Privacy Policy & Privacy Notice


Privacy Notice


Information controller, who are we?
Software Minder Limited is an innovative software company which specialises in providing cloud-based business management tools for businesses within the Health & Fitness industry.


Your personal data that we process is:

  1. Names
  2. Email
  3. Telephone
  4. Photos
  5. Address


We declare that the personal data we collect will only be used for the following purposes:

  1. To improve and assist with customer service.
  2. To send occassional emails - the email address you provide may be used to send information, respond to queries or other requests.
  3. To process transactions - Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
  4. To improve our product and personalise your experience.


The basis that entitles us to process your data is:
Processing is based on your consent;


Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.


Consent
By agreeing to accept this Privacy Notice, you authorize us to process your personal information only for the purposes we specify. In cases where we want consensus on special (sensitive) personal data, we will always be motivated why and how this information will be used. You can withdraw your consent at any time


Data Retention
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:


At any time while we store or process your personal data, you have the following rights:

  1. You have the right to request a copy of your personal data Software Minder Limited and the right of access at any time to your personal data;
  2. You have the right to request your personal data in a form convenient to transfer to another personal data administrator from Software Minder Limited or to ask us to do so without being hindered by ourselves;
  3. You have the right to ask Software Minder Limited to correct without undue delay your inaccurate personal data as well as the data that is not up to date;
  4. You have the right to request from Software Minder Limited that your personal data be deleted without undue delay in any of the following circumstances:
    • personal data are no longer needed for the purposes for which they were collected;
    • when you have withdrawn your consent;
    • when you have objected to the processing,
    • when processing is unlawful;
    • where personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State that applies to us as a data controller;
    • when personal data have been gathered in connection with the provision of information society services.

We may refuse to delete your personal information for the following reasons:

  1. in the exercise of the right to freedom of expression and the right to information;
  2. to comply with a legal obligation on our part or to carry out a task in the public interest,
  3. in the exercise of the official powers granted to us (in case you are a body of authority);
  4. for reasons of public interest in the field of public health;
  5. for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, in so far as deletion is likely to render impossible or seriously obstructing the achievement of the purposes of such processing; or for the establishment, exercise or protection of legal claims.
You have the right to request from Software Minder Limited to restrict the processing of your personal data, in which case the data will only be stored but not processed. Our refusal to restrict will be explicit only in writing, and we are obliged to motivate it for the legitimate reason;
  1. You have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to the administrator;
  2. You have the right to object to certain types of processing, such as direct marketing (unsolicited advertising messages);
  3. You have the right to object to automated processing, including profiling;
  4. You have the right not to be the subject of a decision based solely on automated processing including profiling;
  5. If we need to use your personal data for a new purpose not covered by this data protection statement, we will provide you with a new data protection skill and when and where necessary we will require your prior consent for the new processing.
All the above requests will be forwarded if there is a third party (recipients, including outside the EU and international organizations) in the processing of your personal data.


You have the right to complaint to the supervisory authority
In case you wish to file a complaint about the processing of your personal data through Software Minder Limited (recipients, including outside the EU and international organizations), you can do so by contacting Software Minder Limited or directly of the Data Protection Officer (the contact details listed below).


Data Protection Officer

For questions or concerns regarding the Privacy Policy, you may contact the data privacy officer at privacy@ptminder.com.
Address: PO Box 25600, St Heliers 1740, Auckland, New Zealand.


Privacy Policy


Introduction

General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 (General Data Protection Regulation) replaces Data Protection Directive 95/46. It has direct effect and implies a change in the legislation of the Member States in the field of personal data protection. Its purpose is to protect the "rights and freedoms" of individuals and to ensure that personal data are not processed without their knowledge and, where possible, processed with their consent.

Scope Material scope (GDPR Article 2) - this Regulation applies to the processing of personal data wholly or in part by automatic means and to the processing of personal data (for example, manually and on paper) by other means, which are part of a personal data record or which are intended to form part of a personal data record.
Territorial scope (GDPR Article 3) - The rules of the GDPR will apply to all data controllers established in the EU who process personal data of individuals in the context of their activities. It will also apply to non-EU administrators who process personal data in order to offer goods and services or observe the behavior of data subjects who are resident in the EU.

Definition:

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions and the processing of genetic data, biometrics for unique identifying an individual, data concerning health or data on the sexual life of an individual or sexual orientation.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Data subject means any natural person who is the subject of personal data stored by the Controller (Administrator).

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Main place of establishment - the EU controller's headquarters will be the place where he takes the basic decisions about the purpose and means of his data processing activities. For personal data processors, its main place of establishment in the EU will be its administrative center.
If the controller is based outside the EU, he must appoint a representative in the jurisdiction where the administrator works to act on behalf of the controller and deal with supervisors. (Article 4 (16) of the GDPR) Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

