1. Introduction
1.1 Overview of Privacy Commitment
Going Macro SRL ("GM") is committed to protecting the privacy of all clients, users, and stakeholders who interact with GM and its sub-brands, including Corporate-FM (CFM), Cerulean Studio (CS), Pressence (P), and Blink Bytes AI (BBAI). This Privacy Statement outlines GM’s approach to data privacy, emphasizing our dedication to maintaining the confidentiality and security of personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR).
1.2 Scope of the Privacy Statement
This Privacy Statement applies to all personal data collected, processed, and stored by GM in the course of its business activities. This includes data collected through our websites, communications, service engagements, and any other interactions with GM or its sub-brands. Users of GM services should refer to the privacy policies of individual sub-brands for more specific details on how their data may be handled. This document is intended to provide a general framework, ensuring transparency about our practices while allowing for specific adaptations across different services and brands.
2. Data Collection
2.1 Types of Data Collected
GM collects various types of personal data, depending on the nature of the interaction and the services provided. This may include:
Contact Information: Such as names, email addresses, phone numbers, and business addresses, typically collected during service inquiries, contractual engagements, or through our websites.
Professional Information: Including job titles, company names, and industry sectors, often required for tailoring our services to meet specific business needs.
Technical Data: Such as IP addresses, browser types, and usage data, collected through our websites and digital platforms to enhance user experience and improve our services.
Service-Specific Data: Data related to the specific services provided by GM or its sub-brands, such as training progress in Corporate-FM or design preferences in Cerulean Studio.
2.2 Methods of Data Collection
Personal data is collected by GM through various methods, including:
Direct Interactions: When Clients or users provide data directly to GM, such as through website forms, email communication, contracts, or during meetings and consultations.
Automated Technologies: Data collected automatically when users interact with GM’s websites or digital platforms, such as cookies, server logs, and analytics tools.
Third-Party Sources: GM may receive data from third parties, including business partners, publicly available sources, or through integrations with third-party services used by GM or its sub-brands.
2.3 Purpose of Data Collection
GM collects and processes personal data for legitimate business purposes, which include but are not limited to:
Service Delivery: To provide, manage, and enhance the services offered by GM and its sub-brands, ensuring that Client needs are met efficiently and effectively.
Client Communication: To maintain ongoing communication with Clients, including responding to inquiries, providing updates on projects, and managing contractual relationships.
Marketing and Outreach: To inform Clients and potential Clients about GM’s services, events, and developments, subject to applicable laws and consent requirements.
Compliance and Legal Obligations: To comply with legal and regulatory requirements, including those related to data protection, and to protect GM’s legal rights and interests.
3. Use of Data
3.1 How Data is Processed and Used
GM processes personal data in a manner that is consistent with the purposes for which it was collected. Data processing activities may include storing, analyzing, transferring, and archiving data as necessary to fulfill business operations and service obligations. GM ensures that data processing is carried out with appropriate security measures in place to protect against unauthorized access, alteration, or disclosure.
3.2 Data Use by Sub-brands
Each of GM’s sub-brands may process data in ways specific to their services:
Corporate-FM (CFM): Data may be used to tailor corporate training programs, track participant progress, and enhance the effectiveness of audio content provided to enterprises.
Cerulean Studio (CS): Data is used to develop and refine digital products, ensuring that client preferences and requirements are met in design and functionality.
Pressence (P): Data may be processed to optimize SEO strategies, improve copywriting services, and enhance the overall communication effectiveness for Clients.
Blink Bytes AI (BBAI): Although still in development, future data use may involve processing user interactions to refine AI-based products and improve user experiences.
Intra.FM: Data use may include tracking user engagement on the platform, personalizing learning experiences, and analyzing outcomes to enhance service delivery.
3.3 Legal Basis for Processing Data
GM processes personal data based on one or more of the following legal grounds:
Performance of a Contract: Data is processed as necessary to fulfill contractual obligations between GM and its Clients.
Legitimate Interests: GM may process data where it has a legitimate interest in doing so, provided that such interests are not overridden by the rights and freedoms of the data subject. This includes processing for service improvement, marketing, and business development.
Consent: Where required by law, GM will obtain the data subject’s consent before processing personal data for specific purposes, such as direct marketing. Consent may be withdrawn at any time, subject to legal or contractual restrictions.
Compliance with Legal Obligations: GM may process data to comply with applicable legal obligations, including regulatory requirements and responses to legal requests.
4. Data Sharing
4.1 Sharing with Third Parties
GM may share personal data with third parties under specific circumstances that are necessary to deliver our services, comply with legal obligations, or protect our business interests. These third parties may include:
Service Providers: GM may engage third-party service providers to perform certain business functions on our behalf, such as IT services, payment processing, data hosting, or analytics. These providers are carefully selected and are contractually obligated to protect the confidentiality and security of personal data.
