fbpx

Privacy Policy

Responsible organisation and contact details

MindApps AB, corporate ID number 556880-9122 (“MindApps”, “we”, “us”) is responsible (data controller) for the processing of your personal data as described in this privacy notice.
We care about our users (“Users”, “you”) and their privacy and undertake to respect and protect your personal data and privacy in accordance with applicable laws, industry rules and other related standards. In order to help you understand the way in which we collect and use your personal information, we have put together this privacy notice. You may always reach out to us with any questions, queries or requests on matters related to our processing of your personal data via email to: [email protected].

What information we collect about you and for what purposes

It is important to us that you are aware of what information we collect about you and how it is collected. You may directly or indirectly provide us with information about yourself in connection with your visit to our website or your use of our products and services (hereinafter the “Services”). Please see below to find out what data we collect about you and for what purposes.

If you use our Services:

Type of data collected: IP-address (cookies)

Our source: From yourself (through your use of the website).

Our purpose/purposes: To optimise your visit of our website, improve your overall experience and provide better Services.

Legal basis: For MindApp’s legitimate interest including to: maintain, improve, and analyse our website, mobile application and the services we offer as well as to facilitate the functionality of our websites and mobile applications and detect, prevent, or investigate security breaches.

If a User does not agree to the processing of the data, the User can clear or block the use of cookies.

Type of data collected: User ID, name, device, gender, age group, country, city and usage data such as language settings, precise location permission (non-continuous), page response times, content shown to you, downloads, purchases etc. Your interactions with our Services such as sessions listened to, screens visited etc as well as previous experience in meditation and areas of interest.

Our source: From yourself (through your use of the Services).

Our purpose/purposes: To be able to provide you with the Services, maintain the Services and to offer a better personalized service such as by learning about what kind of content you may like or dislike. We also use this information for marketing purposes. Some functions are different depending on platform. 

We use precise location permission (non-continuous) to segment users when we communicate with them.

The language settings are collected to determine in what language the App should be presented for you.  

The data related to your use of the Service is also used to monitor and analyse trends and usage.

Legal basis: The processing is necessary for MindApps to be able to provide you with the Services (the contract to which the data subject is party) such as to: process your purchases of or requests for services, respond to your support inquiries and requests, communicate with you about the services and your account.

For our legitimate interest including to: facilitate the functionality of our websites and mobile applications and detect, prevent, or investigate security breaches, as well as to update and improve our Service.

For the marketing purpose, MindApps rely on its legitimate interest such as to: carry out market research activities related to the Services and provide you with news and promotions.

Please note that the location is determined in a manner that isn’t continuous. This means that it is impossible for MindApps to derive the exact position of the User on a continuous basis.

Type of data collected: Geographic position

Our source: From yourself (through your use of the Services).

Our purpose/purposes: To optimise and improve your overall experience and provide better Services.

Legal basis: For MindApp’s legitimate interest including to: facilitate the functionality of our websites and mobile applications and detect, prevent, or investigate security breaches. Please note that the geographic location of the User is determined in a manner that isn’t continuous. This means that it is impossible for MindApps to derive the exact position of the User on a continuous basis.

Type of data collected: Mindfulness- minutes

Our source: From yourself (through your use of the Services).

Our purpose/purposes: To be able to share the number of meditated minutes (i.e. Mindfulness-minutes) completed via your use of the Services with the Apple’s HealthKit (the application Health) and/or GoogleFit should you wish to do so.

Legal basis: The processing is necessary for MindApps to be able to provide you with the sharing function included in the Services (the contract to which the data subject is party).

Type of data collected: Heart rate

Our source: From Apple Watch through Apple’s HealthKit (the application Health on your phone) and/or GoogleFit should you decide to share such data with the Services).

Our purpose/purposes: To be able to display your heart rate during your use of the Services should you wish to do so.

Legal basis: The processing is necessary for MindApps to be able to provide you with the heart rate display function included in the Services (the contract to which the data subject is party).

Type of data collected: Device information such as hardware model, operating system, device identifiers and mobile network information.

Our source: From yourself (through your use of the Services).

Our purpose/purposes: To be able to, solve issues, provide support, monitor and analyze trends and usage.

Legal basis: The processing is based on our legitimate interest to: detect, prevent, or investigate security breaches, as well as to update and improve our Service.


When you create an account with MindApps, we also collect and process the following information:

Type of data collected: Email address, name. Transaction information such as product description, price, subscription, time and date of transaction.

Our source: Yourself or Apple, Google or Facebook if you chose to log in through these channels.

Our purpose/purposes: To be able to provide you with an Account and to identify the right User, making it possible to create a backup for your stats.

For marketing purposes such as market research activities and promotions via direct marketing. You may reach out to us at any time and request that your data is blocked from being used by us for direct marketing purposes (click on the opt-out link in a marketing email from us or send us an email at [email protected]).

Purchase information is processed to verify a transaction, solve issues, support, monitor and analyze trends and usage and for marketing purposes.

Legal basis: The processing is necessary for MindApps to be able to provide you with the Services (the contract to which the data subject is party) such as to: respond to your support inquiries, process your requests for services, identify the right User, communicate with you about the services and your account, and verify any transactions made. 

Further, the processing is based on our legitimate interest to: detect, prevent, or investigate security breaches, as well as to update and improve our Service.

For the marketing purpose, MindApps rely on its legitimate interest such as to: carry out market research activities related to the Services and provide you with news and promotions.

If a User does not agree to the processing of the personal data for this purpose, the User may opt-out and MindApps will immediately stop processing the data for this purpose.

