MindNode Triad

Privacy Policy

Privacy Information

1. General Information

Your privacy is very important to us at IdeasOnCanvas GmbH ("IdeasOnCanvas"). We created this Privacy Policy to inform you about how we collect, use and store data personally related to you ("Personal Data"). This Privacy Policy covers the (3) MindNode Website, (4) MindNode Apps, the (5) MindNode Plus Subscription, the (6) MindNode Account Service, the (7) MindNode Live Service, (8) Transactional and Support Emails, (9) Newsletter, and (13) Marketing. It also covers our relationship with (11) suppliers and business partners, and (12) job applicants.

We will ensure to only process and share your Personal Data in accordance with applicable data protection law, especially the EU General Data Protection Regulation ("GDPR").

2. Definitions

Personal Data is information which relate to a specific identifiable person (“Data”).

Nonpersonal Data is data that does not relate to a specific person. We may combine personal and non-personal Data, in which case we will treat this bundle of Data as Personal Data for as long as it remains combined.

Service Partners are entities different to IdeasOnCanvas that provide services to IdeasOnCanvas, e.g. that contribute to the functioning and improvement of the MindNode App, the MindNode Website, the MindNode Plus Subscription, the MindNode Account Service, and the MindNode Live Service.

3. MindNode Website

3.1. Traffic Analysis

When you visit the MindNode Website, we collect some anonymous usage data for statistical purposes only. We don’t track individual visitors and all the data is in aggregate only. No personal data is collected and no cookies are set for tracking or analytic purposes.

Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. As we only use this data for statistical analysis and website improvement, we do not combine it with other data or information.

As a web analytics provider, we have commissioned Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. Your data is processed within the EEA.

We process your information based on your consent according to § 165 para. 3 TKG 2021 (TKG=Austrian Telecommunications Act).

3.2. Server-Log-Files

When you visit the MindNode Website, Personal Data is processed for technical purposes necessary to enable interaction with us, detect and track cyberattacks or other unauthorized access. As a website provider, we have commissioned Vercel Inc., 440 N Barracana Ave #4133, Covina, CA 91723, United States as data processor. The provider automatically collects and stores information that your browser automatically transmits in “server log files“. These include

  • Internet Protocol (IP) addresses;
  • System configuration information;
  • Timestamp;
  • Owner’s id of the resource and deployment id;
  • URLs of referring pages;
  • Location preferences;
  • Language preferences.

The servers, on which we this information is processed, are located within the European Economic Area (EEA). Nevertheless, a transfer to a third country (USA) cannot be ruled out. Therefore, the service provider is certified in accordance with the Data Privacy Framework, the transfer of personal data can be based on the respective EU-adequacy decision available here. In addition, access to the data privacy framework can be found here. Hence, an adequate level of protection of your Personal Data is ensured.

For the above mentioned purposes, your information is processed based on § 165 para. 3 TKG 2021 and is stored for 20 days to ensure the operation of our website as a service expressly requested by you. In case of the processing of Personal Data, the legal basis for processing additionally is Art. 6 para. 1 letter b GDPR.

The processing of your Personal Data is not based on legal or contractual obligations. This means that you are not obliged to give us your data. Please understand that we cannot provide you the website if you do not provide us with the relevant data.

4. MindNode App - Launch and Licensing

For app launch and licensing your data is processed in order to enter in or fulfill contractual obligations with you (Art. 6 para. 1 letter b GDPR). At activation of the app, as a technical requirement to run the service, we sync an universal unique identifier (UUID) between devices so you don’t have to register at each device for our app separately. Based on this information the app may show you pop-up notices with important information from time to time. In the course of this process, we collect the following Personal Data:

  • Model and version of the device used;
  • Hashed device serial number on Mac and unique id on other devices;
  • Operating system version of the device;
  • App version;
  • User identifier;
  • Language used.

The processing of your data is not based on legal obligations. However, it is required for the performance of our contract and relationship with you. In the event of a valid contract with us, you are obliged to provide us with this data. Please understand that we would not be able to fulfill our contractual obligations, if we did not have the above-mentioned Personal Data required for this purpose. Your data will generally be stored until the termination of our contractual relationship, i.e. as long as you use our app / until you delete the app. Beyond that, they are stored for 3 years for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the enforcement of existing and defense against alleged claims.

