Version 1.3 - June, 2021
- the terms “personal data”, “personal information” and “data” bear the same meaning;
- “data subject” means you, and where we enter into a contract with an employer of data subjects will include a person under the direct authority of the employer such as an employee, consultant, adviser and contractor;
- “personal data” is any information that relates to a living, natural person who can be directly or indirectly identified, and any information that relates to existing juristic persons such as companies or other institutions;
- “contract” means our data processing service terms and conditions as published on our website and displayed when logging on to any of our applications. Unless we and a registered user agree otherwise in writing, the provisions of the contract will automatically apply to the data processing services we supply to any registered user that accesses and utilizes any of our applications.
Your right to privacy is very important to us and we are committed to protect your personal data and to comply to the fullest extent with the applicable data privacy protection laws.
Who controls and who is processing the data
The relevant data protection laws distinguish between persons and institutions doing the collection of personal data (“controllers” or “responsible parties”), and those persons or institutions who do the processing of personal data (“processors” or “operators”).
- The “Controller” / “Responsible Party” determines the purposes for which (“why”) and the means by which (“how”) personal data is processed.
- The “Processor” / “Operator” is usually an independent third party external to the controller / responsible party, that processes personal data on behalf of the controller / responsible party in terms of an agreement or mandate, without coming under the direct authority of the controller / responsible party.
Due to the nature of the services we provide, it is important to note that where we enter into a contract with an employer of data subjects (persons under the direct authority of the employer such as employees, consultants, advisers and contractors), to act as the employer’s data processor / operator to process personal data collected by such employer:
- the employer in entering into a contract with us and therefore deciding what, why and how the personal data of its employees will be processed, is by law regarded as the controller / responsible party;
- it is the responsibility of the employer as controller / responsible party to comply with the relevant provisions of the law where the employer transfers an employee’s personal data to us for processing and when the employer uses our website and applications to upload and process the employee’s personal data;
- an employer can only process or transfer to a processor / operator the personal data of employees for processing:
- where the consent of the employee concerned is freely given, specific, informed and unambiguous by a statement or by a clear affirmative action that signifies agreement to the processing of personal data relating to him or her;
- where a contractual obligation exists between the employer and the employee;
- to satisfy a legal obligation of the employer;
- to protect the vital interests of the employee;
- to carry out a task that is in the public interest; and
- in pursuance of the legitimate interests of the employer.
- we, in entering into an agreement with the employer to process the personal data of employees that is transferred to us by the employer or uploaded by the employer to our website or applications, act as an independent third-party data processor that is regarded by law as the processor / operator.
The data we collect
In our typical operations we collect and process data from survey participants, administrative users acting on behalf of their employer (which is a client of Mindset), end-users using our applications (example dashboards) and trial users for potential new clients.
The personal data we collect, and how that data is used, depends on how you use our online services and applications. We collect personal data directly from you when you provide us with information such as:
- personal data contained in any communication you send to us or that we send to you;
- your contact data;
- user information when you create a user account via our website;
- login information when you log into your user account on our website;
- personal data you upload to our website.
We collect personal data indirectly and through an automated process from you when:
- you use or interact with our online services and applications;
- you transact with us through our website;
- event logging for error tracing takes place when using our applications or completing a survey;
- you upload and store your own data or the data of other persons on our website while using our online services and applications;
- personal data is provided by your employer including your contact and demographical information.
Your third-party data
Where you provide personal data to us and / or use personal data in our applications that you have collected from third parties, such as your customers, employees, other private individuals and juristic persons while using our online services or applications, you will be regarded by law as the “controller” / “responsible party” and you will by law be responsible to ensure that any personal data that you collect and use is protected and transferred to us in compliance with applicable data protection laws.
Our use of the data
We process your personal data on the legal basis that it is necessary to pursue our legitimate interests, or to pursue your employer’s legitimate interests, including performing our contractual obligations in terms of the contract. We use your personal data for the following purposes:
- the proper administration of our website, services and business;
- to supply the services through our website and applications;
- to contact you to fulfil a request from you for information, products and services;
- to develop, test and improve our services and applications;
- to maintain and improve our online services and applications;
- to keep a record of correspondence;
- to do troubleshooting;
- to notify you about changes to our applications including new features;
- to manage the relationship with you and to communicate with you in relation to our online services and applications that you use;
- to provide you with personalized features and content;
- to monitor your interactions with our website and applications by using analytics;
- to create and maintain our databases to ensure that we supply our online services and run our applications in a proper and efficient manner;
- for your security, risk management and the security of our website and applications and to detect or prevent any criminal activity;
- to assert your legal rights, our legal rights and the legal rights of third parties;
- to enable us to verify your eligibility to use our applications and give you access to our online applications as a user;
- to enable us to send you survey links as a participant in a survey;
- to provide your employer with aggregated results, dashboards and reports from surveys where such surveys are conducted on an anonymous basis and as such your anonymity as survey participant is protected by default;
- where it is necessary for compliance with a legal obligation under the legal jurisdiction that applies to us, or in order to protect your privacy or the privacy of other natural persons;
- to use data in an aggregated and anonymized basis for benchmarking purposes;
- to send you news and information about our services and applications, policies, updates and new offerings where you have registered for a trial license or have requested information from us. You will be entitled to opt-in to receive our communications in this regard and to opt-out again at any time when you no longer wish to receive these communications.
