1. Last updated: June 1, 2022
3. We are committed to protecting your privacy. It is important that You understand how We look after Your Personal Data and how We make sure that We meet our legal obligations to You under Data Protection Law.
4. If You have any questions in relation to this policy or generally how Your Personal Data is processed by Us please contact Us by email firstname.lastname@example.org.
5. Interpretation and Definitions
5.1.1. The words of which the initial letter is capitalized have meanings defined under the following conditions.
5.1.2. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
188.8.131.52. You means the natural person accessing or using the Application. Under GDPR, You can be referred to as the Data Subject.
184.108.40.206. For the purpose of GDPR, the Company is the Data Controller which means that we are responsible for looking after it. We will use Your Personal Data fairly, lawfully and in a transparent manner, and in accordance with the applicable Data Protection Law.
220.127.116.11. Application means the software program named Mindletic, provided by the Company and downloaded by You on any electronic device.
18.104.22.168. Personal Data is any information that relates to an identified or identifiable natural person. For the purposes of GDPR, Personal Data means any information relating to a natural person such as name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
22.214.171.124. Device means any device that can access the Application such as computer, mobile phone or digital tablet.
126.96.36.199. GDPR means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
188.8.131.52. Data Protection Law refers to applicable data protection legislation including, but not limited to, the GDPR.
6. Collecting and Using Your Personal Data
6.1. Types of Data Collected
6.1.1. Personal Data
184.108.40.206. We collect and process Personal Data when you interact with our Application, and in the following ways described below.
220.127.116.11. During Your registration or later using the Application, we ask You to provide Us with certain personal information that can be used to arrange a meeting, contact or identify You. This information may include, but is not limited to:
18.104.22.168.2. E-mail address
22.214.171.124.4. Promo code (if used)
126.96.36.199.5. Topic You wish to leave to the professional prior to the meeting
188.8.131.52.6. Confirmation that You are above 18 years old
184.108.40.206.7. Confirmation that You wish to get related news
220.127.116.11.8. Country You wish to have the meeting from
18.104.22.168.9. Selected language in which You wish to talk with professional
22.214.171.124.10. Selected professional
126.96.36.199.11. Selected time slot for meeting
188.8.131.52.12. Information you provide regarding your emotional state
184.108.40.206.13. Fitness data from your Google Fit or Apple Health (applicable only with your explicit consent and only processed on your device)
220.127.116.11.14. Any content that you type in virtual community rooms
18.104.22.168.15. Any content that You or your professional create for your meetings
22.214.171.124.16. Your name and surname (applicable only when your insurance is covering the price for Mindletic services)
126.96.36.199.17. Health insurance card number (applicable only when your insurance is covering the price for Mindletic services).
6.2. When You make a complaint or submit a query to Us in relation to the Application, or You initiate restoration of the password, You may also provide Us other data, for example, information about Your experience and difficulties You encountered when using the Application.
6.3. Usage Data, i.e. data about how you use the Application, is collected automatically while you are using the Application so that we can analyse how the Application is used by Our users. This helps Us to improve the Application and We do not use it for any other purpose. Although Usage Data does not identify You by name (and we will not attempt to identify You by name or to use the information to make decisions about You), this information is linked with a unique identifier, namely Your device ID (therefore, such information constitutes Personal Data under the Data Protection Law). It is important for Us to be able to distinguish different users by using these unique identifiers so that We can analyse how individual users use the Application. Usage Data may include information such as Your Device’s IP address, Your Device’s ID, the type of Device You use, Your Device’s operating system, information about the Application being opened, information about the region in which the Application is opened and other diagnostic data.
7. Purposes and Legal Grounds for Data Processing
7.1. Data Protection Law requires Us to process Your Personal Data only if We satisfy one of the legal grounds for processing set out in the GDPR, for each purpose of processing.
7.2. The Company may use Personal Data for the following purposes:
7.2.1. To create Your personal account on the Application.
7.2.2. To arrange a meeting for You with a selected professional and contact or identify You.
7.2.3. To show You an overview of past activity and reflect on taken notes.
7.2.4. To show you in-app analytics of Your personal emotional state during a selected period of time (applicable only if you are using the Application with Your organisation’s promo code).
7.2.5. To show general trends of emotional balance on a team (not less than 15 users) or company level (applicable only if you are using the app with Your organisation’s promo code). In this case Your data is blended and used together with data of all other users who belong to the same company account. Data on general trends that is being shared on a company level will be depersonalized and aggregated prior to the reveal (general overview of emotional balance on a team or company level is provided to the management of the company account holder who then can (but is not obliged to) share it with the members of the same account holder).
7.2.6. To send You a personal report of Your emotional status of the previous month via e-mail (applicable only if you are using the Application with Your organisation’s promo code).
7.2.7. To maintain and improve the Application by collecting and processing the Usage Data.
7.2.8. To combine depersonalized data about Mindletic users and their use of Mindletic services in order to create aggregated statistic information which we may use to provide certain features within the services and for promoting and improving the Application and services.
7.2.9. To reply to and deal with Your complaints and queries relating to the Application.
7.2.10. To verify Your details in order to provide Mindletic services that would be paid by Your insurance company (applicable only if Your insurance is covering the price for Mindletic services).
7.2.11. To perform other actions directly related to and needed for the provision of Mindletic services and Your usage of the Application.
