GDPR AND DATA PROTECTION MEASURES
Mind3 Ltd operates in accordance with the European Union’s (EU) General Data Protection Regulation (“GDPR” or the “Regulation”) which sets out rules for organizations involved in the collection and processing of personal data of individuals located in the EU. The Regulation:
- Updated the previous EU privacy framework to create a common set of data privacy and security rules across the EU.
- Reinforces principles of transparency and openness with individuals as to what data companies hold about them and how it is used.
- Provides individuals in the EU more consistent rights to access and control their personal data.
- Establishes a general accountability requirement, requiring companies to be able to demonstrate the ways in which they comply with data protection principles.
As a business with global reach, Mind3 Limited takes its responsibility to protect personal data very seriously. Trust is the cornerstone of our relationships and we are committed to the security and protection of personal data, working to provide a compliant and consistent approach to data protection.
Mind3 Limited’s security and privacy policies are continuously evolving, demonstrating an understanding of and an appreciation for applicable laws, including anticipation of new and future regulations.
GDPR compliance requires Mind3 Ltd to regularly update our approach to data collection, use, transfer, disclosure, and disposal policies and procedures. This includes:
- Individuals whose personal data we process are informed of what data we collect, why the data is required, how it is used, what their rights are, to whom the information is disclosed, and what safeguards are in place to protect their information.
- Mind3 Limited has ensured Associates and Contractors as well as current and new third-party service providers are aware and required to comply with our storage principles, which govern how personal data is stored, archived, and destroyed.
International Data Transfers & Third-Party Disclosures
- We secure, encrypt, and maintain data integrity during the transfer and/or storage of personal data outside the EU. When engaging sub processors, Mind3 Limited carries out due diligence and vetting processes to ensure that appropriate protections are in place.
Legal Basis for Processing
We review all processing activities to identify the relevant legal basis. We identify and assess what personal data we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.
Obtaining Consent and Providing Notice
We have revised our consent and notice process to help individuals easily understand what personal information is being collected, how it will be used and for what purpose. We articulate the individual’s rights to access and control their personal data.
Third Party Risk Management
We have risk assessment processes and continue to evaluate our current and new third-party service providers. This includes updating contracts with our service providers that process personal data on our behalf. Where appropriate, we employ due diligence procedures to help these third parties understand and meet their obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the third party’s technical and organizational measures in place, and their compliance with the GDPR.
Information Security & Technical and Organizational Measures
Mind3 Limited recognises that personal data is only as secure as the tools and technologies that manage it. We take appropriate technical and organizational measures and precautions to protect and secure personal data that we process. This includes a regular audit to ensure email security protocols are up to date with Mind3 Associates.
We have information security procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction.
User Training, IT Security Policy
All Mind3 Limited employees are required to agree to protect confidential information and sign up to the Information Security Policy as a condition of employment and as appropriate thereafter. Mind3 Limited requires new employees to pass a background check at the time of hire, as permitted by applicable law. This background check may include a check of criminal history, employment history, sanctions check and education verification.
Encryption in Transit – Mind3 Limited encrypts email data in transit using the TLS 1.3 protocol when communicating with a server that accepts encrypted connections.
GDPR Roles and Employees
Mind3 Limited has appointed an Information Security Officer (“ISO”) . The ISO is responsible for promoting awareness of privacy across the organisation, identifying and addressing any gap areas, and implementing the new policies, procedures and measures discussed here.
Privacy and confidentiality are embedded in our global standards, methodologies, training and practice. We also recognize that employee and third party provider awareness and understanding is vital to continued compliance. We regularly update and monitor our privacy training programs to ensure we are educating our employees and Associates on how to handle personal data under global privacy laws.
If you have any questions about Mind3 Limited’s privacy program, please contact us at DataProtectionOffice@mind-3.com or, if by mail, at Mind3 Data Protection Office, Mind House, 29 Bromley Common, London, BR2 9LS.