Privacy Policy

  1. Definitions

MindMics - MindMics Inc. is based in Massachusetts, 84 Sherman Street, Cambridge, Massachusetts 02140, United States, registered under number 001337123.

Personal Data - data that directly identifies the User, but also data that does not directly identify the User, but which can be used to identify the User.

Privacy Policy - this document.

Services - products and services offered by MindMics, including the website, social media pages, and mobile application.

User - a person using the Services or interacting with MindMics.

2.  Introduction

MindMics is committed to ensuring that the privacy of Users is protected. The Privacy Policy was created to give Users insight into how MindMics processes Personal Data and what measures it takes to protect Users' privacy.

MindMics is the controller of the Personal Data. To maintain the highest level of Services offered, Mind Mics may transfer Users' Personal Data to affiliated companies or third parties. MindMics will enter into an agreement with the third-party controller before such data transfer. The aforementioned agreement will specify, in particular, that the Personal data may only be processed for limited and specified purposes, consistent with the consent given by the User, and that the third-party controller will provide the same level of protection as that provided by the DPF Principles, as mentioned below. In the event that the third-party controller is unable to comply with the above principles, it will be obligated to immediately cease processing Personal data or take appropriate steps to remedy the situation.

Unless otherwise stated, the Privacy Policy applies to all Services offered by MindMics. Each time the User uses a Service, it signifies acceptance of the applicable rules under the Privacy Policy. If the User does not agree with the Privacy Policy, the User should immediately stop using the Services.

3. Personal Data Collected

When the User uses the Services, the User provides MindMics with Personal Data. MindMics collects various categories of Personal Data, including:

Contact data - in particular, name, home address, email address, telephone number.

User account data - in particular, email address, username, password, and any information the User provides in his/her account.

Payment and transaction data - in particular, name, billing address, e-mail address, payment method, bank account number, payment card information, transaction history, and purchase data.

Health data - in particular, medical information, in particular, physical and mental status data, weight, height, sensor information, including saturation, pulse, and heartbeat.

Device data - in particular, information regarding the serial number, type, and version of the User's device, browser type, screen resolution, IP address, settings, and technical preferences.

Activity data - in particular, information about browsing the website or mobile application, navigation paths, access times, browsing history, searches, crash data, performance, and diagnostics.

Communication data - information that you provide to contact MindMics, in particular email address, phone number, questions, and feedback.

Information received from other sources - in particular, information received from other entities, including an affiliated Company, social media platforms, public databases, or business and commercial partners.

Other information that you provide - other than the above-mentioned information that you provide to MindMics.

The provision of the above Personal Data is voluntary. The User is not obligated to provide them, but in many cases, failure to provide Personal Data will prevent full use of the Services.

4. Use of Personal Data

MindMics uses Personal Data for the following purposes:

Provision of Services - MindMics uses the Personal Data necessary to provide the Service, in particular, to provide, operate, improve, develop, and personalize the Service.

Transactions and payments - MindMics uses Personal Data to process payments and deliver the purchased Service. 

Communication - MindMics uses Personal Data to communicate with Users, including responding to your questions and requests and providing support and assistance with the Services.

Research and Development - MindMics uses Personal Data to fulfill its business purposes, including analyzing the Service and implementing possible improvements to the Service. MindMics also collects Health Data for research purposes. This data is analyzed after it has been pseudonymized.

Compliance and Protection - MindMics may use Personal Data where provided by law or where necessary to protect the rights, and interests of MindMics, and the interests of others. 

Consent - MindMics may use the User’s data for purposes other than those listed above if the User consents.

5. Sharing of Personal Data

MindMics, to provide the highest level of Service, uses the support of other entities. In particular, Personal Data may be shared with third parties that help operate, provide, enhance, integrate, support, and sell the Services. MindMics also uses third-party providers for, among other things, data storage, payment processing, or data analysis.

In addition, Mind Mics may transfer Personal Data to an affiliated company. Before transferring the data, the data will undergo a process of pseudonymization, which means the processing of Personal Data in such a manner that the personal data can no longer be attributed to the User without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal data are not attributed to the User.

Mind Mics may also transfer Personal Data to other entities if you have given your consent.

In certain situations, MindMics may share Personal Data when it is necessary, in particular, to comply with applicable laws and to enforce MindMics' rights.

To transfer Personal data to a third party acting as an agent, MindMics must:

  • transfer Personal data only for limited and specified purposes;

  • ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the DPF Principles as mentioned below;

  • take reasonable and appropriate steps to ensure that the agent effectively processes the Personal data transferred in a manner consistent with MindMics’s obligations under the DPF Principles as mentioned below;

  • require the agent to notify MindMics if it decides that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles as mentioned below;

  • upon notice, mentioned above, take reasonable and appropriate steps to stop and remediate unauthorized processing; and

  • provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.

