We are registered with the ICO in the Register of fee payers. Our data protection registration number is ZA501157. The Register is available at here
Name: Mindset Technologies LTD Email address firstname.lastname@example.org
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, among other, including:
The application of pseudonymisation to personal data is implemented with a view to reduce the risk to your personal data and help us to meet our data protection obligations.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Mindset uses TrueDepth API to automatically collect information to track the facial expressions of the user for a period of approximately 20 seconds. Mindset uses this data to attempt to determine the emotions displayed by a user in response to a stimulus provided by the app. No personal data is collected during the test. Data is sent over HTTPS to a secure access-controlled database in our AWS account, which is encrypted at rest, and is not shared with any third parties. Mindset will require access to your microphone and/or camera to be able to use TrueDepth API.
TrueDepth API does not capture or store any personally identifiable information through the app nor does it record any unique facial features. TrueDepth API only provides to Mindset a set of numbers that relate to movement areas of the user’s face (such as “left eyebrow raised”). TrueDepth API is not used for any clinical setting and not specifically targeting individuals with dementia or any other health conditions.
If you provide personal information about other people then you must:
when providing information about other people, ensure that you have all relevant permissions and authority: to make all necessary disclosures.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
We strongly advise you not provide any sensitive personal data on our website, as the “Sign-Up” option is for general enquiries only.
We will only use your personal data only when necessary and strictly when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
to manage our relationship with you which may include:
|Profile and Identity||
||Technical Data and Usage Data||Necessary for our legitimate interests (to study the tests outcomes to develop the algorithm; for the purpose of running our app; to provide administration and IT services, network security)|
|to carry out analysis, market research and testing||Identity||Necessary for our legitimate interests (necessary to conducts the neurological tests)|
We may only disclose your personal data if we are required to do so by applicable law and regulation.
We will only use your personal data exclusively for the purposes for which we collect it, unless we identify that any new purpose is compatible with the existing processing purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so within 72 hours upon becoming aware of the breach.
We will not keep your personal information for longer than is necessary, for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data by contacting us at email@example.com
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
Amazon is responsible for security of its Cloud Server. Amazon implements security measures that we will implement and operate. At all times we remain responsible for security of the personal data stored in the Cloud Server.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Under certain circumstances, you have rights under the relevant data protection laws in relation to your personal information.
right to rectification
If your personal information is incorrect or incomplete any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.
right of access
You have a right to:
right to be informed
You have a right to be informed:
right to restrict processing under certain circumstances
You have a right to restrict processing under certain circumstances:
right to data portability
right not to be subject of automated processing
You have a right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.
the right to object to processing
You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
If you wish to exercise any of the rights set out above, please contact firstname.lastname@example.org
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
"Comply with a legal obligation" means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
"Legitimate Interest" means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at email@example.com