Version 1.3 - June, 2021
Thank you for visiting our website and/or using our applications. Please note that in doing so, you may provide to us, or we can collect from you, personal and private information. We encourage you to read this privacy policy to learn how we collect and use your personal data.
This privacy policy applies to any website, application, form, document, product or service which references this privacy policy and it describes how we collect, use, disclose, retain and protect your personal information in accordance with the applicable data protection laws. By accessing and utilizing our website and our applications, you agree to be bound by this privacy policy.
For the purposes of this privacy policy:
Your right to privacy is very important to us and we are committed to protect your personal data and to comply to the fullest extent with the applicable data privacy protection laws.
You are not required to provide all the data identified in this privacy policy to enable you to use our website or applications, but certain functionalities will not be available or accessible to you if you do not provide the data as and when requested.
If you suspect there has been any unauthorized access to or misuse of your personal information, immediately contact our Data Protection Officer / Information Officer at This email address is being protected from spambots. You need JavaScript enabled to view it..
The relevant data protection laws distinguish between persons and institutions doing the collection of personal data (“controllers” or “responsible parties”), and those persons or institutions who do the processing of personal data (“processors” or “operators”).
Due to the nature of the services we provide, it is important to note that where we enter into a contract with an employer of data subjects (persons under the direct authority of the employer such as employees, consultants, advisers and contractors), to act as the employer’s data processor / operator to process personal data collected by such employer:
In our typical operations we collect and process data from survey participants, administrative users acting on behalf of their employer (which is a client of Mindset), end-users using our applications (example dashboards) and trial users for potential new clients.
The personal data we collect, and how that data is used, depends on how you use our online services and applications. We collect personal data directly from you when you provide us with information such as:
We collect personal data indirectly and through an automated process from you when:
Where you provide personal data to us and / or use personal data in our applications that you have collected from third parties, such as your customers, employees, other private individuals and juristic persons while using our online services or applications, you will be regarded by law as the “controller” / “responsible party” and you will by law be responsible to ensure that any personal data that you collect and use is protected and transferred to us in compliance with applicable data protection laws.
We process your personal data on the legal basis that it is necessary to pursue our legitimate interests, or to pursue your employer’s legitimate interests, including performing our contractual obligations in terms of the contract. We use your personal data for the following purposes:
We will only collect and process your personal data where there is a lawful basis. Lawful bases include:
We do not collect and share data or create individual profiles for the purposes of advertising, marketing, or any other commercial purpose not associated with our online services or the services supplied by using our applications.
We only send newsletters to designated key client contacts and partners.
We may share your personal data with approved third parties, who comply with applicable laws that protect your personal data, such as our hosting service provider and bulk email distributor.
We may need to share your personal data in exceptional circumstances when we believe it is required by law or to help protect the rights and safety of you, us or others.
We operate on a global basis and may transfer data to other countries or international third parties as necessary for the purposes described in this privacy policy. We will ensure, to the best of our ability, that such third party complies with the applicable data privacy protection laws.
The processing of the data will always be subject to prescriptive (unalterable) provisions of cross-border law(s) that apply at the relevant time if such laws supersede the GDPR. In the event where a particular country or jurisdiction has no data protection laws or data protection laws that do not afford at least similar data privacy protection as the GDPR, the most recent version of the GDPR shall apply by default.
We do not collect, store or process data from any person under the age of 18 years. In the event where a person under the age of 18 years visits or accesses our website and intend to submit any personal data to us, such person must be assisted by a person who is legally competent to consent to any action or decision being taken in respect of any matter concerning such person under the age of 18 years.
Our website and our online services and applications are not intended to solicit, collect or process data from any person under the age of 18 years.
You have the right to:
You may exercise any of your rights in relation to personal data by sending us an email, using the contact details set out below. Where we have entered into a contract with your employer in relation to the processing of your personal data, you must contact your employer directly should you wish to exercise any of your rights in relation to your personal data.
Personal data that we process will not be stored for longer than lawfully allowed or longer than necessary for the relevant purposes as set out in this privacy policy.
You have the right to request that we delete personal data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
You have the right to lodge a complaint with the appropriate data protection authority that regulates the processing of personal data at the relevant time, if you believe that we have not complied with applicable data protection laws.
We have sufficient technical and organizational measures in place to safeguard personal data in our custody and under our control. We have due regard to generally accepted information security practices and procedures that apply to us generally or be required in terms of specific industry or professional rules and regulations, to an appropriate level in relation to the risks and the nature of the personal data that we protect.
It is common knowledge that the internet is a global communications system of interconnected computer networks and as such personal data that you submit online to our website and applications may be intercepted. We cannot guarantee that any personal data, during transmission, will be absolutely safe from intrusion by others.
Where our website and applications contain links to other websites, please note that this privacy policy applies only to our website and applications. If you click on a link to another website, the privacy policy of that person or entity will apply.
Where there are reasonable grounds to believe that the personal information of a data subject has been accessed by unauthorised persons, we will notify the controller / responsible party affected by the compromised data and the relevant authorities as required by law.
A cookie is a small text file stored by your browser on your device to collect standard internet log information and visitor behaviour information (“Cookies”). Cookie information can be cleared in your browser settings.
When you visit our websites, we may collect information from you automatically through tracking technologies such as Google Analytics. We store information in an essential cookie on your browser when you complete a survey questionnaire (example storing the last page marker in your local cookie, obtaining user credentials and timestamp when you log into our applications).
You can access our Cookies Policy by following this link https://www.mindsetmanage.com/cookies.
Please note that the personal data that you supply to us or that we collect from you or that we receive from your employer is or could be protected under the data privacy laws of more than one country or economic union.
The data privacy laws of different countries and economic unions generally contain many similarities in regard to their material scope, key definitions, providing for data subject rights, and in their general approaches to personal data protection.
The “GDPR” (“General Data Protection Regulation” in European Union law), which governs the protection of natural persons with regard to the processing of personal data and the free movement of personal data in the European Union / European Economic Area, will apply to personal data processed by us, unless we specifically state otherwise in this privacy policy.
Unless otherwise stated or communicated to you, our principal place of business is domiciled in the Republic of South Africa and as such the provisions of the “POPIA” (South Africa's Protection of Personal Information Act, 2013) apply by default. The provisions of the POPIA will have precedence and override the provisions of the GDPR only to the extent where:
If there is any conflict between the terms of our privacy policy and an agreement between you and us regarding the processing of personal data, the terms of such agreement shall prevail to the extent that such term(s) are not in conflict with any prescriptive (unalterable) provision(s) of applicable law(s).
For the purposes of this privacy policy, the definition of a “data subject” under the GDPR (i.e. an identified or identifiable natural person) shall be amplified to include a juristic person as stipulated in the POPIA.
We may update this privacy policy from time to time and the most current version will be posted on our website.
Our principal place of business is domiciled in the Republic of South Africa.
Please use the following contact details if you have questions or comments regarding this Privacy Notice or our privacy practices, or wish to communicate with us about your rights set out in this Privacy Notice:
Mindset Management Programs (Pty) Ltd
Attention: The Data Protection Officer / Information Officer
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the relevant data protection authority by following the appropriate links:
Information Regulator – South Africa:
https://www.justice.gov.za/inforeg/index.html
Information Commissioner – European Union:
https://gdpr.eu/data-protection-officer