5. MindNode Plus Subscription

MindNode Plus is our cross-platform subscription. It unlocks the full MindNode feature set on all of your devices. To manage and verify your subscription across multiple platforms, we collect your App Store digital purchase receipts, combine it with a generated unique device identifier and a pseudonymized identifier that is stored inside your iCloud account. The purchase receipt contains information such as type of purchase, date of purchase, or app version at the time of purchase. Your Personal Data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR) and is stored until the termination of our contract (please see the details at the end of this paragraph). The processing is not based on legal obligations. However, it is required for the performance of our contract. In the event of a valid contract with us, you are obliged to provide us with this data. Please understand that we would not be able to fulfill our contractual obligations, if we did not have the above-mentioned Personal Data required for this purpose and therefore you cannot use our Subscription Service. Your Personal Data is stored until the end of the 7th calendar year after receipt in order to comply with our legal obligation (Art. 6 para. 1 lit. c DSGVO in conjunction with § 132 para. 1 BAO and § 212 UGB). If our contractual relationship with you exceeds this period of 7 years, we store your Personal Data on the basis of our legitimate interests on an overview of our transactions with you (Art 6 para 1 lit f GDPR) for the period of our contractual relationship with you.

Beyond that, they are stored for 3 years after the end of our contractual relationship for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person on the basis of our legitimate interest as well as for our potential marketing activities in order to regain you as our customer (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the enforcement of existing and defense against alleged claims respectively in our interest to win back lost customers.

6. MindNode Account Service

To manage your MindNode Plus subscription across multiple platforms, you can optionally sign up for a MindNode Account.

At registration for your MindNode, we store the email address and a hash generated from the password submitted to us. The email address and hash are stored encrypted on our server. We may use the email address to send you important notifications regarding the service and its use and for support purposes. In addition, we connect this data with the information we collect for licensing of the app (see Sec 4 above).

Your Personal Data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR). The processing is not based on legal obligations. However, it is required for the performance of our contract and relationship with you. If you decide to sign up for a MindNode Account, you are obliged to provide us with this data. Please understand that we would not be able to fulfill our contractual obligations, if we did not have the above-mentioned personal data required for this purpose and therefore you cannot use the Account Service. Your data will generally be stored until the termination of our contractual relationship, i.e. as long as you use our Account Service contract. Your Personal Data is stored until the end of the 7th calendar year after receipt in order to comply with our legal obligation (Art. 6 para. 1 lit. c DSGVO in conjunction with § 212 UGB). For further information on the storage of your Personal Data, please see under point 5. above.

7. MindNode Live Service

The MindNode Live Service is an optional extension of the MindNode App and may be used to enhance collaboration with others. The MindNode App will use a Service to exchange document data and transient metadata (those might include: selection, scroll position, cursor position, …) to all online participants of the current document. All transferred data is end-to-end encrypted. Data is encrypted on the device of a participant and decrypted on the devices of the other participants. The encryption key is not shared with the web service and at no time can the data be decrypted by the web service. The encrypted data is processed on the server for the duration of the session. Beyond this, the data is not stored.

For the purpose of providing the Service we have commissioned fly.io as processors. The servers, on which we process this information, are located within the European Economic Area (EEA). Nevertheless, a transfer to a third country (USA) cannot be ruled out. Therefore, the service provider is certified in accordance with the Data Privacy Framework, the transfer of personal data can be based on the respective EU-adequacy decision available here. In addition, access to the data privacy framework can be found here. Hence, an adequate level of protection of your Personal Data is ensured.

Your data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR). The processing is not based on legal obligations. However, it is required for the performance of our contract. Please understand that we would not be able to fulfill our contractual obligations, if we did not have the above-mentioned personal data required for this purpose.

8. Transactional and Support Emails

For the purpose of enabling our services and providing technical support for our website, our app, and our web service we collect and store your email address, as well as any additional data that is included in the support requests. In order to properly deal with incoming support requests, we will use the submitted information (email address) to contact you in order to help you with your request.

As our transactional email service provider, we have commissioned Mailjet SAS, 13- 13 bis, rue de l’Aubrac – 75012 Paris, France as processor, to whom we disclose the Personal Data needed to send out transactional emails to you. As our email service provider we have commissioned World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria as processor, who forwards incoming emails to our HelpDesk. As a helpdesk provider, we have commissioned Teamwork.com, Ltd., Blackpool Retail Park, Blackpool, Cork, T23 F902, Ireland as processor, to whom we disclose the data contained in the support request including your email address. Your data is processed within the EEA.

