Log in Get our offer
Get our offer

Mindgram Privacy Policy

 

The following Privacy Policy sets out the rules for the processing of personal data of users of the Mindgram Services and other users of the Website.

 

§1 DEFINITIONS

  • AI – a.k.a. artificial intelligence, which is an application and software that exhibits human skills such as reasoning, learning, planning and creativity – enables technical systems to perceive the environment, deal with the environment, which perceives and solves problems, working towards a specific goal.
  • Administrator or Mindgram – Mindgram sp. z o. o with registered office in Warsaw, KRS: 0000881002.
  • Cookies – text data stored in the form of files placed on the User’s Device.
  • Personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, country of residence, details of an employer, branch or business unit, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
  • Mindgram Platform – the Mindgram platform through which Mindgram provides the Services.
  • RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Service – the “mindgram.com” website operating at https://mindgram.com.
  • External service – the websites of partners, service providers or service recipients who cooperate with the Administrator.
  • Device – an electronic device with software through which the User accesses the Website or the Application.
  • Services – the services provided by Mindgram to provide access to the Mindgram platform through the Service or the Application.
  • User – User of the Platform or User of the Service.
  • Platform User – a natural person to whom the Administrator provides services via the Website or Application.
  • Service User – an individual using the Service.

 

 

§ 2 DATA PROTECTION OFFICER AND CONTACT WITH THE CONTROLLER

The Administrator has appointed a Data Protection Supervisor, who can be contacted by e-mail addressed to: [email protected]. Notwithstanding the above, the Administrator can be contacted directly at the following addresses:

  • postal address – Mindgram Sp. z o. o., 17/2 Wiktorska Street, Warsaw,
  • e-mail address – [email protected].

 

 

§ 3 TYPE, PURPOSE AND DURATION OF PROCESSING OF PERSONAL DATA

 

PROCESSING OF PLATFORM USER DATA

 

Personal data of Platform Users processed for one of the following purposes:

  • The performance of the agreement entered into with the Platform User underlying the Platform User’s use of the Mindgram Platform or participation in the webinar:
    • Legal basis: article 6(1)(b) RODO (conclusion, performance and termination of the
      concluded contract),
    • Processing period: duration of the contract,
    • Scope of data processed: e-mail address, first name, surname, company name (including data on branch or organisational unit), location data (including country of residence), year of birth, gender, age, other data voluntarily provided by the Platform User in connection with registration of an account on the Mindgram Platform, such as gender, telephone number, the provision of which is voluntary.
    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data insofar as it is not necessary for the performance of the concluded contract),
    • Processing period: until deletion of data or withdrawal of consent, but no longer than the
      end of the contract period,
    • Scope of data processed: any data voluntarily provided by the User, in connection with the use of the Mingram Services, such as image and other data provided at the Platform User’s discretion in connection with the use of the Services, whereby the provision of data is voluntary and the consent to the processing of data may be withdrawn by the User at any time.
    • Automated Processing of Personal Data: within the scope of the Services provided on the Platform, automated processing of personal data (profiling) may occur using AI.
  • To pursue the legitimate interests of the Administrator:
    • consisting in the establishment, assertion or defence of claims which the Administrator may assert or which may be asserted against the Administrator in connection with the contract concluded:
      • Legal basis: article 6(1)(f) RODO (pursuit of the Administrator’s legitimate interests),
      • Processing period: the data shall be stored until the expiry of the limitation period for claims arising from the contract concluded with the Administrator, which period shall be 3 years from the date of termination of the contract, but no earlier than the last calendar day on which the 3-year limitation period ends,
      • Scope of data: e-mail address, first name, surname, company name (including details of branch or business unit), year of birth, location data (including country of residence).
    • involving marketing and sales activities in relation to persons with whom the Administrator
      has concluded a contract:

      • Legal basis: article 6(1)(f) RODO (pursuit of the Administrator’s legitimate interests),
      • Processing period: duration of the contract concluded with the Administrator,
      • Scope of data: e-mail address, first name, surname, company name, year of birth.
    • consisting of surveying Platform Users’ opinions and conducting communication with Platform Users for the development of Mindgram products and services:
      • Legal basis: article 6(1)(f) RODO (pursuit of the Administrator’s legitimate interests),
      • Processing period: duration of the contract concluded with the Administrator,
      • Scope of data: e-mail address, first name, surname, company name (including branch or business unit data), location data (including country of residence), gender, age, other data voluntarily provided by the User in connection with the use of Mindgram services,

