Last revision of this policy: September 2019
The following terms: “MindMaze”, “we”, “us”, “our” or the “Company” are references to MindMaze SA, the controller, and to companies held by MindMaze Holding SA.
MindMaze attaches great importance to the protection and respect of your privacy.
When you use one of our products or services, or visit our websites, we collect your personal and/or personal data related to your neurological impairments. This document describes when and why we collect them, how we use them, with whom we share them, the processing we do on them, and the measures we take to ensure their safety. Please read this policy carefully to find out what your rights are and what means are available to you to exercise them.
Who are we?
MindMaze SA and the other companies of the MindMaze group create intuitive human-machine interfaces on their revolutionary IT platform inspired by neuroscience. Our innovations are at the intersection of neuroscience, mixed reality and artificial intelligence and are therefore ready to transform a large number of industries.
Chemin de Roseneck 5,
Legal representative in the EU
ICM, Hôpital Pitié Salpêtrièrel
47 Boulevard Hôpital,
What personal data do we collect?
2.1 The data we collect from you
We collect information about you when you use one of our MindMotion devices and/or participate in our registry, clinical studies, clinical trials or clinical evaluations. These data are for example:
- Your name, first name, address and email address
- Your laterality (right-handed or left-handed);
- Your Gender (Male or Female);
Our products collect information about your impairment by tracking your different sessions (activity score, game time, etc.). They also produce information that allows us to identify you. This information can be, for example:
- Your patient and user ID;
- Your calibration measurements (values, timestamps, etc.);
- Your exercise and session IDs;
- Your exercise values (type, inventory, level, side, date, duration, performance, etc.);
We need this personal information to provide you with our services and improve your user experience. Without this information, it would be impossible for you to use our services.
2.2 Data we collect from other sources
It is possible that other sources such as hospitals, our subsidiaries, or other companies active in the health field or not, may send us health information about you. The information received is then combined with other information we already have about you. This data can be, for example:
- Your pathologies
- Your rehabilitation exercises that you do at home
- Your statistics and performance
- Other information about your health
The various sources that we will send your data to have their privacy policies that do not apply to ours and vice versa. They will probably have obtained your consent to the collection and processing of your information, when using their platforms or when using their services. In such a case no communication will be made from us. In the event that no consent has been given to the various sources, we will ask you for your consent to the first processing of your information.
What data do we process about your devices?
When you visit our website MindMaze.com or MindMotionweb.com using your mobile devices or from a computer, we collect and store information in their internal storage space. We then reuse this data to improve your user experience or to perform statistics. The different data we collect can be, for example:
- Your IP address and location data
- The type of device you use
- The link from which you access our platform
- Configurations on certain equipment for the use of our services
You will be able to choose whether or not to store this information by accepting cookies or not.
3.1 The different types of cookies we use
Cookies are small amounts of information stored in files within your computer’s browser itself. Cookies are accessible and stored by the websites you visit, and by companies that display their advertisements on websites, so that they can recognize the browser. Websites can only access the cookies they have stored on your computer.
- Site Usage: to help us recognize your browser as that of a previous visitor and to record the preferences you determined during your previous visit to the Site. For example, we may record your login information so that you do not have to log in each time you visit the Site;
- Social networks: to check if you are connected to third party services (Facebook, Twitter, Google+…);
- Targeting: to allow us to target (emailing, basic enrichment) later or in real time the Internet user who navigates on our Site;
- Audience measurement: to track statistical data on Site usage (i.e., users’ use of the Site and to improve the Site’s services) and to help us measure and study the effectiveness of our interactive online content, features, advertising and other communications.
3.2 Your choices regarding cookies and web beacons
You have the option of configuring your browser to accept all cookies, reject all cookies, notify you when a cookie is issued, its validity period and content, and allow you to refuse to save it on your device, and delete your cookies periodically.
You can set your Internet browser to disable cookies. Please note, however, that if you disable cookies, your username and password will no longer be saved on any website. For more information on how to delete and control cookies stored on your computer, visit https://www.aboutcookies.org/
How do we process your information?
We may use your personal data and/or data related to your neurological impairment for the following purposes:
- to provide our services and to enable the use of our products;
- to ensure the maintenance of our products;
- to improve our services and/or products;
- to develop new services and/or products;
- to participate in registries, clinical studies, clinical trials or clinical evaluations;
- to gather information for scientific research;
- to provide evidence to support scientific initiatives;
- for the publication of articles or similar communications, including scientific and marketing articles; and
- for statistics, performance analysis.
Your personal data may only be used with your express consent, which must be collected in advance, except for the use of data other than those relating to your impairment, for the intended purposes mentioned in points (1) and (2), which is based on the contractual agreement you have concluded with MindMaze SA or another company in the MindMaze group, as an end user, customer or other.
Insofar as we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, the withdrawal of your consent does not compromise the lawfulness of the processing operation before your consent is withdrawn.
If you are unable to legally establish contractual links with MindMaze SA or another company of the MindMaze group or to give your consent to the processing of your personal data, for medical or similar reasons, your personal data may however only be processed if this is necessary to safeguard your vital interests.
