Last revision of this policy: August 2022.
The following terms: “MindMaze”, “we”, “us”, “our” or the “Company” are references to MindMaze SA, the controller, and to companies held by MindMaze Group SA.
MindMaze attaches great importance to the protection and respect of your privacy.
When you use one of our products or services, or visit our websites, we collect your personal information and/or personal data related to your performance. This document describes when and why we collect them, how we use them, with whom we share them, the processing we do on them, and the measures we take to ensure their safety. Please read this policy carefully to find out what your rights are and what means are available to you to exercise them.
1. Who are we?
MindMaze SA and the other companies of the MindMaze group create intuitive human-machine interfaces on their revolutionary IT platform inspired by neuroscience. Our innovations are at the intersection of neuroscience, mixed reality and artificial intelligence and are therefore ready to transform a large number of industries.
Data controller
MindMaze SA
Chemin de Roseneck 5
1006 Lausanne
Switzerland
Legal representative in the EU
MindMaze France SARL
26 rue Cambacérès
75008 Paris
France
2. What personal data do we collect?
2.1 The data we collect from you
We collect the below information about you when you use our THE CEREBRAL INITIATIVE mobile application, in order to compare your performance to people that are similar to you:
1. Month and year of birth
2. Education level
3. Gender
THE CEREBRAL INITIATIVE app collects information about your performance by tracking your different sessions (activity score, game time, etc.). It also produces the below information:
1. An encrypted value derived from your phone’s serial number.
2. Your exercise and session IDs
3. Your exercise values (type, level, date, duration, performance, etc.)
We need this information to provide you with our services and improve your user experience. Without this information, it would be impossible for you to use our services.
3. What data do we process about your devices?
When you visit our website, mindmaze.com, using your mobile devices or from a computer, we collect and store information in their internal storage space. We then reuse this data to improve your user experience or to perform statistics. The different data we collect can be, for example:
1. Your IP address and location data
2. The type of device you use
3. The link from which you access our platform
4. Configurations on certain equipment for the use of our services
You will be able to choose whether or not to store this information by accepting cookies or not.
3.1 The different types of cookies we use
Cookies are small amounts of information stored in files within your computer's browser itself. Cookies are accessible and stored by the websites you visit, and by companies that display their advertisements on websites, so that they can recognize the browser. Websites can only access the cookies they have stored on your computer.
By using our website, you consent to the use of cookies placed by them.
Our websites or web applications use cookies for the following purposes:
1.Site Usage: to help us recognize your browser as that of a previous visitor and to record the preferences you determined during your previous visit to the Site. For example, we may record your login information so that you do not have to log in each time you visit the Site;
2.Social networks: to check if you are connected to third party services (Facebook, Twitter, Google+...);
3.Targeting: to allow us to target (emailing, basic enrichment) later or in real time the Internet user who navigates on our Site;
4.Audience measurement: to track statistical data on Site usage (i.e., users' use of the Site and to improve the Site's services) and to help us measure and study the effectiveness of our interactive online content, features, advertising and other communications.
3.2 Your choices regarding cookies and web beacons
You have the option of configuring your browser to accept all cookies, reject all cookies, notify you when a cookie is issued, its validity period and content, and allow you to refuse to save it on your device, and delete your cookies periodically.
You can set your Internet browser to disable cookies. Please note, however, that if you disable cookies, your username and password will no longer be saved on any website. For more information on how to delete and control cookies stored on your computer, visit https://www.aboutcookies.org/
Your consent to the use of cookies will be requested when you access our sites. You will be able to set them up and adjust them to your preferences.
More information regarding cookie management is given in our cookie policy.
4. How do we process your information?
We may use your personal data and/or data related to your performance using the THE CEREBRAL INITIATIVE app for the following purposes:
1.to provide our services and to enable the use of our products;
2.to ensure the maintenance of our products;
3.to improve our services and/or products;
4.to develop new services and/or products;
5.to gather information for scientific research;
6.to provide evidence to support scientific initiatives;
7.for the publication of articles or similar communications, including scientific and marketing articles
8.for statistics, performance analysis.
Your personal data may only be used with your express consent.
Insofar as we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, the withdrawal of your consent does not compromise the lawfulness of the processing operation before your consent is withdrawn.
Personal data collected by MindMaze SA and other companies in the MindMaze group will only be kept for as long as necessary until we have achieved the purposes for which they were collected. To ensure that we do not keep them longer than necessary, we periodically review and delete our files in accordance with these objectives.
5. Who has access to your information?
MindMaze employees, consultants, and third party service providers may access the database to improve our services, products, user experience, security and the proper performance of the contract between you and MindMaze.
Note that the encrypted information we store about your phone is not sufficient to determine who you are, what is your phone number, or what is your real phone ID.
Third party service providers working for us: we are authorized to share your information with our third party service providers, agents and subcontractors and other associated organizations for the purpose of performing tasks and providing services on our behalf. When we use third party service providers, however, we only disclose information necessary to provide the relevant services and we enter into a written agreement (including in electronic form) in accordance with Swiss and EU law requiring them to ensure the security of your information and not to use it for their own purposes, except with your express consent.
