Mindset Technologies Limited (“Mindset”) respects your privacy and is committed to protecting your personal data. This privacy policy will explain how we process your personal data when you visit the Mindset Application(s) ("our app") (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This privacy policy aims to give you information on how we collect and process your personal data provided to us through your use of our app and our website at www.mindset4dementia.com
We don’t intend to collect personal data whilst you are on our app or website. Third-parties like Apple or Google may share personal data with us to facilitate your use of our services. If we do collect any of your personal data, it will be stored and processed in accordance with this privacy policy.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we might provide, so that you are fully aware of how and why we are using your data. This privacy policy is in addition to other notices and privacy policies we provide, and is not intended to override them.
We (Mindset) are the Controller of your personal data. Mindset is a private limited company registered in England and Wales under company number 11092048 and we have our registered office at Mindset Technologies LTD, 3rd Floor, 5 Chancery Lane, London, England, WC2A 1LG.
We are registered with the ICO in the Register of fee payers. Our data protection registration number is ZA501157. The Register is available at here.
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). You also have the right to complain to any supervisory authority in the EU Member State where you reside. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you have any questions about this privacy policy or our privacy practices, please contact:
Mindset Technologies LTD 3rd Floor 5 Chancery Lane London England WC2A 1LG info@meetmindset.com
We keep our privacy policy under regular review. As we don’t collect your contact details, we may be unable to tell you when we’ve updated our privacy policy. We will however, highlight the fact we have updated it on this page, so you can be aware of any material changes that might affect you.
This version of the privacy policy was last updated on 26 January 2021.
Our app and website may include links to third-party apps, plug-ins and websites. As we don’t control or manage these platforms, we cannot be responsible for the content published on any such websites. Clicking on those links or enabling those connections may enable third-parties to collect or share data about you. We don’t control this and are not responsible for their privacy statements. When you leave our app and/or the website, we encourage you to read the privacy policy of every website and app you visit.
We use different methods to collect data from and about you. These include:
We will only use your personal data when we need to and the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Personal data or personal information means any information about a person from which they can be identified. It does not include data where the person’s identity has been removed (anonymous data).
We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also described what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on.
| Type of personal data | Description of personal data | Purpose: How we use your personal data | Lawful basis: Our reasons for collecting your personal data |
|---|---|---|---|
| Personal information | Responses to questions provided in our app |
Carry out analysis, market research and testing in relation to dementia To facilitate your use of our services |
Necessary for our legitimate interest to:
Where we need to comply with a legal obligation. |
| Biometric data | Behaviour demonstrated in our app’s interactive activities such as the balloon game |
Carry out analysis, market research and testing in relation to dementia To facilitate your use of our services |
Necessary for our legitimate interest to:
Where we need to comply with a legal obligation. |
| Special category data | Information about your health and background provided during our app’s user journey | Carry out analysis, market research and testing in relation to dementia |
Where you have consented to us processing your data. Where we need to comply with a legal obligation. |
| Contact information | Your name, addresses, e-mail addresses, phone numbers and other contact details |
To contact you where you have made direct communication with us such as through our website To update the records, we hold Carry out analysis, market research and testing in relation to dementia |
Necessary for our legitimate interest to:
Where we need to comply with a legal obligation. |
We also collect, use and share "aggregated data" such as statistical or demographic data. Aggregated data may come from your personal data, but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Mindset may process special category data about you whilst using our app. Special category data means details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We request your explicit consent at the outset of our app before processing any special category data. Mindset cannot use any special category data you may provide to identify you as a person. We request that you do not provide any sensitive personal data on our website, as the “sign-up” option is for general enquiries only.
Mindset uses TrueDepth API to automatically collect information to track the facial expressions of the user for a period of approximately 20 seconds. Mindset uses this data to attempt to determine the emotions displayed by a user in response to a stimulus provided by the app. No personal data is collected during the test. Data is sent over HTTPS to a secure access-controlled database in our AWS account, which is encrypted at rest, and is not shared with any third parties. Mindset will require access to your microphone and/or camera to be able to use TrueDepth API.
TrueDepth API does not capture or store any personally identifiable information through the app nor does it record any unique facial features. TrueDepth API only provides to Mindset a set of numbers that relate to movement areas of the user’s face (such as “left eyebrow raised”). TrueDepth API is not used for any clinical setting and not specifically targeting individuals with dementia or any other health conditions.
As we aim not to collect your personal data in our app, it may be difficult for us to meet all your requests such as when exercising your data subject rights.
We may only disclose your personal data if we are required to do so by applicable law and regulation. This may include third-parties that support our business, such as Amazon and Apple. Other third-parties may have access to your aggregated data, but will be unable to use the data to identify you. For example, we may share information about the number of users who have declared they are prescribed to a particular drug as asked on our app.
We will only use your personal data for the purposes for which we collect it, unless we identify that any new purpose is compatible with the existing processing purpose.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in a way it shouldn’t be, changed or shared. These methods include:
We will also limit access to your personal data to employees, agents, contractors and other third parties who need to see it. They will only process your personal data on our instructions and they will keep your personal data confidential.
We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law.
We will not keep your personal information for longer than we need it, for the purposes for which it was collected and is processed and for the purposes of meeting our legal, accounting or regulatory reporting requirements.
To decide on determine the appropriate retention period for personal data, we consider a number of factors, including:
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
The personal data that we hold about you will be stored in the UK and the European Economic Area (EEA), but may also be transferred to or stored at a destination outside the UK or EEA.
When we transfer your data to third party service providers based outside the EEA, we will be conducting a transfer of data outside the EEA. We ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:
We will make sure we meet any future requirements the UK or the EU provide following the UK’s exit of the EU, including (but not limited to) the legal safeguards discussed above.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Under certain circumstances, you have rights under the relevant data protection laws in relation to your personal information. The rights include:
Right to rectification
If your personal information is incorrect or incomplete any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.
Right of access
You have a right to:
Right to be informed
You have a right to be informed:
Right to restrict processing under certain circumstances
You have a right to restrict processing under certain circumstances:
Right to data portability
You have a right to receive from us a copy of your personal information in commonly used and machine-readable format and store it for further use on a private device.
You have a right to transmit personal information to another third party; or have your personal information transmitted directly from one third party to another where technically possible.
Right not to be subject of automated processing
You have a right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.
Right to object to processing
You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
If you wish to exercise any of the rights set out above, please contact info@meetmindset.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.