This Privacy Policy governs how InnMind Europe SL (hereinafter referred to as the “Company”) uses and protects information collected from Users on the www.app.innmind.com (www.innmind.com) website (hereinafter referred to as the “Site”). This document is a complete statement of the online privacy policy applicable to our Company’s activities.

All personal data provided by the Company when using its Site is processed in accordance with the Organic Law 3/2018 of December 5 on Protection of Personal Data and Guarantee of Digital Rights.

This Privacy Policy is designed to comply with the regulatory requirements of the jurisdictions in which the Company offers its services, including the General Data Protection Regulation (“GDPR”) adopted by the European Commission.

If you do not agree with this Privacy Policy in whole or in part, you should not use the Company’s services.

This Privacy Policy is reviewed periodically to ensure that it reflects any new commitments and changes to our business model. We may change this Privacy Policy at any time by posting the revised version on our Site.

1. Definitions

Capitalized terms used throughout this document have the same meanings as in the Terms of Use unless those terms are given different meanings in this document.

2. Personal data

Personal data is any information relating to an identifiable or identifiable natural person. Personal data includes all types of information that directly or indirectly identify a person: name, date of birth, address, email address, telephone number, etc.

As a rule, you can use the Company’s Site without providing any personal data, but the use of some services of the Site may require the input of personal data. This means that personal data is not always processed, but only under certain circumstances and for certain purposes.

3. Principles

The company adheres to the following basic principles:

1. Relevance: Knowing the expectations of the company’s audience is a key element in the continuous improvement of the quality of our programs. This is the reason why the company processes personal data.
2. Transparency: the confidentiality of personal data has the highest priority for the company. As a consequence, the company informs users about the purpose of data processing. If necessary, the company obtains the consent of users.
3. Security: The security of personal data has the highest priority for the company. The company takes all necessary technical and organizational measures. In addition, the company does not sell any data.
4. Freedom of choice: customers can use content and services paid for license fees without providing their personal data.

Our privacy policy is based on the following data protection principles:

– personal data must be processed in a lawful, fair and transparent manner;

– personal data must be collected solely for the achievement of strictly defined, unambiguous and legitimate purposes and should not be subjected to further processing incompatible with these purposes;

– the collection of personal data must be carried out in an appropriate manner and limited to only relevant information necessary to achieve the purpose for which the processing of this data is intended;

– personal data must be accurate and updated when necessary;

– all reasonable measures must be taken to ensure the immediate deletion or correction of personal data that reveals inaccuracies important for the purposes of their processing;

– personal data must be stored in such a way that it allows us to identify a person only for the period of time necessary to achieve the purpose pursued when processing this data;

– all personal data are not subject to disclosure and must be stored in such a way as to ensure their adequate protection;

– personal data is not subject to transfer to third parties, except when such transfer is necessary for the Company to provide the services provided for by the Terms of Use, this Policy, and also based on the activities of the Company;

– The user has the right to access personal data, change or delete data, restrict or object to data processing, as well as the right to transfer data.

4. Collection of personal data

If you want to use our services, work with our Site and share information with us, we may ask you to provide personal data so that we can perform our work, provide our services and improve them. Personal information may be transferred through our Site, our mobile applications, email or other electronic or software solutions we support, or by mail or telephone. The collection of all personal data is carried out in accordance with the law. We process personal data only to the extent necessary to achieve strictly defined, unambiguous and legitimate purposes, or to achieve a purpose that is required by the law of the country in which we operate.

The personal data we collect primarily includes names, dates of birth, addresses, email addresses, telephone numbers, passport/other identification documents, national identification numbers. We collect this personal data for the following purposes: analytics, contacting the User, comments on content materials, payment processing, registration and authentication, social functions, spam protection and interaction with external social networks and platforms

In addition, we collect personal data for other purposes, such as statistics, administrative and communication tasks, IT administration and security systems administration, physical security, operation of identification and authorization systems, support systems, collaboration on internal projects and events, and joint work of organizational units.

