GENERAL PRIVACY AND EU GDPR POLICY
Effective date: May 11, 2021
Mindy Support (“us”, “we”, or “our”) operates the https://mindy-support.com website (hereinafter referred to as the “Service”).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
With this policy, we inform you that in cases in which we are required to do so by law, we apply the GDPR rules regarding the collection, storage, use, handling, transfer and deletion of personal information. In all other cases, we apply applicable laws (including CCPA, where applicable) and internal rules and policies.
Data Security, Transparency, Reliability, Standards of data protection and Compliance with legislation have always been the highest priority for our company.
Table of Contents
Please, find below the following information:
- What Is The GDPR
- What Data We Collect and How We Collect It
- Legal Basis for Processing the Data and Key Principles of Data Usage and Storage in our company
- Your Rights
- Final Provisions
1. What Is The GDPR
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy, which came into effect on the 25th of May, 2018.
The GDPR applies to all organizations operating within the EU and processing “personal identifiable data” of EU residents.
To learn more about GDPR, please, visit official General Data Protection Regulation website.
2. What Data We Collect and How We Collect It
There are two ways, in which Mindy can obtain personal data:
- From this website, while being a Controller in GDPR terms;
- From its Clients under the framework of relevant legal binding agreements, while being a Processor in GDPR Terms
Therefore, there are two distinct groups of Data subjects: users of Mindy’s official web-site and Mindy’s Clients.
As per the GDPR definition, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For both parties, unless otherwise specified in a separate agreement between Mindy and it’s Client (i.e. Data Protection Agreement) in most cases this means:
- Telephone number
Being a Controller, we collect your data via online inquiry forms on our website, emailed inquiries and correspondence, or phone conversations.
3. Legal Basis for Processing the Data and Key Principles of Data Usage and Storage
Using Mindy Support services to manage your customers’ data means that you have engaged Mindy Support as a data processor to carry out certain processing activities on your behalf.
According to Article 28 of the GDPR, the relationship between the controller and the processor are regulated by the Data Processing Agreement, which we put in place with every Client.
With this said, responsibility regarding the accuracy and completeness of provided personal information, including the correctness and validity of the name, e-mail and other information that the data subject provides to Mindy lies with the Controller (being Mindy’s Client).
Additionally, Mindy Support acts as the data controller of the personal data we collect about you, our customer, in relations with its contractors.
Being driven by the GDPR regulation, we would like to provide you with clean and clear information on how exactly your data are used, in plain and simple language.
- Which data we collect and/or process? Only Personal data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f). From time to time we may send you marketing information in case we believe that it is beneficial to you as a client.
- What are these ‘legitimate interests’ we talk about?
- Improving our services (using new tools, processes) to help you reach your goals.
- Customize and enrich your experience on our Site
- To identify patterns that we can use in our marketing strategy and to help us develop, administer, support and improve our services and features and adverts
- To conduct reviews that assist us in the improvement and optimisation of our Site and our Services
- To administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and as part of our efforts to keep our Site safe and secure
- Making sure that your personal data and Mindy Support’s systems are safe and secure.
- Responsible marketing of our services and its features, as in providing direct marketing advertisements and communications to you via email, text, post or telephone or via our selected third parties.
- Monitoring the effectiveness of our direct marketing communications and your responses to it
- Other legitimate interests and purposes compliant with GDPR provisions
- Choice and Consent
For Clients, the conditions for the transfer, use and storage of personal data are governed by a separate legal agreement of the parties
- Use, retention, and disposal
Use, retention and disposal of personal data are governed by GDPR rules and regulations and/or separate agreements with Clients (Data Controllers)
- Acces, Data Storage and Security:
We confirm that Mindy Support tries to provide the appropriate level of security to cover all possible risks presented by processing, in particular from accidental or unlawful destruction, loss, unauthorized disclosure, etc.
- Any natural person acting under the authority of Mindy Support either as the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by law.
- We have appropriate Data Access and System Access Controls in place as well as Data Backup.
- We have implemented a wide range of rules and policies regarding information security, access to information and rules for the use of information and privacy. On top of existing standards and procedures, we are ISO 9001 and ISO 27001 certified.
- Sharing and Disclosing Your Personal Data. We retain access to all personal information that we have collected from you or about you. Once in our possession, we will be responsible for that information and that information will be subject to any privacy terms or policies that we have in place.
If our business is sold or merged, or if we sell or buy any businesses or assets, we may disclose your personal data to the prospective seller or buyer of such businesses or assets. We will make sure that any such transfer is done in a secure way.
If we offer or supply a service to you that is provided on our behalf by a third party we may have to pass your information to them in order to deliver the service. By using this Site you consent to us providing your information to third parties authorised by us to provide such services. We may also use third parties to provide services on our behalf which may include processing (but not using themselves) your information e.g. to complete partial addresses or to enrich the information we hold about you. In either case, we will not pass your information to anyone who is not also subject to adequate privacy commitments in our contract with them and we will not allow the third party to use your information for marketing purposes without your consent.
We also may reveal your personal data to any local or international public authorities, if they have a legal right to ask and obtain such information.
We will not otherwise disclose, sell or distribute your information to any third party without your permission unless we are required to do so by law or to obtain professional advice.
- Storing Your Personal Data. We retain Personal Data no longer than it is necessary and we have regular reviews and proper processes in place. In cases when you provide us with your consent to use your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
4. Rights of the Data Subject
According to the GDPR, as a Data subject you have the right to know:
- What personal data we collect and process about you;
- The purpose and location of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been/will be disclosed;
- How long we intend to store your personal data for;
- If we did not collect the data directly from you, information about the source;
- What measures we put in place to provide you with these rights.
Also, it is important to list your rights as a Data Subject related to your data maintenance/amendments:
- The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- Right to obtain the erasure of personal data from the controller;
- Right to obtain restriction of processing from the controller;
- Right to Data Portability.
If you would like to send us either a general request or a particular request to correct/erase your data, please contact our designated Data Protection Officer:
- Email: [email protected]
5. Tracking & Cookies Data
Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
For more information on Cookies, please acquaint yourself with our designated Cookies Policy.
6. Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
7. Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
8. Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
9. Compliance with California Consumer Privacy Act (CCPA)
With this policy, we declare ourselves to be in compliance with the rules and procedures established by the CCPA, in instances when, in accordance with applicable international or national law, we are obliged to be guided by the CCPA. The basic guiding principles of our handling of personal data to the extent of compliance with the CCPA are set forth above in this Policy.
As the controller of your personal data, Mindy Support is committed to respecting all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer (DPO) by email at [email protected].
The DPO is obliged to monitor compliance and enforcement with new regulations, act as the contact point for the supervisory authority on issues relating to processing personal data and to train the staff.
Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or by other means, if such notification will be deemed necessary. Please check back frequently to see any updates or changes to this Policy.