PRIVACY POLICY

version of 24/02/2024

When you, whether as a User (within the meaning of the Terms and Conditions of Use) or as a Client (within the meaning of the Terms and Conditions of Service or any other master agreement entered into with Mindee hereinafter referred to indistinctly as the “Agreement”) (the “Contracting Party”), enter into an agreement with Mindee for access to and use of any one of our remote automated document and image processing services whatsoever available on the Website or the Platform (the “Services”), Mindee may process your Personal Data. 

The aim of this Privacy Policy is to inform you of the processing carried out by Mindee when you use our Services, i.e when Mindee is acting as a controller.

For the purposes hereof, Mindee and the Contracting Party are together referred to as the “Parties” and individually as a “Party”. Terms beginning with a capital letter and not defined herein have the meaning that is attributed to them in the applicable contractual document (namely the Terms and Conditions of Use of our Website, the Terms and Conditions of Service of our Platform or any other master agreement entered into with Mindee) into which this Privacy Policy (when Mindee is acting as a Controller) is incorporated.

Terms such as “Processing”, “Controller”, “Processor”, “Personal Data”, and “Data Subject” used in this Privacy Policy and Data Processing have the meaning that is attributed to them in the Applicable Regulations.

PRIVACY POLICY OF MINDEE’S SERVICES

  1. How Mindee collects, processes and stores Personal Data as a Controller

Mindee is committed to safeguarding the privacy of its Clients and/or Users (including users of the Platform, as defined in the Terms of Services) and use their Personal Data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (the “GDPR”) and Law n°78-17 of 6 January 1978 relating to data processing and civil liberties in its current version in force (together the “Applicable Regulations”).

  1. Purposes and legal basis of Mindee’s Processing as a Controller

Mindee processes the Personal Data collected from the Website or the Platform, as a Controller, for the purposes of:

  1. processing and responding to any contact request from the Website, including to obtain a demo of the Service, by virtue of the performance of pre-contractual measures and to send prospection and newsletters emails to prospects by virtue of Mindee’s legitimate interests;
  2. executing any Agreement by means of electronic signature, where applicable, pursuant to the performance of the Agreement;
  3. creating an account for Users, and a Client Account, and delivering the Services to Clients and/or Users to authenticate and authorize access to the Services and allow the use of the Services, pursuant to the performance of the Agreement;
  4. managing the Agreement and invoicing the Services subscribed pursuant to the performance of the Agreement;
  5. draw up audience and usage statistics of the Website or Platform pursuant to Mindee’s legitimate interests;
  6. technical administration of the Website or the Platform (monitoring interruption or unavailability of Services in particular for Maintenance purposes, errors in order to resolve them, analysis and detection of abuses) pursuant to Mindee’s legitimate interests to provide functional Services to Client or the performance of the Agreement;
  7. Production of statistics on usage for Services’ supervision and reporting, and to measure the performances of the Services, based on Mindee’s legitimate interests to improve its Services;
  8. carrying out campaigns for prospection (including newsletter) and promotion of the Services and their evolution through emails sent to Users and points of contact of the Contracting Party presumed to be professional addresses, pursuant to Mindee’s legitimate interests to promote its Services.

(together the “Purposes”).

Where Personal Data are collected by Mindee for the execution of the Agreement, if those Personal Data are not provided, Mindee will be unable to perform its obligations under the Agreement.

  1. Category of Personal Data

Mindee processes, for the Purposes, the following Personal Data:

  • identification data of the Users (staff members of the Contracting Party, Affiliated Entities or Third Party Service Providers) such as surname, first name, position in the company, professional email address, telephone number, User ID and password;
  • Users’ connection and navigation data (such as User ID, password, IP address, login logs, API concerned, timestamp data, Request file format);
  • data relating to the Subscription (payment card and cardholder data, which shall be stored exclusively by Mindee’s payment processor for “Unilimited Plan” Subscription or data pertaining to the payment of Invoices for an “Enterprise” Subscription, logs).

