PRIVACY POLICY AND TREATMENT OF PERSONAL DATA

Through this Privacy Policy and Processing of Personal Data TOMi presents to the Owners, the way in which the Personal Data that may be processed by TOMi will be treated.

This Policy will take into account the Terms and Conditions of the Platform, so the definitions and / or references that are included in that document will feed this Policy, and likewise, this Policy is part of such Terms and Conditions.

  • Definitions

    • As part of this privacy and personal data treatment policy, the following defined terms will be used:

    • TOMi: shall be identified as TOMi INC, a company incorporated in the state of Delaware in the United States of America, together with its subsidiaries, branches or associated companies, who may, in the different countries where the Platform is enabled, act as representatives or interested parties in the processing of personal data as responsible and/or in charge of the processing.
    • Platform: Shall be the way to identify the Tomi digital platform, where TOMi Services are provided.
    • Policy: Referring to the present privacy policy and personal data processing of TOMi.
    • Terms and Conditions: Refers to the terms and conditions of use of the Platform.
    • Services: Referring to the possibility of performing the following interactions on the Platform, in accordance with the Terms and Conditions, as well as this Policy: 1) create a User account; 2) upload educational content; 3) access educational content; and 4) interact with Users by uploading content, comments, images, videos, among other items.
    • User: Teachers, students and parents who create an account on the Platform, accepting the Terms and Conditions;
    • Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data;
    • Database: Organized set of personal data that is subject to Processing;
    • Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons;
    • Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the processing of the data;
    • Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller and following his instructions;
    • Data Subject or Owner: Natural person whose personal data is subject to Processing, including Users, employees, suppliers and third parties related to TOMi;
    • Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion;
    • Transfer: The transfer of data takes place, when the Controller and/or Processor of personal data, sends the information or personal data to a recipient, which in turn is Controller of the Processing and is located within or outside the country from which the Personal Data was collected.
    • Transmission: Processing of personal data that involves its communication within or outside the territory from which the Personal Data was collected, in order for the Processor to carry out the Processing on behalf of the Controller.
  • Meet TOMi and the objective of the Policy

    • TOMi, in providing its services through the Platform and executing its business activities, seeks to create a world where access to knowledge is available at all times, whether online or offline, and with this clear objective, makes treatment of Personal Data as Responsible and/or processor, promoting respect for the rights you have as a Data Subject, applying principles that are based in various jurisdictions for the proper treatment of Personal Data that you give us freely and voluntarily on the Platform or through our commercial, labor, administrative and or contractual relationships.

    This document is intended to inform in general to all Data Subjects who have delivered, or in the future deliver their Personal Data to TOMi about the Policy, which is applicable to all databases and Personal Data contained therein, whose treatment TOMi holds the quality of Responsible and/or Processor.

  • What information does TOMi process?

    • In the interaction you have as a Data Subject with TOMi and its Services, we may collect Personal Data in which the following type of information is found: 1) identification and contact information such as your name, identification document, email or telephone; 2) your behavior on the Platform, content searches or preferences in your relationship with the Platform, interactions, or content postings, responses, comments or other interaction on the Platform or with other Users; 3) your geographic location information such as your IP address, and information about the device from which you are connecting; 4) information about responses to satisfaction or experience surveys of the Services; 5) education-related information; and 6) information from third parties related to you, such as family members or guardians.

    The Policy does not apply to services provided by other companies or individuals or legal entities, including products or sites that may be displayed in search results and sites that may include or promote the Services or accessed from such services or sites. The Policy does not govern the Processing of data or Personal Data by other companies and/or organizations that advertise or promote the Services and may use cookies, web beacons and other technologies to serve and deliver relevant advertisements.

    The Personal Data and other information that you enter in the Platform or deliver to TOMi freely and voluntarily, may be used by TOMi for the purposes that we will report below, so being this Policy part of the Authorization of Treatment that you sign when you interact with us, you agree and confirm tol know and understand that scope, recognizing the rights that you have as a Holder.

  • What treatment we give to Personal Data.

    • The Treatment that TOMi performs with the Personal Information that you provide as a Holder will always be based on principles and legal standards that are contemplated by all the countries where TOMi has presence, as well as the best standards of use of information and Personal Data at an international level, with which it bases the Treatment of Personal Data.

