Note for users of MindTouch’s Cloud-Based Services
Users of MindTouch’s cloud-based services (“Services”) are subject to an additional set of conditions which are necessary in order to provide product-related duties. These policies are detailed in the Master Subscription Agreement (MSA). The current version of the Master Subscription Agreement is published here at https://mindtouch.com/msa.
Please note that Subscribers to the Services are solely responsible for establishing policies to ensure compliance with all applicable laws and regulations—as well as any and all privacy policies, agreements, or other obligations that relate to the collection of Personal Identifiable Information in connection with the use of the Services by Individuals (also referred to as “data subjects”) with whom the Subscribers interact. If the Individual interacts with a Subscriber using the Services, then the Individual will be directed to contact the Subscriber for assistance with any requests or questions relating to the Individual’s Personal Identifiable Information, or if the Individual wishes to amend how that information is being used.
In order to provide Services, MindTouch may transfer Personal Identifiable Information to companies that help provide Services. A good example of this is Amazon Web Services (AWS), who is the cloud service provider. Such transfers of Personal Identifiable Information are governed by the Service Agreements for the Subscribers.
“Personal Identifiable Information” or “Information” means information that (1) is about, or pertains to a specific Individual; and (2) can be linked to that Individual. “Sensitive Personal Identifiable Information” means Personal Identifiable Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an Individual’s health.
Principles of how MindTouch Treats the Individual’s data
Links to other websites
The Website may contain links to other websites. For example: partner websites and other blog sites that are referenced in the MindTouch blog. In such cases, the information practices, data collection policies, and the content of such other websites are governed by the privacy statements of those websites. It is advised that the Individual reviews the privacy statements of any other websites when visited to understand their information policies and practices.
MindTouch’s duty to inform the Individual
MindTouch shall inform an Individual of the purpose for which it collects and uses the Personal Identifiable Information, and the types of non-agent third parties to which MindTouch may or may not disclose Information.
MindTouch shall provide the Individual with the choice and means for limiting the use and disclosure of their Personal Identifiable Information. Notice will be provided in clear and conspicuous language when Individuals are first asked to provide Personal Identifiable Information to MindTouch, or as soon as practicable thereafter—and, in any event, before MindTouch uses or discloses the Information for a purpose other than for which it was originally collected.
The Individual’s ability to choose
MindTouch will provide an Individual opt-in choices before use for a purpose other than which it was originally collected or subsequently authorized. For Sensitive Personal Identifiable Information, MindTouch will give Individuals the opportunity to affirmatively or explicitly (opt-out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Individual. MindTouch shall treat Sensitive Personal Identifiable Information received from an Individual the same as the Individual would treat and identify it as Sensitive Personal Identifiable Information.
The Individual will be notified by email to the email address then on record. If the Individual chooses not to receive MindTouch email communications, the Individual can opt-out or unsubscribe by visiting http://info.mindtouch.com/preferences, by emailing [email protected], by following the opt-out instructions in the email or newsletter, or by sending mail to MindTouch, Inc. (Attn: Legal Department). 101 West Broadway, Suite 1500, San Diego CA 92101.
Accountability for Onward Transfers
Prior to disclosing Personal Identifiable Information to a third party, MindTouch shall notify the Individual of such disclosure, and allow the Individual the choice (opt-out) of such disclosure. MindTouch also may be required to disclose an Individual’s Personal Identifiable Information in response to a lawful request by public authorities, which includes having to meet national security or law enforcement requirements. MindTouch shall ensure that any third party for which Personal Identifiable Information may be disclosed will agree in writing to provide the same level of privacy protection as is described in this policy.
The Individual will be notified by email to the email address then on record before disclosing Personal Identifiable Information to a third party. The Individual may opt-out by emailing [email protected], following the opt-out instructions in the email, or by sending mail to MindTouch, Inc. (Attn: Legal Department). 101 West Broadway, Suite 1500, San Diego, CA 92101.
MindTouch shall take reasonable steps to protect the Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. MindTouch has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Information. This includes: loss, misuse, unauthorized access, disclosure, alteration, and destruction. MindTouch cannot guarantee the security of Information on or transmitted via the Internet.
Data Integrity and Purpose Limitation
MindTouch shall only process Personal Identifiable Information in a way that is compatible with—and relevant for—the purpose for which it was collected or authorized by the Individual. To the extent necessary for those purposes, MindTouch shall take reasonable steps to ensure that Personal Identifiable Information is accurate, complete, current, and reliable for its intended use.
Right to Access
MindTouch allows all Individuals—no matter their country of residence—rights to access the Personal Identifiable Information that are maintained about them. MindTouch shall allow an Individual access to their Personal Identifiable Information, and allow the Individual to correct or amend inaccurate information—in exception of when the burden or expense of providing access would be disproportionate to the risks to the privacy of the Individual in question, or where the rights of persons other than the Individual would be violated. This, notwithstanding, an Individual can opt to delete all data that MindTouch would hold at any time. Prior to doing so, MindTouch need to take steps to adequately verify the identity of the Individual making the request.
