Last Updated: 3rd May 2019
This Policy applies to the information that we obtain through your use of "Services" or when you otherwise interact with Peppermint.
“Services” includes our:
Websites: Peppermint’s website, including but not limited to Peppermint.com, and any sub-domains and pages;
SaaS Product: Peppermint’s “Cloud” hosted solutions;
In this Policy, “personal information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as family name, first name, photograph, postal address, email address, telephone numbers, date of birth, data relating to your transactions on the Website, detail of your orders and subscriptions, bank card number, Payment Information as well as any other information about you that you choose to provide us with. The use of information collected through our Service shall be limited to the purpose of providing the Service for which you have engaged with us.
Subscribers/ Sub-Contractor to our Services are solely responsible for ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of our Services by individuals (also referred to as “data subjects”) with whom our Subscribers/ Sub-Contractors interact. If you are an individual who interacts with a Subscriber/ Sub-Contractor using our Services, in addition to the rights available in Clause 13 below, you will be directed to contact our Subscriber/ Sub-Contractor for assistance with any requests or questions relating to your personal information.
Registration and Contact Information. We collect personal information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email, mail, or through our Offerings. This information you provide may include your username, first and last name, email address, mailing address or phone number. We do not collect or process any special category data from you (viz. any data revealing racial/ ethnic origin, political opinions, religious/ philosophical beliefs, processing of genetic data, biometric data, etc.).
Payment Information. When you purchase the Services, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information (“Payment Information”). We describe how Payment Information may be collected and processed in Payment Information below.
Third Party Platforms. We may collect information when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites. This may include information such as “Likes”, profile information gathered from social networking sites or the fact that you viewed or interacted with our content.
Analytics We collect analytics information when you use Services to help us improve them. We may also share anonymous data about your actions on our Websites with third-party service providers of analytics services.
We use your information in the following ways:
Legal Basis for Processing (EEA only):
If you are an individual from the European Economic Area (EEA), our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where: (a) we have your consent to do so, (b) where we need the personal information to perform a contract with you (e.g. to deliver the Services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline or opt-out of providing your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our (or a third party’s) legitimate interests which are not already described in this Notice, we will make clear to you at the relevant time what those legitimate interests are.
Table 1 below depicts the data categories collected and the legal basis applicable :
|S.No||Data Category||Legal Basis|
|1.||Registration and Contact Information||Consent, Contractual Obligations, Legitimate Interests|
|2.||Payment Information||Contractual Obligations|
|3.||Technical Usage and Location Information||Contractual Obligations, Legitimate Interests|
|4.||Third Party Platforms||Contractual Obligations, Legitimate Interests|
|5.||Mobile.||Contractual Obligations, Legitimate Interests|
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided further below in Clause 17.
We do not sell, trade, share or transfer your personal information to third parties, except in the following limited circumstances:
We may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties (including our Sub-Contractors) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and the use and disclosure of information about you, including personal information, as described in this Policy. We shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws.
Peppermint abides by the EU-U.S. and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
Peppermint is overseen by the US Federal Trade Commission (FTC) and US laws shall be applicable to questions of interpretation and compliance with this Policy. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us at email@example.com. If you are not satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Essential Cookies: These cookies are essential for the basic functionalities offered by the Services. These class of cookies helps in keeping a user logged in to the Services and remember relevant information when they return to the Services. These cookies are essential for the basic functionalities offered by the Services. These class of cookies helps in keeping a user logged in to the Services and remember relevant information when they return to the Services.
Insight Cookies: These are used for tracking the user activities within the Services, which in turn helps us in improving your user experience.
Marketing Cookies: These are used for providing you with customized and interest-based ads based on your browsing behavior and other similar activities on our Websites.
Peppermint may create and host a public discussion forum or Blogs for its users and the general public. Any information disclosed in these areas is deemed public information and each user is responsible for and should exercise caution when disclosing personal information on these forums/Blogs. Peppermint is not responsible for any such information disclosed or any action taken as a result of the disclosed information.
We offer those who provide personal information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to firstname.lastname@example.org
We will retain your personal information for as long as is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is necessary, required or permitted by law for archiving purposes in the public interest, scientific/historical research or statistical purposes(depending on circumstances, compatible processing purposes may include compliance/ legal consideration, tax, accounting, security & fraud prevention or other legal requirements). We delete all your data on the expiry of 14 days after the termination of the Services, except as otherwise prohibited by applicable law. Please note that some of your content, data, information, text, files might remain in our backups for a period not exceeding two months. Some information about Your account, such as billing address, invoices or contact details for Your employees, might be retained in our systems solely for administrative purposes.
For personal information that we process on behalf of our Subscribers/ Sub-Contractors, we will retain such personal information in accordance with the terms of our agreement with them, subject to applicable law.
Where we have not obtained personal information from you directly, but from the Subscribers/ Sub-Contractors or any other sources, you shall be intimated about the identity and contact details of the controller, purpose, recipients of personal information, etc. within a reasonable time period. Even upon request we will provide you with information,in case it is not available with you, about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com. Subscribers to our Services may update or change their Account Information by editing their profile or organization record or by contacting firstname.lastname@example.org for more detailed instructions. To make a request to have personal information maintained by us returned to you or removed, please email email@example.com Requests to access, change, or remove your information will be handled within thirty (30) days.
An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete personal information stored or processed by us on behalf of a Subscriber/ Sub-Contractor should direct his/her query to the Subscriber/ Sub-Contractor (the data controller). Upon receipt of a request from one of our Subscribers/ Sub-Contractor for us to remove the data, we will respond to their request within thirty (30) days. We will retain personal information that we store and process on behalf of our Subscribers/ Sub-Contractors for as long as needed to provide the Services to our Subscribers/ Sub-Contractors. We will retain and use this personal information for archiving purposes as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning information residing on backup tapes), jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. In any case where we perform activities so as to fulfil your rights vide Clause 13 below, we perform them free of charge, except if doing so would require a disproportionate effort or if the requested information is already available with you.
To ensure fair and transparent processing, you shall have the following rights and any information that shall be shared by us with you vide these rights shall be in electronic form:
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without their permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
The security of your personal information is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect personal information about you. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.