operating system information, clickstream data, IP address, previous page URL, referring page URL, and timestamps.
• Information you provide such as feedback, comments, or other messages.
• Other information that is collected during your communications with us, such as email messages and “read receipts.”
• Anonymous, non-identifying, and aggregate information such as the type of browser you are using, the type of operating system you are using, the date and time of any request, language preference, referring Site, and the domain name of your internet service provider.
• Anonymized PII and include such anonymous information in sets or collections of aggregate information.

4.1 We use the PII you provide solely for the purposes for which you have submitted it including:

4.2 We may use anonymous information that we collect to improve the design and content of our platform and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our platform is used, as well as to offer you programs or Services.

4.3 We may use your Content to provide certain functionalities of the Service, as directed by you. We may also anonymize your Content and use it for purposes of improving the design and content of our Service, analyzing how the Service is used, and performing analytics and benchmarking, and for general business purposes.

5.1 We will never sell your PII data. We will also not share your PII, except:

(a) for the purposes for which you provided it (if applicable);
(b) with your consent; or
(c) as required by law or with external legal counsel to protect our organization or others from harm (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, harm to or interference with the rights or property of another).

Finally, we may transfer your PII to our successor-in-law in the event of a company acquisition, sale, merger, or bankruptcy.

5.2 Plytix engages certain sub-controllers and processors in providing the Service. These third parties are listed below, with a description of their services and the location where data is hosted. The list contains processors which may, in part, only process data not containing PII. This list may be updated by Plytix from time to time as the need arises:

Third party

Location

Description of Service

LearnWorld

Cyprus

Cloud Platform for Plytix Academy

Google Analytics	USA	Webpage usage data
HubSpot, Inc.	USA and Ireland	Marketing automation and sales tool for US & EU Plytix customer data respectively only
Tinybird	EU	Database for analytics data storage
Facebook	EU	Behavioral advertising and analytics
LinkedIn	USA	Behavioral advertising and analytics
Capterra	EU	Conversion tracking
Crozdesk	UK	Conversion tracking
G2 Crowd	USA	Conversion tracking
YouTube	USA	Embedded videos
Pendo.io	USA	Product usage analytics and in-tool communication

5.3 Should at some point in time the need to transfer PII to a data processor in a third country arise, Plytix will only transfer PII data with your consent to such third countries and apply the EU Standard Contractual Clauses (SCC) as a precondition for such transfer.

The servers containing user data on the Plytix Academy Platform are under control by LearnWorld in Cyprus, who is the sub-processor engaged on behalf of Plytix to provide the cloud based Plytix Academy Platform.

LearnWorlds Ltd
Email: gdpr@learnworlds.com
Phone: +44 11 6464 9900
Address: Gladstonos 120, Foloune Building, 2nd Floor, B1, 3032, Limassol, Cyprus.

    Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 9404, USA.

    675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

    Freshworks Inc., 2950 South Delaware St., 2nd Floor, San Mateo, CA 94403, USA.

In line with our legal obligations under the Art. 49 (1) (a) GDPR, we inform you that the United States have not obtained an adequacy decision from the European Union in regards to their data protection laws and practices and do not offer appropriate data protection safeguards either. Before opening an account on the Plytix Academy website, provided using software from LearnWorlds, please consider the risks of the absent data protection provisions in the US and also the possibility that your personal data may potentially be subject to US Government surveillance and storage. By setting the check mark during the sign-up process and creating an account on this website you expressly agree to the above explained data transfers. You can withdraw your consent at any time by closing your Academy account and sending a request using this form to gdpr@plytix.com to start the process of your data erasure from the Plytix and LearnWorld systems.

If you have been a paying customer of Plytix we store your PPI for a period of six (6) years in order to be able to fulfill our documentary obligations towards the Spanish Tax Agency (Agencia Estatal de Administración Tributaria) for our Spanish entity Plytixs SLU and towards the Internal Revenue Service (IRS) for our US entity Plytixs.com Inc.

Plytix will process your data while you maintain an account on the Plytix Academy Platform. After you have deleted your account from the Academy Platform, your PII Data is subject to the following automated deletion schedule:

● Hourly backup - deletion within 2 days
● Daily backup - deletion within 7 days
● Weekly backup - deletion within 4 weeks
● Monthly backup - deletion within 12 months

In the unlikely event of a PII data breach we will fully comply with our legal obligations under the GDPR and cooperate with the local data protection authority. Amongst other things this means we will notify the authority within 72 hours of the breach occurring and work closely with their established protocols to address the situation. We will also communicate a data breach to you directly if the breached data contained unencrypted PII or the data protection authority directs us to do so.

9.1 Enhancing the user experience. To enhance your online experience with us, our web pages may use "cookies."
Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Certain features of the Service may not function properly without the aid of cookies.

9.2 Plytix or our service providers may also use "pixel tags," "web beacons," "clear GIFs," or similar means (collectively, "Pixel Tags") in connection with some Plytix Site pages and HTML- formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count Users who have visited certain pages of the Plytix Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.

9.3 As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data,” can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Plytix Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our Site.

9.4 Do Not Track. At present, the Site does not specifically respond to browser do-not-track signals.

In order to use the Plytix Academy Platform the User needs to have contractual capacity. We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, USA Children's Online Privacy Protection Act (“COPPA”), and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information.

Please check the privacy policies of other websites we link to in order to learn how they collect, use, store and share information that you may submit to them or that they collect. We do not accept responsibility for 3rd party websites.

Because our business needs may change over time, we reserve the right to modify this Privacy Policy. If at any time in the future we plan to use your PII in a way that differs from this Privacy Policy, we will revise this Privacy Policy as appropriate.

This policy was last updated on 10 May 2023