App-Privacy-policy

Optomynd Limited (including its affiliates) (“Myndr”, “we”, “our” or the “Company”) respect the privacy of its Users and is committed to protect the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use the Service.
Myndr is a product of Optomynd and is cloud-based web platform that enables individuals to manage their mental health (the “Service” or “Myndr”).
A User may be either an entity, for example an employer which has executed an agreement with Myndr (“Customer “) or a Customer’s users for example a Customer’s employees, of the Services (“End User(s)”) (Customer and End User shall collectively be referred to as “Users” or “you”).
This Policy (the “Privacy Policy”) explains the types of information we may collect from End Users or that End Users may provide when using the Services. This Policy also describes Myndr’s practices for collecting, using, maintaining and processing information.
Users who wish to use the Service may be asked to provide Myndr, either directly or through their company administrator, with certain information including Personal Information and Sensitive Information as further detailed in this Privacy Policy (“Data”). Myndr’s use of this Data in connection with the Services will be undertaken in accordance with this Privacy Policy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By using our Services, you acknowledge you have read and understood this privacy policy.
For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller is the Customer who makes available and permits End Users to access and use the Service or anyone on its behalf (the “Controller”).
WHICH INFORMATION MAY WE COLLECT?

Categories of information and data we may collect from our Users.
Data we collect about you from your use of the Service
The first type of Data is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected Non- Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Service. Non-personal Information which is being gathered consists of technical information and behavioural information and which may include, the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, time zone setting, the User’s ‘click-stream’ on the website, the period of time the User visited the website, methods used to browse away from a page, and any phone number used to call our business development department.
Data you give us
The second type of Data is individually identifiable information (“Personal Information”).
This information may identify an individual or may be of a private and/or sensitive nature.
Personal Information which is being gathered consists of any personal details provided consciously and voluntarily by a Customer, End User or the Customer’s administrator or through your use of the Myndr platform. This may include your name (first and last), birthdate, gender, disability, learning style, mood data, focus area, country, city, postcode, gender, IP address and other unique identifiers, information the Customer chooses to collect and other information User may choose to provide to Myndr and to its employee.
In the course of providing the Service, Myndr may learn demographic information about you such as your focus area. All of the this shall be deemed Personal Information for the purposes of this Privacy Police.
We will never sell your Personal Information to third parties.
You do not have any legal obligation to provide any information to Myndr however, we require certain information in order to provide the Services. If you choose not to provide us with certain information we may not be able to provide you with the Services. Login credentials (email and username) are required to have the Myndr system work properly. We may keep such Personal Information in a database which will be owned and controlled by the Controller.
Myndr may also collect the email addresses of people who communicate with Myndr via email or via messenger services or create accounts and login credentials.
By registering for an account on Myndr’s general web site, Myndr will collect your name, company name, phone number and company email you provided. Myndr may use this information to offer Myndr’s services and support.
Myndr may not be aware of the nature of the information collected through the Services. Such information may include Personal Information about an individual’s racial or ethnic origin, religious or similar beliefs, physical or mental health or condition or any other data considered as sensitive under applicable law (“Sensitive Information”).
HOW DO WE COLLECT INFORMATION ON USERS OF Myndr?

There are two main methods we use:
We collect Non-Personal Information through your use of our Service. In other words, when you are using the Service we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
We collect Personal Information which you provide us voluntarily. We collect Personal Information required to operate the Service when you or the Customer’s administrator registers and opens an account. In addition, we collect your Personal Information, which may be considered as personally identifiable, whether you provide us such information by entering it manually or via a Customer. We also collect Personal Information entered voluntarily by a Customer administrator.
WHY DO WE COLLECT SUCH DATA?

Data you give to us:

We will use this Data only to provide the Services including:
carrying out our obligations arising from any contracts entered into between you and Optomynd and/or any contracts entered into between a Customer and Optomynd and to provide you with the information and Services that you request from Myndr. These Services include , but are not limited to, profiling of performance , job history, resignation and termination dates in order to build a statistical model used in predictive analytics;
administering your account with Myndr;
verifying and carry out financial transactions in relation to payments you make in connection with the Service;
notifying you about changes to our Service;
contacting you for the purpose of providing you with technical assistance and other related information about the Service;
replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
SHARING DATA GATHERED THROUGH Myndr WITH THIRD PARTIES

We may give your Data to:
Members of our Group
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
Third Parties
Our selected third parties may include:
business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analysing data, providing IT and other support services or in other tasks, from time to time. These third parties will only use your information to the extent necessary to perform their functions;
analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy (this will not identify you as an individual) and data processors who process your personal data on our behalf and in accordance with our instructions and applicable data protection law.

A full list can be seen below:

We may disclose your personal information to third parties:
If Optomynd’s all or substantially all of its assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Myndr, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
For avoidance of doubt, Myndr may transfer and disclose Non-Personal Information to third parties at its own discretion.
WHERE DO WE STORE YOUR DATA?

