Privacy Policy & Terms

Last updated 24th February 2020
The Mindshop Group of Companies (collectively Mindshop) is comprised of Mindshop International Pty Ltd (ACN 074 286 212), Mindshop Australia Pty Ltd (ABN 16 083 124 467), Mindshop UK Ltd (Company Reg: 03530512)

Mindshop is committed to protecting and respecting your privacy and developing technology that provides you the most powerful and safe online experience. This Statement of Privacy applies to the Mindshop family of Web sites and governs data collection and usage. By using the Mindshop family of websites and Mindshop Online, you consent to the data practices described in this statement, outlining our ongoing obligations to you in respect of how we manage your Personal Information.

Privacy Principles
We adhere to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (“Privacy Act”), and to the extent possible, the EU General Data Protection Regulations (GDPR).  Further information regarding the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au.

What is Personal Information, what information is collected?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.

Mindshop will, from time to time, receive and store personal information you submit to our website, provided to us directly or give to us in other forms.

We may collect additional information at other times, including but not limited to, when you provide feedback, when you change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.

How do we collect your personal information?
Mindshop collects personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access our websites and when we engage in business activities with you. We may receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy.

By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.

 How do we use your information?
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing (primary purpose). We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access the services provided by our website.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. Mindshop keeps track of the Web sites and pages our customers visit within Mindshop and Mindshop Online, in order to determine what Mindshop services are the most popular. This data is used to deliver customised content to customers whose behaviour indicates that they are interested in a particular subject area. Any person not a paying subscriber by way of a Mindshop Advisor or Online member may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

When you are registered as an Advisor or Online member of the Mindshop Online Platform (Service) you will be asked to provide information about yourself including your name, organisation, address and email details. We may also collect usage information when you use the Service to produce reports, statistics and analytics. This information will only be used to provide our core services to you or communicate updates to those services and are never sold to 3rd parties.

There is also information about your computer hardware and software that is automatically collected by Mindshop. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by Mindshop for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of Mindshop Online and Mindshop’s Website.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Mindshop’s public discussion forum, this information may be collected and used by others. Note: Mindshop does not read or have direct access at an administrative team level to any of your private online communications submitted via action posts, replies, training modules or notes that are submitted securely to your allocated Mindshop coach or shared with other Online members by you.

Mindshop encourages you to review the privacy statements of Web sites you choose to link to from Mindshop so that you can understand how those Web sites collect, use and share your information. Mindshop is not responsible for the privacy statements or other content on Web sites outside of the Mindshop family of Web sites.

Cookies
“Cookies” are small text files that are placed on your browser when you access our Service. Cookies are required to use the Service and are used in the following ways: (a) To keep a browser session open after a user logs in; (b) When enabled ‘Remember Me’ on the login page a cookie is stored to allow the user to pre-populate their username (typically their email address). This cookie is removed after a period of 120 days from the user’s browser. These cookies contain no personal information, although users are advised not to enable ‘Remember Me’ when using a public device or browser where privacy is a concern.

Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information
Mindshop may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.  In addition, your Personal Information may be disclosed in a number of circumstances including the following: (a) Third parties where you consent to the use or disclosure; (b) Where required or authorised by law.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

When using our Artificial Intelligence powered search engine any details entered into it are transmitted to a third-party provider for the purpose of providing the Service. All data submitted to third parties is protected using SSL technology.

Your Personal Information is stored securely in a third-party Customer Relationship Management (CRM) system (salesforce.com) that states in its privacy policies that it abides by the same strict data protection and privacy policies as Mindshop.

Mindshop will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Mindshop; (b) protect and defend the rights or property of Mindshop; and (c) act under exigent circumstances to protect the personal safety of users of Mindshop, or the public.

General Data Protection Regulation (GDPR) for the European Union (EU)

Mindshop seeks to comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Mindshop complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

Except as otherwise provided in the GDPR, you have the following rights:

·         to be informed how your personal information is being used;

·         access your personal information (we will provide you with a free copy of it);

·         to correct your personal information if it is inaccurate or incomplete;

·         to delete your personal information (also known as “the right to be forgotten”);

·         to restrict processing of your personal information;

·         to retain and reuse your personal information for your own purposes;

·         to object to your personal information being used; and

·         to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

Hosting and International Data Transfers

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include but are not limited to the United Kingdom and North America.

We and our other group companies have offices and/or facilities in Australia, the United Kingdom and North America Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following:

·         the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website;

·         the use of binding corporate rules, a copy of which you can obtain from the Privacy Officer (see contact details below).

The hosting facilities for our website are situated in Australia and the United Kingdom. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from the Privacy Officer (see contact details below).

Our Suppliers and contractors are situated in Australia, the United Kingdom and North America Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following:

·         the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website;

·         the use of binding corporate rules, a copy of which you can obtain from the Privacy Officer (see contact details below).

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

 Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. Mindshop secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.

Mindshop Group uses a cloud-based server infrastructure hosted on the Amazon EC2 and Microsoft Azure platforms located in the Australian and United Kingdom regions. Data stored on our Mindshop’s cloud servers is locally encrypted and use SSL security certificates, so all data transferred between an Advisors or Online members browser and our Mindshop’s servers is encrypted. An Advisor or Online members browser must support the encryption security used in the connection with our servers. Please see https://azure.microsoft.com/en-us/support/legal/ and https://aws.amazon.com/agreement/ for specific policies on our cloud-based infrastructure platform. EU based advisors and users please note that your data will be backed up securely outside of the EU.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years. Your data may also be permanently deleted by us after you stop paying to use the Service, or upon request.

Access to your Personal Information
You may access the Personal Information we hold about you to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Mindshop will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal Information we may require identification from you before releasing the requested information. We have access to and may use the information we collect in the Service for the purpose of billing, support, usage monitoring and service performance as well as for other internal purposes.

Maintaining the Quality of your Personal Information
It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Changes to this Statement
Mindshop reserves the right to change or alter this privacy policy at any time. Mindshop encourages you to periodically review this Statement to be informed of how Mindshop is protecting your Personal information.

Privacy Policy Complaints and Enquiries
Mindshop welcomes your comments regarding this Statement of Privacy. If you believe that Mindshop has not adhered to this Statement, or if you have any queries or complaints about our Privacy Policy, please contact us at:

Privacy Officer
Level 4, 25 Claremont St, South Yarra VIC 3141, Australia
help@mindshop.com
Telephone +61 3 8807 0163