NextMind (hereinafter referred to as “we”, “us”, “our” or “NextMind”) attaches great importance to the protection of the personal data and privacy of its users.
You will find relevant information under the following categories:
What is personal data?
What personal data are collected, for what purposes , and on what legal basis?
Who is responsible for this processing of personal data, and how to contact him?
Who is the data shared with?
How long are the data kept?
Should this information not be sufficient to answer all your questions, we invite you to contact our Data Protection Officer at email@example.com.
Personal data refers to any information regarding an identified or identifiable physical person (referred to as a “data subject”).
In the context of the website www.next-mind.com (hereafter “Site”), our services and our portable brainwave sensor (hereafter “Product”), the persons concerned are the Internet users visiting our Site and the users of the Product (hereafter “you”, “your”, “user”).
The processing of personal data is subject to a specific legal and regulatory framework, consisting for France mainly of the GDPR and the French law known as the “Informatique et Libertés” law of 6 January 1978.
We collect personal data concerning our users in the following cases, for the following purposes:
2.1 When you browse our Site
When you connect to the Site, we collect the following data through its servers:
- The IP address ;
- The type of your terminal ;
- The type and version of your web browser software.
These data are collected and processed for the purpose of enabling the Site to be displayed correctly on your device. This processing is based on the necessity of its implementation for the execution of a contract to which the user is a party, namely the conditions of use of the Site.
If you have consented to the use of the corresponding cookies as described in article 6 hereafter, NextMind will also be able to collect through these cookies, during your navigation on the various pages and contents of the Site, data relating to this navigation, such as the pages visited.
These navigation data are collected and processed in order to measure the audience of the pages and contents of the Site. This processing is based on our legitimate interest, which consists in knowing more about the frequentation of the Site.
This data may also be used to personalise the advertising content displayed on our Site. This processing is based on your consent.
2.2 When you order a Product
When you purchase a Product, we collect the following data in order to process and deliver your order:
- Surname, first name, e-mail address, telephone number ;
- Credit card number ;
- User ID;
- Postal address.
2.3 When you use the Product
When you use the product, and only if you have consented to it in the “NextMind Manager” application, we collect the following data:
- Session data (date, duration, logs, user-triggered actions) ;
- Brain signals collected by electroencephalography using our Product, which include information that can be inferred from session data, alone or in combination (“EEG Data”).
These data are collected and processed for the purposes of scientific research and improvement of its services. The scientific research developed by NextMind is carried out outside a medical context.
We do not associate this data with the Product, any account you have with us, or any other personally identifiable information. To stop sharing your data with us un-check the corresponding box in the “Nextmind Manager” application.
These data are accessible only by NextMind and in no case by any other physical or moral person who would market or would make available for their own account the Product.
2.4 Data relating to minors
Our Products and services are intended for adults who are capable of entering into contractual obligations and of consenting to the processing that we envisage, and therefore we do not knowingly acquire or receive personal information from persons under the age of 18.
The minor user must obtain the consent of his legal guardian prior to the communication of personal data concerning him.
We are responsible for these processing activities and we edit the Site.
The personal data collected and processed as described in article 2 above are only used by authorized and competent persons and services within NextMind.
We do not transfer your personal data to countries outside the European Union.
The personal data collected and listed as set out in article 2 above are kept for periods not exceeding the fulfillment of the purposes for which they are collected.
In particular, when collected for the purposes of managing your Product order, your personal data may be kept for up to 3 years from the end of the commercial relationship. In the case of data collected for scientific research purposes, the data is kept for a maximum of 3 years from the last date of interaction with our services. The data is then anonymized and may be used for statistical purposes.
Cookies are small computer files placed on a user’s terminal (e.g., computer, smartphone, tablet) as part of a user’s visit to or use of a website or application. Their uses are varied, ranging from simple technical functions to enable or facilitate navigation to the collection of data relating to user preferences in order to offer personalized advertising.
In application of the applicable laws and regulations regarding the protection of personal data, you have the following rights regarding the processing of your personal data.
You may exercise them by contacting our Data Protection Officer at the following address firstname.lastname@example.org.
7.1 Right of access
The user may have access to his/her personal data that we process. If requested, we will provide the user with a copy of all his/her personal data and all legally required information, under the conditions provided for by law.
7.2 Right to portability
For those of the processing operations listed in article 2 above, which have as a legal basis the consent of the user or their necessity for the execution of a contract, the user also has the right to the portability of his/her personal data.
This right differs from the right of access to personal data insofar as (i) it concerns only the data provided by the user to NextMind and (ii) it allows to obtain this data in a structured and machine-readable format.
The right to the portability of the user’s personal data also opens up the possibility that they may be passed on to another data controller, at the user’s discretion, provided that this is technically possible.
7.3 Right of rectification
The user may ask to correct his/her personal data if it proves to be inaccurate, incomplete or obsolete.
7.4 Right to erasure
Users may request that their personal data be deleted in the following cases:
- if their personal data are no longer necessary for the purposes for which they were collected or are processed ;
- if the user has withdrawn his/her consent to the processing of his/her personal data, provided that his/her prior consent has been the legal basis for their collection and processing and that there is no other legal basis justifying them ;
- if the user has objected to the collection or processing of their personal data in accordance with Article 7.5 below;
- the processing of the user’s personal data is illegal ;
- the user’s personal data must be deleted in order for us to comply with a legal obligation imposed on the user; or
- if the user was a minor at the time of collection of his/her personal data. In the latter case and provided that the user was a minor at the time of the request, the holders of the user’s parental authority may also submit a request to us for the deletion of his/her personal data.
7.5 Right of opposition
Subject to a legitimate justification based on the particularity of his/her situation, the user may object to any processing of his/her personal data when his/her personal data is processed on the basis that such processing is necessary for the performance of a mission of public interest or the pursuit of our legitimate interest or that of a third party.
The user can also always oppose, without obligation of reason, the processing of his/her personal data when it is used for purposes of prospecting.
7.6 Right to limitation of processing
The user may request the limitation of the processing of his/her personal data in the following cases:
- in case he would contest the accuracy of his/her personal data, and this for the time necessary for NextMind to verify it ;
- if the processing of his/her personal data is unlawful and the user wishes to limit it rather than request its deletion ;
- if the user wishes us to retain his/her personal data when it is necessary for the establishment, exercise or defence of his/her rights in court; or
- if the user has objected to the processing of his/her personal data, for the period during which we verify that we have no other overriding legitimate reasons for further processing.
We would then stop processing the data concerned and retain it for the appropriate period of time.
7.7 Right to define directives relating to the fate of data after his/her death
The user can provide us with instructions on how to store, erase and disclose his/her personal data after his death.
7.8 Right to withdraw consent
For all processing activities, among those listed in Article 2 above, which have the user’s consent as a legal basis, the user has the right to withdraw this consent at any time, without having to justify it.
7.9 Right to lodge a complaint with a supervisory authority
Finally, the user has the right to lodge a complaint relating to the processing activities that we carry out with the competent supervisory authority.
For France, this control authority is the Commission Nationale de l’Informatique et des Libertés. For more information on the latter and how to contact it, the user is invited to consult the website www.cnil.fr
We use commercially reasonable security measures to protect ourselves against the loss, misuse and alteration of the data we collect, depending on the categories of personal data and the applicable processing activity, such as pseudonymization, encryption of transmitted and stored data, restriction of access by two-factor authentication where applicable.