We are authorized to disclose your information to a third party if we are required to disclose or share your personal data in order to comply with a legal obligation, to apply or enforce our terms of use or to protect the rights, property or safety of our customers or, in connection with the sale of all or part of our activities and assets to a third party or in connection with a restructuring or reorganization of our business. However, we will take all appropriate measures to ensure that your privacy rights remain protected.
6. How do we secure your information?
6.1 The security of your data at MindMaze
When you provide us with personal information about yourself, we take steps to ensure its security. All the information you send us is encrypted using SSL and a 256-bit security key.
We regularly carry out security reviews on our platforms and services that we offer you and correct weaknesses as soon as possible. We strive to keep all our systems as up-to-date as possible with the latest security patches.
The accounts you create with us are all protected by a password that is your responsibility.
Despite all the measures taken to guarantee the security of your information, we draw your attention to the fact that there is no such thing as zero risk. We do our best to protect your information, but we cannot guarantee 100% flawless security. Safety is effective when all parties follow good practices. You are responsible for keeping your login information and any other access data to our services confidential.
6.2 The security of your data with our partners
MindMaze uses powerful solutions to provide you with the best user experience, quality and reliable services. In the criteria for choosing our suppliers of third-party products and services, information security plays a very important role. However, MindMaze has no control over the internal policies of our suppliers and cannot guarantee 100% flawless security of the products and/or services we use at home. All your data is stored in strong password protected & encrypted SQL databases hosted on Amazon’s AWS servers in Germany. Though we trust Amazon as one of the data hosting world leaders, we have no control over their internal security practices.
7. Transferring your information outside Europe
Our servers are located in Germany, and the storage service is provided by Amazon (AWS). All databases will remain in the EU.
8. What are your rights regarding your personal data?
8.1 Your rights
The general data protection regulations grant you rights over your personal data. Your rights are applicable subject to local data protection laws. Depending on the applicable laws and, more particularly, if you are located in the European Economic Area, these rights may include:
1. The right of access: access to your Personal Data that we hold;
2. The right of rectification: The rectification of inaccurate Personal Data and, taking into account the purpose of the processing of Personal Data, to ensure that they are complete;
3. The right to erase (the right to forget): the erasure/deletion of your Personal Data, to the extent that applicable data protection laws allow it;
4. The right to limit processing: the limitation of our processing of your Personal Data, to the extent permitted by law (right to limit processing);
5. The transfer of your Personal Data to another controller, if possible;
6. The right of opposition: the opposition to any processing of your Personal data or data related to your performance based on our legitimate interests.
7. Automated decision: The right for the data subject not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects. No automated decisions are currently being implemented on our websites, services or products; and
8. The right to withdraw your consent: to the extent that we base the collection, processing and sharing of your personal data on your consent, you may withdraw your consent at any time, without compromising the lawfulness of the processing based on the consent given before the withdrawal. MindMaze will act on withdrawals of consent as soon as we can and will not penalise individuals who wish to withdraw consent. However, the withdrawal of your consent may have as a consequence that MindMaze or the relevant affiliate of the MindMaze group will not be in a position to provide you with its services
8.2 How to exercise your rights?
To exercise your rights, please contact us using the information in the "Contact us" section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you to satisfy your request. However, the deadline may be longer than one month, if we have a high demand. In such a case, you will be informed within one month of receiving your request. If your request concerns one of our third-party product suppliers, we recommend that you submit this request directly to that supplier.
You also have the right to file a complaint with the competent supervisory authority in the country where you reside if you believe that we have not complied with the requirements of the data protection regulations (in particular the EU General Data Protection Regulation) for your personal data. For the subsidiaries MindMaze GmbH, MindMaze UK, MindMaze Romania and MindMaze France SARL, the lead supervisor is the CNIL (France).
8.3 How can you change your data and how we process it?
To close your account and/or request the return or deletion of your Personal Data and other information related to your account, please contact us using the information in the "Contact Us" section below.
9. Our policy on children
We do not collect data from children under 16 years of age voluntarily without parental consent. This age limit can be different in some countries following local law, in this case we will follow the local law requirements. If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us using the information in the "Contact Us" section below. We will take steps to remove this personal information from our systems.
10. Review of the Privacy Policy
We regularly review this privacy policy and may update it at any time to better protect you. Any future changes or additions to the processing of personal or performance data described in this document concerning you will only be applicable to you with your express consent.
11. Contact Us
Any questions regarding this privacy policy and our privacy practices should be sent to our Data Protection Officer by e-mail dpo@mindmaze.com or by post to MindMaze France SARL, 26 rue Cambacérès, 75013 Paris, France or MindMaze SA, Chemin de Roseneck 5, 1006 Lausanne, Switzerland. You can also call us on +41 (0)21 552 0801.