GDPR and Data Protection Policy

‍

Effective date: 01.12.2024
Controller: OpenMinds
Contact for data protection matters / DPO (Data Protection Officer): gdpr@openminds.ltd

‍

1. Introduction

‍

OpenMinds (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable local data protection laws. This policy describes how we collect, store, use, share, and protect personal data, your rights, and how you can exercise them.

‍

2. Definitions

‍

• Personal Data means any information relating to an identified or identifiable natural person.
• Processing means any operation performed on personal data (collection, storage, use, disclosure, etc.).
• Controller means the entity that determines the purposes and means of processing personal data.
• Processor means a third party that processes personal data on behalf of the Controller.
• Data Subject means the natural person to whom the personal data relates.
  ‍

3. What Personal Data We Collect

‍

We may collect the following categories of personal data:

• Personal Data: name, job title, company name, email address, telephone number, postal address, etc.
• Technical Data: IP address, browser type and version, time zone setting, operating system, etc.
• Usage Data: pages visited, time spent on pages, links clicked, referring site, etc.
• Communications Data: correspondence, feedback, support queries, etc.
• Marketing & Preferences Data: preferences in receiving communications from us, opt-in status, etc.

We do not collect sensitive personal data (e.g. address, race, religion, health data) unless you explicitly provide it and we have a lawful basis.

‍

4. Sources of Personal Data

‍

• Directly from you (when you fill in forms, contact us, sign up for newsletters, etc.)
• Automatically when you visit or use our website (through cookies and analytics)
• From third parties such as service providers, partners, where necessary.

‍

5. Purposes & Legal Bases for Processing

‍

We process personal data for one or more of the following purposes:

‍

‍

If we process data based on your consent, you can withdraw consent at any time without affecting prior processing.
‍

6. Data Processors (Third-Party Service Providers)

‍

We engage certain third parties who process personal data on our behalf (“Processors”) for services including but not limited to:

• Hosting providers
• Cloud service providers
• Email / Newsletter platforms
• Analytics providers
• Customer Relationship Management (CRM) tools
• Support / helpdesk software
  

Each of these processors is selected carefully. We enter into written agreements which impose data protection obligations, require appropriate security measures, require that they only act on our instructions, and require them to assist us (and you) in fulfilling rights under GDPR.

If you want a complete, up-to-date list of the data processors we use (with contact, location, purpose), you can request it by emailing gdpr@openminds.ltd.

‍

7. Data Retention

‍

We retain personal data only as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations. When data is no longer needed, we securely delete or anonymise it.

‍

8. Data Transfer

‍

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place (for example, Standard Contractual Clauses, Binding Corporate Rules, or that the recipient is in a country with an adequacy decision by the European Commission).

‍

9. Data Security

‍

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including (but not limited to):

• Encryption of data in transit and at rest (where feasible)
• Access controls and role-based access
• Regular testing, audit and review of security practices
• Staff training and confidentiality obligations
  ‍

10. Your Data Subject Rights

‍

Under GDPR, you have certain rights, including:

• Right of access – to request a copy of your personal data.
• Right to rectification – to have inaccurate data corrected.
• Right to erasure (“right to be forgotten”) – in certain circumstances.
• Right to restriction of processing – in certain circumstances.
• Right to data portability – to receive your data in a structured, commonly used, machine readable form and to transmit it to another controller.
• Right to object – to processing based on legitimate interests, or for direct marketing.
• Right to withdraw consent – where processing was based on consent.

To exercise these rights, or for any GDPR-related request, contact us at gdpr@openminds.ltd. We aim to respond without undue delay and in any event within the timeframes required by law (usually 1 month).

‍

11. Cookies and Tracking Technologies

‍

We use cookies and similar technologies to collect technical and usage data. Some cookies are strictly necessary; others are optional. You can manage or reject non-essential cookies via your browser settings.

‍

12. Minors

‍

We do not knowingly collect personal data from children under the age of 16 without parental consent. If we learn that we have collected personal data of a minor without such consent, we will take steps to delete it.

‍

13. Updates to this Policy

‍

We may update this Policy from time to time. The “Effective date” above will indicate when updates take effect. We will notify you of material changes via our website by updating the “Effective Date”.

‍

14. Supervisory Authority

‍

If you believe that we are not handling your personal data in accordance with GDPR, you have the right to lodge a complaint with your local Data Protection Authority.

‍

15. Contact

‍

For any questions regarding this policy or data protection practices, to exercise your rights, or to request the list of data processors, please contact: gdpr@openminds.ltd.

‍