Last revision of this policy: February 2020
The following terms: “MindMaze”, “we”, “us”, “our” or the “Company” are references to MindMaze SA, the controller, and to companies held by MindMaze Holding SA.
MindMaze attaches great importance to the protection and respect of your privacy.
When you use one of our products or services, or visit our websites, we collect your personal and/or personal data related to your neurological impairments. This document describes when and why we collect them, how we use them, with whom we share them, the processing we do on them, and the measures we take to ensure their safety. Please read this policy carefully to find out what your rights are and what means are available to you to exercise them.
MindMaze SA and the other companies of the MindMaze group create intuitive human-machine interfaces on their revolutionary IT platform inspired by neuroscience. Our innovations are at the intersection of neuroscience, mixed reality and artificial intelligence and are therefore ready to transform a large number of industries.
Data controller
MindMaze SA,
Chemin de Roseneck 5,
1006 Lausanne
Legal representative in the EU
MindMaze SARL,
ICM, Hôpital Pitié Salpêtrière
47 Boulevard Hôpital,
75013 Paris
We collect information about you when you use one of our MindMotion devices and/or participate in our registry, clinical studies, clinical trials or clinical evaluations. These data are for example:
Our products collect information about your impairment by tracking your different sessions (activity score, game time, etc.). They also produce information that allows us to identify you. This information can be, for example:
We need this personal information to provide you with our services and improve your user experience. Without this information, it would be impossible for you to use our services.
It is possible that other sources such as hospitals, our subsidiaries, or other companies active in the health field or not, may send us health information about you. The information received is then combined with other information we already have about you. This data can be, for example:
The various sources that we will send your data to have their privacy policies that do not apply to ours and vice versa. They will probably have obtained your consent to the collection and processing of your information, when using their platforms or when using their services. In such a case no communication will be made from us. In the event that no consent has been given to the various sources, we will ask you for your consent to the first processing of your information.
When you visit our website mindmaze.com or mindmotionweb.com using your mobile devices or from a computer, we collect and store information in their internal storage space. We then reuse this data to improve your user experience or to perform statistics. The different data we collect can be, for example:
You will be able to choose whether or not to store this information by accepting cookies or not.
Cookies are small amounts of information stored in files within your computer’s browser itself. Cookies are accessible and stored by the websites you visit, and by companies that display their advertisements on websites, so that they can recognize the browser. Websites can only access the cookies they have stored on your computer.
By using our website, you consent to the use of cookies placed by them.
Our websites or web applications use cookies for the following purposes:
You have the option of configuring your browser to accept all cookies, reject all cookies, notify you when a cookie is issued, its validity period and content, and allow you to refuse to save it on your device, and delete your cookies periodically.
You can set your Internet browser to disable cookies. Please note, however, that if you disable cookies, your username and password will no longer be saved on any website. For more information on how to delete and control cookies stored on your computer, visit https://www.aboutcookies.org/
Your consent to the use of cookies will be requested when you access our sites . You will be able to set them up and adjust them to your preferences.
More information regarding cookie management is given in our cookie policy.
We may use your personal data and/or data related to your neurological impairment for the following purposes:
Your personal data may only be used with your express consent, which must be collected in advance, except for the use of data other than those relating to your impairment, for the intended purposes mentioned in points (1) and (2), which is based on the contractual agreement you have concluded with MindMaze SA or another company in the MindMaze group, as an end user, customer or other.
Insofar as we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, the withdrawal of your consent does not compromise the lawfulness of the processing operation before your consent is withdrawn.
If you are unable to legally establish contractual links with MindMaze SA or another company of the MindMaze group or to give your consent to the processing of your personal data, for medical or similar reasons, your personal data may however only be processed if this is necessary to safeguard your vital interests.
Personal data collected by MindMaze SA and other companies in the MindMaze group will only be kept for as long as necessary until we have achieved the purposes for which they were collected. To ensure that we do not keep them longer than necessary, we periodically review and delete our files in accordance with these objectives.
MindMaze employees and consultants : to improve our services, products, user experience, security and the proper performance of the contract between you and MindMaze.
Third party service providers working for us : we are authorized to share your personal information with our third party service providers, agents and subcontractors and other associated organizations for the purpose of performing tasks and providing services on our behalf. When we use third party service providers, however, we only disclose personal information necessary to provide the relevant services and we enter into a written agreement (including in electronic form) in accordance with Swiss and EU law requiring them to ensure the security of your information and not to use it for their own purposes, except with your express consent.
Third-party product suppliers with whom we work : we work closely with various third party suppliers to provide you with quality and reliable products and services designed to meet your needs. When you are interested in one or more of these products or when you purchase them, the third party supplier of the product(s) concerned will use the information about you to inform you and fulfil its obligations under any contract you have concluded with it. In some cases, he or she will act as the controller of the processing of your personal information. That is why we recommend that you read its Privacy Policy. These third-party product providers may share your information with us, and we will use it in accordance with this Privacy Policy.