Personal data is collected for the following purposes and using the following services:

– analytics

– addressing the user

– commenting on content

– payment processing

– interaction with external social networks and platforms

– registration and authentication

– social functions

– SPAM protection

5. Use of personal data

We will use your Personal Data to:

– understand and strive to meet your needs and preferences when using our Site

– develop new and improve existing service and product offerings

– perform any activities for which we have obtained your consent

– prevent and investigate fraudulent or other criminal activity

– to process service requests and resolve user issues, and

– compliance with legal and regulatory requirements.

We also reserve the right to use aggregated personal data to understand how our users use our services, provided that this data cannot identify any individual.

We also use third party web analytics tools to help us understand how users interact with our site.

The Company uses personal data for the purposes for which it is appropriate, and we store it only for the time necessary to achieve these purposes. We may retain information about Users for as long as their account remains active, or for as long as necessary to provide our services, perform our duties, or achieve any of the above purposes. In any case, the company deletes personal data, except for those that need to continue to be stored to comply with its legal obligations (for example, mandatory retention periods).

Access to personal data is provided exclusively to employees of the Company, as well as affiliated organizations controlled by it, having the appropriate permission and a clear business need for access to data.

6. Use of cookies

Our Site and our partners use cookies or similar technology solutions to provide the best user experience, as well as to analyze trends, manage the Site, track user behavior on the Site and collect information in general. Cookies are small text files stored on your device’s memory to track user behavior patterns and preferences. Our cookies do not contain information that can directly identify a person. We automatically collect certain information using cookies and tracking tools, such as internet protocol (IP) address; browser type; Internet Service Provider (ISP); pages from which the user entered the site and from which he left the site; files viewed on our website (e.g. HTML pages, images); operating system; date and timestamp; and/or click statistics to analyze general trends and to manage the site. You can control the use of cookies at the level of your browser, but if you choose to disable cookies, this may limit the availability of certain features and functionality of our site or service.

7. Transfer of personal data

We transfer personal data to third parties only under the following circumstances:

– if the User has agreed to this;

– if the purpose of this data transfer is directly related to the purpose for which the personal data were originally collected;

– if necessary for preparation, clarification and compliance with the Terms of Use;

– if required by law, administrative order or court order;

– if it is required to substantiate or defend the statement of claim or to defend the claim;

– if it is required to prevent abuse or other illegal actions, such as coordinated attacks, to ensure the safety of data.

From time to time, we outsource activities on our behalf to other companies and business partners operating within and outside the European Economic Area, such as technology companies, to process and provide systems and technology solutions that improve the quality of our products and services. In such cases, we share the necessary information with partners. Service providers receive only the personal data they require to provide their services. We do not disclose personal information to third parties so that they can market their products or services to you.

The Company transfers personal data to third parties or service providers located outside of Switzerland or another European Union country. In this case, before transferring the data, the company checks whether the recipient has an acceptable level of protection of the privacy of personal data, either using the standard contract clauses of the European Union, or using the standard contract based on the Swiss Federal Data Protection Act, or whether the user has provided his consent.

If you do not want your data to be shared with these companies, please contact the Privacy Officer at support@innmind.com.

8. Security of data processing

When processing personal data, we take care of their security. We implement and maintain appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, especially where the processing involves data transmission over a network, as well as protection from other forms of misuse. Questions about the security of personal data can be directed to: support@innmind.com.

9. Legal grounds for the processing of personal data

If the company receives your consent to the processing of personal data, it serves as a legal basis for such processing. This occurs, for example, when subscribing to a newsletter, posting comments or participating in competitions. In addition, the processing of personal data is carried out on the basis of the legitimate interest of the company. This refers to the processing of data for the purpose of providing access to the Company’s Website and its optimization.

If the processing of personal data is carried out within the framework of a legal obligation, it serves as the legal basis for such processing. This happens, for example, in the case of the transfer of personal data to a third party, as well as to comply with the mandatory duration of data storage.