 

PROCESSING OF SERVICE USER DATA

 

Personal data of Service Users processed for one of the following purposes:

  • Making contact via the contact form and email to use the demo version of the Platform:
    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data),
    • Processing period: until consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person concerned,
    • The scope of the data processed: name, e-mail address, telephone number, cities, company name, role in the company, number of employees in the company, other data voluntarily provided in the content of the message, whereby the provision of personal data is voluntary, but necessary to address an enquiry and receive a response from Mindgram, and consent to the processing of personal data can be withdrawn at any time.
  • To make contact via the contact form and by email in order to respond to queries, to send
    e-books, guides, newsletters, to gain access to videos in connection with a request made
    via the contact form:

    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data),
    • Processing period: until consent is revoked, but no longer than 3 years from the last
      correspondence between the Administrator and the person concerned,
    • Scope of data processed: name, e-mail address, telephone number, city, position, company, other data voluntarily provided in the content of the message, whereby the provision of personal data is voluntary, but necessary to address an enquiry and receive a response from Mindgram, and consent to the processing of personal data may be withdrawn at any time.
  • Conducting marketing and sales activities:
    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data),
    • Processing period: until consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person concerned,
    • Scope of data: name, e-mail address, telephone number, company name (including details of branch or business unit), location data (including country of residence), role within the company, number of company employees.
  • Establishing contact, including responding to enquiries made to the Administrator via the contact form and emails:
    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data),
    • Processing period: until consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person concerned.
    • The scope of the data processed: name, e-mail address, telephone number, company name, role in the company (including branch or business unit data), location data (including country of residence), number of employees of the company, other data voluntarily provided in the message, whereby the provision of personal data is voluntary, but necessary to address an enquiry and receive a response from Mindgram, and consent to the processing of personal data may be withdrawn at any time,

 

PROCESSING OF DATA OF OTHER PERSONS

 

  • Conducting marketing and sales activities in relation to non-customers of Mindgram:
    • Legal basis: article 6(1)(a) RODO (consent to the processing of personal data),
    • Processing period: until consent is revoked,
    • Scope of data: e-mail address, first name, surname, company name, other data voluntarily provided, whereby the provision of personal data and consent to their processing is voluntary, but necessary to receive marketing and commercial content from Mindgram, and consent to the processing of personal data may be withdrawn at any time,
  • Fulfilment of the Administrator’s legitimate interests in maintaining profiles on social media (including Facebook, Instagram, LinkedIn), including communication with social media users:
    • Legal basis: article 6(1)(f) RODO (pursuit of the Administrator’s legitimate interests),
    • Processing period: until the social media user concerned ceases to be active on the Administrator’s social media or until they object to the processing,
    • Scope of data: e-mail address, first name, surname, nickname, image, company name, other data voluntarily provided.

 

 

§ 4 RIGHTS OF DATA SUBJECTS

 

Individuals whose personal data is processed have the following rights:

  • The right of access to personal data, i.e. the right to obtain access to your personal data, exercised upon request made to the Administrator.
  • The right to rectification of personal data, i.e. the right to request from the Administrator the immediate rectification of personal data that is inaccurate and/or the completion of incomplete personal data, exercised upon request made to the Administrator.
  • The right to erasure of personal data, i.e. the right to request the Administrator to delete personal data without delay, exercised upon request made to the Administrator. In the case of data collected in user accounts, deletion of data consists in its anonymisation. Each time the Administrator receives a request to delete personal data, he/she verifies the legitimacy of the request, taking into account all legal grounds for the processing of personal data. Each time, the Administrator shall inform the person whose data is being processed about the way in which the request was recognised. In the case of the Newsletter service, the User has the possibility to delete his/her personal data himself/herself, using the link included in each email message sent.
  • The right to restrict the processing of personal data, i.e. the right to restrict the processing of personal data in the cases indicated in Article 18 of the RODO, including but not limited to questioning the accuracy of personal data, exercised upon request made to the Controller.
  • The right to data portability, i.e. the right to obtain personal data from the Controller in a structured, commonly used machine-readable format, exercised upon request made to the Controller.
  • The right to object to the processing of his/her personal data, i.e. the right to object to the processing of his/her personal data in the cases set out in Article 21 of the DPA, exercised upon request made to the Controller.
  • The right to lodge a complaint with the supervisory authority in charge of personal data protection (President of the Office for Personal Data Protection)