An Individual who seeks access or correct, amend, or delete data, should direct their query to [email protected]
What information does MindTouch collect, how is it collected, and how is it used?
Anonymous User Information
MindTouch collects anonymous information from each user for every visit to the Website. Consequently, MindTouch can understand how people are using the Website, and/or the Services, to improve the overall quality of the users’ online experience. MindTouch records the date and time of the Individual’s visit, the page the Individual visited, track the Individual’s path through the Website, the Individual’s IP address, the Internet service provider the Individual is using, referral data, the type of browser the Individual is using, and the type of operating system being used. The Individual does not have to register with MindTouch before this anonymous information can be collected.
Personally Identifying Information
MindTouch does not collect any unique personally identifying information about the Individual such as the Individual’s name, email address, or any other contact information—except when the Individual specifically and knowingly provides such information.
MindTouch does not require the Individual to provide their personally identifying information in order for the Individual to access, open, or browse the Website. However, certain Services and parts of the Website require that the Individual provides personally identifying information about the Individual themself. Under those circumstances, the Individual will be fully notified of what information MindTouch collects and for what purpose.
If the Individual is using a Service that requires a fee, or in circumstances in which the Individual is to receive a payment, MindTouch may collect financial information—such as the Individual’s credit card or other payment information. MindTouch may record the Individual’s service confirmations, usage statistics, and payment history for accounting purposes.
If the Individual contacts MindTouch to provide feedback, comments, or input, a record may be kept of that correspondence, and a collection the Individual’s Personal Identifiable Information will be sought to process the inquiries, respond to requests, and improve the services.
With Whom Does MindTouch Share Information and What is Shared?
If the Individual orders any Services that require the payment of a fee, MindTouch transmits the Individual’s financial information to financial service providers and banks for processing. If a problem is ever encountered with the Individual’s payments, MindTouch may review the information with the Individual, financial service providers, and the bank to resolve the issue.
Aggregated General Information
MindTouch may share aggregated general information about the Website and Services with corporate partners, investors, advertisers, or others. Aggregated general information includes, without limitation: (1) the number of users of the Website or any Service, (2) revenue including payments—by, or to—the users, and (3) usage statistics. Aggregated general information does not include any personally identifying information that could be used to contact or identify the Individual.
Personally Identifying Information
MindTouch may only share personally identifying information with third parties in the following limited circumstances:
- With the Individual’s prior consent and where the processing is in MindTouch’s or a third party’s legitimate interests. This will not be used to override the Individual’s data protection interests or fundamental rights and freedoms.
- When MindTouch has a good-faith belief that such action is reasonably necessary to: (a) satisfy any applicable law, regulation, court order, legal process or enforceable government request, or (b) ensure compliance with applicable terms of service or agreements including investigation of any potential violations, or (c) to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person.
- MindTouch may store and process Personal Identifiable Information collected on the site in the United States, Canada, or any other country in which MindTouch or MindTouch agents maintain facilities. By using these services, the Individual consents to the transfer of the Individual’s information among these facilities, including those located outside the Individual’s country.
- MindTouch may use third party service providers to serve ads and emails. These companies may use technologies to measure the effectiveness of ads and emails and use information about the Individual’s to the Website so that a better experience may be provided to the Individual.
MindTouch takes appropriate security measures to protect against: unauthorized access,unauthorized alteration, and disclosure or destruction of the Individual’s information. MindTouch restricts access to the Individual’s personally identifying information to employees who need to know that information in order to operate, develop, or improve the Services. The Individual’s financial information and passwords are stored in encrypted format for increased security. MindTouch’s servers are protected by firewalls and are physically located in secure data facilities to further increase security. While no computer is 100% safe from outside attacks, it is believed that the steps that have been taken to protect Personal Identifiable Information has drastically reduced the likelihood security problems to a level appropriate to the type of information involved.
Third Party Information Gathering
The Website and Services are not intended for children under the age of 13. If the Individual is a child under the age of 13, please do not submit any information to the Website. MindTouch does not knowingly request Personal Identifiable Information online or offline—from users under 13 years of age; nor does MindTouch knowingly use or share Personal Identifiable Information from users under 13 years of age with third parties.
Change of Control
In the event that another company acquires all, or substantially all, of the assets related to the Website or Service—or if MindTouch experiences some other change of control event— MindTouch reserves the right to include any or all stored Personal Identifiable Information among the assets transferred to the acquiring company.
Users Outside the United States
Updating the Individual’s Contact Information
MindTouch provides the Individual with the ability to review and update user contact information that user provides to MindTouch by: (1) accessing and modifying this information in the Individual’s account; (2) submitting a request to MindTouch at [email protected] MindTouch will respond to requests for access to update or delete the Individual’s account information within 30 days.
If the Individual chooses not to receive MindTouch email communications, the Individual can opt-out or unsubscribe by: (1) visit http://info.mindtouch.com/preferences; (2) email [email protected], (3) follow the opt-out instructions in the email or newsletter; (4) send mail to MindTouch, Inc. (Attn: Legal Department). 101 West Broadway, Suite 1500, San Diego CA 92101.
Effective date: May 25, 2018