Processing is also lawful to the extent that at least one of the following conditions is met:

– consent to the processing of personal data has been received

– processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation, on behalf of the data subject, of the steps preceding the conclusion of the contract

– processing is necessary to fulfill a legal obligation incumbent on the Company

– the processing is necessary to protect the vital interests of the data subject or another person

– processing is necessary for the performance of a task in the public interest of the Company

– processing is necessary for purposes arising from legitimate interests pursued by the Company or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular when the data subject is a child.

10. The right of users to the protection of personal data

This regulation establishes eight fundamental rights of data subjects:

1. Right to receive information.
2. Right of access.
3. The right to clarification (correction).
4. The right to be forgotten.
5. Right to restriction of data processing.
6. Right to data portability.
7. Right to object.
8. The right not to be subject to automated decision making.

Users have the right at any time to request access, correct or delete personal data, object to or object to its processing, as well as the right to data transfer. In particular, Users have the right to do the following:

– withdraw your consent at any time. Users have the right to withdraw consent if they have previously given their consent to the processing of their personal data;

– object to the processing of their data. Users have the right to object to the processing of their data if the processing is carried out on any legal basis other than their consent. For more information on this subject, see the relevant section below;

– get access to your data. Users have the right to know if data is being processed by the Company, to be informed about certain aspects of processing and to receive a copy of the processed data;

– check the data and request a correction. Users have the right to check the accuracy of their data and ask them to update or correct it;

– restrict the processing of your data. Under certain circumstances, Users have the right to restrict the processing of their data. In this case, the Owner will not process his Data for any other purpose than its storage;

– request the deletion of their personal data or delete them in any other way. Under certain circumstances, Users have the right to require the Company to delete their data;

– get your data and transfer it to another manager. Users have the right to receive their data in a structured, commonly used and machine-readable format and,

if technically possible, freely transfer them to another manager. This provision applies provided that the data are processed by automatic means and that their processing is carried out on the basis of the consent of the User or on the basis of an agreement to which the User is a party, or on the basis of obligations prior to the conclusion of the contract;

– file a complaint, Users have the right to file a complaint with the competent data protection authority.

11. Responsibility

The Company is responsible for compliance with the legal requirements and principles set forth in this privacy statement. We maintain records of data processing activities under our responsibility and, where appropriate, provide these records to supervisory authorities upon request.

If there is an unlikely situation in which you believe that we have violated the law during the processing of your personal data, you can file a complaint with a supervisory authority.

The Company is not responsible, to the extent permitted by law, for the data or information distributed on the Company’s Website, as well as for any other types of damage that may arise from them. This applies to all types of claims, in particular claims resulting from an error, delay, broadcast interruption, infrastructure failure, incorrect content, loss or deletion of data, the presence of viruses, or claims arising in any other way when using the Company Site.

The Site may contain links to third party websites for informational purposes. In this case, the company is not responsible for the content, correctness, legality or functionality of third-party websites to which hyperlinks or tools on the Company’s Website lead. Users visit websites at their own risk.

The Company does not guarantee the continuity of access to its Site or the ideal quality of access. In particular, the company cannot exclude the possibility of failure of its communication networks and gateways. The Company is not responsible for the guaranteed functioning of its Site without interruptions and errors, as well as for the guaranteed elimination of errors that occur.

Disclaimer

The User releases the Company from any claims that may be brought by third parties in connection with the use of content created by Users. All costs, in particular those based on legal claims for damages initiated against the Company, shall be borne by the user.

12. Company details

Innmind Europe, S.L.

NIF: ESB67475806

C/ Melcior de Palau, 143 bajos

08014 Barcelona

Barcelona, Spain

You can contact our Data Protection Officer (“DPO”) at support@innmind.com

Any requests regarding the exercise of the rights of Users in accordance with this document may be sent to the Company at: support@innmind.com.  These requests can be made free of charge and will be reviewed by the Company as soon as possible, but no more than one month.

If changes are made to the Privacy Statement, it may be amended, you will be notified by e-mail or through an information message on our Site about the material changes before these changes become effective. We encourage you to review this page regularly to stay informed of the current version of our privacy policy.

Updated: 08/18/2022