justinmind-logo

The fine print

Privacy Policy and cookies

Privacy Policy and cookies

Definitions

These definitions should help you understand this policy.

Changes

We may revise this Privacy Policy & Cookies at any time and from time to time. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you.

Scope

This document explains how Justinmind collects your Personal Data, how Justinmind uses these data, and your rights to control their use. This privacy policy applies to all data that we have collected or collect related to you, and according to our Terms of use.

Contact

If you have any questions or comments, or if you want to update, delete, or change any Personal Data we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by email at jim dot info at justinmind dot com, or by postal mail to our business address.

Information We Collect, purpose and legal basis

Here are the different alternatives with which we gather your personal data information and the legal basis that allows us to process it:

1. Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:

  • Your email when you sign up to our product or services (6.1.b) GDPR: processing is necessary for the performance of a contract to which the data subject is party).
  • Your e-mail when you sign up to our newsletter (6.1.a) GDPR: Consent given by you).
  • Your name and email when you post a comment on our blog posts (6.1.f) GDPR: legitimate interest pursued by us in giving response to the consultations received).
  • Your name and email when you contact us through our contact forms (6.1.f) GDPR: legitimate interest pursued by us in giving response to the consultations received).
  • Your name, email, postal address, telephone number and your company name when you subscribe to our payment product (6.1.b) GDPR: processing is necessary for the performance of a contract to which the data subject is party).
  • The Personal Data you provide us when you send us an email or contact our support service (6.1.f) GDPR: legitimate interest pursued by us in giving response to the consultations received).

Note that we do not collect any payment (credit card) information when you subscribe to one of our services. We have an agreement with Braintree as payment processor of our services. See the section Third-party Providers below for more information.

2. Information we collect automatically: When you use the Services or browse our Website, we may collect information about your visit to our Website, your usage of the Services, and your web browsing. That information may include:

  • Your network routing information (where you come from).
  • Your Internet Protocol (IP) address used to connect your computer to the Internet and which may identify your general geographic location or company.
  • Your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.

We may collect this information as a part of log files as well as using cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below, and in more detail in the Cookies & Other Tracking Technologies section below.

The processing of your personal data collected by the cookies used in this website will be based on the consent given by you (6.1.a) GDPR) in the case that you accept such cookies; on our legitimate interest (6.1.f) GDPR) in the case of cookies that are strictly necessary for the proper functioning of the website.

3. Track and evaluate our marketing campaigns, including online advertising and e-mail marketing campaigns 6.1.f) GDPR: Legitimate interest).

4. To communicate with you about a conference or event hosted, co-sponsored or participated by us, including information about the event’s content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation. After the event, we may contact you about the event and related products and services, and may share information about your attendance with your company (if any)(6.1.a) GDPR Consent given by you).

What Personal Data We Share and Disclose to Third Parties

We do not sell your Personal Data to anyone. We may share your Personal Data with our third party Service Providers, who help us provide and support our Services and products, such as credit card processing services, order fulfilment, analytics, event or campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar services. In this case, we require by contract from our services providers to use your Personal Data only for the purpose of providing services to us and subject to terms consistent with this policy, along with all applicable regulations regarding personal data protection.

You can find more information about our third party service providers below, as well as the mechanism used by them in order to protect your personal data in the case of an international transfer outside the European union.

Public Information and Third Party Websites

  1. Blog. We have a public blog on our Website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Data appears on our blog and you want it removed, contact us here. If we are unable to remove your information, we will tell you why.
  2. Social media platforms.
  3. We maintain presences on social media platforms including Facebook and Twitter. Any information, communications or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
  4. Links to third-party websites. Our Website include links to other websites, whose privacy practices may be different from ours. If you submit Personal Data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Does Justinmind Use Cookies and Other Tracking Mechanisms?

Yes. Justinmind uses cookies and similar technologies like single-pixel gifs and web beacons. We use both session-based and persistent cookies. We set and access our own cookies on our Website. In addition, we use third-party cookies, like Google Analytics.

We may use cookies to recognize you when you visit a domain we operate or when you use our Services, and also to remember:

  1. your display preferences, including your selected language,
  2. if you have already replied to a survey pop-up that asks you to subscribe to our Newsletter (so you won’t be asked again),
  3. if you have agreed (or not) to our use of cookies on that site,
  4. the service you subscribe to perform the checkout with our reseller. We also use cookies to measure the traffic and performance of our Website’s pages.

What Types of Cookies Do We Have?

Depending on who sends the cookies and treats the data obtained, the cookies we use may be:

Own Cookies: These are cookies sent to your terminal from a computer or domain managed by us (and from which the service requested by you is provided). For example, we have defined and own certain cookies that are used to run certain functionalities of our product and services or user test experiments, as well as to track visitor information.