    In addition to these, TOMi treats the information or Personal Data of Data Controllers according to the relationship they have with TOMi, or with its internal processes, as follows:

    I. Treatment of Personal Data of the TOMi team.

    Employees who are part of TOMi provide their Personal Data to be collected and verified with different sources, including the employee himself, as well as to manage it, keep it and share it with third parties, even after the end of the employment relationship. This information is provided directly by the Data Controllers and/or their representatives, and is treated in accordance with this Policy, under the purposes set forth in the authorizations granted.

    II. Processing of Personal Data of Users

    Through the different communication channels (physical correspondence, web page, e-mail and/or telephone) Personal Data of the Users who want to make use of our Services through the Platform are collected and stored. This information is provided directly by the holders of the information and/or their representatives, and is treated in accordance with this Policy, under the purposes set forth in the authorizations granted.

    III. Treatment of Personal Data of suppliers or allies of TOMi

    Through the different communication channels or documents provided for this purpose, through which the register of suppliers is formalized, Personal Data of TOMi's suppliers is collected and stored. This information is provided directly by the Holders of the information, and is treated in accordance with this Policy, under the purposes set forth in the authorizations granted.

    IV. Treatment of Sensitive Data

    TOMi, in the ordinary development of its operations, does not process sensitive data; however, if it is imperative to do so, it will have the corresponding authorizations, prior to having informed the Data Subject: i) That he/she is not obliged to authorize the processing of sensitive data. ii) That it is optional to answer questions that deal with sensitive data. iii) The sensitive data to be processed. iv) The processing and the purposes of the same.

    V. Processing of personal data of children and adolescents

    TOMi when using Personal Data of minors as one of the main target audiences of the Services we offer, will always have the corresponding authorizations, prior to having informed the Data Controllers or their guardians: i) That it is not obliged to authorize the processing of Personal Data of these minors and that they will always have the disposal of their information in the development of their right of development of their personality. ii) That it is optional to respond to questions regarding Personal Data of minors. iii) The Personal Data to be processed. iv) The processing and purposes thereof.

  • Purposes of Processing

    • TOMi processes Personal Data in order to carry out its administrative and commercial activities, provide its Services and maintain the Platform for Users.

    This Policy is applicable with respect to personal data provided by the Owners to TOMi by any means (verbal, digital or physical) and for those that, through any lawful means, are collected by TOMi.

    Thus, when interacting with Data Subjects, TOMi informs prior to the granting of an Authorization the following purposes of treatment, according to each commercial, contractual or administrative relationship with each Data Subject, framed within the following:

    • I. Collecting, storing, updating, consulting, cataloging, using, deleting, circulating, sharing, and in general, processing the Personal Data provided by the Data Subject to study the labor, commercial or any other type of relationship that TOMi has or could have with you, maintain it or terminate it;
    • II. Request, consult, collect, update, delete the Personal Data provided by the Data Subject before database consulting entities or any other entity that manages or administers databases for legitimate purposes;
    • III. Carry out data analysis on the Platform's usage behavior, as well as satisfaction surveys regarding the Services, so that we can develop improvements in the Services and the Platform related to technical, security, visual or any other type of adjustments or updates;
    • IV. Process requests, complaints or claims as part of customer service activities or any other relationship that TOMi has with the Owners;
    • V. Identify the Users of the Platform;
    • VI. Send information considered of your interest and for educational, commercial and marketing purposes through text messages, email, instant messaging applications or any other means known or to be known;
    • VII. To meet the requests of authorities in the exercise of their functions;
    • VIII. Keep it for statistical and historical purposes; and
    • IX. Share it with third parties, located inside or outside the countries where TOMi is operating or may operate, for the development of these same purposes.
    • X. Other purposes that may be included in the authorizations for the processing of personal data that are sent to the Data Controllers and correctly collected by TOMi.
  • TOMi's Obligations

    • TOMi as Data Controller has the following obligations:

    • I. Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data;
    • II. Request and keep a copy of the respective authorization granted by the Data Subject;
    • III. Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted;
    • IV. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access by third parties;
    • V. Ensure that the information that may be provided to a Data Processor is truthful, complete, accurate, updated, verifiable and understandable;
    • VI. Update the information, communicating in a timely manner to the eventual Data Processor, all the news regarding the data previously provided and adopt the other necessary measures so that the information provided to the Data Processor is kept updated;
    • VII. Rectify the information when it is incorrect and communicate the pertinent to the eventual Data Processor;
    • VIII. To demand from whoever is in charge of the processing at all times, respect for the security and privacy conditions of the Data Subject's information;
    • IX. To process the queries and claims formulated in the terms set forth in the law;
    • X. Inform when there are violations to the security codes and there are risks in the administration of the information of the Data Subjects;
    • XI. Comply with the instructions and requirements of the authorities in the treatment of personal data.
  • Rights of Data Subjects

    • As a Personal Data Subject, you have the following rights in your favor, which will always be respected by TOMi:

    • I. To access, update and rectify your personal data.
    • II. Request proof of the authorization granted to TOMi;
    • III. To be informed by TOMi, upon request, regarding the use given to your personal data;
    • IV. File complaints for violations of regulations on the treatment of personal data in the country where you are;
    • V. To revoke the authorization and/or request the deletion of the Personal Data when the principles, rights and guarantees are not respected in the treatment.
  • Attention to requests, queries and complaints

    • TOMi through the Client Service area will attend all your requests, queries, complaints and/or claims as Owner, related to the rights listed above.

    The consultations will be answered within a maximum period of ten (10) working days from the date of receipt. When it is not possible to answer the query within that period, you will be informed, stating the reasons for the delay and indicating the date on which the query will be answered, which in no case may exceed five (5) business days following the expiration of the first term.

    When you consider that the information you provided us should be corrected, updated or deleted, or when you evidence that there is an alleged breach of the obligations mentioned above, you may file a claim.

    The claim will be formulated by means of a request addressed to TOMi, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert. If the claim is incomplete, within five (5) business days of receiving the claim you must complete the request, complaint or claim.

    If after two (2) months from the date of your request, you have not submitted the required information, it will be understood that you have abandoned the claim.

    The maximum term to address the claim will be fifteen (15) business days from the day after being received in full. When it is not possible to address the claim within that period, you will be informed of the reasons for the delay and the date on which your claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term.

    It should be noted that while you maintain an employment, commercial and/or contractual relationship with TOMi, or it is necessary to keep the information to properly fulfill the purpose of the company or other legal obligations, the information will be kept and you will not have the power to request the removal of the information from our databases.

    If the request for deletion is made once the relationship with TOMi has ended and it is no longer necessary to keep the information to fulfill our obligations, the deletion of the data will mean that they will not be accessible for the development of the normal operations of the company, however they may be kept in their files for statistical or historical purposes, or to meet the requirements of administrative or judicial authorities.

    In the event that the request you make as Data Subject is related to the authorizations for the Processing that are collected by those third parties, TOMi will make its best efforts to respond to the request in an appropriate manner and, if unable to do so, will transfer the request to the third parties responsible for collecting the information, however, in such cases will not be responsible for the content of the responses given to the requests.

    a. Procedure for the exercise of rights

    As a Data Subject you can make requests, queries and/or claims regarding your personal data processed by TOMi by sending your request to:

  • E-mail to soporte@tomi.digital
  • Through the telephone line +1571 444 8664 in the United States of America.
  • International transfer or transmission of information.

    • The personal data susceptible to transfer to third countries will be the same in which the Holder has granted its Authorization for the Processing. In any case, TOMI INC will ensure compliance with the standards set by the authorities that have jurisdiction to monitor the activity of TOMI to perform such transfer or transmission.

  • Validity

    • This Policy is effective as of the month of June of 2023.

    The Personal Data on which we process will remain in our physical and/or digital databases until the purpose for which they were collected is fulfilled.

    We reserve the right to review and/or modify this Personal Data Processing Policy at any time.

    When substantial modifications are made to this Policy, you will be notified of this fact and we will indicate the date from which the new Policy will be in force, at least ten (10) working days before its entry into force.