To the right you'll find a (non legally binding) summary version, that quickly points out the most important infos. If you have any queries you can contact us at firstname.lastname@example.org.
1. Who we are
Name and address of the data controller for the purpose of the General Data Protection Regulation (GDPR) for Mind42 is:
Hütteldorfer Straße 236/1/6
This document informs data subjects (users) of the rights to which they are entitled.
As a data controller, Mind42 works with trusted partners who also conform to the GDPR and has implemented appropriate measures to ensure the protection of personal data processed through this website.
3. Data collection and usage
3.1. Our web servers collect a series of general data and information whenever you access the website. This may includes internet connection information (IP address), browser types and versions, the operating system used, the website from which you are accessing Mind42 (referrer), the date and time of the access and any other similar data sent by the browser. This anonymous data is stored in the server log files - separately from all personal data - and not connected with Mind42 user accounts. We don't draw any conclusions from this data. This information is needed to ensure the undisturbed operation of Mind42 (to detect malicious activity) and may be provided to law enforcement authorities for criminal prosecution in case of a cyber-attack.
3.2. When you register a Mind42 account you'll need to provide us an (anonymous) username, your email address and a password (which is encrypted so that we don't have access to it). This information is necessary for us to provide you with a Mind42 account, so that you can use the service. The email address is used for a double opt in consent procedure - if the sign up is not confirmed using a link in the email, all recorded data is deleted after 48 hours. The collected data is stored exclusively for internal use to provide this service, and is not passed to third parties - unless there is a statutory obligation, like criminal prosecution. The data is always secured. During transfer by the means of HTTPS secure transfer. It's only stored in our database hosted within the EEC (in Germany). The server disks are encrypted, so that the server provider can't access the data. All backups are encrypted as well. Access to the database is protected by a firewall - it's not reachable from the outside internet - only by our application servers.
3.3. The website of Mind42 offers a contact form to quickly contact support or users can directly write to our email address. In both cases users contacting us are providing us with their email address (standard internet email) so that Mind42 can respond to their requests. This data is stored within a standardized email application, using Google Mail as provider. It's archived after the conversation is finished, and the archives are regularly deleted. Those email addresses are not recorded or used for anything else.
3.4. Users might subscribe to a paid plan for their Mind42 accounts to remove advertising. Payment data (payment method as well as address, name, ...) is not processed by Mind42, but a by a partner (Fastspring - see below). Fastspring provides only the customer information (without the payment method details) about the subscribers to us. This personal information is not directly connected to the user account, and only gets used in the process of bookkeeping. This information is therefore passed to our bookkeeping company, and stored as required by the law.
When you sign up for an account, you have to enter personal data in the form of your email address to confirm your account (double opt in). This data is not given to any third parties, and only used for your account to provide you with the service.
When using the contact form or contacting us using email, we get your email address to be able to respond to you. This data is not used for anything else and not integrated into any other database.
When you upgrade to a paid account, payment data is not handled by Mind42 itself (but our partner Fastspring) and only used for bookkeeping.
Mind42 only uses non permanent session cookies when using the website. Optionally a second cookie is set to remember your login.
4. Data deletion
We will retain your personal information only for as long as we will be required in order to fulfil the purposes described above.
In certain special cases, longer retention period might by required by law e.g. tax, accounting purposes or other legal requirements and obligations. As soon as we will no longer require your personal data to provide our services for other purposes mentioned above, we will promptly delete it.
Server logs containing the general web server data as described in 3.1 are deleted after 1 month. All Mind42 account data as described in 3.2 is completely deleted when you cancel your account. Contact data from using the contact form (3.3) is - as described - handled by a regular email application, and regularly archived and deleted. Personal data of paid subscribed (3.4) is kept for bookkeeping reasons as long as required by the law. Mind42 cookie data (3.5) is deleted when closing the browser window - or immediately depending on your browser settings. Optional login cookies are deleted when you sign out.
