These definitions should help you understand this policy.
"Personal Data" means any information that identifies or can be used to identify an individual directly or indirectly, including, but not limited to, first and last name, identification number, date of birth, email address, gender, occupation, or other demographic information.
"Website" means all content included in our domain justinmind.com.
"Services" means the Justinmind's product, including Justinmind analytics and testing mechanisms and Justinmind content, as well as any information or support related to them that we provide to customers.
"Channels" means the various means by which we may collect information including our Website, the Services, social media pages, HTML-formatted e-mail messages and through offline sales and marketing activities.
"Website Visitor" refers to anyone visiting our Website.
"User" refers to the person or entity that uses our Services. They may have downloaded and installed a free version of one of our plugins or have subscribed to use a premium version of them in a site.
"you" refers to Website Visitors or Users.
"GDPR" refers to the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.
"including", "includes" or similar words refer to matters which are included without limitation, in other words, that are not limited to any list provided.
If you have any questions or comments, or if you want to update, delete, or change any Personal Data we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by email at jim dot info at justinmind dot com, or by postal mail to our business address.
5. Information We Collect
a. Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:
Note that we do not collect any payment (credit card) information when you subscribe to one of our services. We have an agreement with Braintree as payment processor of our services. See the section Third-party Providers below for more information.
b. Information we collect automatically: When you use the Services or browse our Website, we may collect information about your visit to our Website, your usage of the Services, and your web browsing. That information may include:
- Your email when you sign up to our product or newsletter.
- Your name and email when you post a comment on our blog posts.
- Your name and email when you contact us through our contact forms.
- Your name, email, postal address, telephone number and your company name when you subscribe to our payment product.
- The Personal Data you provide us when you send us an email or contact our support service.
c. Track and evaluate our marketing campaigns, including online advertising and e-mail marketing campaigns.
d. To communicate with you about a conference or event hosted, co-sponsored or participated by us, including information about the event's content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation. After the event, we may contact you about the event and related products and services, and may share information about your attendance with your company (if any).
e. To share Personal Data with third parties who provide services to us, provided that the third party has executed any data processing documentation required by law.
f. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
- Your network routing information (where you come from).
- Your Internet Protocol (IP) address used to connect your computer to the Internet and which may identify your general geographic location or company.
- Your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.
7. What Personal Data We Share and Disclose to Third Parties
We do not sell your Personal Data to anyone. We may share your Personal Data with our third party Service Providers, who help us provide and support our Services and products, such as credit card processing services, order fulfilment, analytics, event or campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar services. In this case, we require by contract from our services providers to use your Personal Data only for the purpose of providing services to us and subject to terms consistent with this policy.
We may disclose your personal data as we believe to be necessary or appropriate:
Additionally, in the event of a reorganization, merge, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Justinmind's business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Data it has collected to the relevant third party.
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- to enforce Justinmind's terms and conditions, which are subject to this private policy; and
- to allow us to pursue available remedies or limit the damages that we may have.
8. Public Information and Third Party Websites
a. Blog. We have a public blog on our Website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Data appears on our blog and you want it removed, contact us here. If we are unable to remove your information, we will tell you why.
b. Social media platforms. We maintain presences on social media platforms including Facebook and Twitter. Any information, communications or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
- your display preferences, including your selected language,
- if you have already replied to a survey pop-up that asks you to subscribe to our Newsletter (so you won't be asked again),
- the service you subscribe to perform the checkout with our reseller.
10. What Types of Cookies Do We Have?
Depending on who sends the cookies and treats the data obtained, the cookies we use may be:
- Own Cookies: These are cookies sent to your terminal from a computer or domain managed by us (and from which the service requested by you is provided). For example, we have defined and own certain cookies that are used to run certain functionalities of our product and services or user test experiments, as well asto track visitor information.
- Third party cookies: These are cookies sent to your terminal from a computer or domain that is not managed by us, but by another entity that processes data obtained through cookies. For example, we use Google Analytics cookies to measure the traffic in our Website or MailChimp cookies to see the openings and clicks of our Newsletter emails. See the Third Party Service Providers section below for more details.
11. How You Can Control or Delete Cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You may delete all cookies that are already in your computer and you may set most browsers to prevent cookies from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Browser manufacturers provide help for cookie management in their products. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
12. Data Collected for and by You
As you use our Services or post on our Channels you may write information you have collected from any individuals. We have no direct relationship with them other than you and, for that reason, you are responsible for making sure you have the appropriate permission for us to collect, post, and process information about these individuals. Consistent with the uses of Personal Data covered in Section 7, we may transfer Personal Data from you or these individuals to companies that help us provide or support our Services. All third Service Providers enter into a contract with us that protects Personal Data and restricts their use of any Personal Data consistent with this policy.
