Privacy Policy

PRIVACY POLICY

MINIM, INC.

VERSION DATE: November 12, 2019

EFFECTIVE DATE: November 18, 2019

1.  Introduction

  1. Minim narrowly tailors the data it collects / processes.  The choice to opt-out from or a failure to opt-in to data collection / processing will prevent use of the Minim Solution because Minim will not be able to access data necessary for the Minim Solution to operate properly.
  2. The choice to opt-out from or a failure to opt-in to data collection / processing in the course of signing up for the Minim Mobile Application may not prevent, terminate or otherwise interrupt data collection / processing by your Internet Service Provider.  If you have questions about what data your Internet Service Provider is collecting / processing you should contact them directly.

2.  Scope

  1. This Privacy Policy (“Policy”) sets forth the policy and policy principles relating to the collection and processing / use of Personal Data / PII that are applied by Minim, Inc. and its subsidiaries (if any) (“Minim”). 
  2. This Policy, publicly posted at https://www.minim.co/privacy, is governed and incorporated by reference into Minim’s Terms of Service, which is available at https://www.minim.co/terms.
  3. More specifically, the Policy covers:
    1. NOTICE with respect to various items, as such is required due to Minim’s participation in the Privacy Shield Program.
    2. The method and process by which a Data Subject may CHOOSE to object to the collection or processing of their Personal Data / PII.
    3. The ONWARD TRANSFER of Personal Data / PII Minim collects or processes 
    4. Methods and processes by which Personal Data / PII collected and / or processed by Minim is SECURED.
    5. Methods and processes by which Minim ensures, and enables Data Subjects to ensure, the INTEGRITY of the Personal Data / PII that Minim collects or processes
    6. The PURPOSE for which Minim collects and processes Personal Data / PII from Data Subjects.
    7. The method and process by which a Data Subject may seek to ACCESS their Personal Data / PII.More specifically, the Policy covers:
    8. Certain activities, methods and processes by which Minim builds CONFIDENCE and provides Data Subjects with RECOURSE mechanisms relating to how Minim collects and / or processes Personal Data / PII.

3. Terms and Definitions

  1. Defined Terms

“Account” means a record in systems controlled by Minim that enable the use of the Minim Solution.

“Compartmentalized Digital Access” means that information subject to this protection protocol may not be accessed in its entirety by a single privilege set.

“Cookies” are small text files that are placed on a customer device by a web server when a customer or end user accesses the Minim Solution.  

“Data Controller” means the natural or legal person, public authority, agency or other body which alone, or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a Data Controller.

“Data Subject” means any individual whose personal data is being collected, maintained or processed.

“Encryption at Rest” means a method of storing information where the information encrypted. 

“Encryption in Transit” means a method for sending and receiving information where the information is encrypted. 

“General Data Protection Regulation” or “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

“Minim Solution” means the combination of software and services provided by Minim to secure and manage a WiFi network belonging to a customer or end user.

“Minim Website” means the website located at minim.co.

“Personal Data” means information relating to an identified or identifiable Data Subject and can refer to a Data Subject’s name, his or her home address, publications on social networks.

“Personally Identifiable Information” or “PII” means Personal Data where it, directly or indirectly, by way of particular reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to an individual (e.g., physical, physiological, genetic, mental, economic, cultural or social) can be used to identify a specific Data Subject.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restricted Digital Access” means instances where digital access to data is restricted to certain users based on rights or privileges in a system that the user must use credentials, tokens or other such security artifacts to access.  

“Restricted Physical Access” means instances where physical access to systems on which data is restricted to persons based on the rights or privileges the person uses credentials, keys, cards or other such security artifacts to gain access. 

“Supervisory Authority” means an independent public authority which is established by a European Union member State pursuant to GDPR Article 51 Other terms and definitions used in this policy have the same meaning as in International standard ISO/IEC 27000 “Information technology – Security techniques - Information security management systems-Overview and vocabulary.”

“Web Beacon” means a small piece of information or data stored on your computer or mobile device that are used to determine your preferences and track your search terms and other behaviors or activities as you navigate around the Internet.

  b.  Capitalized terms that are not defined herein will have the meanings set forth in those                       Terms of Service.

