Website Registration, Privacy Policy & Data Protection

MindGenius Ltd are committed to complying with the Data Protection Act 1998 and have published this guide to help you understand how, and why, MindGenius Ltd collect information from you, to whom such information is disclosed and what your rights are.

 

What information do we collect and how do we obtain it?

You can access the home pages of our MindGenius and Barvas websites, and browse either site, without disclosing your personal data.

However, when you download from the MindGenius website you will be asked to provide certain information, such as your name and your email address.

When an order is placed, additional information (such as credit card details, telephone number and shipping address) will be required and requested at point of sale.

When you access the Barvas product (http://app.barvas.com) from www.barvas.com you will be asked to provide certain information, such as your name and your email address.

How do we use your information?

For MindGenius, we use the information that we collect about you to:

  • Confirm the download was successful
  • Contact you to offer assistance
  • Process your orders
  • Notify you about enhancements to our services, such as changes to the website, new services and special offers that may be of interest


For Barvas, we use the information that we collect about you to:

  • Confirm your account has been created successfully
  • Contact you to offer assistance
  • Notify you about enhancements to our services, such as changes to the website, new services and special offers that may be of interest

 

MindGenius Ltd may disclose the data collected to MindGenius Ltd partners that perform the services described here.
 

How secure is your information?

For MindGenius

The security of your information is of top priority to MindGenius Ltd and our site uses WorldPay services or FastSpring for Secure Credit Card Transactions. WorldPay uses 128 bit SSL encryption technology, which is the industry standard for on-line transactions.

         

 

About FastSpring Security

FastSpring is regularly audited to ensure they are PCI Compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. This means there is no risk of your personal data or credit card information being stolen. Using your credit card through a FastSpring page is 100% safe. We do not store credit card numbers, so there is no chance of unauthorized access or the numbers being stolen after a FastSpring purchase is completed.

Verisign – For all purchases, FastSpring employs Verisign SSL Certificates that meet the highest standard in the Internet security industry for secure transations. An SSL Certificate establishes a private communication channel enabling encryption of the data during transmission. In addition, SSL Certificates allow Web browsers to clearly display a Web site’s organizational identity.

         

 

For Barvas

Our site uses Stripe for Secure Credit Card Transactions for Barvas. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

 

HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL), including their public website and the Dashboard.

  • Stripe.js is served only over TLS
  • Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

 

Stripe regularly audit the details of their implementation: the certificates they serve, the certificate authorities they use, and the ciphers they support. Stripe use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

Encryption of sensitive data and communication

All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

MindGenius Ltd does not sell, trade or rent your personal information to others. Please be aware that if we are requested, by the police or any other regulatory or Government authority investigating suspected illegal activities, to provide your information and/or use your information, we are entitled to do so.

What about Cookies?

We may use cookies in connection with our websites and services and some of the cookies may be linked to your personally identifiable information. Any time you register on a site, use a site, place an order through a site, or identify yourself or the computer you are using through a site, you will be deemed to have given us permission to link your personally identifiable information with cookies.

Most or all browsers permit you to disable or reject certain cookies. You can do this by setting the preferences in the browser. Use the "help" feature of your browser to obtain more information about refusing cookies. However, if you set the browser you use to reject cookies or otherwise disable them, you may not be able to use any or all of the functionality at one or more of the sites or it may take additional time to utilise such functionality. If you wish to use any such functionality that requires the use of cookies at any of our sites, then you must accept the use of cookies for that site, and thereby, give us your permission to link your data as discussed above.

Google Analytics

We may use and support one or more of the Google tools including without limitation, Google Analytics (including Universal Analytics), (hereinafter, collectively, “Google Analytics”).

Use of Intercom Services

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as your email address and sign-up date) to Intercom, Inc. (“Intercom”) and utilise Intercom to collect data for analytics purposes when you visit our website or use our product. Intercom analyses your use of our website and/or product and tracks our relationship so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit http://docs.intercom.io/privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at http://docs.intercom.io/terms. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

Unsubscribing

We may send to you one or more welcome emails that may also verify password and user name information, and we may send to you updates, service announcements, administrative messages, or other important information about one or more of the sites and/or our services. We may also send you newsletters, notifications or other information about products, services, and special deals we think may be of interest to users like you. Some of these communications – such as those with service announcements or such -- are tied to the service and contain important information about the service or your use of it. For those types of communications, you can only unsubscribe from them by cancelling your subscription.

When emails are not tied to use of the service, we will usually provide an unsubscribe link within them. Users who no longer wish to receive newsletters or other promotional materials will generally be provided with a link or other mechanism to use to unsubscribe from the receiving of respective materials. You may opt out of receiving such newsletters or other promotional materials by following the procedure there.

If you decide you do not want us to contact you, you can request that we stop using your information and that we stop mailing information to you by sending an e-mail to unsubscribe@mindgenius.com with "Unsubscribe" in the subject field. Alternatively, you can write to the Data Controller at the address below quoting "Privacy Enquiry".

By using our Web site, you consent to the collection and use of this information by MindGenius Ltd. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.

Your rights under the Data Protection Act 1998

You have a right to access the personal data that we hold on you. If you would like to see a copy, please send a 10 GBP fee and a written request to the Data Controller at:

MindGenius Ltd,

Tulloch Gael,

Scottish Enterprise Technology Park,

East Kilbride,

G75 0QR,

Scotland.

In addition, if you think the information we hold on you is incorrect, please e-mail MindGenius Ltd at info@mindgenius.com or contact the Data Controller at above address, quoting "Privacy Enquiry."

Changes to This Privacy Policy

We may choose to make changes to this Policy at any time. If we decide to change this Policy, we will post the changes on one or more sites and/or other places we deem appropriate. We may, but are not obligated, to send you an email or other notification of such change; but you should review this Policy from time to time for significant changes. If you agree to the changes, you don't need to do anything. But if you do not agree to the changes, you must discontinue use of our sites and services. If you continue to use our sites and services after the effective date of any change, you are deemed to have accepted the change.

Exceptions

Except as stated below, we will use information in accordance with this Policy as it may be changed from time to time as set forth above. Notwithstanding anything else in this Policy to the contrary, we may collect personally identifiable information and use and disclose such information in ways other than those described above if we are required to do so by any applicable law or if we deem it advisable and lawful in the course of (i) assisting law enforcement activities, or (ii) investigating and resolving disputes between users; and (iii) protecting our site(s) or other property, including, without limitation, investigating, preventing or taking action with respect to illegal activities, suspected fraud, situations involving the potential safety of any person, violations of MindGenius's terms of use, or as otherwise required by law. Without limiting the foregoing, we reserve the right to use and disclose any information that you provide to us if we deem it advisable in the prosecution or defence of any litigation involving your use of any site.