Third party cookies: These are cookies sent to your terminal from a computer or domain that is not managed by us, but by another entity that processes data obtained through cookies. For example, we use Google Analytics cookies to measure the traffic in our Website or MailChimp cookies to see the openings and clicks of our Newsletter emails. See the Third Party Service Providers section below for more details.

How You Can Control or Delete Cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You may delete all cookies that are already in your computer and you may set most browsers to prevent cookies from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Browser manufacturers provide help for cookie management in their products. Please see below for more information.

For other browsers, please consult the documentation that your browser manufacturer provides.

Data Collected for and by You

As you use our Services or post on our Channels you may write information you have collected from any individuals. We have no direct relationship with them other than you and, for that reason, you are responsible for making sure you have the appropriate permission for us to collect, post, and process information about these individuals. Consistent with the uses of Personal Data covered in Section 6, we may transfer Personal Data from you or these individuals to companies that help us provide or support our Services. All third Service Providers enter into a contract with us that protects Personal Data and restricts their use of any Personal Data consistent with this policy.

How You May Exercise Your Rights

You may send a request through the contact form in our Website to request the exercise of the following rights:

  • Right to request access to any Personal Data we may have about you.
  • Right to request rectification (if incorrect) or deletion of Personal Data.
  • Right to request limitation of their treatment, in which case they will only be kept by Justinmind for the exercise or defense of claims.
  • Right to object to processing. Justinmind will no longer process the Personal Data in the way you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims has to be further processed.
  • Right to data portability. In the event that you wish your Personal Data to be processed by another company, Justinmind will provide you with the portability of your data to the new data controller.

We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Individuals may request to access, correct, amend, or delete information we hold about them through our contact form. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.

Possibility of withdrawing consent. In the event that you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent prior to its withdrawal.

How to complain to the Control Authority. If you consider that there is a problem with the way in which Justinmind is handling your Personal Data, you may address your complaints to Justinmind (indicated above) or to the corresponding Data Protection Authority

Accuracy and Data Retention

We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.

We will retain the following data:

1. Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
2. Subscribers data: During the time your account is active or as long as needed to provide you with our Services in accordance with our terms and conditions, unless a longer period of retention is required by law, in such case, the legal period shall apply.
3. Newsletter subscribers’ details: From the moment the user signs up to the product until the user unsubscribes from the newsletter.
4. User data uploaded by Justinmind to pages and profiles on social networks: From the moment the user offers consent until it withdraws it.

Children’s Privacy

Our Services are not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services unless supervised/accepted by an adult, as applicable.

Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately through our contact form or to the e-mail address indicated in the heading of this legal notice, and we will take reasonable steps to remove that information from our databases.

Notice of Breach of Security

We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, Justinmind undertakes to inform users within 72 hours) and later report the action we took in response.

We use Braintree as the payment processor of our services. Therefore, all payments for the services will be done through Braintree. Braintree uses security measures to protect your information both during the transaction and after its completion. They are a United States-based payment processor of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates.

We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.

Third party service providers

To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.

Braintree (a PayPal service)

Braintree is the payment processor of our Services. All Personal Data required to perform the payments to our Services is provided directly to Braintree. We do not have access to any of your personal financial information, such as credit card numbers. When you subscribe to any of our services, Braintree requests you explicitly to agree with their Privacy Policy.

Google

We use G Suite (Gmail, Docs, Drive, and Calendar for business), for communication, storage, and collaboration. In addition, on our Website we use Google Analytics to analyze its use and optimize its performance.

Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively.

Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, G Suite Standard Contractual Clauses, Data Processing Amendment to G Suite, and a EU Model Contract clauses.

Amazon

We use Amazon Web Services (AWS), the Amazon cloud computing platform, as the backend of the Justinmind Content service. Personal Data related to this service (except for payment details, see Braintree above) is kept in Amazon’s systems.

Amazon.com, Inc. is a US company, the data of which are in AWS Global Infrastructure. As described in their legal policies, participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.

Amazon is fully committed to GDPR compliance as described in their Compliance to GDPR document, which articulates their commitments with us.

Mailchimp

We use Mailchimp to deliver our newsletters and other email communications. Therefore, Mailchimp, with servers located around the US, keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.

Mailchimp applies Standard Data Protection Clauses adopted by the European Commission in order to ensure the appropriate level of protection of the personal data transferred to the USA.

As described in its knowledge base, Mailchimp is committed to achieving compliance with the GDPR and is mindful of your compliance efforts. For more information about the way in which Mailchimp is committed to achieving compliance with the GDPR in 2018, see About the General Data Protection Regulation.

Zendesk

We use Zendesk by Zendesk, Inc. as our ticketing service and help desk software. Zendesk keeps Personal Data about your name and email, as well as any other information you may have disclosed while interacting with us to receive support.

Zendesk Inc. is a US company, the data of which are in Zendesk Data Hosting. As described on their website they are fully committed in being compliant with the GPDR and applies Standard Data Protection Clauses adopted by the European Commission in order to ensure the appropriate level of protection of the personal data transferred to the USA.