Effective date: 24.02.2023
If you have any questions about privacy, please do not hesitate to contact us:
c/o ETH Zurich, NCM Lab
You can also reach us by email at email@example.com.
1 What types of personal data do we collect?
We collect information and personal data directly from you, from third party devices and services you connect to, and automatically through your use of myflow.
When you create a profile to use myflow, we collect the information and personal data you provide to us, including your name and email address. We also collect any additional information you choose to add to your profile. If you process personal data of others, it is your responsibility to ensure that you comply with applicable data protection laws.
When you access our website, data transmitted by your browser and automatically stored by our server, such as the date and time of access, the name of the file accessed, as well as the amount of data transferred and the access time, your web browser, browser language and requesting domain, as well as your IP address, are collected (further data is only collected via our website if you provide this information voluntarily, for example as part of a registration or request).
If you contact us directly, we will receive the content of your message or any attachments you send to us, as well as any additional information you choose to provide.
3 For what purposes do we process personal data?
We process your information, including your personal data, for the following purposes:
When you create a profile to use myflow, you provide us with your personal information as described in Section 1.
To enable you to access myflow, to communicate with you about your use of myflow, to respond to your inquiries and for other customer service purposes.
To research and develop new products and features, as permitted by law and, if necessary, with your consent.
For marketing, promotional and informational purposes, to the extent permitted by law and, if necessary, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers and promotions, or to otherwise inform you about products or information that we think may interest you. We may also use the information we learn about you to promote our services on third party websites. You may opt out of receiving these emails at any time as described below.
To better understand how users access and use myflow, both on an aggregate and individual basis, to improve myflow and respond to user requests and preferences, and for other analytical purposes.
To personalize the content and information we send or display to you, to provide personalized help and instructions, and to otherwise personalize your experience when using myflow.
To comply with legal and regulatory obligations and responsibilities, as part of our general business operations and for other business administration purposes.
4 On what legal basis and for what purposes do we process personal data?
Depending on the purpose of the processing activity (see Section 3 above), the processing of your information and personal data will take one of the following forms:
necessary for MindMetrix AG's legitimate interests without unreasonably prejudicing your interests or fundamental rights and freedoms (see below);
necessary for the formation or performance of a contract with you for the services or products you have requested or for the performance of our obligations under such contract, for example, where we use your data for some of the purposes set out in Sections 3(1) - 3(3) above (as well as for some of the data sharing described in this Section 4);
necessary to comply with our legal or regulatory obligations, including carrying out checks to identify you and disclosing information to authorities, regulators and government bodies, to the purposes set out in Sections 5(5) and 5(6);
in some cases, necessary for the performance of a task in the public interest;
where we use special categories of personal data necessary for the establishment, exercise or defense of legal claims, or where the processing relates to personal data that are manifestly in the public domain; and
processed with your consent, which we may obtain from you from time to time (e.g., when required by law), or processed with your explicit consent, which may be necessary, where special categories of personal data are involved.
Examples of the "legitimate interests" mentioned above include:
the pursuit of certain purposes of sections 3(5) - 3(7);
exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our entrepreneurial freedom and right to property;
when making the disclosures set forth in Section 5 below, providing products and services, and ensuring a consistently high standard of service and satisfaction of our customers, employees and other stakeholders; and
meeting our accountability and legal requirements around the world,
in any case, unless your interests in privacy outweigh these interests.
5 Who has access to personal data and with whom is it shared?
We may share your information, including personal information, as follows:
Aggregated and Anonymized Information. We may use aggregated or anonymized information - so that it cannot be used to identify an individual - to perform various types of analyses, such as improving our products and services or other similar analyses.
Service Providers. We may share your information with third-party vendors, service providers, contractors or agents who perform service functions we need to operate our business, such as providers of hosting, email communications, customer services, analytics, marketing and advertising, based on our instructions and in accordance with this Statement and other appropriate confidentiality and security measures.
Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will notify affected users before transferring personal information to a new company.
In response to legal process. We may disclose information we collect from you to comply with the law, a court proceeding, a court order, or other legal process, such as in response to a court order or subpoena.
In response to regulatory or legal obligations: As required from time to time, we may disclose personal information to public and judicial authorities, regulatory agencies or governmental bodies and in proceedings, including as required by law or regulation or by such authorities or bodies.
Third Party Analytics Tools. We use automated devices and applications, such as Google Analytics, to evaluate the use of our Service. We may also use other analytics tools to evaluate our websites. We use these tools to improve myflow, performance and user experience.
6 International transfer of personal data
The recipients mentioned in section 5 above may be located outside of Switzerland. In such cases, except where the country in question has been determined by the EU or Switzerland to provide an adequate level of protection, MindMetrix AG will implement appropriate safeguards to ensure that any such transfer is in compliance with applicable data protection laws.
You may request additional information in this regard and obtain a copy of the appropriate safeguards by contacting us at the address provided at the end of this notice. When MindMetrix AG transfers personal data to service providers in countries that do not provide an adequate level of protection, we rely on standard contractual clauses approved by the European Commission or Switzerland.
7 How long do we store your data for?
We will retain your information, including personal data, only as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal requirements. To this end, we apply criteria to determine the appropriate time periods to retain your personal information based on its purpose, such as proper recordkeeping, facilitating the management of customer relationships, and responding to legal claims or regulatory inquiries.
9 Links from third parties
10 Security of my personal data
We have taken reasonable precautions to protect the information we collect from loss, misuse and unauthorized access, disclosure, alteration and destruction. Please note that despite our best efforts, no data security measures can guarantee security.
We are not responsible for lost, stolen or compromised passwords or for any activity on your account due to unauthorized password activity.
11 Access to, storage of and deletion of personal information
You can access and change the personal data you have entered by going to your profile and updating your profile information. Your personal information is stored and accessible on your device and in the cloud.
We store the information associated with your account until your account is deleted. You may delete your account at any time by contacting firstname.lastname@example.org. Please note that deleting your account information may take some time and we may retain it for legal or damage prevention reasons, as described in the "Sharing Information" section.
12 Users under 18 years
Our services are not intended for users under the age of 18. If we discover that a user under the age of 18 has provided us with personal information, we will delete that information from our systems.
13 Your rights
13.1 What rights do I have?
Individuals located in Switzerland or the European Economic Area (EEA) have certain rights with respect to their personal information. MindMetrix AG offers all of our worldwide users the opportunity to exercise these rights, including:
the right to access your personal data;
the right to correct or rectify inaccurate personal data;
the right to restrict or object to the processing of personal data;
the right to erase your personal data; and
the right to portability of personal data.
13.2 How can I exercise my individual rights?
Please note that MindMetrix AG may request additional information from you to verify your identity before we disclose any personal or account information.
If you have any questions about our privacy practices, please contact us at email@example.com or at the following address:
c/o ETH Zurich, NCM Lab
If you, as a customer, are unable to contact MindMetrix AG using the contact information provided above, you have the right to contact your local data protection authority.
15 Changes to this declaration
This statement is effective as of the effective date indicated above. We may change this Statement from time to time, so you should review it periodically. We will post any changes to this Statement. If we make any changes to this Statement that materially affect our practices with respect to the personal information we have previously collected from you, we will endeavor to notify you in advance of any such change.