Your data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR). Transactional and support emails will usually be stored for a maximum of 3 years for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the enforcement of existing and the defense against alleged claims.

9. Newsletter

If you would like to receive our newsletter, we require an email address and your consent. We will use it to verify that you are the owner of the email address provided and that you agree to receive our newsletter (double-opt-in).After registration, the user receives a confirmation email to confirm the identity. The email address is only actively included in the distribution list if the registration is confirmed. You can revoke your consent at any time via the unsubscribe link that is part of every email or by e-mail (preferably) to support@mindnode.com.

We process your name, your e-mail address, the time of registration and your IP address during registration. Furthermore, we store which newsletters we have sent you, whether and when you opened them or blocked them or marked them as spam, whether they could not be delivered temporarily or permanently, whether you unsubscribe or unsubscribe from the newsletter, when and which and how many links you click on in the newsletter.

As a newsletter software provider, we have commissioned Mailjet SAS, 13-13 bis, rue de l’Aubrac – 75012 Paris, France as processor to whom we disclose the data needed to send out the newsletter.

Your data will be processed based on your consent (Art. 6 para 1 letter a GDPR) and deleted as soon as you unsubscribe to our newsletter. The processing of your data to us is not based on legal or contractual obligations. This means that you are not obliged to provide us within your data. Please understand that we cannot send you the Newsletter if you do not provide us with the relevant data. You have the right to withdraw this consent at any time by e-mail, preferably to privacy@mindnode.com, or by postal mail to Mariannengasse 10/3, 1090 Wien, Austria. This will not affect the lawfulness of the data processing before withdrawal of consent (Art 7 para 3 GDPR).

10. Children

We do not knowingly collect Personal Data from children under the age of 16. In case we learn that we have collected Personal Data of a child under the age of 16, we will delete that information as quickly as possible.

11.Suppliers and Business Partners

We process Personal Data of our suppliers and business partners and their employees (Contact Information, Company Affiliation, Contractual Details) either to take steps prior to entering into a contract or to fulfill our contractual obligations (Art. 6 para. 1 letter b GDPR). Personal Data is processed for the purpose of concluding, maintaining, and completing our contracts regarding goods and services.

To achieve these desired objectives, it may be necessary to disclose Personal Data to the following recipients in certain cases. The processing of your data to us is not based on legal obligations. This means that you are not obliged to provide us with your data. However, it is required for the conclusion of a contract. In the event of a valid contract with us, you are obliged to provide us with this data so that we can process the contractual relationship. If you do not provide us with your data, we cannot enter into a business relationship with you.

If you act on behalf of a legal entity with which we have a supplier-business relationship with or initiate or process such a business relationship (this applies in particular to employees of legal entities), we process your personal data on the basis of our legitimate interest (Art. 6 para. 1 letter f GDPR) in the initiation, maintenance and processing of the business relationship with the legal entity for which you act. The provision of your data is not based on legal obligations. However, it is required for the conclusion of our contract with the legal entity you are working for. In the event of a valid contract with us, the legal entity on whose behalf you are acting is obliged to provide us with this data so that we can process and fulfill the contractual relationship. Please understand that we could not process business cases if we do not have your personal data required for this purpose.

RECIPIENTS:

  • World4You Internet Services GmbH, Austria (processor for the purpose of web hosting)
  • Hetzner Online GmbH, Germany (processor for the purpose of Storage Share)

We will only store your data for as long as it is required for the purposes for which we collected it. For reasons relating to tax law, we process and store contracts and other documents and relevant correspondence pertaining to our contractual relationship for a period of 7 years to fulfill our legal obligation (Art. 6 para. 1 letter c GDPR) in accordance to § 212 UGB and § 132 Abs 1 BAO. Otherwise, it will be stored for a maximum of 3 years for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the enforcement of existing and defense against alleged claims.

12.Job Applicants

If you apply for a job at our company we process your Personal Data either to take steps prior to entering into a contract (conclusion of an employment agreement, Art. 6 para. 1 letter b GDPR) or on the basis of your explicit consent (Art. 6 para. 1 letter a GDPR), if we would like to keep your application on file for future consideration.

The processing of your data to us is not based on legal obligations. However, it is processed for the purpose of completing the application process. If you do not provide us with your data, we cannot process your application.

