As a world leader in online intelligence, Digimind pays the most attention to the processing of personal data. Our longstanding experience in this market has allowed us to build an effective personal data management policy, which combines privacy processes and tools to ensure data security. Please find below our detailed activity on this, our processing methods, and the rights you can claim about your data.

 

What is personal data? 

Personal data means data which relates to a living individual who can be identified from that data (...) and includes any expression of opinion about the individual (source: ICO).

 

What data is processed by Digimind?

Digimind processes different types of personal data ranging from (i) Digimind’s employees data; (ii) contact data relating to customers, suppliers, and business partners; (iii) navigation data on Digimind websites; (iv) personal data from users of our solutions; (v) and data indexed from Internet by means of our software.

 

Regarding data from the Internet, Digimind indexes data from the web and especially from social media networks. According to the official definitions, This indexed data is not regarded as sensitive. Furthermore, pursuant to the new European Data Protection Regulation (GDPR) Article 6, Digimind is only indexing data which is voluntarily posted on the Internet with a public status and which has been prone to expressed consent regarding  the use by third parties.

 

In other words, Digimind never collects information which has a private status and is not able to access to profiles or pages online and social networks, if the access has been restricted by the user.

 

What is Digimind doing with this data? 

All of the data from Digimind’s employees and contact information from clients, suppliers, and partners  are used to ensure standard functions of the company like all types of communication, payment, and invoicing. 

 

Digimind uses cookies to collect data on our websites, including third-party cookies, in order to optimize the functionality of the website and for website analysis and statistics. 

 

Last but not least, indexed data from the Internet enables our software to generate consolidated visual analysis  for our clients’ daily usage.

 

How is this web public data indexed? 

As part of its collection activity, Digimind uses automated indexing systems, also known as "crawlers". This is available thanks to some application programming interfaces (API), via agreement with websites or third-party content suppliers.

 

These crawlers abide by the terms and conditions of individual sites, meaning that we observe each platform’s privacy requirements and other restrictions, and also comply with websites’ protocols. Digimind does not use an ID circumvent system and only collects data when the site has authorized it. Our crawlers are also identifiable by site owners as belonging to Digimind, so that they can choose to block or contact us with any questions.

 

The indexes of the data is stored at subcontractors’ data centers, who commit themselves to the same level of requirement and to the respect of the same rules, in particular under Article 28 of the GDPR. The data can only be stored in European Union country members or countries where legislation is regarded as adequate by the law of the European Union.

 

How can I be ensured that my data are protected?

Pursuant to the new European regulation related to the protection of personal data in Article 32, Digimind commits to implementing every technical and organizational measure to guarantee a suitable level of security for each typology of indexed data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to User Personal Data.

 

This represents a process of handling data, started well before the date GDPR shall apply the 25 May 2018, in line with the French Law “informatique et liberté” from 1978 and which shall continue beyond that date.

 

In order to meet these requirements, data is indexed by type, sensitivity, and treatment. Each treatment is listed in a register, as provided for in Article 30, and is subject to appropriate protection defined after a Privacy Impact Assessment (PIA) as framed by Article 35 et seq. of the GDPR.

 

All of these documents, as well as the mapping of use and transfert for each type of data, are at the disposal of the supervisory authorities designated by Article 54 et seq. of the GDPR.

 

In this context, Digimind has implemented a “Privacy by Design” policy, which means that from the moment Digimind designs and develops our solutions, we implement the right features so that we index only the data strictly necessary for the use that is pursued as recommended by the European Regulation Article 25.

 

Once the data are indexed, it is  not kept longer than necessary for the nature and purpose of the processing. To ensure that data is not intentionally or unintentionally retained for longer than necessary, Digimind has implemented a system for automatic deletion. This measure is part of the Digimind strategy of personal data minimization. 

 

At the same time, Digimind maintains strong physical and applicative security measures in line with market standards. This security policy is shared with our clients within the context of specific non-disclosure agreements. 

 

Moreover, in order to guarantee stringent security and to prevent any harm, Digimind, following the Article 33 of the GDPR, will notify the concerned person and the control authority as soon as practicable after it becomes aware of any personal data breach affecting any user personal data.

 

In addition, Digimind is offering a full data anonymization option as part of our “Privacy by Design” program. This applies specifically to Digimind Social. It allows our clients to ensure the maximum level of security you expect, and is beyond what the GDPR requires. 

 

Respect for personal character and for the will of concerned persons

Digimind is aware of the importance of the control of its personal data, and guarantees the full cooperation of Digimind’s services to all individuals involved in the processing of its data. 

 

To this end and in compliance with the obligations set out in the various regulations on the protection of personal data, Digimind guarantees its compliance with : 

 

- The General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a regulation in the European Union and the European Economic Area since May 25, 2018. It gives control to individuals over their personal data and unifying the European law about the transfer of personal data. Digimind has implemented this regulation and provide to its customers access to its various rights : 

 

  • The right of access to its data (Article 15 GDPR): The data subject can ask Digimind for confirmation that personal data concerning him are or are not processed. He can, if they are processed, ask for access to these personal data information as well as asking for information related to the treatment, the recipients, the period of conservation.
  • Right to object (Article 21 GDPR): The data subject may, at any time, object, for reasons related to his or her personal situation, to the processing of his personal data.
  • Right to erasure (‘right to be forgotten’) (Article 17 GDPR): The data subject can ask Digimind to delete personal data related to him as soon as possible when these are no longer necessary for the purposes for which they were indexed, or if the data subject has withdrew its consent on which the processing is based, in accordance with Article 6§1, or if it objected to the processing of its data as provided forgoing.
  • Right to rectification (Article 16 GDPR): The data subject may request Digimind to correct any inaccurate personal data concerning him. Given the purpose of the processing, the data subject may also request that incomplete personal data be completed, including by providing a supplementary declaration.
  • Right of communication to the data subject in case of personal data breach (Article 34 GDPR): When a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, Digimind commits to communicating the personal data breach to the data subject without undue delay. 

 

- The California Consumer Privacy Act (CCPA)

Digimind also guarantees your rights under the California Consumer Privacy Act (CCPA) since January 1, 2020. It is the highest standard of Data protection in the United States. The CCPA grants California residents several new rights over their personal information :

 

  • The right to Request Information : The Data Subject has the right to request the categories of personal information and the specific pieces of personal information that Digimind has collected  (article 1798.100 and  1798.115 CCPA)
  • The right of deletion : The Data Subject can request  Digimind to delete any personal information related to him  (Article 1798.105 CCPA)
  • Facilitation of Rights Request : The Data Subject can request a copy of the specific personal information collected about him during the past 12 months (Article 1798.130 CCPA)
  • The Right to Equal Services and Prices : Digimind provides the Services without discrimination when you exercise any of you rights under the CCPA. (Article 1798.125 CCPA)

 

- Personal Data Protection Act (PDPA) : 

Singapore Personal Data Protection Act 2012 (PDPA) has come into full effect on 2nd July 2014. The PDPA establishes a general data protection regime, comprising data protection obligations and Digimind ensures its respect:

 

  • Consent obligation : Digimind only uses the personal Data of Data Subject who consented to share it (Article 13 PDPA)
  • Purpose Limitation Obligation : Digimind collects, uses or discloses personal data about a Data Subject only for purposes that a reasonable person would consider appropriate in the circumstances. (Article 18 PDPA)
  • Access and Correction Obligation : The Data Subject may request to Digimind the access and the correction of its personal Data (Article 21 PDPA)
  • Protection Obligation : Digimind has implemented security measures to protect the personal data of its customers (article 24 PDPA)
  • Retention Limitation Obligation : The data subject can request Digimind to delete personal data related to him as soon as possible when these are no longer necessary for the purposes for which they were indexed, (Article 25 PDPA)
  • Transfer Limitation obligation : Digimind undertakes, if there is a transfer of data from a subject living in Singapore, that this will be done while respecting the protection measure imposed by the PDPA (Article 26 PDPA

 

Changes to this Policy

We may revise this Data Privacy Policy from time to time. The most recent version of the policy will govern our use of your information and will always be at http://digimind.com/data-privacy.

 

Effective: March 9th, 2018

Last update: May 18th, 2020.

 

If you wish to obtain more information or to assert your rights on your personal data, you can contact us right now at data.privacy@digimind.com