If you carry out our self-assessment stress test, we also collect and process the following information:

Type of data collected: Answers to stress test questions (self-assessment scale 1-5), stress score level, date of carried out stress test.

Our source: Yourself.

Our purpose/purposes: Being able to provide the self-assessment stress test to User wishing to carry out the test including providing recommended content in the Mindfulness App, such as mediations, courses and actions to the user based on User’s score and self-assessed level of stress.

Legal basis: Our legitimate interest to provide you with the self-assessment Stress Test helping users to find suitable content in the app relevant for User’s self-assessed stress level.

If a User does not agree to the processing of the personal data for this purpose, the User may use the delete-function related to the self-assessment stress test available in the Mindfulness App and MindApps will immediately stop processing the data for this purpose.

How we share your personal data

MindApps will not, without your consent, pass on any information about you to any third party unless required by law to do so, or unless it is necessary in connection with a product or service you have requested or purchased from us.

Our service providers

We share your information with service providers that provide us with support services, such as credit card processing, website hosting, email delivery, location mapping, product and service delivery, CRM system and analytics services and systems.

Apple’s HealthKit and Google Fit

We share the number of meditated minutes (i.e. Mindfulness-minutes) completed via your use of the Services with the Apple’s HealthKit (the application Hälsa/Health) and/or GoogleFit if you instruct us to do so. Please note that we will never share any of your data with GoogleFit or Apple’s HealthKit without your instructions. If you decide to share your heart rate data with us from your Apple Watch through Apple’s HealthKit (the application Hälsa/Health on your phone) and/or GoogleFit we will only use such data for the purposes of displaying your heart rate during your use of the Services and please rest assure that we will never share such data with third parties.

Before you instruct us to share your Mindfulness-minutes with another application, please make sure to review the privacy policy of that application, since any information you have instructed us to share will become subject to those policies (i.e. no longer subject to MindApp’s policy).

When sharing is required by law

We may disclose your information if we are required to do so by law or other legal process.

When you request us to do so

Through your use of the Services you may choose to give us permission or direct us to share information about you with other companies such as social media service providers.

Transfers to third countries

MindApps process your data within the EU/EEA as well as in third countries. When the data is processed in and thereby transferred to a destination outside of the EU/EEA by us or one of our suppliers or subcontractors we promise you that we will take all reasonable legal, technical, and organisational measures to ensure that your data is treated securely and with an adequate level of protection compared to and in line with at least the level of protection offered within the EU/EEA. The transfer to third countries is safeguarded through the entering into of Standard Contractual Clauses with the data importer.

Data Retention and security measures

We will keep your data for the time necessary to provide the service requested by the User or stated by our purposes of the processing as outlined above. This means, inter alia, that we will delete your personal data in our databases when a User no longer is using our services or when the information is no longer necessary for the purpose for which it was collected. Where we keep your data for purposes which are not related to our contractual agreement such as for purposes like legitimate purposes, we keep the data only as long as necessary and/or required by law for the respective purpose.

MindApps protects your personal data using technical and organisational security measures. To prevent unauthorised access and ensure data accuracy, MindApps have implemented strict guidelines for the organisation regarding the processing of personal data.

 

Your rights

Your right to access

If you wish to access information about how we process your personal data, please contact us at. Your request will be processed promptly, and within no longer than 30 days. We will provide you with the information free of charge. For any further copies we reserve the right to charge a reasonable fee based on our administrative costs for such request.

Your right to rectification

We make every effort to ensure that all data we process is accurate. If you discover that we have incomplete or inaccurate personal data about you in our records, please let us know and we will complete, or rectify this information immediately.

Your right to erasure

You have the right to request that we erase your personal data under the following circumstances:

  • your personal data is no longer needed for the purpose(s) we collected it for
  • the personal data is processed for direct marketing purposes
  • your right as an individual override our legitimate interest to continue the processing of your personal data (where we rely on legitimate interest as the legal ground).
  • the processing of your personal data has not been in compliance with applicable law
  • the personal data has been processed to offer information society services to a child

We will always erase personal data if needed in order for us to comply with a legal obligation.

If we refuse your request to erasure, we will provide you with information regarding our ground(s) for such refusal.

Your right to restrict processing

You have the right to obtain restriction of the processing of your personal data:

  • for a period enabling us to verify the accuracy of the personal data where you have objected to the processing or contested the accuracy of it;
  • where the processing is unlawful, and you have opposed to the erasure of the personal data and request the restriction of its use instead; and/or
  • where we no longer need the personal data for the purposes of the processing but are required by you to keep the data for the establishment, exercise or defense of a legal claim.

If we restrict the processing of your personal data per above, we will still store the data but not use it other than:

  • with your consent;
  • for the establishment, exercise or defense of legal claims;
  • for the protection of the rights of another natural or legal person; or
  • for reasons of important public interest of the EU or of a Member State.

The right to data portability

Where we process your personal data by automated means with your consent as the legal basis or for the performance of a contract you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format (data portability).

The right to object

If you object to our processing of your personal data, including profiling, based on the purpose of our legitimate purposes (see Section 3) we will cease the processing unless we can demonstrate compelling legitimate grounds. We may also continue with the processing activity if it is necessary for the establishment, exercise or defense of legal claims.
If our purpose for the processing is direct marketing, we will immediately cease with such processing upon receiving a request to objection from you per above.

 

Questions and complaints

We hope that the above information is useful for you and provides you with clarifications on why and how we process your personal data. If you have questions about the processing of your data, please feel free to contact us at: [email protected]. You also have the right to lodge a complaint with a supervisory authority (Integritetsskyddsmyndigheten/Dataskyddsmyndigheten, www.imy.se) regarding the processing of your personal data.

 

Last updated: November 02, 2021