The simplified joint stock company “MAINDSET” SAS (hereinafter “Maindset”), whose registered office is located at 177 bis avenue Louis Lumière, is committed to respecting the privacy of all persons providing them with personal data.
In operating the Maindset XR Application distributed via the maindset.io platform (hereinafter, the “Application”), Maindset acts as data controller. The use of the terms “we”, “us” or “our” hereinafter refers to Maindset.
This privacy and cookies policy (the “Privacy Policy”) describes how we collect and use personal data relating to users of the Application (together “you”, “your”) in accordance with the General Data Protection Regulation (“GDPR”) and the French Data Protection Act of 6 January 1978 as amended (together the “Applicable Legislation”).
In general, Maindset does not collect any directly identifying personal data through the use of the Application and only some specific indirectly identifying personal data is collected, as explained below.
This Privacy Policy also describes the legal basis on which we process personal data, with whom we share it and how it is stored.
It is important that you read this Privacy Policy, and any other information we may provide on specific occasions when we collect or process your personal data, so that you know how and why we use that data.
How is your personal data collected by Maindset? What cookies are used?
We generally collect personal data about you directly via the Application (to be precise, via HTTP request headers). These are “cookies” or similar tracers within the meaning of Applicable Legislation.
These cookies are strictly necessary for the provision of the service offered by Maindset. The information collected in this way is used to check that the Application is being used on the correct site and to combat fraud, in the interests of its users.
These cookies do not collect any information about you that could be used for marketing purposes or to remember the websites you have visited.
What personal data do we collect and for what purposes?
By personal data, we mean any information about a person from which that person can be identified directly or indirectly. This does not include data from which the identity has been removed (anonymous data).
In the context of the Application, via trackers, the only personal data collected and processed by Maindset is the IP address of the user of the Application. This is associated with access logs and the user’s shop. The legal basis for this processing is our legitimate interest: this data (collected via tracers) is strictly necessary to provide the service requested by the user and to enable us to combat fraud.
Maindset may also use the data to improve the algorithms of the Internet Application and its services as well as similar services it offers to its clients, on the basis of its legitimate interest.
We believe that the risk associated with the personal data we process on the basis of our legitimate interests is not excessive or overly intrusive. In particular, we have put in place measures to protect your rights by applying appropriate retention periods and ensuring appropriate security controls.
If you choose not to provide the Personal Data we request or if you set your terminal to block this information, we may not be able to provide you with the products and/or services you have requested or to fulfil the purposes for which we have requested the Personal Data.
Recipients of your personal data
As a general rule, we do not share your personal data with third parties and only Maindset teams have access to it.
As an exception, we may share your personal data with third parties where required by law, including judicial authorities, public administration and any other third party if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, protect the rights, property and/or safety of our company or personnel.
Your data may also be processed by our hosting service providers. We have carefully selected these service providers and taken measures to ensure adequate protection of your personal data. All our service providers are bound by a written contract to process personal data provided to them solely for the purpose of providing a specific service to us and to maintain appropriate security measures to protect your personal data.
Where is your personal data located? Is the data subject to an international transfer?
Your personal data is located on our servers in France or those of our hosting providers located within the European Union. We will notify you if this changes and will implement appropriate safeguards to allow such transfers.
How long do we keep your personal data?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including any legal, accounting or tax requirements.
As a general rule, we delete your data within 13 months of collecting it.
What do we do to ensure the security of your personal data?
Maindset is committed to protecting personal data against loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction, and takes all reasonable precautions to protect the confidentiality of personal data, including taking appropriate organizational and technical measures.
We have adopted physical, electronic and administrative security measures including the use of extensive firewalls and passwords to secure access to personal data. In addition, we restrict access to personal information to those employees who need to know that information in order to perform their duties at Maindset.
We have procedures in place to deal with suspected data breaches and will notify you and any relevant supervisory authority of a suspected breach where we are legally required to do so.
Your rights
As a data subject, you have various rights. These rights are not absolute and each of these rights is subject to certain conditions in accordance with the Applicable Legislation, as explained below. Given the nature of the personal data collected by Maindset (principally your IP address), the effective exercise of these rights will therefore be difficult in most cases, but we will do our best to accommodate them.
- The right of access – you have the right to obtain confirmation from us as to whether or not your personal data is being processed by us, as well as certain other information (similar to that provided in this Privacy Policy) about how it is used. You also have the right to access your personal data, by requesting a copy of your personal data. This allows you to know and verify that we are using your information in accordance with data protection laws. We may refuse to provide information where this would reveal personal data about another person or adversely affect the rights of another person and we may ask you for further information if it is necessary in order to respond to your request.
- The right of rectification – you can ask us to take steps to correct your personal data if it is inaccurate or incomplete.
The right to erasure – also known as the “right to be forgotten”, this right allows you, in simple terms, to request the erasure or deletion of your personal data when, for example, there is no compelling reason for us to continue using it or its use is unlawful. However, this is not a general right to erasure and there are some exceptions, for example where we need to use the information to defend a legal claim or to be able to comply with a legal obligation.
- The right to restrict processing – you have the right to “block” or prevent further use of your personal data when we are assessing a request for rectification or as an alternative to erasure. Where processing is restricted, we may still retain your personal data, but we may not use it further.
The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time, insofar as such processing takes place for the purposes of legitimate interests pursued by Maindset.We will be allowed to continue processing personal data if we can demonstrate that the processing is justified on compelling legitimate grounds that override your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims.
- The right to withdraw your consent – if we were to process your personal data on the basis of your consent, you would have the right to withdraw your consent at any time.However, such withdrawal does not affect the lawfulness of the processing that took place prior to the withdrawal.
- The right to provide us with instructions on the use of your personal data after your death – you have the right to provide us with instructions on the management (for example, retention, erasure and disclosure) of your data after your death.You may change or revoke your instructions at any time.
To exercise these rights, please contact us at the address given in paragraph I below, specifying the right you wish to exercise and enclosing proof of identity with your request.
How to contact us ?
Maindset reserves the right to update this Privacy Policy from time to time. We will notify you of any material changes in the way we use your personal information.
If you have any questions about this Privacy Policy or the use of your personal data, please contact us by email at the following address:
Maindset SAS 177 bis avenue Louis Lumière 34400 LUNEL or by email at [email protected].
Before evaluating your request, we may ask you for additional information to identify yourself. If you do not provide the requested information and we are therefore unable to identify you, we may refuse to process your request.
If you are not satisfied with our response to your complaint or if you believe that the processing of your Personal Data does not comply with data protection laws, you may lodge a complaint with the competent data protection supervisory authority. The French data protection authority is the Commission Informatique et Libertés (CNIL) (www.cnil.fr).