Mindy Boho GDPR Compliance Overview

 

The General Data Protection Regulation (“GDPR”), which takes effect on May 25, 2018, is an iteration of the existing data protection law defined and enforced by the European Union.

Mindy Boho is a Canadian company that places a premium on respecting the privacy of its customers and prospects, the users of the websites it manages and the confidentiality of their personal data. Mindy Boho undertakes to process the data it collects and processes, in compliance with applicable laws and regulations such as the European law n ° 78-17 of January 6, 1978 relating to data, files and data. Freedoms and the Regulation on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation: GDPR ).

Please see below a general overview which details the Mindy Boho’s compliance with GDPR. For additional information please contact our DPO at: contact@mindyboho.com

Definitions of personal data

Any information relating to a person who can be identified directly or indirectly.

Processing of personal data: Any operation, or set of operations, relating to such data, whatever the process used (collection, recording, organization, preservation, adaptation, modification, extraction, consultation, use, communication by transmission dissemination or any other form of provision, reconciliation or interconnection, locking, deletion or destruction, etc.).

Cookie: A cookie is a small computer file, a plotter, deposited and read for example when consulting a website, reading an email, installing or using a software or a mobile application, regardless of the type of terminal used (computer, smartphone / smartphone, digital reader, video game console connected to the Internet, etc.).

Data Collected and Nature of Data Collected as part of Mindy Boho’s Activity

We may collect the following personal data: your title / surname, surname, first name, postal address, country of residence, email / email, password, IP address, partial credit card number, domain name of your site web.

Procedures giving rise to the collection of personal data (these procedures give rise to your prior consent):

– civility, surname, first name, email, IP: commercial prospecting forms
– title, surname, first name, postal address, country of residence, email / email, password, IP, domain name of your website: registration as a member and use of the features of our websites.
– title, surname, first name, postal address, country of residence, email / email, IP, partial credit card number: purchase of a product or service on one of our websites.

Purpose of collection and processing procedures

The objective requiring the collection and processing of your personal data may be:

– the operational requirements of our websites, registration, identification of members, security of access, access to content and services.
– security of network access and online computing infrastructure, data protection, detection of intrusions or illegal activities
– collection of mandatory legal, accounting and legal information
– the commercial prospection necessary for the activity of the enterprise

Data Processing

Mindy Boho only processes personal data to the extent necessary and in accordance with applicable privacy laws including the GDPR. Mindy Boho has ensured that there is an applicable lawful basis for any and all processing of EEA data subjects Personal Data when it acts as a controller and has entered into applicable Data Processing Agreements when it acts as a processor. In addition, Mindy Boho has ensured all legal documents, including without limitations, agreements, privacy policies and sale terms are compliant with the GDPR.

Technological Organizational and Security Standards

The Mindy Boho has completed an in-depth audit mapping out all of the Personal Data and data sets which it processes, as well as the technical and organizational security measures used in order to safeguard and protect such data. For additional information, please see communicate with us at: contact@mindyboho.com

Recipients of data – subcontractors

Your personal data are exclusively intended to be exploited by the firm Mindy Boho. In the case of illegal activities, suspicion of illegal activities or for the purposes of investigations, legal requisitions, etc. your personal data can be transmitted, on request, to the judicial authorities or controls: police, gendarmerie, magistrate, departmental direction of the protection of populations, fiscal services or social etc.

The personal data collected and processed directly by the Mindy Boho are exclusively stored in Canada, in the databases of KEBECWEB’s servers. Mindy Boho does not sell or rent, under any circumstances, your personal data to third parties.

Right of access, opposition and withdrawal

In accordance with the legislation in force, you have rights of access, rectification and deletion of personal data concerning you. You can freely access, modify or delete your personal data except legal obligations: accounting, taxation, controls, need to keep them by the firm Mindy Boho) by contacting us by email: contact@mindyboho.com.

You can use the contact details given above, ask to receive detailed information about your personal data collected, the purpose of the treatments applied to them, their retention period, their recipients, as well as to benefit from their portability.

Cookies

Mindy Boho websites do not use cookies to facilitate navigation on the site.

Security

Mindy Boho takes all necessary measures to ensure the security of the personal data it collects. No personal data is stored within the premises of the firm Mindy Boho, the personal data collected are hosted by our specialized subcontractors (web hosts, auto-responder / sending e-mail, payment systems, accounting).

Access to servers or secure databases managed directly by the firm Mindy Boho and are subject to restricted access by strong username and password, via an SSL / https encrypted connection. The servers are hosted by the Webmaster of EDGN Consultant Inc. (contact@edgnconsultants.com) in highly secure data centers of Kebecweb.

Retention period of data

To satisfy its legal obligations or to have the necessary elements to assert its rights (accounting, taxation, tracing of access …), the firm Mindy Boho will be able to archive the data under the conditions provided by the regulations. The personal data related to the operation of websites managed by the firm Mindy Boho are kept for 3 years in our computer databases after the last connection detected for access to our websites.

The personal data of clients of Mindy Boho are kept for 3 years after the purchase in our computer databases, then during the legal period in force within our documents or accounting databases.

Modification of our privacy policy

Mindy Boho reserves the right to modify this privacy policy at any time, in particular in application of the changes made to the laws and regulations in force. Changes will be notified via our website or email. You may at any time read our privacy policy regarding your personal data by accessing this document.

Transfer of data outside the EU

Mindy Boho may have to transfer some of your data outside the European Union. Among others your first name, email and IP address when buying a product or service made through the company Paypal or during your voluntary registration to one of our newsletters. Transfers of personal data outside the European Union will only be made to countries whose level of security of personal data is recognized by the European Union as equivalent to that of the countries of the European Union.

Information in case of data theft

If despite all the protections implemented by the firm Mindy Boho and its subcontractors, some of your personal data were stolen, compromised or deleted, the firm Mindy Boho undertakes to inform you in due time legal requirements and in accordance with the legal requirements in force. This obligation of legal information cannot be interpreted as an acknowledgment of responsibility or negligence on the part of the firm Mindy Boho or its subcontractors.

Education

Mindy Boho has trained its personnel and employees with regards to the GDPR, and also about data practices and the importance of security.

Transparency to Regulators

Mindy Boho maintains accurate and accessible written records to the extent legally required to provide supervisory authorities, all in a timely manner, as required under applicable laws including the GDPR.

User Rights

In accordance with GDPR, data subjects may exercise the following rights:

-the right to access Personal Data that we hold;
-the right to request the rectification of Personal Data that we hold;
-the right to request the erasure of Personal Data that we hold;
-the right to request to restrict processing of Personal Data;
-the right to object to processing of Personal Data by us;
-the right to request to transfer Personal Data that we hold (i.e., data portability);
-the right to file a complaint to a supervisory authority in the applicable jurisdiction; and
-the right to withdraw consent (to the extent applicable).

In order to exercise any of the above rights please contact our DPO at: contact@mindyboho.com . We have also trained our designated privacy and security team to respond to such request and follow the privacy by design and privacy by default values when developing additional platforms, features and services.

Incident Responsiveness

Mindy Boho has implemented a process, in the event of a data breach and will provide the data controllers, the regulators and the end users with an immediacy of notification to the extent required under applicable law.

Legal Documentation

Our Legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory Processor provisions required by Article 28 of the GDPR.

Data Protection Officer

We have appointed a DPO in order to ensure ongoing compliance with the GDPR. Mindy Boho’s DPO can be contacted at: contact@mindyboho.com