MindNode Triad

Privacy Policy

Privacy Policy

1. General Information

Your privacy is very important to us at IdeasOnCanvas GmbH (“IdeasOnCanvas”). We created this Privacy Policy to inform you about how we collect, use and store data personally related to you (“Personal Information”). This Privacy Policy covers the MindNode apps, as well as the website, and the “myMindNode” web service. It also covers our relationship with suppliers, business partners and job applicants. Any information, personal or not, we collect serves the purpose of providing and improving our service as well as providing support.

We will ensure to only process and share your Personal Information in accordance with applicable data protection law, especially the EU General Data Protection Regulation (“GDPR“).

2. Definitions

Personal Information is data which relate to a specific identifiable person.

Nonpersonal Information is data that does not relate to a specific person. We may combine personal and non-personal information, in which case we will treat this bundle of information as Personal Information for as long as it remains combined.

Service Partners are entities different to IdeasOnCanvas that provide services to IdeasOnCanvas, e.g. that contribute to the functioning and improvement of the MindNode apps, the website, and the “myMindNode” web service.

3. MindNode Website

3.1. Traffic Analysis

For traffic analysis we process the following information of website visitors:

  • IP address;
  • Date and time of the request;
  • Title of the page being viewed (Page Title);
  • URL of the page being viewed (Page URL);
  • URL of the page that was viewed prior to the current page (Referrer URL);
  • Screen resolution being used;
  • Time in local user’s timezone;
  • Files that were clicked and downloaded (Download);
  • Links to an outside domain that were clicked (Outlink);
  • Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed);
  • Location of the user: country, region, city, approximate latitude and longitude (Geolocation);
  • Main Language of the browser being used (Accept-Language header);
  • User Agent of the browser being used (User-Agent header).

To process this information we internally use Matomo, an open source web analytics platform. All Personal Information, including the IP address, is anonymized before storing. As we only use this data for statistical analysis and website improvement, we do not combine it with other data or information. This data is deleted after 6 months.

We process your data based on § 96 para. 3 TKG 2003 (Austrian Telecommunications Act) and our legitimate interest (Art. 6 para. 1 letter f GDPR) to ensure the operation, the security, and the optimised performance of our website.

3.2. Server-Log-Files

As a website provider we have commissioned ZEIT Inc, 1046 Kearny Street, San Francisco, CA 94133, United States. The provider automatically collects and stores information that your browser automatically transmits in “server log files“. These include

  • Internet Protocol (IP) addresses;
  • System configuration information;
  • Timestamp;
  • Owner’s id of the resource and deployment id;
  • URLs of referring pages;
  • Location preferences;
  • Language preferences.

Your data is processed based on § 96 para. 3 TKG 2003 (Austrian Telecommunications Act) and our legitimate interest (Art. 6 para. 1 letter f GDPR) and stored for 20 days, to ensure the operation, the security, and the optimised performance of our website.

4. MindNode App

App Launch

At activation of the app, as a technical requirement to run the service, we sync an identifier between devices so you don’t have to register at each device for our app separately. Based on this information the app may show you pop-up notices with important information from time to time. In the course of this process we collect the following Personal Information:

  • Model and version of the device used;
  • Hashed device serial number on Mac and unique id on iOS;
  • iOS or macOS version of device;
  • App version;
  • User identifier;
  • Language used.

Licensing

To manage and verify your license across multiple platforms, we collect your App Store digital purchase receipts, combine it with a generated unique device identifier and a pseudonymized identifier that is stored inside your iCloud account. The purchase receipt contains information such as type of purchase, date of purchase or app version at time of purchase (no Personal Information or payment information is contained in the receipt).

Diagnostic Reports

At times we will ask you to provide diagnostic information or crash logs to help us

troubleshoot an issue or crash. When you submit a crash log, the crash log and any additional information you provide, is stored by our Service Partner Microsoft Inc, One Microsoft Way, Redmond, WA 98052-6399, United States.

Beta Test

If you decide to become a beta tester for our services, we store your email address to send you occasional beta newsletters. We also share your email address with Apple Inc. to add you to the TestFlight beta test program.