MindMics will always provide Users with the opportunity to choose whether their Personal data is to be disclosed to a third party or whether their data may be used for a purpose materially different from the purposes for which it was originally collected or subsequently authorized by Users.

By derogation to the previous paragraph, it is not necessary to provide a choice when disclosure is made to a third party that is acting as an agent to perform a task(s) on behalf of and under the instructions of MindMics. However, MindMics shall always enter into a contract with the agent.

In the case of sensitive information (i.e., personal information identifying health or medical conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information identifying a person's sex life), MindMics must obtain explicit affirmative consent (opt-in) from Users if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by such persons through opt-in. In addition, MindMics treats as sensitive any personal information received from a third party if the third party identifies and treats it as sensitive.

MindMics is responsible in case of further transfer of Personal data to third parties. MindMics has responsibility for the processing of Personal Data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. MindMics shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles unless MindMics proves that it is not responsible for the event giving rise to the damage.

The Controller is obliged to disclose personal data in response to lawful requests from public authorities, including to meet national security or law enforcement requirements.

6. Storage of Personal Data

MindMics retains Users' data for as long as the User's account is active or as necessary to provide Services, fulfill legal obligations, resolve disputes, and enforce contracts.

Personal data collected by MindMics may be stored and processed in or outside the United States.

7. Security of personal information

MindMics is committed to protecting Users' Personal Data and takes reasonable technical and organizational measures to protect it from loss, alteration, access, or misuse.

MindMics shall process User Personal Data in accordance with its internal processing and storage policies and applicable laws.

8. Personal Data of Children

If the User is under 13 years of age or the equivalent age as determined by law in the User's jurisdiction, the User will not attempt to use the Services or send any Personal Data to MindMics. If MindMics becomes aware that we have collected Personal Data from a child of the above-mentioned age, where applicable, the Personal Data will be deleted as soon as possible. 

9. Changes to the Privacy Policy

MindMics will update the Privacy Policy from time to time as new Services are added, current Services are improved, and technology and regulations change. Any changes will become effective upon publication of the revised Privacy Policy.

The User will be notified if the changes are material and if applicable law requires the User's consent. This notification will be sent by email or by publishing a notice of the changes on websites and applications that link to this Privacy Policy.

10. Special Provisions

If the User is located in the EEA, the United Kingdom, or Switzerland, you have the right, subject to the conditions outlined in the General Data Protection Regulation ("GDPR") or other applicable law, to request from MindMics access to and rectification or erasure of your personal data, data portability, restriction of the processing of your personal data, the right to object to the processing of your Personal data, and the right to complain with a supervisory authority. For more information on these rights, visit the European Commission's website https://commission.europa.eu/aid-development-cooperation-fundamental-rights/your-rights-eu/know-your-rights/freedoms/protection-personal-data_en, which may be displayed in multiple languages.

Users from outside the EEA, the UK, and Switzerland, may have similar rights under local laws.

California law may provide additional rights regarding Users' personal data. For more information: https://oag.ca.gov/privacy/ccpa.

To exercise your rights that are listed above contact us at the details given in the section below.

MindMics complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. MindMics has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. MindMics has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. MindMics has elected to self-certify to the EU-U.S. DPF, UK Extension of the EU-U.S. DPF, and Swiss-U.S. DPF Principles.

MindMics is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (“FTC”). For more information about the EU-U.S. DPF and UK Extension of the EU-U.S. DPF, see the U.S. Department of Commerce's EU-U.S. DPF, UK Extension of the EU-U.S. DPF and Swiss-U.S. DPF website located at: https://www.dataprivacyframework.gov. To review MindMics’s representation on the EU-U.S. DPF, UK Extension of the EU-U.S. DPF, and Swiss-U.S. DPF list, see the U.S. Department of Commerce's EU-U.S. DPF, Swiss-US DPF and the UK Extension of the EU-U.S. DPF self-certification list located at: https://www.dataprivacyframework.gov/s/participant-search.

MindMics commits to resolving complaints about our collection, use, or handling of personal data transferred to the U.S. under DPF principles. European Union, UK, or Swiss individuals with inquiries or complaints regarding this should first contact MindMics at info@mindmics.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS Inc., our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution. If your complaint Is not resolved through this process, you may file a complaint with the Federal Trade Commission (FTC). Under certain conditions, you may be able to invoke binding arbitration. For more information on binding arbitration, see the Data Privacy Framework Program website located at: https://www.dataprivacyframework.gov.

11. Contact 

If Users have any questions or concerns about the Services, please contact Mind Mics at: support@mindmics.com.