I. Declaration on privacy policy

  1. The management of Software Minder Limited undertake to ensure compliance with the EU and Member States legislation regarding the processing of personal data and the protection of the "rights and freedoms" of persons whose personal data is Software Minder Limited collects and processes under the General Data Protection Regulation (Regulation (EU) 2016/679).
  2. In accordance with the GDPR, other relevant documents as well as related processes and procedures are described in this policy.
  3. Regulation (EU) 2016/679 and this policy shall cover all processing functions of personal data, including those relating to the personal data of clients, employees, suppliers and partners, and any other personal data that the organization processes from different sources.
  4. The Data Protection Officer shall be responsible for reviewing the "Registry of Processing Activities" annually in the light of any changes in the activities of Software Minder Limited as well as any additional requirements, data protection impact assessments. This register must be available at the request of the supervisory authority.
  5. This policy applies to all employees / workers (and stakeholders) of Software Minder Limited as external suppliers. Any violation of the GDPR will be considered a violation of labor discipline, and if there is a presumption of a crime, the matter will be referred to the relevant state authorities as soon as possible.
  6. Partners and third parties who work with or for Software Minder Limited and who have or may have access to personal data will be expected to become acquainted, understand and comply with this policy. No third party may access personal data stored by Software Minder Limited without having previously entered into a data privacy agreement which impose on the third party obligations no less burdensome than those which the Software Minder Limited has taken over and entitles (Software Minder Limited to carry out checks on compliance with the obligations imposed by the agreement).
II. Obligations and roles under Regulation (EU) 2016/679
  1. Software Minder Limited is (data controller and processor) under Regulation (EU) 2016/679.
  2. Compliance with data protection legislation is the responsibility of all employees of Software Minder Limited, which process personal data.
  3. The training policy of the Software Minder Limited (GDPR_POL_02) specifies the specific training and information requirements in relation to the specific roles of the employees of Software Minder Limited.
III. Principles of data protection
All processing of personal data must be in accordance with the data protection principles referred to in Article 5 of GDRP (EU) 2016/679. The policies and procedures of Software Minder Limited aim to ensure compliance with these principles.


1. Personal data must be processed lawfully, in good faith and transparently

Lawfulness - Identify a legal basis before it can process personal data. They are often referred to as "grounds for processing", such as "consent".

Fairness - in order for the processing to be in good faith, the data controller must provide certain information to the data subjects as far as is practicable. This applies irrespective of whether personal data is obtained directly from data subjects or from other sources.
Regulation (EU) 2016/679 increases the requirements for what information should be available to data subjects that are covered by the "transparency" requirement.

Transparency - The GDPR includes rules on the provision of confidential information to data subjects in Articles 12, 13 and 14 of the GDPR. They are detailed and specific, emphasizing that privacy notices are understandable and accessible. Information must be communicated to the data subject in comprehensible form using clear and comprehensible language.
The rules for notification to the data subject by Software Minder Limited are defined in the Transparency Procedure for the Processing of Personal Data (GDPR_PROC_02) and the notification is recorded in the Privacy Policy (GDPR_FORM_01).

The specific information to be provided to the data subject must include as a minimum:


2. Personal data may only be collected for specific, explicit and legitimate purposes

Data obtained for specific purposes should not be used for a purpose that differs from those officially announced to the supervisory body as part of the Software Minder Limited Data Processing (Article 30 GDPR). The Transparency Procedure for the Processing of Personal Data (GDPR_PROC_02) defines the relevant rules.


3. Personal data must be adequate, relevant, limited to what is necessary for their processing for the purpose. (principle of minimum necessary)


4. Personal data must be accurate and up-to-date at all times, and the necessary efforts are made to enable deletion or correction immediately (within the framework of possible technical solutions)


5. Personal data must be stored in such a form that the data subject can only be identified for as long as is necessary for the processing.


6. Personal data must be processed in a way that ensures appropriate security (Article 24, Article 32 of the GDPR)

The Data Protection Officer will carry out an impact assessment (risk assessment) taking into account all circumstances related to data management or processing operations by Software Minder Limited.
In determining the suitability of the processing, the Data Protection Officer should also examine the extent of any damage or loss that may be caused to individuals (eg staff or customers) if a security breach occurs, as is the case and any likely damage to the reputation of the controller, including a possible loss of customer confidence.
When assessing appropriate technical measures, the Data Protection Officer will consider the following: When assessing the appropriate organizational measures, the Data Protection Officer will consider the following: These controls are selected based on the identified personal data risks as well as the potential for damage to the data subjects who are being processed.


7. Compliance with the principle of accountability

Regulation (EU) 2016/679 includes provisions that promote accountability and manageability and complement transparency requirements. The principle of accountability in Art. 5, par. 2 requires the administrator to prove that he adheres to the other principles in the GDPR and explicitly states that this is his responsibility.

Software Minder Limited will demonstrate compliance with data protection principles by implementing data protection policies by adhering to codes of conduct, implementing appropriate technical and organizational measures, and adopting data protection techniques the design and protection phase of data, impact assessment on the protection of personal data, personal data breach notification procedure, etc.


8. Rights of data subjects

Data subjects shall have the following rights in respect of the processing of data and the data recorded for them: Software Minder Limited provides conditions to ensure the exercise of these rights by the data subject:
  • Data subjects may request data access as described in the Procedure for Managing Subjects Requests (GDPR_PROC_03); this procedure also describes Software Minder Limited will ensure that the response of the data subject's request meets the requirements of the GDPR.
  • Data subjects have the right to submit complaints to the Software Minder Limited, related to the processing of their personal data, the processing of a request by the data subject and the data subject's appeal, on the way complaints are processed in accordance with Procedure for communication of complaints and requests by the data subject (GDPR_PROC_04).

  • You can request to exercise these rights by emailing privacy@ptminder.com. We will process your request within 30 days of receiving your request. Note that we may require proof of identification before we process your request.


    9. Consent


    10. Data security


    11. Disclosure of data


    12. Data storage and destruction


    13. Data Processing Register (Data Inventory)