EU GDPR
Privacy Notice
Protecting Your Data in EU and Beyond
EU GDPR Notice
Introduction
The purpose of this document is to share a public statement of how Mindy Supports (“We”, “Our”, “Us”) applies data protection principles to processing data as per EU General Data Protection Regulation (GDPR).
This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Data Security, Transparency, Reliability, Standards of data protection and Compliance with legislation have always been the highest priority for our company.
Table of Content
Please, find below following information:
- What Is The GDPR
- What Data We Collect and How We Collect It
- Legal Basis for Processing the Data and Key Principles of Data Usage and Storage in our company
- Your Rights
- Final Provisions
1. What Is The GDPR
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy, which came into force 25th of May, 2018.
The GDPR applies to all organizations operating in/with the EU and processing “personal identifiable data” of EU residents.
To know more about GDPR, please, visit official General Data Protection Regulation website.
2. What Data We Collect and How We Collect It
As per the GDPR definition, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For us and you in most cases it means (but not limited by this):
- Name;
- Address;
- Email;
- Telephone number
We collect your data via online inquiry forms on our website, emailed inquiries and correspondence, phone conversations.
3. Legal Basis for Processing the Data and Key Principles of Data Usage and Storage
Using Mindy Supports services to manage your customers’ data means that you have engaged Mindy Supports as a data processor to carry out certain processing activities on your behalf.
According to the Article 28 of the GDPR, the relationship between the controller and the processor are regulated by Data Processing Agreement, which we put in place with every Client.
Additionally, Mindy Supports acts as the data controller of the personal data we collect about you, our customer, in relations with its contractors.
- Being driven by the GDPR regulation, we would like to provide you with clean and clear information on how exactly your data are used, in plain and simple language.
- Which data we collect and/or process? Only Personal data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
- We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
- We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f). From time to time we may send you marketing information in case we believe that it is beneficial to you as a client and in our interests.
What are these ‘legitimate interests’ we talk about?
- Improving our services (using new tools, processes) to help you to reach your targets.
- Making sure that your personal data and Mindy Supports’ systems are safe and secure.
- Responsible marketing of our service and its features.
As for Data Usage and Storage, we apply following:
- Security Measures. We confirm that Mindy Supports aims to access the appropriate level of security to cover all possible risks presented by processing, in particular from accidental or unlawful destruction, loss, unauthorized disclosure, etc.
- Any natural person acting under the authority of Mindy Supports either as the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by law.
- We have appropriate Data Access and System Access Controls in place as well as Data Back Up.
- On top to existing standards and procedures, we are in process of implementation the international standards ISO 9001 and ISO 27001.
- Sharing and Disclosing Your Personal Data.Any personal data would be shared or disclosed to third parties, unless it is specified in the special agreement and all the GDPR requirements for such sharing are put in place.
- All Personal Data is stored only for the term which is needed to perform obligations and follow legislation.
- Storing Your Personal Data. We retain Personal Data for as long as it is necessary and we have regular reviews and proper processes in place. In cases when you provide us with your consent to use your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
4. Your Rights
According to the GDPR, as a Data subject you have right to know:
- What personal data we collect and process about you;
- The purpose and location of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been/will be disclosed;
- How long we intend to store your personal data for;
- If we did not collect the data directly from you, information about the source;
- What measures we put in place to provide you with these rights.
Also, it is important to list your rights as a Data Subject related to your data maintenance/amendments:
- The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- Right to obtain the erasure of personal data from the controller;
- Right to obtain restriction of processing from the controller;
- Right to Data Portability.
If you would like to send us either general request or a particular request to correct/erase your data, please contact our designated Data Protection Officer:
If you would like to send us either general request or a particular request to correct/erase your data, please contact our designated Data Protection Officer:
- Email: [email protected]
- Phone numbers:
- US: + 1 646 5132 555
- UK: + 44 20 3318 5068
- CY: +357 2503 0267
As a matter of fact, there are no any obligations for you to provide us with your Personal Data consent. However, as this information is required for us to provide you with our services or respond to your inquiries, we will not be able to proceed with communication or services without it.
Final Provisions
As the controller of your personal data, Mindy Supports is committed to respecting all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer (DPO) by email at [email protected].
DPO is obliged to monitor compliance with new regulation, act as the contact point for the supervisory authority on issues relating to processing personal data and to train the staff.
Additionally, we would like to mention that in case we apply any changes or updates to the current document, all proper amendments would be reflected here in clear and proper way.