PERSONAL DATA POLICY — EEA

Version 3.0 August 13, 2021

The Personal data Policy concerning the processing of personal data and information on effective requirements for protection of personal data.

DOWNLOAD IN PDF 91 kB

Who we are?

Mindbox. Cloud B.V. (“Mindbox”) is a technology-driven company offering our marketing automation platform to various e-commerce and retail customers.

You may find our contacts here.

If you have a question concerning the processing of your personal data, you may contact our Data Protection Officer any time at dpo@mindbox.cloud.

General provisions & Service

This Personal Data Policy (“Policy”) is applicable to the processing of personal data of the data subjects located in the EEA by Mindbox in respect of the following: Mindbox.cloud Website, Customer Data Platform, Multi-Channel Campaigns, Loyalty and Promotions, Support and constant improvement and all other future services to be delivered by Mindbox to its Customers inside the EEA (“Services”).

For your convenience, our Policy is divided into the following sections

What data, for what purposes, how long, and based on what grounds we process as a Controller?

What data we process as a Processor of our Customers (Controllers)?

Who do we share your data with?

Security of personal data

Automated decisions

Your rights

Changes to this Policy

What data, for what purposes, how long, and based on what grounds we process as a Controller?

Purpose of Processing Data Subjects: Categories of Data Storage Period Legal Basis
to offer access to a demo of the Mindbox service Our website visitors and employees of our potential customers: name, phone number, email address, website address or company name of the customer, position of the customer’s employee / customer until the termination of a contract processing is necessary in order to take steps at your request prior to entering into a contract with us
to negotiate and enter into a contract with our customers Customers representatives: name, phone number, email address, position, company (customer) name, proof of the authority of the person to act on behalf of the customer 5 years after the termination of a contract processing is necessary for the performance of a contract to which you are party
to fulfill our obligations to you under the contract with our customers Employees of our customers: name, email address, phone number, login (may not match the email address), information that you provide about yourself (in the comments field), registration date, level of your access rights, data you enter about yourself in the support chat, logs of your actions on our platform until the termination of a contract
to send direct email marketing communications about our service Subscribers to our newsletter: name, email address until you withdraw your consent or until the end of campaign whichever happened earlier your consent to receive our monthly newsletter
You may withdraw your consent at any time by clicking the “unsubscribe” link in the email communications we send to you
to better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness Our website visitors: IP-address, GEO (country or town), OS type and version, browser type and version, type of device and its display resolution, traffic source for the visitor, OS and browser language, which buttons are being clicked and what pages are being opened 14 months or until you withdraw your consent whichever happened earlier your consent to store cookies in your browser
You may withdraw your consent at any time by clicking the managing cookie button
Please also read our Cookie Policy.
to publish your quotes on our website after we have provided our Services Customers representatives: name, company name, position, photo until you withdraw your consent or until the purpose of such processing is met whichever happened earlier your consent to publish a quote on our website
You may withdraw your consent at any time by contacting at dpo@mindbox.cloud

What data we process as a Processor of our Customers (Controllers)?

Mindbox processes personal data on behalf of its Customers inside the EEA in respect of the Services and therefore acts as a processor in the sense of the GDPR (“Processor”).
Mindbox’ Customers determine the purposes and means of the processing of personal data in respect of the Services inside the EEA and therefore act as a controller in the sense of the GDPR (“Controller”).

The processing of personal data by Mindbox on behalf of its Customers is only allowed in respect of providing the Services inside the EEA. Mindbox is not allowed to process personal data for its own purposes and means. Should Mindbox nevertheless process personal data for its own purposes and means in respect of the Services inside the EEA, then in such case only, Mindbox acts as a controller in the sense of the GDPR.

We usually process the following personal data on behalf of our Customers in respect of the Services: name, date of birth, email address, residential address, phone number, contact details of relatives and friends, IP-addresses, device data from which the website is viewed, mobile application, device data, hash ID, marital status.
The specific categories of data are determined by our Customers instructions. Our obligations are explicitly explained in our Personal Data Processing Agreement.

Who do we share your data with?

