Bro Social Club Ltd  ("we", "us" or "Company”) has provided this Privacy Policy ("Policy") to give you a better understanding of our practices regarding the collection, use, transfer, storage and other processing of personal data we collect about persons who engage with us ("you", "your").

THIS POLICY APPLIES TO THE PROCESSING OF YOUR DATA WHEN YOU PURCHASE, USE, ASK US ABOUT, OR OTHERWITHE INGAGE WITH US IN CONNECTION WITH THE BRO ACADEMY SERVICES (the “Services”). FOR INFORMATION ON PROCESSING OF YOUR PERSONAL DATA IN CONNECTION WITH OTHER MATTERS PERTAINING TO THIS WEBSITE, PLEASE SEE OUR GENERAL PRIVACY POLICY AVAIALABLE HERE: https://www.brainrocket.com/privacy-policy-broacademy.

Bro Social Club Ltd determines the means and purposes of the processing of your personal data and therefore acts as the “Data Controller” in terms of the applicable data Protection Laws.

Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy is intended to give you a better understanding of the personal data we collect, the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data.
‍
We understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who engages with us and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under national and international laws and regulations.
‍
Under the applicable laws, we are required to comply with personal data protection and processing procedures to ensure that your data is at all times stored and processed securely and that your rights as a data subject are observed and protected. We take these obligations very seriously and have implemented adequate technical and organizational measures to ensure protection of your privacy.
‍
All processing of your personal data performed by us as envisaged in this Privacy Policy shall be carried out in line with the following laws and regulations, as well all binding acts amending or implementing the same (“Data Protection Laws”):
‍
• the Cypriot Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018), as well as any other subsidiary legislation issued under the law, as may be amended from time to time; and
• Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation);
• Any other law or regulation that is applicable to Our processing of personal data.

This Privacy Policy applies to the processing of your personal data by us in the context of:
• Your use of our Services;
• Our communication with you;
• The processing of any of your queries;
• The Company's compliance with legal requirements we are subject to;
• The Company's pursuit of its legitimate interests;
• Any other relationship with you that is not covered by a separate privacy policy or privacy notice.•

We are committed to ensure that the personal data we use, collect, process about you will be:
• Used lawfully, fairly and in a transparent manner;
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with such purposes;
• Adequate, relevant and limited to what is necessary in relation to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for those purposes;
• Kept securely.

The paragraphs below outline the categories of personal data which we process, including the following:
‍
Personal and Contact Information - This type of data may include your full name, email address, telephone/mobile number, postal address, the company you represent and your title, date of birth, photos, our communication with you, your interaction with our social media resources. We obtain this data from you when you contact us, either by using the contact form or social features on the Website or by other means.
‍
Service data - This type of data may include information on the services you order and/or obtain from us, information on your appointments, your feedback, and similar. This also includes records of learning courses attendance and your performance. We obtain this data from you when you order, subscribe to, or receive our services.
‍
‍‍Employment and qualifications data – We use this type of data when you participate in our recruitment program or when we otherwise consider your employment with us or third parties. This type of data may include your full name, your employment history, your education and qualifications, your age and gender, diploma, information about your participation and performance in the Bro Academy.
‍
Other information you provide to us - This includes any other data you choose to share with us.
‍
We do not perform any automated decision making or profiling using your personal data.

The Company uses and otherwise processes personal data to the extent necessary or appropriate for the following purposes: 

If there are circumstances where the Company considers it needs to process personal data for a purpose that is not compatible with the purposes above, we will provide you with an updated notification regarding such new purpose (or seek your express consent if necessary).  

As a data subject, you have the following rights under the applicable data protection laws, which this Policy and our use of personal data have been designed to uphold. Please contact us at academy@brainrocket.com for more information, or to exercise these rights.
• You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process;
• You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
• You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
• You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
• You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
• You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
• You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.
Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, in certain instances, your personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your personal data.

Personal data processed by us is protected using industry standard security processes and systems. We store your personal data within the European Union, on encrypted hard drives and/or with certified data centers. We use secured https protocol for communication between the website and your browser. Our secure servers protect all information using advanced firewall technology. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Despite the best practices we employ, no party can warrant absolute security of your Internet connection. Any data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done with your personal data before such personal data reaches us.
We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected, except as otherwise permitted or required by applicable law or regulatory requirements. Your personal data will be retained for as long as we have a relationship with you (for example, delivering services to you, communicating with you, evaluating employment opportunity, etc.) and up to one (1) year thereafter. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Regarding your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We may share your personal data with competent authorities having jurisdiction over us. Such disclosures will only be made when permitted or required pursuant to applicable data protection laws and/or other legislation applicable to us.
We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Policy. We may share your personal data with other selected third parties, including:
• Third party service providers: entities we engage to assist us in our business, IT and related services’ providers and their sub-processors, such as service providers contracted to store your personal data, subcontractors, enterprise resource planning and record management tools;
• Affiliated companies and business partners;
• Recruitment agencies: for the purpose of recruitment and assessing your fitness for a specific role
• Business transactions: we may share your personal data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy.
• Governmental authorities and regulatory bodies: to meet local statutory requirements e.g. tax authorities, regulatory registration bodies, etc., such as with governmental agencies and authorities and regulators, social organizations, courts and other tribunals, to the extent permitted or required by applicable law.
• External advisors: our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data.
These third party service providers have access to personal data as needed to perform their functions, but they are not permitted to use it for other purposes. To ensure your personal data is secured, the Company exercises appropriate due diligence in the selection of such service providers and enters into contractual obligation requiring such service providers to maintain adequate technical and organizational security measures to safeguard the personal data, and process the personal data only as instructed by the Company (as applicable).  
It may be required to transfer your personal data to service providers, authorities and affiliates in jurisdictions that are outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those of the European Union. In these instances and where applicable, the Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of personal data. This includes standard contractual clauses that have been approved by the European Commission or in conducting of the transfer subject to an EU Commission adequacy decision.  Your personal data will never be shared with third parties for their own marketing purposes (unless you give your explicit consent thereto).

If you have any questions about this Policy, please contact our Data Protection Officer (DPO), by email at academy@brainrocket.com or by post at Promitheos 4, 3rd Floor, 1065 Nicosia, Cyprus. Please ensure that your query is clear, particularly if it is a request for information about the data we process.

We may change this Privacy Policy from time to time. Please note that changes will be immediately posted on the website and will be deemed to have been accepted on your first use of the website following the alterations in the Privacy Policy. We recommend that you check this page regularly to remain up to date with any changes.