 

§ 5 COOKIE POLICY

 

COOKIES ON THE SITE AND PLATFORM AND THE PURPOSES FOR WHICH THEY ARE USED

 

Mindgram uses the following types of cookies on the Website and the Platform:

  • External Cookies – files placed and read from the User’s Device by the ICT systems of the External Services. The scripts of External Services that may place Cookies on User Devices have been deliberately placed on the Service and on the Platform through the scripts and services made available and installed on the Service or the Platform.
  • Session cookies – files placed and read from the User Device by the Website or by the Platform during a single session of the relevant Device. At the end of the session, the files are deleted from the User Device.
  • Persistent Cookies – files placed and read from the User Device by the Website or the Platform. until they are manually deleted. Cookies are not deleted automatically after the end of the Device session, unless the configuration of the User Device is set to delete cookies after the end of the Device session.

The cookies used on the Website and the Platform can also be divided into:

  • Necessary cookies – these are files that contribute to the usability of the Service or Platform by enabling basic functions such as navigation on the Service and access to secure areas of the Service or Platform. The Service or Platform cannot function properly without these cookies.
  • Preference cookies – these are files relating to preferences. They enable the Service or Platform to remember information that changes the appearance or functioning of the Service or Platform, such as your preferred language or the region in which you are located.
  • Statistical cookies – these are cookies that help the owners of the Website and Platform to understand how different Users behave on the website, collecting and reporting anonymous information,
  • Marketing cookies – these are files used to track Users on the Website or Platform. The purpose is to display advertisements that are relevant and interesting to individual Users and thus more valuable to third party publishers and advertisers.
  • Unclassified cookies – these are cookies that are in the process of being classified, along with the providers of the individual cookies.

 

SECURITY OF DATA STORAGE

 

  • Mechanisms for storing and reading Cookies – the mechanisms for storing, reading and exchanging data between Cookies stored on the User’s Device and the Website or the Platform are implemented through the built-in mechanisms of Internet browsers and do not allow other data to be retrieved from the User’s Device or from other websites visited by the User, including personal data or confidential information. The transmission of viruses, Trojan horses and other worms to the User Device is also practically impossible.
  • External cookies – The Administrator makes all possible efforts to verify and select service partners in the context of User security. The Administrator selects well-known, large partners with global public trust for cooperation. However, the Administrator does not have full control over the content of cookies from external partners. The Administrator is not responsible for the security of Cookies, their content and their use by the Scripts installed in the service, coming from external Services in accordance with the licence, as far as the law allows.
  • Cookie control – The User may, via the form on the Website and the Platform, change the settings for the storage, deletion and access to data of stored cookies by each website at any time.
  • Threats on the part of the User – The Administrator uses all possible technical measures to ensure the security of the data placed in cookies. However, it should be noted that ensuring the security of this data depends on both parties including the User’s activity. The Administrator is not responsible for interception of this data, impersonation of the User’s session or its deletion, as a result of the User’s conscious or unconscious activity, viruses, Trojan horses and other spyware with which the User’s Device may, is or was infected. Users, in order to protect themselves from these threats, should follow the recommendations for safe use of the network.
  • Storage of personal data – The Administrator shall ensure that it makes every effort to ensure that the processed personal data voluntarily entered by Users is secure, access to it is limited and carried out in accordance with its purpose and the purposes of processing. The Administrator also ensures that it makes every effort to secure the data it holds against loss, by applying appropriate physical as well as organisational safeguards.

Restricting the storage of and access to Cookies on the User’s Device may result in the malfunctioning of certain functions of the Website or the Platform. The Administrator shall not be held liable for malfunctioning functions of the Website or the Platform in the event that the User restricts in any way the ability to save and read Cookie files or does not consent to their processing.