To achieve these desired objectives, it may be necessary to disclose the data, which you are providing to us in connection with your application, to the following recipients in certain cases:

RECIPIENTS:

  • World4You Internet Services GmbH, Austria (processor for the purpose of webservice)
  • Teamwork.com, Ltd., Ireland (processor for the purpose of helpdesk service)

We will only store your Personal Data for as long as it is required for the application process. If you are not hired your Personal Data will be deleted 7 months after the closure of the application procedure unless we request the applicant’s consent to their data being kept on file for future consideration and you gave us your consent. Our internal Privacy Policy for employees applies to applicants who are hired and can be requested during the application process.

13. Marketing

We process your data (only customers) for the purpose of electronic direct advertising in the form of e-mails (sending electronic catalogs, newsletters about our own similar products/services, satisfaction surveys, congratulatory letters, statistical evaluations). In this context, electronic direct advertising to our customers is carried out exclusively within the scope of § 174 para 4 TKG 2021.

We would like to expressly inform you that you can object to the processing of your data for the purpose of direct electronic advertising when the electronic contact information is collected and at each transmission by e-mail to privacy@mindnode.com. We also understand an objection to direct advertising pursuant to § 174 para 4 TKG as a revocation of your consent to e-mail newsletters, in case that you have provided consent.

We process your data for the purpose of direct advertising in accordance with § 174 para. 4 TKG only until you object to this data processing. Without objection, we process your data for this purpose for three years from the last contact. This storage of your data for the purpose of future direct advertising is done to protect our legitimate interest in keeping records of contacts for sending electronic direct advertising (Art 6 para 1 lit f GDPR).

14. Service Partners (Processors)

Below you will find a list of all processors with the purposes of the processing and, in case of third country transfers, the legal bases for the transfer in a so called third country (a country located outside of the European economic area). The allocation of the processes to the various data processing activities as listed above has already been performed, there.

  • World4You Internet Services GmbH, Austria (Webservice)
  • Vercel Inc. , USA (Webhosting - adequacy decision)
  • Teamwork.com, Ltd., Ireland (Helpdesk-Software)
  • Heroku Inc., USA (Webservice – Salesforce – adequacy decision)
  • Mailjet SAS, France (E-Mail Service)
  • Hetzner Online GmbH, Germany (Storage Share)
  • Plausible Insights OÜ, Estonia (Web Analytics)
  • Fly.io, USA (Webservice - adequacy decision)

15. Your rights with respect to data processing

We would furthermore like to inform you that you have the right, at all times, to request information concerning whether or not personal data is being processed, as well as access to your personal data process (see Art. 15 GDPR for details), the right to have your data corrected or deleted (see Art. 16 and Art. 17 GDPR for details), the right to restrict the processing of your data (see Art. 18 GDPR for details), the right to object to the processing of your data (see Art. 21 GDPR for details), and the right to data portability (see Art. 20 GDPR for details).

If we process your data on the basis of your consent, you have the right to withdraw your consent at any time, e.g. by sending a request via email to privacy@mindnode.com or via mail to IdeasOnCanvas GmbH, Mariannengasse 10/3, 1090 Wien, Austria. Your withdrawal of consent will not affect the lawfulness of the data processing that was conducted prior to the withdrawal (Art. 7 para. 3 GDPR).

If, contrary to expectations and despite our obligation to process your data lawfully, your right to the lawful processing of your data is violated, please inform us of your concerns by post or email (see contact information below) so that we can resolve the issue. You also have the right, however, to file a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, particularly in the country in which you reside or work. If you have additional questions regarding the processing of your data, please feel free to contact us directly, either by email at privacy@mindnode.com or via mail to IdeasOnCanvas GmbH, Mariannengasse 10/3, 1090 Wien, Austria.

16. Contact Information

IdeasOnCanvas GmbH

Mariannengasse 10/3

1090 Wien

Austria

Phone: 01 9244583

Email: privacy@mindnode.com

VAT ID ATU66934838

Registration Number.: FN 372333z, Handelsgericht Wien

Authority according to ECG: Magistratisches Bezirksamt für den 9. Bezirk Member of the Chamber of Commerce Vienna

Last updated: November 25th, 2024

MindNode

Company

Info

Apple, the Apple logo, iPad, iPhone, Mac Book Air, and iCloud are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc.

© 2024 IdeasOnCanvas GmbH