GENERAL PRIVACY AND EU GDPR POLICY
Effective updated date: October 6, 2020
Mindy Support (“us”, “we”, or “our”) operates the https://mindy-support.com website (hereinafter referred to as the “Service”).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
With this policy, we inform you that in cases in which we are required to do so by law, we apply the GDPR rules regarding the collection, storage, use, handling, transfer and deletion of personal information. In all other cases, we apply applicable laws (including CCPA, where applicable) and internal rules and policies.
Data Security, Transparency, Reliability, Standards of data protection and Compliance with legislation have always been the highest priority for our company.
Table of Content
Please, find below the following information:
- What Is The GDPR
- What Data We Collect and How We Collect It
- Legal Basis for Processing the Data and Key Principles of Data Usage and Storage in our company
- Your Rights
- Final Provisions
What Is The GDPR
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy, which came into effect on the 25th of May, 2018.
The GDPR applies to all organizations operating iwithin the EU and processing “personal identifiable data” of EU residents.
To know more about GDPR, please, visit official General Data Protection Regulation website.
What Data We Collect and How We Collect It
As per the GDPR definition, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For us and you, if otherwise was not specified in separate agreement between us (i.e. Data Protection Agreement) in most cases it means:
- Telephone number
We collect your data via online inquiry forms on our website, emailed inquiries and correspondence, or phone conversations.
Legal Basis for Processing the Data and Key Principles of Data Usage and Storage
Using Mindy Support services to manage your customers’ data means that you have engaged Mindy Support as a data processor to carry out certain processing activities on your behalf.
According to the Article 28 of the GDPR, the relationship between the controller and the processor are regulated by Data Processing Agreement, which we put in place with every Client.
Additionally, Mindy Support acts as the data controller of the personal data we collect about you, our customer, in relations with its contractors.
- Being driven by the GDPR regulation, we would like to provide you with clean and clear information on how exactly your data are used, in plain and simple language.
- Which data we collect and/or process? Only Personal data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
- We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
- We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f). From time to time we may send you marketing information in case we believe that it is beneficial to you as a client.
What are these ‘legitimate interests’ we talk about?
- Improving our services (using new tools, processes) to help you to reach your targets.
- Customize and enrich your experience on our Site
- To identify patterns that we can use in our marketing strategy and to help us develop, administer, support and improve our services and features and adverts
- To conduct reviews that assist us in the improvement and optimisation of our Site and our Services
- To administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and as part of our efforts to keep our Site safe and secure
- Making sure that your personal data and Mindy Support systems are safe and secure.
- Responsible marketing of our services and its features, as in providing direct marketing advertisements and communications to you via email, text, post or telephone or via our selected third parties.
- Monitoring the effectiveness of our direct marketing communications and your responses to it
- Other legitimate interests and purposes compliant with GDPR provisions
As for Data Usage and Storage, we apply following:
- Security Measures. We confirm that Mindy Support aims to access the appropriate level of security to cover all possible risks presented by processing, in particular from accidental or unlawful destruction, loss, unauthorized disclosure, etc.
- Any natural person acting under the authority of Mindy Support either as the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by law.
- We have appropriate Data Access and System Access Controls in place as well as Data Back Up.
- We have implemented a wide range of rules and policies regarding information security, access to information and rules for the use of information and privacy. On top to existing standards and procedures, we are ISO 9001 certified and in process of implementation of the ISO 27001 (pending update).
- Sharing and Disclosing Your Personal Data. We retain access to all personal information that we have collected from you or about you. Once in our possession, we will be responsible for that information and that information will be subject to any privacy terms or policies that we have in place.
If our business is sold or merged, or if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. We will make sure that any such transfer is done in a secure way.
If we offer or supply a service to you that is provided on our behalf by a third party we may have to pass your information to them in order to deliver the service. By using this Site you consent to us providing your information to the third parties authorised by us to provide such services. We may also use third parties to provide services on our behalf which may include processing (but not using themselves) your information e.g. to complete partial addresses or to augment the information we hold about you. In either case, we will not pass your information to anyone who is not also subject to adequate privacy commitments in our contract with them and we will not allow the third party to use your information for marketing purposes without your consent.
We also may reveal your personal data to any local or international public authorities, if they have a legal right to ask and obtain such information.
We will not otherwise disclose, sell or distribute your information to any third party without your permission unless we are required to do so by law or to obtain professional advice.
- Storing Your Personal Data. We retain Personal Data no longer then it is necessary and we have regular reviews and proper processes in place. In cases when you provide us with your consent to use your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
According to the GDPR, as a Data subject you have right to know:
- What personal data we collect and process about you;
- The purpose and location of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been/will be disclosed;
- How long we intend to store your personal data for;
- If we did not collect the data directly from you, information about the source;
- What measures we put in place to provide you with these rights.
Also, it is important to list your rights as a Data Subject related to your data maintenance/amendments:
- The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- Right to obtain the erasure of personal data from the controller;
- Right to obtain restriction of processing from the controller;
- Right to Data Portability.
If you would like to send us either general request or a particular request to correct/erase your data, please contact our designated Data Protection Officer:
- Email: [email protected]
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
For more information on Cookies, please acquaint yourself with our designated Cookies Policy.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
- Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Compliance with California Consumer Privacy Act (CCPA)
With this policy, we declare ourselves to be in compliance with the rules and procedures established by the CCPA, in instances when, in accordance with applicable international or national law, we are obliged to be guided by the CCPA. The basic guiding principles of our handling of personal data to the extent of complience with the CCPA are set forth above in this Policy.
As the controller of your personal data, Mindy Support is committed to respecting all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer (DPO) by email at [email protected].
DPO is obliged to monitor compliance with new regulations, act as the contact point for the supervisory authority on issues relating to processing personal data and to train the staff.
Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or by other means, if such notification will be seen necessary. Please check back frequently to see any updates or changes to this Policy.