 

COOKIES OF EXTERNAL SERVICES USED ON THE PLATFORM

 

The Administrator on the Platform uses javascript and web components of partners that may place their own cookies on the User’s Device. Below is a list of the partners or their services implemented on the Platform that may place cookies:

  • Multimedia services
    • YouTube
    • Vimeo
    • Agora.io
  • Social and advertising / combined services: (Registration, Login, content sharing, communication, etc.).
    • Facebook / Facebook Pixel
    • LinkedIn / LinkedIn Insight Tag
    • Google / Google Ads
    • User.com
    • SendGrid
    • FireBase
  • Keeping statistics:
    • Google Analytics
    • WordPress Stats (Automattic Inc.)
    • Google Tag Manager
    • Hotjar
  • CRM:
    • HubSpot
  • Other services supporting the operation of the Platform:
    • Segment
    • Survicate

The services provided by third parties are beyond the control of the Administrator. These entities
may change their terms of service, privacy policies, purpose of data processing and use of cookies at
any time.

 

COOKIES OF EXTERNAL SERVICES USED ON THE SITE

 

The Administrator uses javascript scripts and web components of partners on the Website, who may place their own cookies on the User’s Device. The list of partners or their services implemented on the Website that may place cookies can be found at: http://www.mindgram.com/pl/ciasteczka. The services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purpose of data processing and use of cookies at any time.

 

 

§ 6 TYPES OF NON-PERSONAL DATA COLLECTED ON THE SITE

The Website collects data about its users. Part of the data is collected automatically and anonymously, and part of the data is personal data voluntarily provided by Users when signing up for the various services offered by the Website.

 

Anonymous data collected automatically:

  • IP address.
  • Browser and device type.
  • Screen resolution.
  • Approximate location.
  • Sub-pages of the Website that are opened, data on activity on the Website and the Platform
  • Time spent on the relevant sub-page of the website.
  • Operating system type.
  • Previous sub-page address.
  • Reference page address.
  • Browser language.
  • Internet connection speed.
  • Internet service provider, mobile network data.
  • Phone number.

 

 

§ 7 ACCESS TO PERSONAL DATA BY THIRD PARTIES

As a general rule, the only recipient of personal data provided by persons using the Mindgram Services and other users of the Website is the Administrator.

 

The Controller may make use of third-party processors and AI solutions where this is necessary for the proper provision of services. The Controller shall only use such processors and AI solutions that provide sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the RODO and protects the rights of the data subjects.

 

Recipients of personal data and entities to whom we entrust personal data may be entities supporting us in our day-to-day activity, including entities participating in the provision of services, in particular they may be providers of psychological services, services consisting in automated sending of e-mails or SMS messages, IT solutions including software used in the provision of services, service providers supplying the Administrator with technical and organisational solutions,
AI service providers, as well as other entities, if the use of their services is necessary for the proper provision of services by Mindgram. Personal data collected by Mindgram may also be made available to: relevant state authorities upon their request under relevant legal regulations or to other persons and entities – in cases provided for by legal regulations.

 

Mindgram may transfer personal data to third countries if any of the above-mentioned entities carry out data processing in a third country and only if the European Commission has made a finding of adequate protection or with contractual clauses approved by the European Commission.

 

The controller may, in justified cases and only with the consent of the data subject, transfer personal data to third parties who will also act as the controller of the personal data.

 

 

§ 8 EXTERNAL LINKS

The Service, i.e. articles, posts, entries or comments of Users may contain links to external websites with which the Administrator does not cooperate. The Administrator shall not be held liable for the content located outside the Website.

 

 

§ 9 PROFILING

The Administrator may make decisions in an automated manner, including profiling of Service Users and Platform Users to the extent that it carries out marketing activities, in relation to Platform Users – based on the Administrator’s legitimate interest, and in relation to Service Users – based on their consent to such action.

 

The Administrator may make decisions in an automated manner, including profiling of Service Users and Platform Users in relation to Services that are provided using AI, in relation to Platform Users and Service Users – based on their consent to do so.

 

 

§ 10 CHANGES TO THE PRIVACY POLICY

The Administrator reserves the right to amend this Privacy Policy at any time without informing the persons whose data it processes regarding the use and application of anonymised data or the use of cookies.

 

The Administrator reserves the right to make any changes to this Privacy Policy with regard to the processing of Personal Data, of which it will inform the persons whose data it processes within 14 days of the change in the provisions. Continued use of the services implies that the User has read and accepts the amendments to the Privacy Policy. In the event that the User does not agree with the introduced changes, he/she is obliged to delete his/her account from the Service or withdraw his/her consent to the processing of his/her Personal Data.

 

Any changes made to the Privacy Policy shall take effect as soon as they are published.