  1. Recipient of Personal Data

For the Purposes, Mindee may disclose Personal Data to technical data processors:

  • the Website and Platform hosting service provider: Amazon Web Services, whose servers are located in Ireland. If the Users and/or Client is located in the United Sates, Personal Data will be hosted in United States, unless otherwise agreed between the parties;

  • the on-line payment solution service provider Stripe, whose servers are located in Ireland;

  • Intercom, which is our provider of support tool, whose servers are located in Ireland.

Mindee may disclose only to these technical data processors the Personal Data that they need to carry out their obligations, and requires from them that they do not use the Personal Data for other purposes. However, Mindee may be induced to disclose Personal Data if the law should or require or by judicial or administrative request.

The Contracting Party and the Users are also informed that, for invoicing purposes, the on-line payment solution service provider together with the financial establishments in charge of processing payments may also carry out processing of Personal Data on their own behalf, as separate Controllers and for separate purposes, it is the responsibility of the Contracting Party and the Users to consult their privacy policies for more information on the processing that they implement.

  1. Storage period

The identification data of the Users are stored, as the case may be, for the term of the Agreement or up to three (3) years after the term of the Agreement or the last contact for prospection and promotion of Services.

The data relating to the connections and navigation of Users are stored, as the case may be, for a period of 12 months, or for the time necessary for the verification and resolution of technical problems. Personal Data pertaining to the identification of the Users, Clients and the payment of the subscription are kept for the duration of the Agreement, and statute limitation periods, and for the duration of a litigation, in case of litigation . 

In any case, Personal Data (including identification of the Users and Clients and payment of the subscription) archived for a duration beyond the term of the Agreement for administrative and/or evidentiary purposes.

When this data is used to draw up statistics, pseudonymized data will be stored for a period of 24 months while anonymized statistical reports are kept for as long as necessary.

Data relating to payment means are stored until the last payment instalment or due date.

  1. Data subjects rights and exercise of rights

In accordance with the Applicable Regulations, Users have the right to access, rectify, delete and to ask the portability of their Personal Data, as well as the right to give instructions relating to their Personal Data in the event of their death. Users may also ask Mindee to restrict the processing of their Personal Data or object to such processing, including profiling.

Where Clients and/or Users have given consent to Mindee, they may also withdraw their consent at any time, by sending an email to privacy@mindee.com.

If a User has an account, she/he may access, modify or export its Personal Data, or delete its account, by sending an email to privacy@mindee.com. In case of deletion of the User’s account, Mindee may keep storing Personal Data after the deletion of the account to comply with Mindee’s legal obligations.

To exercise their rights or if Client and/or Users otherwise have any questions regarding the processing of their Personal Data when using the Platform or the Website, they may contact Mindee at privacy@mindee.com. Mindee will have one month within the receipt of the request to respond. That period may be extended by Mindee by two further months in case of complexity of the request.

Mindee also notifies Client and/or Users that they may raise complaint to a data protection authority, e.g the supervisory authority where the Client and/or Users live or the French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (“CNIL”).

Mindee will respond to Client and Users’ requests within thirty days from the receipt of their request, subject to a possible extension, in compliance with Applicable Regulations. Mindee reserves the right to object to any requests considered unreasonable due to the repetitive nature thereof.

  1. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks varying likelihood and severity for rights and freedoms of natural persons posed by the processing, Mindee undertakes to implement appropriate technical and organizational security measures, in order to preserve the confidentiality and security of Personal Data and in particular to prevent it from being distorted, damaged, misappropriated or communicated to unauthorized third parties and, more generally, to implement all appropriate technical and organizational measures to protect the Personal Data against destruction, loss, alteration, disclosure or unauthorized, accidental or unlawful access.

  1. Changes to the Privacy Policy

Mindee may make changes to all or part of the Privacy Policy, in order notably to comply with any regulatory, jurisprudential, editorial or technical evolution. Mindee will inform the Contracting Party and the Users of it by any means (including e-mail and information on the Website or the Platform) and will update the date on the first page hereof. It is the responsibility of the Contracting Party to regularly consult this page.

If the amendments to the Privacy Policy involve matters for which the consent of the Users was previously required, Mindee will notify the Users to reattain their consent.