We are also authorized to disclose your personal information to a third party if we are required to disclose or share your personal data in order to comply with a legal obligation, to apply or enforce our terms of use or to protect the rights, property or safety of our customers or, with the exception of personal data relating to your health or to your impairment, in connection with the sale of all or part of our activities and assets to a third party or in connection with a restructuring or reorganization of our business. However, we will take all appropriate measures to ensure that your privacy rights remain protected.
We are also authorized to enter into contracts with third parties to enable them to offer you devices and solutions to improve the treatment of your disabilities or handicaps. In this context, we are authorized to transmit your personal information to insurance companies and pharmaceutical companies for a fee, only for this purpose and subject to your express consent.
When you provide us with personal information about yourself, we take steps to ensure its security. All the information you send us is encrypted using SSL and a 256-bit security key.
Our products you use are also designed to comply with the best production, physical security, and storage security practices. Risk studies are carried out there in order to limit them as much as possible.
We regularly carry out security reviews on our platforms and services that we offer you and correct weaknesses as soon as possible. We strive to keep all our systems as up-to-date as possible with the latest security patches.
The accounts you create with us are all protected by a password that is your responsibility. You must define one that is complex enough to limit the risk that it will be easily deductible. To help you in this task we have defined a password complexity policy. When you define your password, we give you the expected criteria for it to be accepted. On our systems, your passwords are not displayed in clear text, but secured with secure cryptographic algorithms.
Despite all the measures taken to guarantee the security of your information, we draw your attention to the fact that there is no such thing as zero risk. We do our best to protect your information, but we cannot guarantee 100% flawless security. Safety is effective when all parties follow good practices. You are responsible for keeping your login information and any other access data to our services confidential.
MindMaze uses powerful solutions to provide you with the best user experience, quality and reliable services. In the criteria for choosing our suppliers of third-party products and services, information security plays a very important role. However, MindMaze has no control over the internal policies of our suppliers and cannot guarantee 100% flawless security of the products and/or services we use at home.
You can refer to the security and privacy policy of our third-party product and service providers by going directly to their website.
As part of the services and products we offer you, the information you provide us may be transferred outside Switzerland or the EU. For example, this may be the case if one or more of our servers are located outside Switzerland or the EU. In these countries, data protection legislation may be different from that of Switzerland or the EU. If we transfer your information outside Switzerland or the EU in this way, we will adopt appropriate safeguards recognized by Swiss and European regulatory authorities and take steps to ensure that appropriate security measures are taken to ensure the uninterrupted protection of your privacy rights as set out in the Privacy Policy.
The general data protection regulations grant you rights over your personal or health data. Your rights are applicable subject to local data protection laws. Depending on the applicable laws and, more particularly, if you are located in the European Economic Area, these rights may include:
To exercise your rights, please contact us using the information in the “Contact us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you to satisfy your request. However, the deadline may be longer than one month, if we have a high demand. In such a case, you will be informed within one month of receiving your request. If your request concerns one of our third-party product suppliers, we recommend that you submit this request directly to that supplier.
You also have the right to file a complaint with the competent supervisory authority in the country where you reside if you believe that we have not complied with the requirements of the data protection regulations (in particular the EU General Data Protection Regulation) for your personal data. For the subsidiaries MindMaze GmbH, MindMaze UK, MindMaze Romania and MindMaze SARL, the lead supervisor is the CNIL (France).
For users with MindMotion product accounts, you can change your information and data processing preferences directly in your profile.
To update your billing information, close your account and/or request the return or deletion of your Personal Data and other information related to your account, please contact us using the information in the “Contact Us” section below.
We do not collect data from children under 16 years of age voluntarily without parental consent. This age limit can be different in some countries following local law, in this case we will follow the local law requirements. If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us using the information in the “Contact Us” section below. We will take steps to remove this personal information from our systems.
We regularly review this privacy policy and may update it at any time to better protect you. Any future changes or additions to the processing of personal or neurological impairment data described in this document concerning you will only be applicable to you with your express consent.
Any questions regarding this privacy policy and our privacy practices should be sent to our Data Protection Officer by e-mail [email protected] or by post to MindMaze SARL, ICM, Hôpital Pitié Salpêtrière 47 Boulevard Hôpital, 75013 Paris, France or MindMaze SA, Chemin de Roseneck 5, 1006 Lausanne, Switzerland. You can also call us on +41 (0)21 552 0801.
Founded in 2012, MindMaze is a global leader in brain technology with a mission to accelerate humanity’s ability to recover, learn and adapt.
With over a decade of work at the intersection of neuroscience, biosensing, engineering, mixed reality and artificial intelligence, we have enhanced the recovery potential of patients with neurological diseases. Combining our FDA cleared and CE marked digital therapeutics with best-in-class motion analytics, AI and cloud technologies, our goal is to create the universal platform for brain health.