Our legal bases
We will only collect and process your personal data where there is a lawful basis. Lawful bases include:
- where you give us your specific, unambiguous consent;
- where processing is necessary to execute, or to prepare to enter into a contract to which you are a party;
- we need to process the data to comply with a legal obligation of ours;
- where the processing of the data is done in accordance with the terms of a contract with you or your employer and necessary for the performance of the contract;
- when there are compelling grounds to rely on our legitimate interests in processing the personal data.
Our sharing of data
We do not collect and share data or create individual profiles for the purposes of advertising, marketing, or any other commercial purpose not associated with our online services or the services supplied by using our applications.
We only send newsletters to designated key client contacts and partners.
We may share your personal data with approved third parties, who comply with applicable laws that protect your personal data, such as our hosting service provider and bulk email distributor.
We may need to share your personal data in exceptional circumstances when we believe it is required by law or to help protect the rights and safety of you, us or others.
Our cross-border transfer of data
The processing of the data will always be subject to prescriptive (unalterable) provisions of cross-border law(s) that apply at the relevant time if such laws supersede the GDPR. In the event where a particular country or jurisdiction has no data protection laws or data protection laws that do not afford at least similar data privacy protection as the GDPR, the most recent version of the GDPR shall apply by default.
Privacy of minors
We do not collect, store or process data from any person under the age of 18 years. In the event where a person under the age of 18 years visits or accesses our website and intend to submit any personal data to us, such person must be assisted by a person who is legally competent to consent to any action or decision being taken in respect of any matter concerning such person under the age of 18 years.
Our website and our online services and applications are not intended to solicit, collect or process data from any person under the age of 18 years.
You have the right to:
- request a copy of the personal data, which we will provide to you in electronic form subject thereto that you prove your identity to our satisfaction before we provide the requested data to you;
- request us to rectify or amend any incomplete or inaccurate personal data free of charge;
- request us to restrict the processing of personal data;
- object to the processing of, or complain about our processing of personal data, subject thereto that we will not be obliged to abide by your request where we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim;
- request that we transfer personal data to you or another entity provided that we are processing the data on the basis of your consent or in order to perform our obligations under contract to you;
- request that we erase personal data, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims;
- withdraw your consent at any time, free of charge if you have consented to our processing of personal data and your consent is a legal basis of our processing of the data;
- request that we restrict our processing of personal data where:
- you believe such data to be inaccurate;
- our processing of the data is unlawful; or
- we no longer need to process the data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
You may exercise any of your rights in relation to personal data by sending us an email, using the contact details set out below. Where we have entered into a contract with your employer in relation to the processing of your personal data, you must contact your employer directly should you wish to exercise any of your rights in relation to your personal data.
You have the right to request that we delete personal data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
You have the right to lodge a complaint with the appropriate data protection authority that regulates the processing of personal data at the relevant time, if you believe that we have not complied with applicable data protection laws.
Our data security measures
We have sufficient technical and organizational measures in place to safeguard personal data in our custody and under our control. We have due regard to generally accepted information security practices and procedures that apply to us generally or be required in terms of specific industry or professional rules and regulations, to an appropriate level in relation to the risks and the nature of the personal data that we protect.
It is common knowledge that the internet is a global communications system of interconnected computer networks and as such personal data that you submit online to our website and applications may be intercepted. We cannot guarantee that any personal data, during transmission, will be absolutely safe from intrusion by others.
Where there are reasonable grounds to believe that the personal information of a data subject has been accessed by unauthorised persons, we will notify the controller / responsible party affected by the compromised data and the relevant authorities as required by law.
Our cookies policy
A cookie is a small text file stored by your browser on your device to collect standard internet log information and visitor behaviour information (“Cookies”). Cookie information can be cleared in your browser settings.
When you visit our websites, we may collect information from you automatically through tracking technologies such as Google Analytics. We store information in an essential cookie on your browser when you complete a survey questionnaire (example storing the last page marker in your local cookie, obtaining user credentials and timestamp when you log into our applications).
You can access our Cookies Policy by following this link https://www.mindsetmanage.com/cookies.
Applicable law, precedence and scope
Please note that the personal data that you supply to us or that we collect from you or that we receive from your employer is or could be protected under the data privacy laws of more than one country or economic union.
The data privacy laws of different countries and economic unions generally contain many similarities in regard to their material scope, key definitions, providing for data subject rights, and in their general approaches to personal data protection.
Unless otherwise stated or communicated to you, our principal place of business is domiciled in the Republic of South Africa and as such the provisions of the “POPIA” (South Africa's Protection of Personal Information Act, 2013) apply by default. The provisions of the POPIA will have precedence and override the provisions of the GDPR only to the extent where:
- the particular provision(s) of the POPIA are prescriptive (unalterable) in the particular situation; or
- not objectively dealt with in a manner of similar or better effect under the GDPR; or
- the particular provision(s) of the POPIA amplifies the GDPR or are of a higher standard of protection than a similar provision of the GDPR.
Our principal place of business is domiciled in the Republic of South Africa.
Please use the following contact details if you have questions or comments regarding this Privacy Notice or our privacy practices, or wish to communicate with us about your rights set out in this Privacy Notice:
Mindset Management Programs (Pty) Ltd
Attention: The Data Protection Officer / Information Officer
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the relevant data protection authority by following the appropriate links:
Information Regulator – South Africa:
Information Commissioner – European Union: