top of page
Introduction

Welcome to Mindro! We understand the importance of handling your personal data with care when we Mindro B.V., trading under the name Mindro (Mindro or we) process it while browsing our website (https://mindro.co) and providing our services which includes the provision of the AI workspace.  In this privacy statement, we will set out in general terms how we process your personal data. In this context, personal data means any data that directly or indirectly identifies a natural person. Should it be necessary to inform you specifically of any issues, we will do so with reference to this privacy statement.  

Controller

We are responsible for the processing activities described in this privacy statement. Indeed, for these activities, we determine the purposes and means of processing. We always process personal data in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR). In providing our AI workspace solution, we predominantly process personal data as a processor on behalf of our customers, who will be the controller.

Categories of persons

We process the personal data of the following categories of individuals: 

  1. Customers - persons who are (potential) customers and persons employed by (potential) customers.  

  2. Users – persons who are using our AI workspace. 

  3. Website visitors - individuals who visit the website.

  4. Third parties - persons from which we obtain products and/or services or persons whose personal data appears in our files; other persons with whom we have contact.

 

Minor: In general, we do not provide our services to persons under 16 years of age and do not knowingly process personal data of these minors. If we become aware that we have (inadvertently) processed the personal data of minors, we will take appropriate measures, such as requesting permission from parents or guardians or deleting the data immediately.

Categories of personal data

Customers 

From customers we process - as far as reasonably necessary for providing the services - the following data: 

  1. Contact details: name, address, gender, e-mail address, signature, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number (case number) and nationality. 

  2. Details of the services: information about the services.  

  3. Invoicing data: data for the purpose of calculating and recording fees, income and/or expenses, collecting and making payments and collecting claims. 

  4. Other data: data whose processing is required by applicable laws or regulations or data that customers provide us with on their own initiative, such as the field of business and expertise.  

Users

From users we process - as far as reasonably necessary for providing the services  - the following data: 

  1. Account credentials: name, username, user-id and e-mail address.

  2. Diagnostic data: automatically generated data for diagnostic purposes such as unique identifier, IP-address, session length, operating system version, configuration of the AI workspace, time and date of use of app and/or platform

  3. Other data: data whose processing is required by applicable laws or regulations or data that customers provide us with on their own initiative. 


Website visitors 

From website visitors we process - as far as reasonably necessary for providing the services - the following data: 

  1. Communication data: data from the equipment used to visit the website, such as the IP address and the software used.  

  2. Technical data: data for the purpose of identifying and communicating with website visitors or data recorded to keep track of our website visitor statistics.

Third parties 

From third parties, we process - as far as reasonably necessary for providing the services and increase user engagement the following data: 

  1. Contact details: name, address, gender, e-mail address, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number, and nationality. 

  2. Other data: data that we receive from customers or third parties or collect from a public source, data whose processing is required by applicable laws or regulations, or data that third parties provide to us on their own initiative. 

Obtaining personal data

We may obtain your personal data in three ways. 

  1. From you or your employer: We use data that you or your employer actively provide to us. For example, when you contact us to obtain information about our services. 

  2. Automatically obtained: We obtain some information about you in an automated way. For example, when you visit our website, we automatically obtain information about you via cookies. 

  3. Third-party sources: We also obtain information about you from third parties. For example, we may request information about you or your company from public sources, such as the Chamber of Commerce Trade Register.

Sharing of personal data

We will only share your personal data with trusted third parties if they need this personal data to provide their services. We will ensure that your data is only used in a manner similar to, or for a purpose similar to, the purpose for which it was collected, and only in accordance with this privacy statement and any legal obligations.  

We may share your personal data with the following parties: 

  1. Persons working for us, either directly or indirectly, and involved in the processing. 

  2. Persons working for any of our suppliers (incl. subcontractors or service providers) involved in the processing, such as hosting and payment providers.  

  3. Persons working for the customer who has engaged our services. 

  4. Persons working for competent authorities, if required by law, such as supervisory authorities, enforcement agencies and courts. 

Lawful basis and purposes

There are six possible lawful bases to process your personal data provided for in the GDPR:   

  1. Performance of a contract. If it is necessary for the performance of a contract with you, we may process your personal data for this purpose.  

  2. Legal obligation. If it is necessary to comply with a legal obligation, we may process your personal data for this purpose.  

  3. Legitimate interest. If it is necessary to process personal data about you for our or other legitimate interests, and those interests outweigh your interests or fundamental rights, we may process your personal data. 

  4. Vital interest. If it is necessary to process personal data about you to protect your vital interest, we may process your personal data.  

  5. Public interest. If it is necessary to process personal data about you for the performance of a task carried out in the public interest, we may process your personal data.  

  6. Consent. In principle, if the aforementioned bases do not apply, we may only process your data if you have given us your consent.  

Of the six possible lawful bases, we generally process your personal data on four bases (i.e. performance of a contract, legal obligation, legitimate interest and consent). 

Customer - If you are a customer of ours, we may process your personal data for the following purposes: 

  - Purpose: Performance of a contract to provide services ==> Basis: Performance of a contract

  - Purpose: Calculating and recording income and/or expenses, collecting and/or making payments ==> Basis: Performance of a contract / Legitimate interest

  - Purpose:  Improving our products and services ==> Basis: Legitimate interest

  - Purpose:  Enforcing our rights and risk management ==> Basis: Legitimate interest

  - Purpose:  Complying with our legal and regulatory obligations ==> Basis: Legal obligation

Users - If you are a user, we may process your personal data for the following purposes:

  - Purpose:  Authorization and authentication  ==> Basis: Performance of a contract / Legitimate interest

  - Purpose:  Resolving issues, errors and bugs ==> Basis: Performance of a contract / Legitimate interest

Website visitor - If you are a website visitor, we may process your personal data for the following purposes:

  - Purpose: Keeping our website functioning ==> Basis: Legitimate interest

  - Purpose: Marketing activities such as sending newsletters and invitations to events ==> Basis: Consent

  - Purpose: Offering relevant information ==> Basis: Legitimate interest / Consent

  - Purpose: Complying with our legal and regulatory obligations ==> Basis: Legal obligation

Third party - If you are a third party, we may process your personal data for the following purposes:

  - Purpose: Keeping in contact ==> Basis: Legitimate interest

  - Purpose: Marketing activities such as sending newsletters and invitations to events ==> Basis: Consent

  - Purpose: Placing orders ==> Basis: Legitimate interest / Performance of a contract

  - Purpose: Complying with our legal and regulatory obligations ==> Basis: Legal obligation

Security

We use various appropriate technical and organisational measures to ensure data security, including protection against a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, such data. In doing so, we take into account the state of the art, implementation costs, the nature, scope, context and purposes of the processing, as well as the risks the processing poses to you. The persons working for us are, of course, bound by confidentiality and must comply with our instructions aimed at protecting your personal data. 

Cookies on our website

Cookies are small text files placed on your computer, laptop, tablet, smartphone or other internet-enabled device. These cookies can be stored and read through your web browser. After a cookie is placed, your device can be recognised as long as you use the same web browser and as long as the cookie is not deleted. This makes it possible, for example, to click back to the previously visited web page. Cookies can also be used to analyse browsing behaviour. Besides cookies, similar techniques may also be used, such as web beacons (also called "tags"), HTML5 Local Storage and Local Shared Objects (LSOs, also called "flash cookies"), and embedded scripts (also called "Javascripts"). 

We have a cookie banner on our website informing you about our cookies and allowing you to select your cookies preferences.  

Transfer to countries outside the EEA

We may transfer your personal data to parties processing your personal data outside the European Economic Area (EEA). Transfer of your personal data to a country outside the EEA can be legitimised primarily on the basis of a so-called adequacy decision. This is a decision in which the European Commission declares that, for example, a certain country provides a comparable level of data protection to the GDPR. 

If and to the extent we share personal data with parties in countries outside the EEA to which no adequacy decision applies, we will only transfer your personal data if the recipient provides appropriate safeguards and you have enforceable rights and effective remedies.

Storage of personal data

In principle, we do not store your personal data for longer than necessary to fulfil the purposes described in this privacy statement.  

However, we may need to keep your personal data for longer because it is necessary to comply with a legal obligation. For example, we need to keep certain personal data for a period of at least 7 years after the end of a fiscal year. 

Privacy rights

In certain cases, you have the right to view and change the personal data that we have collected from you. You have, in certain cases, also the right to object to the processing of your personal data and you can also ask us to limit the processing of your personal data, delete your data or transfer your data to another party. In order to exercise any of your privacy rights as to personal data controlled by us, please send a request to us and indicate that it concerns a personal data request.  

Exercising the above privacy rights is in principle free of charge and can be done by e-mail, post or telephone using the contact details provided below. We will provide you with information on the action taken on your request without undue delay and, in principle, within one month of receiving the request. If the exercise of a privacy right is clearly unfounded or excessive, in particular due to its repetitive nature, we will charge you a reasonable fee or refuse to comply with the request. We may also ask you for certain additional information to help us confirm your identity before complying with such a request.

Right to make a complaint

You have the right to make a complaint with a supervisory authority at any time. We refer you to this webpage for an overview of the supervisory authorities and their contact details. In the Netherlands, this is the Personal Data Authority. We prefer to deal with your complaint ourselves first before referring you to the supervisory authority. Therefore, please contact us, in particular if you have a complaint about the way we handle your personal data, so that we can try to resolve the issue. 

Contact details

Mindro B.V.
support@mindro.co
Chamber of Commerce no.: 94488770

Other

If we refer to websites, whether or not via hyperlinks from other parties, we are not responsible for the content of those websites or the services of those parties, or how they process your personal data. 

Please note that we may make changes to this privacy notice from time to time. Where appropriate, we will notify you of such updates. The current version is always available on our website https://mindro.co/privacy-policy

Privacy Policy    ​​© 2024  Mindro

Made with 🖤 in Amsterdam

A LEGAL DISCLAIMER

The explanations and information provided on this page are only general and high-level explanations and information on how to write your own document of a Privacy Policy. You should not rely on this article as legal advice or as recommendations regarding what you should actually do, because we cannot know in advance what are the specific privacy policies you wish to establish between your business and your customers and visitors. We recommend that you seek legal advice to help you understand and to assist you in the creation of your own Privacy Policy. 

PRIVACY POLICY - THE BASICS

Having said that, a privacy policy is a statement that discloses some or all of the ways a website collects, uses, discloses, processes, and manages the data of its visitors and customers. It usually also includes a statement regarding the website’s commitment to protecting its visitors’ or customers’ privacy, and an explanation about the different mechanisms the website is implementing in order to protect privacy. 

 

Different jurisdictions have different legal obligations of what must be included in a Privacy Policy. You are responsible to make sure you are following the relevant legislation to your activities and location.

WHAT TO INCLUDE IN THE PRIVACY POLICY

Generally speaking, a Privacy Policy often addresses these types of issues: the types of information the website is collecting and the manner in which it collects the data; an explanation about why is the website collecting these types of information; what are the website’s practices on sharing the information with third parties; ways in which your visitors an customers can exercise their rights according to the relevant privacy legislation; the specific practices regarding minors’ data collection; and much much more. 


To learn more about this, check out our article “Creating a Privacy Policy”.

bottom of page