Saas Privacy Policy

Last updated: 02/2024

Confidentiality and security are core values of BEIN MINDSET. This means that we are committed to ensuring the privacy of the data of the people who interact with us and use our tool, at all times, and to collecting only the information we need, and no more.

Below you will find all the necessary information about the personal data we collect, how we process it, and your rights.

1. Who Processes my Personal Data?

INNOVATIVE MINDSET, S.L., hereinafter BEIN MINDSET, CIF: B66739459, Address: C/ Josep Umbert i Ventura, 132, CP 08402, Granollers (Barcelona), may act under either of the following two conditions:

Data Controller: A data controller is a data controller when it establishes relationships on its own behalf with the data subjects or natural persons who are the data subjects (i.e. when, notwithstanding the existence of a service provision contract with a company, it is the employees of that company who directly provide their personal data to BEIN MINDSET).

Data Processor: A data processor is a data processor when it accesses the personal data of such data subjects for the provision of a service contracted by the Data Controller (a client company or a client company of our clients). This will be the general case, i.e. a company contracts BEINMINDSET directly or through another company – and enters into a service contract for this purpose – so that the employees of this company, i.e. the users, can use the BEINMINDSET platform for the purpose of assessing the level of maturity of the organisation’s Diversity, Equity and Inclusion management.

For this purpose, BEIN MINDSET hereby states that it has an email address dpd@beinmindset.com available to all persons interacting on BEIN MINDSET’s social networks, the website https://BEIN MINDSET.com (the “Website“) and the platform (SaaS).

BEIN MINDSET processes your data in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Who are the Persons Concerned?

The personal data collected and processed may originate from the following data subjects:

Business customers and prospective customers in connection with their use of the BEIN MINDSET website:
- People who provided us with their data in different forms on the website to make enquiries or obtain information about our products and services.
- People who requested a personalised demonstration or a free trial.
- People who requested communications about news, products and services.

Consulting companies that use the BEIN MINDSET App:
- Consulting firms using the app in relation to their clients.

Employees of the BEIN MINDSET Platform:
- Companies that provided us with their data to formalise the service contract with BEIN MINDSET.
- Administrators and End Users of the BEIN MINDSET Platform.
- Companies that provide us with information through questionnaires.
- Employees of the companies using the platform through questionnaires.

Suppliers:
- Companies that share with us the personal data necessary to formalise a service contract (identification, contact, address, and bank account, etc.)

Candidates:
- Persons who submit an application to enter into recruitment processes.

Working people:
- Current employees for the management of the platform.
- Current users of the Platform to formulate reports, statistics, or any information in order to know the maturity level of the organisation in terms of Diversity, Equity and Inclusion.

Website visitors:
- People who browse our website and have accepted analytical cookies.

3. What Personal Data do we Process?

Whether as controller or processor, we process different types of personal data, including:

Contact information, such as name, e-mail address and telephone number.
Platform user account information, such as username and password.
Payment information, such as physical and/or virtual card details for payment to BEIN MINDSET.
Profile information, such as the company you work for, your employee identifier and any information you want to share with BEIN MINDSET.
Personal information collected through forms that are filled in by employees about their interests and opinions in relation to the company they work for.
Usage information, such as how often the application is used, and which services are used.

4. For what Purposes and on what Grounds do we use Personal Data?

At BEIN MINDSET we process personal data in order to respond to requests for information, attend to requests or provide the services contracted. In addition, it is stated that all data collected will be treated with the utmost diligence, using pseudonyms and anonymity measures to ensure that the worker is not identifiable. However, the Client company must implement the necessary measures to reinforce this point.

This personal data is processed for the following legitimate purposes.

4.1. BEIN MINDSET as Data Controller

Purpose	Interested parties	Data categories	Basis of legitimacy	Retention period
Formalisation, development and execution of the contract The processing of personal data of the contact persons of our customers and suppliers for the execution of the contract. BEIN MINDSET processes the personal data of the contact persons of our customers and suppliers, among others, in order to manage the commercial and business relationship with them.	Client CompaniesProspective customersSupply companies	Identifying data (name and surname)Contact details (address, corporate email)	Execution of the contract	Once the services listed in the contract have been completed, the data contained in the contract will be held for 6 years, duly blocked, and without prejudice to users having duly exercised their rights of deletion or opposition prior to the end of this period.
Processing payments, collection and invoicing At BEIN MINDSET, we will process the data of our client companies in order to send them invoices and collect the compensation agreed in the service contract. In the same way, BEIN MINDSET will process the data of its suppliers in order to proceed with the payment of the agreed services.	Client CompaniesSupply companies.	Identifying data (name and surname)Contact details (address, corporate email)Bank details.	Execution of the contract	In accordance with article 30 of the Spanish Commercial Code, invoicing data shall be retained for 6 years after they have been issued.
Response to requests for information or contact BEIN MINDSET uses the contact details provided to respond to requests and enquiries about products and services, whether made through the form available on the websites.	Client CompaniesSupply companies.Website users	Identifying data (name and surname)Contact details (address, corporate email)	Consent	Once the request has been resolved, the personal data will be held and duly blocked, for a period of one year.
Sending commercial communications BEIN MINDSET processes the contact data provided to inform interested parties who have consented to receive commercial information. This information may be about products, services, activities, news, and/or any promotion that may be of interest and related to the activity of BEIN MINDSET.	Client CompaniesPotential Clients	Identifying data (name and surname)Contact details (address, corporate email)	Consent	The data will be processed for this purpose as long as the data subject does not duly revoke his or her consent.
Request for demos and free trials At BEIN MINDSET we use the contact information provided by interested parties to schedule a demo or free trial.	Client CompaniesPotential Customers	Identification data (name and surname)Contact details (address, corporate email)Job and company	Consent	After the free trial, the personal data will be held and duly blocked, for a period of one year, if no service contract is concluded before that time.
Analysis of website visits BEIN MINDSET uses various techniques to collect information. These techniques may be used to obtain analytical data about visits and navigation on the pages of our websites. These analytics rely on the use of external services that have their own privacy policy. These companies may cross-reference your browsing data with their internal logs in order to use it for ad targeting, even if you do not have a registered account with their services. For more information, please see our Cookie Policy.	Users	Online identifiers, including identification cookies. Internet Protocol (IP) addresses and device identifiers. Identifiers. Information contained in the HTTP headers of requests sent over the Internet, such as the type of device, operating system and browser from which the pages are visited. Information provided by the browser such as preferred language, time zone and others. Website navigation data: pages visited.	Consent	Data will be retained in accordance with the terms identified in our Cookie Policy and the Privacy Policies of Analytical Cookie Providers.
Processing applications for open selection processes BEIN MINDSET processes the personal data of persons who wish to apply for open recruitment processes in the company.	CandidatesWorking people.	Identifying data (name and surname)Contact details (address, corporate email)Professional data (CV)	Consent and, where appropriate, execution of contract.	Candidates’ data will be kept for one year after the end of the selection process, in order to be able to contact them again if there is a new vacancy that might suit them.