13. How You May Exercise Your Rights
You may send a request through the contact form in our Website to request the exercise of the following rights:
We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Individuals may request to access, correct, amend, or delete information we hold about them through our contact form. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.
Possibility of withdrawing consent. In the event that you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent prior to its withdrawal.
How to complain to the Control Authority. If you consider that there is a problem with the way in which Justinmind is handling your Personal Data, you may address your complaints to Justinmind (indicated above) or to the corresponding Data Protection Authority
- Right to request access to any Personal Data we may have about you.
- Right to request rectification (if incorrect) or deletion of Personal Data.
- Right to request limitation of their treatment, in which case they will only be kept by Justinmind for the exercise or defense of claims.
- Right to object to processing. Justinmind will no longer process the Personal Data in the way you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims has to be further processed.
- Right to data portability. In the event that you wish your Personal Data to be processed by another company, Justinmind will provide you with the portability of your data to the new data controller.
14. Accuracy and Data Retention
We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.
We will retain the following data:
- Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
- Subscribers data: During the time your account is active or as long as needed to provide you with our Services in accordance with our terms and conditions. In any case, it will be the minimum necessary period currently subject to certain statutes of limitation terms:
- 4 years: Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries...); Art. 66 ff. General Tax Law (Accounting Books...);
- 5 years: Art. 1964 Civil Code (personal actions without special time limit)
- 6 years: Art. 30 Commercial Code (Accounting Books, invoices...)
- 10 years: Art. 25 of the Prevention of Money Laundering and Financing of Terrorism Act.
- Newsletter subscribers' details: From the moment the user sign up to the product until the user unsubscribes from the newsletter.
- User data uploaded by Justinmind to pages and profiles on social networks: From the moment the user offers consent until it withdraws it.
15. Children's Privacy
Our Services are not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services unless supervised/accepted by an adult, as applicable.
Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately through our contact form or to the e-mail address indicated in the heading of this legal notice, and we will take reasonable steps to remove that information from our databases.
16. Notice of Breach of Security
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, Justinmind undertakes to inform users within 72 hours) and later report the action we took in response.
We use Braintree as the payment processor of our services. Therefore, all payments for the services will be done through Braintree. Braintree uses security measures to protect your information both during the transaction and after its completion. They are a United States-based payment processor of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates.
We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.
17. Third party service providers
To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.
Braintree (a PayPal service)
Braintree is a United States-based credit card payments processor of digital goods specialized in safe and secure internet sales, compliant with PCI and that employs Verisign SSL Certificates. Braintree is operated by PayPal Inc<
We use G Suite (Gmail, Docs, Drive, and Calendar for business), for communication, storage, and collaboration. In addition, on our Website we use Google Analytics to analyze its use and optimize its performance.
Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively.
Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, G Suite Standard Contractual Clauses, Data Processing Amendment to G Suite, and a EU Model Contract clauses.
We use Amazon Web Services (AWS), the Amazon cloud computing platform, as the backend of the Justinmind Content service. Personal Data related to this service (except for payment details, see Braintree above) is kept in Amazon's systems.
Amazon.com, Inc. is a US company, the data of which are in AWS Global Infrastructure. As described in their legal policies, participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
Amazon is fully committed to GDPR compliance as described in their Compliance to GDPR document, which articulates their commitments with us.
We use Mailchimp to deliver our newsletters and other email communications. Therefore, Mailchimp, with servers located around the US, keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.
Mailchimp is a registered trademark of The Rocket Science Group, a US company, the data of which are in US and has certified they comply with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland.
As described in its knowledge base, Mailchimp is committed to achieving compliance with the GDPR and is mindful of your compliance efforts. For more information about the way in which Mailchimp is committed to achieving compliance with the GDPR in 2018, see About the General Data Protection Regulation.
We use Zendesk by Zendesk, Inc. as our ticketing service and help desk software. Zendesk keeps Personal Data about your name and email, as well as any other information you may have disclosed while interacting with us to receive support.
Zendesk Inc. is a US company, the data of which are in Zendesk Data Hosting. As described on their website they are fully committed in being compliant with the GPDR and confirm that they comply with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland.