1. What we collect
Depending on which Services you use, we must process different kinds of information from or about you.
Personal data and other information you (and others) give us.
We collect the information that you (and others) give us when using our Services. For example:
Personal data and other information which is automatically collected about you when you use our services.
We also collect information automatically when you are connected to our Services. Depending on how you access and use our Services, we collect information such as:
Third parties may also collect information about you through the Services, or receive information collected about you through the Services, as described below.
2. How do we use your personal data?
We use the information as set out below and to provide our Services to you and our partners.
To provide and personalize our Services.
We use the information we collect to provide you with our Services. For example, we use this information to:
To improve and develop your experience and our Services.
We also use the information that we collect to understand, develop, and improve our Services. For example, we use the information to:
To promote our brand and Services.
We use the information that we collect to send you promotional messages and content and otherwise market to you on and offer our Services. We also use this information to measure how users respond to our marketing efforts. If you would like to opt out of receiving marketing emails, then you can always do so by following the instructions implemented in every such promotional message.
To promote safety and security.
We use the personal data that we collect to help promote safety and security on and off our Services, such as by investigating suspicious activity or breaches of our terms or policies and protecting our or others’ rights or property.
3. How is personal data shared?
To provide and support our Services, information that we have about you is shared in certain circumstances. The following can see information about you when you and others use our Services.
Developers, support, and other online content providers on our services.
You can interact with Third-party content, games, apps and other experiences through our Services. We may share information about you with these partners so they can provide you with the experiences that you’ve requested, such as:
We share the information that we collect with vendors, service providers, researchers, and other partners, who work at our direction to support the Services (such as hosting our Services, fulfilling orders, facilitating payments, analyzing the way people use our Services, processing credit card payments, providing customer service or sending electronic communications for us).
Other parties in connection with certain business transactions.
If the ownership of Mentalytics (or any portion of our assets) changes as a result of a merger, acquisition or in the event of a bankruptcy, information from or about you or your device may be transferred to another company.
Law enforcement or legal requests.
We share information with law enforcement or in response to legal requests in the circumstances outlined in Section 6 below.
We also share de-identified or aggregate data with others. “De-identified data” means information where we have removed identifiable data such as your name and other data that could reasonably be used to identify you. “Aggregate data” is data that has been combined with other data so that it doesn’t identify any specific person. For example, we provide developers with aggregated statistics about the number of people from a particular region that use our Services, so developers can create content tailored for people in that market. We may also share de-identified or aggregated data with other third parties.
4. Third parties that provide content, marketing or functionality on our services
Some of the content, marketing and functionality on our Services may be provided by third parties that are not affiliated with us. For example, we work with companies that help us provide content within the Service that you purchased.
5. Data retention and deletion
We store data that identifies you until it is no longer necessary to provide our Services, for example when you delete an account with us. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, we may retain certain purchase information for accounting and tax purposes even after you have deleted your account.
When you delete an account with us, we delete or anonymize the data you provided us with and the data we collected during your use of the Services. Neither you nor we will be able to restore such deleted or anonymized data.
6. How do we respond to legal requests and minimize harm?
We access, preserve, and share information with regulators, law enforcement or others:
7. How we operate and transfer data as part of our global services
We share information globally, both internally within the Mentalytics and externally with our partners to fully provide the Services you are entitled to receive based on the Service you have purchased or subscribed to and/or otherwise are entitled to receive. Information controlled by Mentalytics will be transferred or transmitted to, or stored and processed in the United States, China and/or other countries outside of where you live for the purposes as described in this policy. These data transfers are necessary for us to globally operate and provide our Services to you. We utilize standard contract clauses approved by the European Commission and rely on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EU/EEA to the United States and other countries.
8. Changes to this policy
The Data Protection Officer for Mentalytics can be contacted at email@example.com You also have the right to lodge a complaint with the Swedish lead supervisory authority; Datainspektionen
9. What is our legal basis for processing data?
The legal ground for processing personal data varies depending on the types of data and the situation. The legal grounds we rely on at Mentalytics are the following:
10. How can you exercise the rights provided to you under the GDPR?
Under the General Data Protection Regulation, you have the right to:
Access your data
You have the right to obtain from Mentalytics a confirmation of whether personal data concerning you is being processed, and if that is the case, a right to access information including, but not limited to, the purpose of the processing and the categories of personal data that Mentalytics has concerning you. By your request, Mentalytics is required to provide you with a copy of undergoing processing of your personal data.
Rectify your data
If it comes to your knowledge that certain personal data of yours which is being processed by Mentalytics is inaccurate, you have the right to obtain a rectification and, in some cases, a right to have incomplete data completed.
Port your data
If the legal ground for a processing of personal data is based on either (i) consent or (ii) fulfilment of a contract between you and Mentalytics, you have a right to receive data which you have provided us in a commonly used and machine-readable format and have the right to transmit such data to another controller.
Erase your data
You have the right to obtain from Mentalytics the erasure of your personal data when, for example, (i) the data no longer is necessary in relation to the purpose for which it was collected, (ii) if you withdraw a consent, (iii) if you object to the processing and there are no overriding legitimate grounds for the processing, or if (iv) the personal data have been unlawfully processed.
Restrict and object to certain processing of your data
You have the right to restrict Mentalytics from processing your data when, for example, (i) you contest the accuracy of the personal data, or (ii) if Mentalytics no longer needs certain data for the purposes of the processing.
Find out more about these rights, and how you can exercise them by either contacting Mentalytics at firstname.lastname@example.org or obtain information from the appropriate supervisory authority.
11. Contacting us
The data controller responsible for your information is Mentalytics AB which you can contact by e-mail at email@example.com.