4.2. BEIN MINDSET as Data Processor

Purpose	Interested parties	Data categories	Basis of legitimacy	Retention period
Processing carried out on behalf of a data controller for the provision of our services. The provision of the services that BEIN MINDSET (the data processor) provides to our client companies (the data controllers) involves the processing of personal data for which our client companies are responsible. BEIN MINDSET, which provides a platform for assessing the maturity level of the organisation’s Diversity, Equity and Inclusion management. This enables conscious decision making across the company in order to improve the maturity level.	Client companyWorking people.	Identifying data (name and surname)Contact details (address, corporate email)Professional data (CV, position, company)Bank details (account)Data collected through the form This information may vary depending on the data that end-users voluntarily and spontaneously share with BEIN MINDSET.	Execution of the contract	The data will be retained in accordance with the terms of our Data Controller Agreement, which we sign with each of our client companies.

5. How do we Protect Personal Data?

At BEIN MINDSET, we take technical and organisational security measures to protect your personal data from loss, misuse, unauthorised access or disclosure. Some of the measures we take include data encryption, restricted access to personal data and regular data protection training for our staff.

BEIN MINDSET is a data security conscious company and therefore promotes a risk-based methodology that enables organisations to better manage information security.

6. How do we Store Personal Data?

We store your personal data on secure cloud servers located in the European Union. We maintain technical and organisational measures to ensure the security of personal data and prevent its loss, misuse, unauthorised access or disclosure.

7. Who has Access to your Personal Data?

BEIN MINDSET will only share your personal data with third parties where this is necessary to provide you with our services, where you have asked us to do something for which we are required to respond or where we are legally obliged to do so.

We may also communicate data to companies that provide us with services necessary for the ordinary and administrative activity of the company as data processors, in the framework of the provision of services such as:

Payment service providers and payment processing companies
Technology service providers, such as cloud hosting and data analytics service providers
Legal and financial advisors
Regulatory and governmental authorities, where necessary to comply with our legal obligations or where legally required to do so

7.1. International Data Transfer

Currently, we do not share data with suppliers located outside the European Economic Area, so no international data transfers are carried out. Our client companies are informed of this in the Processing Contract signed with each of them.

Likewise, as Data Controllers, we will share personal data between the different subsidiaries of the group, based on legitimate corporate interest. In the event that these activities take place between countries in the European Economic Area and our subsidiaries located outside the European Economic Area, international transfers are made under contract and by signing the Standard Contractual Clauses approved by the European Commission: https://eur-lex.europa.eu/legal-content/ES/ALL/?uri=CELEX:32021D0914

8. How do I Exercise my Rights in Relation to my Personal Data?

Any person has the right to obtain information about the data that BEIN MINDSET is processing concerning him/her/they. These are your rights:

Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, the persons concerned may request the limitation of the processing of their data, in which case they will only be kept for the exercise or defence of claims.

In certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. BEIN MINDSET will cease to process the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

Portability: The Data Subject shall have the right to receive the Personal Data concerning him/her/they which he/she/they has provided to BEIN MINDSET in a structured, commonly-used and machine-readable format where: a) the processing is based on consent or a contract, and b) the processing is carried out by automated means.

We inform you of your right to lodge a complaint with the supervisory authority (www.aepd.es) in the event that the exercise of your rights indicated here has not been satisfied.

To exercise the aforementioned rights, please contact: dpd@beinmindset.com. When doing so, please indicate the following details:

Name and surname
Contact e-mail address
Rights you wish to exercise
Data on which you are making your request

Within a maximum period of one month we will resolve your request, notifying you by e-mail.

9. How long will your Personal Data be kept?

We will retain your personal data for as long as it is necessary for us to provide you with our services or as long as it is necessary for us to comply with our legal obligations. When we no longer need your personal data, it will be securely deleted or anonymised.

For a specific retention period, please refer to the tables in Section 5 of this Privacy Policy.

10. Changes to our Privacy Policy

We reserve the right to update this Privacy Policy at any time. If we make significant changes to this Privacy Policy, we will inform you by posting a notice on our app or website, or by other appropriate means.

11. Contact details

If you have any questions or concerns about this Privacy Policy or how we treat your Personal Data, you can contact the Spanish Data Protection Agency at the postal address Francisco de Rojas 5 – Esc. Dcha. 1 – 3 – 28010 Madrid or send us an email to dpd@beinmindset.com