The Data we collect is hosted on the Amazon Cloud in London which provides advanced security features and is compliant with ISO 27001 standard.
MODIFICATION OR DELETION OF PERSONAL INFORMATION GATHERED THROUGH Myndr

Data stored through Myndr is inherently dynamic and may contain errors and omissions. If for any reason you wish to modify your Personal Information you may do so on through Myndr by editing the relevant data that needs to be modified. Please note that certain data cannot be edited without the Controller’s consent such as data related to your engagement with our application (content engagement, mood tracking). In order to delete your Personal Information completely please contact the Controller.
Myndr is a mere processor of data and is not the data owner or Controller. As such Myndr may not be able to delete your information without Controller’s authorisation. Each User hereby agree and confirm that Myndr shall not have any liability or responsibility in connection with actions taken in accordance with Controller’s instructions.
End Users may have a legal right under certain applicable laws (for instance if the End User is an E.U. citizen) to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes.
If, for any reason, an End User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined below) (e.g. Myndr Customer, your employer). The Controller shall perform the necessary process to identify the End User as an End User who has a the right to retrieve the specific information and then furnish to Myndr the data required to be amended, deleted or retrieved together with a specific identification of the End User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to Myndr’s servers (IP address is not enough for an identification of End User or data)). Myndr cannot retrieve data without a specific identification of End User by the Customer. Myndr may not be able to delete, amend or retrieve End User’s information without the Controller’s instructions and authorisation.
Please note that Personal Information may be either deleted or retained in an aggregated or anonymised manner without being linked to any identifiers or Personal Information, depending on technical commercial capability. Such information may continue to be used by Myndr for the purpose of operating the Service on behalf of the Controller. In particular, the statistical model used to provide predictive analytics.
For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed below and we shall make efforts to respond and support your request.
Data retention – Myndr
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Myndr shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Myndr’s trade secrets (Customer’s personnel may be required to execute a non-disclosure agreement).
Myndr will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Myndr is backed up for system continuity purposes and each backup file may be stored for 30 days.
After a (i) request from the Controller to delete any data or (ii) a deletion of data from the Myndr’s interface; (iii) termination of a user account or an organisation from the Myndr system, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once begun, this process cannot be reversed and data will be permanently deleted. Some data will not be deleted and shall be kept in an anonymised manner.

Similarly, Myndr collects and retains metadata and statistical information concerning the use of the Service which are not subject to the deletion procedures in this policy and may be retained by Myndr for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.
Customer may retain Personal Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer. You hereby agree not to assert any claim against Myndr in this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.
Please note that some data will not be deleted and shall be kept in an anonymised manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by Myndr. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy.
Cookies & local storage
When you access or use the Service, Company may use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The cookies used by the Service are created per session and does not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Service may be limited.
We use Cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights).
Myndr uses secured Cookies. That means a cookie with a secured flag which can only be transmitted over an encrypted connection. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
We use the following types of Cookie:
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
Disabling cookies
Disabling cookies will prevent you from being able to log in.
Further details on how to disable cookies can be found here:

All cookies used on our site will expire at the end of the session
Security and storage of information
We take a great care in implementing, enforcing and maintaining the security of the Service, and our Users’ Personal Information. Myndr implements, enforces and maintains security policies to prevent the unauthorised or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis.
The Personal Information is hosted on the Amazon Cloud in London which provides advanced security features and is compliant with ISO 27001 standard, among other certifications, as listed here: https://aws.amazon.com/compliance/. All Personal Information is stored with logical separation from information of other customers. However, we do not guarantee that unauthorised access will never occur.
Myndr limits access to personal data to those of its personnel who: (i) require access in order for Myndr to fulfil its obligations under this Privacy Policy and agreements executed with Myndr and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law. Myndr takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and periodically properly trained.
Myndr shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by Myndr on behalf of Customer is lost, stolen, or where there has been any unauthorised access to it subject to applicable law and instructions from any agency or authority. Furthermore, Myndr undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, Myndr shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorised or illegal dissemination of the Personal Information or any part thereof.
Myndr maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security.
The Service may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.
General
Myndr aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfil the purpose for which the data is gathered. Myndr only collects data in connection with a specific legitimate purpose and only processes data in accordance with this Privacy Policy.
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
Minors
We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 16 to register for the Myndr Service. If you are under 16, do not register or attempt to register for any of the Myndr Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Information or Personal Data from a child under the age of 16, we reserve the right to delete that Personal Information or Personal Data as soon as reasonably practicable without any liability to Myndr from any User. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: hello@myndr.co.uk as soon as possible.
Changes to the privacy policy
The terms of this Privacy Policy will govern the use of the Service and any information collected in connection therewith, however, Myndr may amend or update this Privacy Policy from time to time. Unless otherwise agreed with the Customer, we will endeavour to provide notice of material changes to this policy on the homepage of the website and (if applicable) via an e-mail. Such material changes will take effect seven (7) days after such notice was provided on our website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of Services will constitute your active acceptance of, and agreement to be bound by, the changes to the Privacy Policy.
Questions, contact information and complaints
If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at hello@myndr.co.uk and we will make an effort to reply within a reasonable timeframe, and not over 30 business days.
Last Revised: 07.10.20