Personal data collected by MindMaze SA and other companies in the MindMaze group will only be kept for as long as necessary until we have achieved the purposes for which they were collected. To ensure that we do not keep them longer than necessary, we periodically review and delete our files in accordance with these objectives.
Who has access to your information?
MindMaze employees and consultants: to improve our services, products, user experience, security and the proper performance of the contract between you and MindMaze.
Third party service providers working for us: we are authorized to share your personal information with our third party service providers, agents and subcontractors and other associated organizations for the purpose of performing tasks and providing services on our behalf. When we use third party service providers, however, we only disclose personal information necessary to provide the relevant services and we enter into a written agreement (including in electronic form) in accordance with Swiss and EU law requiring them to ensure the security of your information and not to use it for their own purposes, except with your express consent.
We are also authorized to enter into contracts with third parties to enable them to offer you devices and solutions to improve the treatment of your disabilities or handicaps. In this context, we are authorized to transmit your personal information to insurance companies and pharmaceutical companies for a fee, only for this purpose and subject to your express consent.
How we secure your information?
6.1 The security of your data at MindMaze
When you provide us with personal information about yourself, we take steps to ensure its security. All the information you send us is encrypted using SSL and a 256-bit security key.
Our products you use are also designed to comply with the best production, physical security, and storage security practices. Risk studies are carried out there in order to limit them as much as possible.
We regularly carry out security reviews on our platforms and services that we offer you and correct weaknesses as soon as possible. We strive to keep all our systems as up-to-date as possible with the latest security patches.
The accounts you create with us are all protected by a password that is your responsibility. You must define one that is complex enough to limit the risk that it will be easily deductible. To help you in this task we have defined a password complexity policy. When you define your password, we give you the expected criteria for it to be accepted. On our systems, your passwords are not displayed in clear text, but secured with secure cryptographic algorithms.
Despite all the measures taken to guarantee the security of your information, we draw your attention to the fact that there is no such thing as zero risk. We do our best to protect your information, but we cannot guarantee 100% flawless security. Safety is effective when all parties follow good practices. You are responsible for keeping your login information and any other access data to our services confidential.
6.2 The security of your data with our partners
MindMaze uses powerful solutions to provide you with the best user experience, quality and reliable services. In the criteria for choosing our suppliers of third-party products and services, information security plays a very important role. However, MindMaze has no control over the internal policies of our suppliers and cannot guarantee 100% flawless security of the products and/or services we use at home.
Transferring your information outside Europe
What are your rights regarding your personal data?
8.1 Your rights
The general data protection regulations grant you rights over your personal or health data. Your rights are applicable subject to local data protection laws. Depending on the applicable laws and, more particularly, if you are located in the European Economic Area, these rights may include:
- The right of access: access to your Personal Data that we hold;
- The right of rectification: The rectification of inaccurate Personal Data and, taking into account the purpose of the processing of Personal Data, to ensure that they are complete;
- The right to erase (the right to forget): the erasure/deletion of your Personal Data, to the extent that applicable data protection laws allow it;
- The right to limit processing: the limitation of our processing of your Personal Data, to the extent permitted by law (right to limit processing);
- The transfer of your Personal Data to another controller, if possible;
- The right of opposition: the opposition to any processing of your Personal data or data related to your neurological impairment based on our legitimate interests. When we process your Personal Data for commercial prospecting purposes or share them with third parties for their own commercial prospecting purposes, you have the right to object to this processing at any time without having to invoke any particular reason;
- Automated decision: The right for the data subject not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects. No automated decisions are currently being implemented on our websites, services or products; and
- The right to withdraw your consent: to the extent that we base the collection, processing and sharing of your personal data on your consent, you may withdraw your consent at any time, without compromising the lawfulness of the processing based on the consent given before the withdrawal. MindMaze will act on withdrawals of consent as soon as we can and will not penalise individuals who wish to withdraw consent. However, the withdrawal of your consent may have as a consequence that MindMaze or the relevant affiliate of the MindMaze group will not be in a position to provide you with its services
8.2 How to exercise your rights?
To exercise your rights, please contact us using the information in the “Contact us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you to satisfy your request. However, the deadline may be longer than one month, if we have a high demand. In such a case, you will be informed within one month of receiving your request. If your request concerns one of our third-party product suppliers, we recommend that you submit this request directly to that supplier.
You also have the right to file a complaint with the competent supervisory authority in the country where you reside if you believe that we have not complied with the requirements of the data protection regulations (in particular the EU General Data Protection Regulation) for your personal data. For the subsidiaries MindMaze GmbH, MindMaze UK, MindMaze Romania and MindMaze SARL, the lead supervisor is the CNIL (France).
8.3 How can you change your data and how we process it?
For users with MindMotion product accounts, you can change your information and data processing preferences directly in your profile.
To update your billing information, close your account and/or request the return or deletion of your Personal Data and other information related to your account, please contact us using the information in the “Contact Us” section below.
Our policy on children
We do not collect data from children under 16 years of age voluntarily without parental consent. If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us using the information in the “Contact Us” section below. We will take steps to remove this personal information from our systems.