For app launch and licensing your data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR). For diagnostic reports and beta testing your data is processed based on your consent (Art. 6 para. 1 letter a GDPR). We will only store Personal Information for as long as necessary for the specific purpose of processing. Crash logs are stored for 90 days.

5. myMindNode Web Service

At registration for myMindNode, we store the email address submitted to us. We may use it to send you important notifications regarding the service and its use and for support purposes. In addition, we connect your email address with the information we collected at activation of the app for support purposes (see Sec 4 above).

If a document is uploaded to myMindNode, the document you upload is assigned to an individual Web URL (an individual Website) which can be publicly accessed by anyone who knows the URL. We are not able to guarantee confidentiality of any information contained in these documents. Please consider carefully what you upload (e.g. Personal or Confidential Information) as this happens within your own legal responsibility. By uploading a document you confirm that you are entitled to make the information you upload to myMindNode web service publicly available and do not infringe the rights of others.

For the purpose of providing the Service we have commissioned Heroku Inc., The Landmark @ 1 Market St., Suite 300, San Francisco, CA 94105, United States and Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109-5210, United States. The servers, on which we process and store this information, are located within the European Economic Area (EEA).

Your data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR).

We generally do not store your Personal Information longer than absolutely necessary to provide the Service to you. At termination of the service agreement between us we will delete any Personal Information we collected from you without undue delay, unless further storage of such information is required for a valid purpose. Please be aware that an encrypted storage of your Personal Information in our back-up system might

be necessary for technical reasons for a period of 3 months from the termination of the Service.

6. Transactional and Support Emails

For the purpose of enabling our services and providing technical support for our website, our apps and our web service we collect and store your email address, as well as any additional information that is included in the support requests. In order to properly deal with incoming support requests, we will use the submitted information (email address) to contact you in order to help you with your request.

As our transactional email service provider we have commissioned Mailjet SAS, 13- 13 bis, rue de l’Aubrac – 75012 Paris, France to whom we disclose the information needed to send out transactional emails to you. As our email server provider we have commissioned domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Deutschland who forwards incoming emails to our HelpDesk. As a helpdesk provider we have commissioned Teamwork.com, Ltd., Blackpool Retail Park, Blackpool, Cork, T23 F902, Ireland to whom we disclose the information contained in support request including your email address. Your data is processed within the EEA.

Your data is processed in order to enter or fulfill our contractual obligations with you (Art. 6 para. 1 letter b GDPR). Transactional emails will be stored for 13 months after the corresponding transaction. Support emails will usually be stored for a maximum of 2 years.

7. Newsletter

If you would like to receive our newsletter, we require an email address. We will use it to verify that you are the owner of the email address provided and that you agree to receive our newsletter. We use this address exclusively to send you our newsletter.

We use the double opt-in procedure to ensure that newsletters are sent in a consent manner. After registration, the user receives a confirmation email to confirm. The address is only actively included in the distribution list if the registration is confirmed. You can revoke this consent at any time via the unsubscribe link that is part of every email.

As a newsletter software provider we have commissioned Mailjet SAS, 13-13 bis, rue de l’Aubrac – 75012 Paris, France to whom we disclose the information needed to send out the newsletter.

Your data will be processed based on your consent (Art. 6 para 1 letter a GDPR) and deleted as soon as you unsubscribe to our newsletter.

8. Our Service Partners

Every service partner we engage with is either located in the EEA or participates in the EU-U.S. Privacy Shield.

RECIPIENTS:

  • domainfactory GmbH, Germany (Within the EU)
  • ZEIT Inc. , USA (EU-US Privacy Shield)
  • Teamwork.com, Ltd., Ireland (Within the EU)
  • Microsoft Inc., USA (EU-US Privacy Shield)
  • Heroku Inc., USA (EU-US Privacy Shield)
  • Amazon Web Services, Inc., USA (EU-US Privacy Shield)
  • Mailjet SAS, France (Within the EU)
  • Apple Inc., USA (EU-US Privacy Shield)

9. Children

We do not knowingly collect Personal Information from children under the age of 16. In case we learn that we have collected Personal Information of a child under the age of 16, we will delete that information as quickly as possible.