Business Partners: GM may share data with business partners involved in joint ventures, collaborations, or co-branded services. Such sharing will be governed by agreements that ensure the protection of personal data and compliance with applicable laws.
Legal and Regulatory Authorities: GM may disclose personal data to governmental authorities, regulators, or law enforcement agencies if required to do so by law, regulation, or legal process, or to protect the rights, property, or safety of GM, its clients, or others.
4.2 International Data Transfers
Given the global nature of GM’s operations, personal data may be transferred to and processed in countries outside the European Economic Area (EEA). GM ensures that any such transfers are conducted in compliance with applicable data protection laws, including the GDPR, and that appropriate safeguards are in place to protect personal data. These safeguards may include:
Standard Contractual Clauses (SCCs): GM may use SCCs approved by the European Commission to ensure an adequate level of data protection when transferring data outside the EEA.
Binding Corporate Rules (BCRs): Where applicable, GM may rely on BCRs that provide a framework for ensuring data protection across GM’s global operations.
Adequacy Decisions: GM may transfer data to countries that have been recognized by the European Commission as providing an adequate level of data protection.
4.3 Data Sharing Specific to Sub-brands
Each of GM’s sub-brands may have specific data-sharing practices tailored to their services:
Corporate-FM (CFM): Data related to corporate training participants may be shared with client organizations to monitor progress, report outcomes, and tailor future training programs.
Cerulean Studio (CS): Project-related data, including design preferences and feedback, may be shared with third-party developers, designers, or platforms involved in the project’s execution.
Pressence (P): Data used for SEO and communication services may be shared with external platforms or tools used to optimize content and track performance.
Blink Bytes AI (BBAI): Data related to AI development may be shared with third-party developers, researchers, or platforms engaged in the creation and testing of AI-based products.
Intra.FM: User data may be shared with client organizations to track engagement and learning outcomes, as well as with third-party service providers supporting the LMS platform.
5. Data Security
5.1 Security Measures in Place
GM takes the security of personal data seriously and implements a variety of technical and organizational measures to protect against unauthorized access, loss, alteration, or destruction of data. These measures include:
Encryption: Data is encrypted both in transit and at rest to prevent unauthorized access during transmission and storage.
Access Controls: GM enforces strict access controls to ensure that only authorized personnel have access to personal data. This includes the use of passwords, authentication protocols, and role-based access controls.
Regular Security Audits: GM conducts regular security assessments and audits of its systems and processes to identify and mitigate potential vulnerabilities. These audits may be conducted internally or by external security experts.
Data Breach Response: GM has established a data breach response plan to promptly address any security incidents. In the event of a data breach, GM will take immediate action to contain the breach, assess the impact, and notify affected parties as required by law.
5.2 Responsibilities of Users and Clients
While GM takes all reasonable measures to protect personal data, users and clients also have a role in safeguarding their information. GM encourages all users and clients to:
Maintain Secure Credentials: Users should ensure that their login credentials, such as passwords, are kept confidential and secure. GM recommends using strong, unique passwords and enabling multi-factor authentication where available.
Report Security Concerns: Users and clients are encouraged to report any security concerns, suspicious activities, or potential vulnerabilities to GM immediately. Prompt reporting allows GM to take swift action to mitigate any risks.
Comply with Applicable Laws: Clients are responsible for ensuring that their use of GM’s services, including any data they provide or manage through our platforms, complies with applicable data protection laws and regulations.
6. Data Retention
6.1 Retention Periods for Different Data Types
GM retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or contract. The retention periods vary depending on the type of data and the specific service involved:
Contractual Data: Data related to contracts and service agreements will be retained for the duration of the contract and for a period afterward as necessary to fulfill legal obligations, resolve disputes, or enforce agreements. Typically, this period does not exceed ten years unless required by law.
Communication Data: Emails, correspondence, and other communication data will be retained for as long as needed to manage client relationships, provide support, and resolve any issues that may arise. This data is generally retained for up to five years.
Service-Specific Data: Data collected during the provision of specific services, such as training data from Corporate-FM or project data from Cerulean Studio, will be retained for the duration of the service and any subsequent period necessary to support the client’s use of the service. Retention periods may vary based on the nature of the service and client requirements.
6.2 Criteria for Determining Retention Periods
GM determines retention periods based on several criteria, including:
Legal Obligations: GM complies with legal and regulatory requirements that mandate specific retention periods for certain types of data, such as tax records or employment data.
Business Needs: GM considers the ongoing business needs, such as the need to provide support, manage relationships, or defend against potential legal claims.
Client Preferences: In some cases, retention periods may be influenced by client preferences or contractual obligations, particularly in the context of long-term service agreements or ongoing projects.
Data Minimization Principle: GM adheres to the data minimization principle, ensuring that data is not retained longer than necessary. When data is no longer needed, it is securely deleted or anonymized in accordance with GM’s data destruction policies.
