Mindball Privacy Policy

General Privacy Policy for Mentalytics AB – last updated on the 8th of January 2024.

The Mindball Company is a legal entity of Mentalytics AB.

Mentalytics AB is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using the Mindball website, below mentioned as “Services” for easier review, you can be assured that it will only be used in accordance with this Privacy Policy.

This Privacy Policy outlines how Mentalytics generally handles your personal data. In connection with some of our Services, we will give you more specific information about our handling of your personal data, and we will, where appropriate, ask for your consent before handling your personal data. At the end of this policy, there is information on how to contact us if you have any questions or if you think anything is unclear.

  1. What we collect

We collect only the personal data necessary for the provision of each specific Service you use. The types of data collected and the purposes for which they are processed will be clearly specified and limited to what is necessary for those purposes.

Here’s how:

Personal data and other information you (and others) give us.
We collect the information that you (and others) give us when using our Services. For example:

  • When you register to use our Services, we may ask for information such as your name, email address and phone number.
  • If you buy something from us, we collect information about the transaction. This can include your payment information, purchase activity and delivery and contact details.
  • When you communicate with Mentalytics, you provide us with information such as your email address.
  • If you seek customer support for one of our Services, then it’s sometimes necessary for us to access your personal information to be able to help you with your problem. In those cases, we will either delete the data once the support matter has been resolved or store the data according to applicable retention routines within Mentalytics, if we find that either you or Mentalytics has a legitimate interest in doing so.
  • We collect content and information about content that you create using our Services.

Personal data and other information which is automatically collected about you when you use our services.

We also collect information automatically when you are connected to our Services. Depending on how you access and use our Services, we collect information such as:

  • Information about how you access our Services, including information about the type of device that you’re using, its configuration (such as your operating system and graphics processing unit), your browser, and how your device is performing.
  • Information about you and your social media profile if you choose to access our Services with a social media profile. Please note that the information you share within the scope of those social media services, is not applicable to this Privacy policy.

  1. How do we use your personal data?

We use the information as set out below and to provide our Services to you and our partners. Here’s how:

To provide and personalize our Services.

We use the information we collect to provide you with our Services. For example, we use this information to:

  • Communicate with you about our Services
  • Provide technical support
  • Notify you about updates to our Services and
  • Customize your usage based on your activities, including the content, games, apps and other experiences you interact with. This allows us to make our Services unique and relevant to you, for example by showing you content that is most relevant to you.

To improve and develop your experience and our Services.

We also use the information that we collect to understand, develop, and improve our Services. For example, we use the information to:

  • Seek and analyze input and feedback about our Services
  • Identify and address technical issues on our Services
  • Conduct and learn from research about the ways in which people use our Services and
  • Improve services offered by others, such as third parties that offer games, apps and other content connected to our Services.

To promote our brand and Services.

We use the information that we collect to send you promotional messages and content and otherwise market to you on and offer our Services. We also use this information to measure how users respond to our marketing efforts. If you would like to opt out of receiving marketing emails, then you can always do so by following the instructions implemented in every such promotional message.

To promote safety and security.

We use the personal data that we collect to help promote safety and security on and off our Services, such as by investigating suspicious activity or breaches of our terms or policies and protecting our or others’ rights or property.

  1. How is personal data shared?

To provide and support our Services, information that we have about you is shared in certain circumstances. The following can see information about you when you and others use our Services. Developers, support, and other online content providers on our Services.

You can interact with Third-party content, games, apps and other experiences through our Services. We may share information about you with these partners so they can provide you with the experiences that you’ve requested, such as:

  • Information in your profile and about how you use our Services. For example, we may provide a third-party games provider with your user id or similar, so that the games provider may deliver a game to you that you’ve purchased bundled with one of our products
  • Any other information that you choose to share with the third party through your use of the Services.

Service providers.