7.3. The Company processes Your Personal Data on the following legal grounds:
7.3.1. consent, given by You (e.g., when You accept cookies, register for newsletters);
7.3.2. contract concluded with You regarding Mindletic services (e.g., when You create a personal account on the Application; to arrange a meeting with a professional selected by You; to show you in-app analytics of Your personal emotional state during a selected period of time; to send You a personal report of Your emotional status);
7.3.3. legal obligations to which the Company is subject;
7.3.4. Our legitimate interests to ensure and improve the quality of Mindletic services and to protect our rights (e.g., when collecting and processing the Usage Data).
7.4. You may revoke Your consent to the processing of Your Personal Data at any time. If the Company has no other legal basis for the processing of Your Personal Data, We will cease the processing of such data immediately (subject to technical feasibility) after the cancellation/revocation of the consent provided by You.
8. Who do we share Your Personal Data with?
8.1. We may share Your Personal Data with Our trusted services providers when they provide services to Us, or to You on behalf of Us and under Our instructions. We will control and shall remain responsible for the use of Your Personal Data at all times.
8.2.1. Developers and administrators of the Application.
8.2.2. Providers of data security, data management, website hosting, cloud hosting, storage solutions, software as a service (SaaS) and other IT services.
8.2.3. Providers of Application analytics services.
8.2.4. Our staff who need to access Your data to perform their functions and who are bound by confidentiality obligations.
8.2.5. Professionals: when You share personal information in order to book a professional, only your name, submitted message dedicated to chosen professional, language you wish to talk in and country you will be talking from will be shared with them via email and the message you left for the professional.
8.2.6. Your company (employer): general data of trends that is being shared on the company level is depersonalized and aggregated prior to the reveal (applicable only if you are using the Application with your organisation's promo code). General overview of emotional balance on the team or company level is provided to the management of the company account holder who then can (but is not obliged to) share it with the members of the same account holder.
8.2.7. Your insurance company: when you want your insurance to pay for Mindletic services, your name and surname, work e-mail and health insurance card number will be shared with your insurance provider. This data will be sent encrypted (applicable only when your insurance is covering the price for Mindletic services).
8.2.8. Other users of Application: when you write in community groups, your username and message will be shared; when you are Balance Buddies with someone, your activity of last two days (excluding specific emotions and notes) will be shared with them.
8.3. We may share or transfer Your personal information as part of a corporate transaction such as a corporate sale, merger, reorganization, dissolution, or similar event.
8.4. We may also disclose Your Personal Data as required by law, including laws outside Your country of residence, to comply with a court order or to comply with other legal or regulatory requirements, for example, to courts, law enforcement authorities, and regulatory agencies such as data protection supervisory authorities.
9. Retention of Your Personal Data
9.2. The Company will also retain Usage Data for internal analysis purposes. We will only retain Usage Data for a period of 1 year after We collect it. This is so that We can understand how You use the Application over time. After 1 year, We will aggregate Your Usage Data with the data of other users so that it no longer relates specifically to You or any other individual.
10. Transfers outside of the European Economic Area
10.2. The data processors Google Inc. and Amazon Web Services, engaged by us, ensure security of Your Personal Data, the appropriateness of their systems and operations is confirmed by relevant ISO standards or other reliable safety measures and recognized in the European Union.
11. Security of Your Personal Data
11.1. To enable virtual meetings with professionals we use a self-hosted version of an open source solution called Jitsi. During a meeting we ensure a direct peer-to-peer (P2P) connection with your audio and video encrypted all the way from You to the professional.
11.2. When handling Your Personal Data, We take appropriate measures reasonably designed to protect Your information from unauthorised access, loss, misuse, disclosure, alteration or destruction. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect Your Personal Data, We cannot guarantee the security of Your data transmitted to the Application; any transmission is at Your own risk. Once we have received Your information, We will use strict procedures and security features to prevent unauthorised access. If you wish to export or delete your data, please write us an email to email@example.com.
12. Your Rights in relation to Your Personal Data
12.1. The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
12.3.1. Request access to Your Personal Data. You have the right to request confirmation that your personal data is being processed, access to Your Personal Data (through Us providing a copy of that Data) and receive other information about how we process your Personal Data.
12.3.2. Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
12.3.3. Object to processing of Your Personal Data. This right exists where We are relying on legitimate interest as the legal basis for Our processing unless we are able to demonstrate that our legitimate interests override your rights or we need to continue processing your Personal Data for the establishment, exercise or defence of legal claims.
12.3.4. You have the right to ask Us to restrict the processing of your Personal Data that We hold about You in some cases.
12.3.5. Request erasure of Your Personal Data (“right to be forgotten”). You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
12.3.6. Request the transfer of Your Personal Data (data portability). We will provide to You, or to a third party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right applies only in cases where the processing is carried out by automated means and is based on Your consent or a contract concluded between You and Us.
13. What if You Have a Complaint?
13.1. If You have any concerns regarding Our processing of Your Personal Data, or are not satisfied with Our handling of any request made by You, or would otherwise like to make a complaint, You have the right to lodge a complaint with the competent data protection authority of Your country of residence (in Lithuania, that is the State Data Protection Inspectorate. You can find contact details of the State Data Protection Inspection here: https://vdai.lrv.lt/en/).
14. Links to Other Websites
14.2. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.