7. User Rights
7.1 Right to Access, Correct, or Delete Data
Users and clients have the right to access, correct, or delete their personal data held by GM, subject to certain limitations and conditions:
Access to Data: Users may request a copy of the personal data that GM holds about them. GM will respond to such requests in accordance with applicable laws, typically within one month. However, GM reserves the right to extend this period if the request is complex or if multiple requests have been made.
Correction of Data: If any of the personal data held by GM is inaccurate or incomplete, users have the right to request that the data be corrected. GM will take reasonable steps to ensure that any data inaccuracies are rectified promptly.
Deletion of Data: Users may request the deletion of their personal data where there is no longer a legal basis for GM to retain it. However, GM reserves the right to retain certain data where necessary to comply with legal obligations, resolve disputes, or enforce contractual agreements. In cases where data cannot be deleted, GM may anonymize it to prevent further identification.
7.2 Right to Data Portability
Users and clients have the right to data portability, which allows them to receive their personal data in a structured, commonly used, and machine-readable format. This right applies to data that users have provided to GM, and where the processing is based on consent or a contract and is carried out by automated means. GM will provide the data directly to the user or, where technically feasible, transfer it to another data controller upon request. However, GM reserves the right to deny data portability requests if they would adversely affect the rights and freedoms of others, or if they are technically unfeasible.
7.3 How to Exercise Rights
Users and clients wishing to exercise their data rights should contact GM through the designated contact channels provided in this Privacy Statement. GM may require verification of identity before processing any requests to ensure the protection of personal data. Requests will be processed in accordance with applicable laws, and GM will inform users of any reasons for delays or denials in processing their requests. GM reserves the right to charge a reasonable fee for excessive or manifestly unfounded requests.
8. Cookies and Tracking
8.1 Use of Cookies Across Websites
GM and its sub-brands use cookies and similar tracking technologies on their websites to enhance user experience, analyze website traffic, and support marketing efforts. Cookies are small text files stored on a user’s device that enable websites to remember information about their visit. GM uses the following types of cookies:
Essential Cookies: These cookies are necessary for the operation of the website and enable basic functions like page navigation and access to secure areas. Without these cookies, the website cannot function properly.
Analytical Cookies: These cookies collect information about how users interact with the website, such as pages visited, time spent on the site, and any errors encountered. This data helps GM improve the website’s performance and user experience.
Marketing Cookies: These cookies track user behavior across websites to display relevant advertisements and content. GM may use third-party services, such as Google Analytics, to assist in this tracking. Marketing cookies help GM tailor content and advertising to user interests.
8.2 Opt-out and Control Options
Users have control over the use of cookies and tracking technologies:
Browser Settings: Users can adjust their browser settings to block or delete cookies. However, disabling cookies may affect the functionality of GM’s websites and the availability of certain services.
Cookie Banners: Upon visiting GM’s websites, users will be presented with a cookie banner that provides information about cookie use and offers options to accept or manage cookies. Users can update their preferences at any time by accessing the cookie settings on the website.
Opt-out Tools: For third-party cookies used for marketing purposes, GM provides links to opt-out tools where users can manage their preferences. For example, users can opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.
8.3 Specific Use of Cookies by Sub-brands
Each of GM’s sub-brands may use cookies in ways tailored to their services:
Corporate-FM (CFM): Cookies may be used to track participant progress in training programs, personalize learning experiences, and improve content delivery.
Cerulean Studio (CS): Cookies may be employed to remember user preferences, enhance user experience during project collaboration, and analyze website performance.
Pressence (P): Cookies may be used to optimize SEO strategies, track user engagement with content, and measure the effectiveness of communication efforts.
Blink Bytes AI (BBAI): As this sub-brand develops, cookies may be used to track interactions with AI-based products, personalize user experiences, and gather feedback for product improvement.
Intra.FM: Cookies may be used to monitor user activity on the LMS platform, provide personalized learning paths, and gather data to improve training outcomes.
9. Amendments to the Privacy Statement
9.1 How Changes Will Be Communicated
GM reserves the right to update or modify this Privacy Statement at any time to reflect changes in our data practices, legal obligations, or business operations. When significant changes are made, GM will notify users and clients in the following ways:
Website Updates: The updated Privacy Statement will be posted on GM’s website, and the date of the latest revision will be indicated at the top of the page.
Direct Communication: In cases where changes significantly affect users’ rights or obligations, GM may notify affected parties directly via email or other appropriate communication channels. Clients will be informed of changes that impact the terms of their contracts or the handling of their data.
Service-Specific Notifications: For changes related to specific sub-brands or services, notifications may be provided through the relevant brand’s website or directly within the service platform.
9.2 User Responsibility to Stay Informed
Users and clients are responsible for reviewing the Privacy Statement periodically to stay informed about how their data is being protected and used. By continuing to use GM’s services after changes have been made to the Privacy Statement, users and clients agree to the updated terms. GM encourages users to contact us with any questions or concerns about the Privacy Statement or their data rights.