We share the information that we collect with vendors, service providers, researchers, and other partners, who work at our direction to support the Services (such as hosting our Services, fulfilling orders, facilitating payments, analyzing the way people use our Services, processing credit card payments, providing customer service or sending electronic communications for us).

Other parties in connection with certain business transactions.

If the ownership of Mentalytics (or any portion of our assets) changes as a result of a merger, acquisition or in the event of a bankruptcy, information from or about you or your device may be transferred to another company.

Law enforcement or legal requests.

We share information with law enforcement or in response to legal requests in the circumstances outlined in Section 6 below.

We also share de-identified or aggregate data with others. “De-identified data” means information where we have removed identifiable data such as your name and other data that could reasonably be used to identify you. “Aggregate data” is data that has been combined with other data so that it doesn’t identify any specific person. For example, we provide developers with aggregated statistics about the number of people from a particular region that use our Services, so developers can create content tailored for people in that market. We may also share de-identified or aggregated data with other third parties.

  1. Third parties that provide content, marketing, or functionality on our services

Some of the content, marketing and functionality on our Services may be provided by third parties that are not affiliated with us. For example, we work with companies that help us provide content within the Service that you purchased.

  1. Data retention and deletion

We store data that identifies you until it is no longer necessary to provide our Services. This is a case-by case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

  1. How do we respond to legal requests and minimize harm?

We access, preserve, and share information with regulators, law enforcement or others:

  • In response to a legal request where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognized standards.
  • When we have a good faith belief that it is necessary to: detect, prevent, and address fraud or other illegal activity; to protect Mentalytics, our Services, you, and others, including as part of investigations; or to prevent death or imminent bodily harm.

  1. How we operate and transfer data as part of our global services

We share information globally, both internally within the Mentalytics and externally with our partners to fully provide the Services you are entitled to receive based on the Service you have purchased or subscribed to and/or otherwise are entitled to receive.

Any transfer of your personal data outside the EEA, Switzerland, or the UK will be carried out in compliance with GDPR. We ensure that all international data transfers are safeguarded with appropriate legal mechanisms and security measures.

  1. Changes to this policy

If we make changes to this Privacy Policy, we will provide notice of such changes as appropriate, such as by sending you an email notification to the address that you’ve provided, and/or providing notice through the Services. If we make an administrative change, we may update the “Last Updated” date at the top of this Privacy Policy.

The Data Protection Officer for Mentalytics can be contacted at legal@mentalytics.com You also have the right to lodge a complaint with the Swedish lead supervisory authority; Datainspektionen www.datainspektionen.se.

  1. What is our legal basis for processing data?

The legal ground for processing personal data varies depending on the types of data and the situation. The legal grounds we rely on at Mentalytics are the following:

  • If processing is necessary to fulfil our contract with you, i.e. what we are obliged to provide under the agreement between you and us. Our obligations to you vary depending on the Service you are using. For example, we may need to store your name and address to keep track of our warranty obligations to you.
  • You may withdraw your consent at any time. It should be noted that a withdrawal of a consent shall, and cannot, affect the lawfulness of processing that has already been carried out based on that consent before its withdrawal.
  • As necessary to comply with our legal obligations, for example, Mentalytics must store some purchase information to comply with tax and accounting regulations. The legal ground for this processing (storing) is therefore necessary for compliance with legal obligations.
  • As necessary for our (or others) legitimate interests. Mentalytics has a legitimate interest in providing an innovative, personalized, safe and profitable service to our existing and future users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.

  1. How can you exercise the rights provided to you under the GDPR?

In accordance with GDPR, you have comprehensive rights regarding your personal data, including access, rectification, erasure, data portability, and the right to object to or restrict processing. We provide clear procedures for you to exercise these rights, which can be initiated by contacting our Data Protection Officer at legal@mentalytics.com.

  1. Contacting us

The data controller responsible for your information is Mentalytics AB which you can contact by e-mail at legal@mentalytics.com.