10. Suppliers and Business Partners

We process Personal Information of our suppliers and business partners either to take steps prior to entering into a contract or to fulfil our contractual obligations (Art. 6 para. 1 letter b GDPR) or to fulfil our legal obligations (Art. 6 para. 1 letter c GDPR).

Personal Information is processed, first and foremost, for the purpose of concluding, maintaining, and completing our contracts regarding goods and services.

To achieve these desired objectives, it may be necessary to disclose Personal Information to the following recipients in certain cases. If you do not provide us with your data, we cannot enter into a business relationship with you.

RECIPIENTS:

  • domainfactory GmbH, Germany (Within the EU)
  • Dropbox, Inc., USA (EU-US Privacy Shield)

We will only store your data for as long as it is required for the purposes for which we collected it.

For reasons relating to tax law, we store contracts and other documents and relevant correspondence pertaining to our contractual relationship for a period of 10 years.

11. Job Applicants

If you apply for a job at our company we process your Personal Information either to take steps prior to entering into a contract (conclusion of an employment agreement, Art. 6 para. 1 letter b GDPR), on the basis of your explicit consent (Art. 6 para. 1 letter a GDPR) if we would like to keep your application on file for future consideration, and to fulfil our legal obligations (registering you as an employee in the social security system, Art. 6 para. 1 letter c GDPR).

Your Personal Information processed for the purpose of completing the application process and registering you in the social security system when we hire you. If you do not provide us with your data, we cannot process your application.

To achieve these desired objectives, it may be necessary to disclose your data to the following recipients in certain cases:

RECIPIENTS:

  • domainfactory GmbH, Germany (Within the EU)
  • Teamwork.com, Ltd., Ireland (Within the EU)

We will only store your Personal Information for as long as it is required for the purposes for which we collected it.

If you are not hired your Personal Information will be deleted 7 months after the closure of the application procedure unless we request the applicant’s consent to their data being kept on file for future consideration. Our internal Privacy Policy for employees applies to applicants who are hired and can be requested during the application process.

12. Your rights with respect to data processing

We would furthermore like to inform you that you have the right, at all times, to request information concerning which of your data is processed by us (see Art. 15 GDPR for details), the right to have your data corrected or deleted (see Art. 16 GDPR for details), the right to restrict the processing of your data (see Art. 18 GDPR for details), the right to object to the processing of your data (see Art. 21 GDPR for details), and the right to data portability (see Art. 20 GDPR for details).

If we process your data on the basis of your consent, you have the right to withdraw your consent at any time by sending a request via email to privacy@mindnode.com or via mail to IdeasOnCanvas GmbH, Zieglergasse 6/1/6/11, A-1070 Vienna. Your withdrawal of consent will not affect the lawfulness of the data processing that was conducted prior to the withdrawal (Art. 7 para. 3 GDPR).

If, contrary to expectations and despite our obligation to process your data lawfully, your right to the lawful processing of your data is violated, please inform us of your concerns by post or email (see contact information below) so that we can resolve the issue. You also have the right, however, to file a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, particularly in the country in which you reside or work. If you have additional questions regarding the processing of your data, please feel free to contact us directly, either by email at privacy@mindnode.com or via mail to IdeasOnCanvas GmbH, Zieglergasse 6/1/6/11, A-1070 Vienna.

13. Policy Changes

We may update this privacy policy from time to time, in which case we will post a notice on our website. It is your responsibility to make yourself familiar with the latest version of this policy.

14. Contact Information

IdeasOnCanvas GmbH

Zieglergasse 6/1/6/11

A-1070 Vienna

Phone: 01 9244583

Email: privacy@mindnode.com

VAT ID ATU66934838

Registration Number.: FN 372333z, Handelsgericht Wien

Authority according to ECG: Magistratisches Bezirksamt für den 6./7. Bezirk Member of the Chamber of Commerce Vienna

Last updated: December 17, 2019