Selgora and the GDPR
At Selgora, we are fully committed to the principles of data protection and privacy. As a company based in the European Union, compliance with the General Data Protection Regulation (GDPR) is at the core of our operations.
This page outlines our approach to GDPR and provides the Data Processing Addendum (DPA) that governs the relationship between Selgora (as the Data Processor) and you, our Creator (as the Data Controller).
Our Commitment as a Data Processor
When you use Selgora to manage your business and your Members, you are the Data Controller, as you determine the purposes and means of processing your Members' personal data. Selgora acts as your Data Processor, processing that data on your behalf and according to your instructions.
Processing Data Lawfully
We will only process data based on your documented instructions, as outlined in our Terms of Service and the DPA below.
Maintaining High Security
We implement robust technical and organizational measures to protect the data we process, including a multi-tenant architecture that ensures the complete isolation of each creator's data.
Ensuring Transparency
We are transparent about our use of sub-processors and our data handling practices.
Supporting Your Compliance
We provide the tools and contractual guarantees you need to meet your own GDPR obligations, including assisting with Data Subject Rights requests and data breach notifications.
Data Processing Addendum (DPA)
This Data Processing Addendum ("DPA") forms part of the Selgora Terms of Service ("Principal Agreement") between BELOYAL TECH S.R.L. ("Selgora," the "Processor") and the user of the Service ("Creator," the "Controller").
1. Definitions
Terms such as "Personal Data," "Data Subject," "Processing," "Controller," and "Processor" shall have the meanings ascribed to them in Article 4 of the GDPR.
2. Details of Data Processing
a. Subject Matter:
The subject matter of the processing is the Personal Data of Members.
b. Duration:
The processing will continue for the duration of the Principal Agreement, until the Creator's account is terminated.
c. Nature and Purpose of Processing:
Selgora will process Personal Data for the sole purpose of providing the Service as described in the Principal Agreement. This includes hosting content, managing memberships, processing payments, building landing pages with forms, and executing automated marketing and management tasks via Selgora Flows as instructed by the Controller.
d. Categories of Data Subjects:
The Data Subjects are the Members, who are the customers and audience of the Controller.
e. Types of Personal Data:
-
Identity & Contact Data: Name, email address.
-
Commercial Data: Offer(s) purchased, date of enrollment.
-
Usage Data: Course progress, engagement with content and events, and other data related to the Member's use of the Controller's products on the Selgora platform.
3. Obligations of the Processor (Selgora)
Selgora agrees to:
-
β’
Process Personal Data only on the documented instructions of the Controller.
-
β’
Ensure that all personnel authorized to process Personal Data are bound by a duty of confidentiality.
-
β’
Implement and maintain appropriate technical and organizational security measures to protect the Personal Data.
-
β’
Obtain prior written authorization from the Controller before engaging any sub-processor.
-
β’
Assist the Controller, by appropriate technical and organizational measures, in fulfilling the Controller's obligation to respond to requests from Data Subjects exercising their rights.
-
β’
Notify the Controller without undue delay upon becoming aware of a Personal Data Breach.
-
β’
Upon termination of the Principal Agreement, delete or return all Personal Data to the Controller, at the Controller's choice.
-
β’
Make available to the Controller all information necessary to demonstrate compliance with its GDPR obligations and allow for and contribute to audits.
4. Obligations of the Controller (Creator)
The Controller warrants that it has a lawful basis for processing the Personal Data and that its instructions to Selgora are lawful and compliant with the GDPR.
5. Sub-processing
The Controller provides a general authorization for Selgora to engage third-party sub-processors to provide the Service. Selgora maintains a list of its sub-processors, which includes but is not limited to:
-
β’
Cloud Hosting Providers
-
β’
Payment Processors
-
β’
Content Delivery Networks (CDNs)
-
β’
Email Delivery Services
Selgora will notify the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object.
6. International Transfers
Selgora will not transfer Personal Data outside the European Economic Area (EEA) without ensuring that the transfer is subject to appropriate safeguards as required by the GDPR, such as the Standard Contractual Clauses (SCCs).
7. Governing Law
This DPA shall be governed by and construed in accordance with the laws of Romania.
Questions about GDPR Compliance?
We're here to help you understand our data processing practices and ensure compliance.
Contact Our Team