MINDSET TECHNOLOGIES LTD respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit the Mindset Application ("our app") (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.
This privacy policy aims to give you information on how we collect and process your personal data through your use of our app, including any data you may provide through our app, from time to time, when you access our app and our website at www.meetmindset.com.
We do not intend to collect your personal data when you use the app and/or the website, however it is possible that aggregate data, being personal and non-personal data combined from several measurements can be aggregated and lead to you as an identifiable individual. When you use our app and/or the website, you may be associated with online identifiers and other information received by the servers may be used to identify you and create your profile. If we collect any of your personal data, it will be stored and processed in accordance with this privacy policy.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide from time to time when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
MINDSET TECHNOLOGIES LTD ("We"). We are a private limited company registered in England and Wales under company number 11092048 and have our registered office at Minster House 42 Mincing Lane, 7th Floor, London, United Kingdom, EC3R 7AE is the controller and responsible for your personal data (the "Company", "we", "us" or "our" in this privacy policy).
We are registered with the ICO in the Register of fee payers. Our data protection registration number is ZA501157. The Register is available at here
If you have any questions about this privacy policy or our privacy practices, please contact:
Name: Mindset Technologies LTD Email address info@meetmindset.com
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, among other, including:
The application of pseudonymisation to personal data is implemented with a view to reduce the risk to your personal data and help us to meet our data protection obligations.
We keep our privacy policy under regular review.
This version of the privacy policy was last updated on June 6 2020.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Mindset uses TrueDepth API to automatically collect information to track the facial expressions of the user for a period of approximately 20 seconds. Mindset uses this data to attempt to determine the emotions displayed by a user in response to a stimulus provided by the app. No personal data is collected during the test. Data is sent over HTTPS to a secure access-controlled database in our AWS account, which is encrypted at rest, and is not shared with any third parties. Mindset will require access to your microphone and/or camera to be able to use TrueDepth API.
TrueDepth API does not capture or store any personally identifiable information through the app nor does it record any unique facial features. TrueDepth API only provides to Mindset a set of numbers that relate to movement areas of the user’s face (such as “left eyebrow raised”). TrueDepth API is not used for any clinical setting and not specifically targeting individuals with dementia or any other health conditions.
If you provide personal information about other people then you must:
when providing information about other people, ensure that you have all relevant permissions and authority: to make all necessary disclosures.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
We strongly advise you not provide any sensitive personal data on our website, as the “Sign-Up” option is for general enquiries only.
We will only use your personal data only when necessary and strictly when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
|
to manage our relationship with you which may include:
|
Profile and Identity |
|
|
Technical Data and Usage Data | Necessary for our legitimate interests (to study the tests outcomes to develop the algorithm; for the purpose of running our app; to provide administration and IT services, network security) |
| to carry out analysis, market research and testing | Identity | Necessary for our legitimate interests (necessary to conducts the neurological tests) |
We may only disclose your personal data if we are required to do so by applicable law and regulation.
We will only use your personal data exclusively for the purposes for which we collect it, unless we identify that any new purpose is compatible with the existing processing purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so within 72 hours upon becoming aware of the breach.
We will not keep your personal information for longer than is necessary, for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data by contacting us at info@meetmindset.com
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
We use Amazon Cloud for the purpose of storing personal data. Amazon Cloud servers may be located in the US or anywhere else in the world. Amazon Cloud (Amazon AWS) privacy policy is available at https://aws.amazon.com/privacy/.
Amazon is responsible for security of its Cloud Server. Amazon implements security measures that we will implement and operate. At all times we remain responsible for security of the personal data stored in the Cloud Server.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Under certain circumstances, you have rights under the relevant data protection laws in relation to your personal information.
right to rectification
If your personal information is incorrect or incomplete any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.
right of access
You have a right to:
right to be informed
You have a right to be informed:
right to restrict processing under certain circumstances
You have a right to restrict processing under certain circumstances:
right to data portability
right not to be subject of automated processing
You have a right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.
the right to object to processing
You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
If you wish to exercise any of the rights set out above, please contact info@meetmindset.com
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
"Comply with a legal obligation" means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
"Legitimate Interest" means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at info@meetmindset.com