5. Partner services
5.2 Google Analytics:
Mind42 uses Google Analytics (with anonymizer function). Google Analytics is a web analytics service, collecting information about visitors of the website and providing analysis to Mind42 about how the website is used. Web analytics are mainly used for the optimization of a website
The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Mind42 uses the "anonymizeIp" function of Google Analytics, so that Google abridges and anonymises the IP address of the users when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
Google Analytics sets its own cookies in the browser of the user (see Cookie explanation above). This enables Google to analyze the use of the website by identifying the user on each page visit. Through this technical procedure, Google gains knowledge of personal information such as the IP address. Google will transmit and store this data to the United States of America and may pass this data to third parties.
As explained above you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Such an adjustment to the settings would also prevent Google Analytics from setting a cookie on the computer of the user - also, cookies already in use by Google Analytics may be deleted at any time.
Additionally users my opt out of Google Analytics by downloading and installing a browser add-on provided by Google found at https://tools.google.com/dlpage/gaoptout.
More information and Googles applicable data protection provisions may be retrieved at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. More information about Google Analytics can be found at https://www.google.com/analytics/.
5.3 Google AdSense:
Mind42 uses Google AdSense. Google AdSense is an online service which allows the placement of advertising on third-party-sites. Google AdSense uses algorithms that select advertisements to match with the content of the integrated website as well as targeting advertisements based on interests of the user based on generated user profiles.
The operator of Google AdSense is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Mind42 uses Google AdSense to display advertisements on its websites which finance the free service of Mind42. We've disabled the delivery of personalized ads for users in the EER.
Google AdSense sets its own cookies in the browser of the user (see Cookie explanation above). This enables Google to analyze the use of the website by identifying the user on each page visit. Through this technical procedure, Google gains knowledge of personal information such as the IP address. Google will transmit and store this data to the United States of America and may pass this data to third parties for the purpose of online advertising.
As explained above you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Such an adjustment to the settings would also prevent Google AdSense from setting a cookie on the computer of the user - also, cookies already in use by Google AdSense may be deleted at any time.
Furthermore, AdSense also uses tracking pixels. A tracking pixel is a small graphic that is embedded in web pages to enable logging ad views and statistical analysis. Based on these, Google is able to determine if and when a website was viewed by the user.
Users may opt out of the use of advertisement cookies from Google at http://www.google.com/privacy_ads.html or http://www.networkadvertising.org/managing/opt_out.asp for cookies from other third party vendors.
More information about Google AdSense can be found at https://www.google.com/intl/en/adsense/start/.
Mind42 uses the Gravatar directory for displaying avatar images for registered users. For this, a hash of the email address of the user to display an image for is part of a request for the matching avatar image from Gravatar. No plain text email address is transmitted. This means though, that the browser of the users who displays such images makes a request to the Gravatar service. Due to the way the internet works this means, that the Gravatar service receives a request from the users IP address.
Mind42 also uses the external services Google AdSense and Google Analytics for displaying advertisements (to finance the free service) and usage analysis. These services include their own cookies and will receive some general browser data (IP address, ...) due to the way they are working technically. But you can opt out (links to the left). They don't receive and Mind42 user data.
6. Your rights
Generally Mind42 only uses the data for the mentioned purposes, keeps it save using industry standards and deletes it when no longer needed (you close your account).
Depending on where you live, you may have additional privacy rights. For example, under EU laws you have the following additional rights:
- to access information we hold about you
- to request that we delete your personal information from our system
- to ask us to rectify/correct your personal information if appropriate
- to ask us to restrict processing of your data
- to transmit your data to another entity
- to lodge a complaint with a data protection authority
Basically all these rights are implemented in the Mind42 homepage. You can edit your data in the settings at mind42.com/settings, delete you account at mind42.com/deleteAccount and export your mind maps using the export feature. And we always really delete data when deleting them in the interface. So asking to restore an accidentally closed account or accidentally deleted mind map won't work. Please note though, that to confirm your identity as the rightful owner of the account you claim, we will send you to the above mentioned pages where you confirm account ownership using your password.