Acting as a Controller we share your data with the following processors:
Purpose of Processing Processors, their Location and the Link to Privacy Policy / Website if applicable Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions)
to offer access to a demo of the Mindbox service Intensa LLC (Russia), Website We use Standard Contractual Clauses to ensure that your data is properly protected
Pipedrive OÜ (the EU), Privacy Policy We transfer your data according to the Data Processing Addendum between us and Pipedrive
Aut O’Mattic A8C Ireland Ltd. (d.b.a. WordPress.com) (the EU), Privacy Policy We transfer your data according to the Data Processing Addendum between us and WordPress
Google LLC (the USA), Privacy Policy We transfer your data according to the Model Contract Clauses between us and Google
to negotiate and enter into a contract with our customers Pipedrive OÜ (the EU), Privacy Policy We transfer your data according to the Data Processing Addendum between us and Pipedrive
Google LLC (the USA), Privacy Policy We transfer your data according to the Model Contract Clauses between us and Google
to fulfill our obligations to you under the contract with our customers Intercom R&D Unlimited Company (Ireland), Intercom, Inc. (the USA); Intercom’s group companies, Privacy Policy We transfer your data according to the Data Processing Agreement between us and Intercom
to send direct email marketing communications about our service None Not applicable
to better understand your preferences, to help you navigate our website, to personalize and provide a more convenient experience to you, to analyze which pages you visit, and to measure advertising and promotional effectiveness Google LLC (the USA), Privacy Policy We transfer your data according to the Google Ads Data Processing Terms between us and Google
Intensa LLC (Russia), Website We use Standard Contractual Clauses to ensure that your data is properly protected
Business Analytica LLC (Russia)
Facebook Ireland Limited (the EU), Privacy Policy We transfer your data according to the Facebook EU Data Transfer Addendum between us and Facebook
Yandex LLC (Russia), Privacy Policy We transfer your data according to the Yandex.Metrica Data Processing Agreement (DPA) between us and Yandex Oy (Yandex LLC representative in the EEA)
to publish your quotes on our website after we have provided our Services Aut O’Mattic A8C Ireland Ltd. (d.b.a. WordPress.com) (the EU), Privacy Policy We transfer your data according to the Data Processing Addendum between us and WordPress
Intensa LLC (Russia), Website We use Standard Contractual Clauses to ensure that your data is properly protected
Acting as a Processor we share the data provided by our Customers with the following sub-processors:
Purposes of sub-processing Processors, their Location and the Link to Privacy Policy / Website if applicable Safeguards for restricted transfers (outside the EEA and ‘adequate’ jurisdictions)
Hosting services Microsoft Corporation (the USA) We transfer your data according to the Data Protection Addendum between us and Microsoft
Integrated service aimed to raise our conversion Popmechanic LLC (Russia), Privacy Policy We use Standard Contractual Clauses to ensure that your data is properly protected
Hosting services (backup) Selectel LLC (Russia), Data Processing and Protection Policy
Hosting services (backup) DataLine LLC, Privacy Policy

Mindbox shall not disclose personal data to third parties or distribute it without the instruction of the Customer, unless otherwise stipulated by applicable legislation. Mindbox shall not conduct the cross-border transfer of personal data, unless agreed between Mindbox and its Customers or stipulated by applicable legislation.

Security of personal data

We are ensuring the confidentiality of the processed personal data on behalf our Customers, under the procedure provided by applicable legislation. Protection of personal data is supported by the implementation of legal, organisational and technical measures necessary and sufficient to ensure that the requirements of the applicable data protection legislation are met.

Automated decisions

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Your rights

You have the following rights under the GDPR with respect to personal data: right to information, right to access, right to rectification, right to withdraw consent, right to object against processing for specific purposes (such as direct marketing), right to object to automated processing, right to be forgotten and right for data portability (copy of personal data in a commonly used machine-readable format).

You also have the right to opt-out of our emails at any time if we process your data based on your consent. You can exercise this right by clicking on the “unsubscribe” link in the e-mail messages we send.

You may also exercise the mentioned rights by contacting us via email dpo@mindbox.cloud.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.

When we process the data under the instruction of our Customers data subjects need to claim and exercise their rights at our Customers. In case you wish to invoke your rights at us, then you can use dpo@mindbox.cloud, in which case we shall send the request to the applicable Customer who is responsible for proper settlement of the request.

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data.

You will receive a notification prior to such significant changes become effective by email if you provided us with your email-address or by pop-up notice on our website.

Tell us a little about yourself

We’ll respond within 24 hours

Partnership request

Typically we’re answering within 24 hours