4.  Privacy Related Statements

  1. Minim classifies PII as confidential information. 
  2. As a Data Controller and/or Data Processor, Minim is responsible for establishment and proper application of this Policy. 
  3. To meet the European Union law requirements that PII transferred from the EU to the United States be adequately protected, Minim adheres to the Privacy Shield Principles.

5. Privacy Related Notices

  1. Form Language
    1. Minim complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States. 
    2. Minim has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. 
    3. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. 
    4. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
  2. Minim collects / processes certain types of Personal Data / PII as such are specified below. 
  3. As set forth above and as is detailed further below, Minim is committed to following the Principles of the Privacy Shield program with respect to all personal data received from the EU as a result of its reliance on its participation in the Privacy Shield program.
  4. Minim collects and / or processes certain Personal Data / PII for purposes specified below.  
  5. Data Subjects may, as specified below, contact Minim with respect to inquiries complaints, including any relevant establishment in the EU that can respond to such inquiries or complaints. 
  6. Minim may, under certain circumstances, transfer onward certain Personal Data / PII that it collects and / or processes to certain parties, as such are specified below. 
  7. Data Subjects have, in accordance with the below, the right to access their Personal Data / PII. 
  8. Data Subjects may, in accordance with the below, to limit the collection and / or processing of their Personal Data / PII. 
  9. Minim has registered with JAMS to serve as its third party alternative dispute resolution provider for Data Subject complaints.  Data Subjects may seek recourse with JAMS free of charge.
  10. Minim is subject to the investigation and enforcement powers of the Federal Trade Commission and, as may be applicable, other U.S. authorized statutory body.  
  11. Data Subjects may, under certain conditions and in accordance with the below, invoke binding arbitration.
  12. Minim may, under certain circumstances and in accordance with the below, disclose Personal Data / PII in response to lawful requests by public authorities.
  13. Minim is, under certain circumstances and in accordance with the below, liable in cases of onward transfers to third parties.
  14. The Services are not targeted to children under the age of 18.  

6. Consent

  1. Minim collects and processes PII only where a Data Subject’s consent has been received or as a result of another legal basis.
  2. Minim seeks to obtain appropriate permission from a parent or legal guardian before accepting consent for the collection or processing of Personal Information from children ages 18 and under.

7. Purpose of Collection and Processing / Use  

  1. General Purpose
      1. Minim’s general purposes in collecting and / or using / processing PII are to provide and improve the Minim Website and Minim Solution, which it provides to its customers and, as may be applicable, its customer’s customers, to administer use of the Minim Solution by the same (including accounts, if customer is an account holder), and to enable the same to enjoy and easily use the Minim Solution.
  2. Information Categories and Specific Purpose
      1. Minim collects and processes certain categories of Personal Data for the purposes set forth below:

 Table 1. Information Categories

 

Information Category

Purpose

Legal Basis

1

End User / Customer Data

Provision of services or products

Performance of contract or required proof prior to entry into contract

GDPR - (point (b), Art. 6(1))

2

End User / Customer Metadata

Provision of services or products

Performance of contract or required proof prior to entry into contract

GDPR – (point (b), Art. 6(1))

3

Personal data used for direct marketing

Direct marketing

Data subject consent

GDPR - (point (a), art. 6(1))

4

Prospective Customer (legal entity)

Internal administration

Data subject consent

GDPR - (point (a), art. 6(1))

5

Third parties (suppliers, distributors, etc.) contact data

Customer service, Provision of services or products

Performance of contract or required proof prior to entry into contract

GDPR - (point (b), art. 6(1))

6

Candidates for employee data

Internal administration

Data subject consent

GDPR - (point (a), art. 6(1))

7

Employee data

Internal administration

Legal obligation

GDPR - (point (c), art. 6(1))


c.   More specifically, Category 1 Data, includes, but may not be limited to types: 
      1. End User / Customer Account Information. If a Data Subject creates an Account, Minim collects certain information that can be used to identify the customer, which such information may include, but is not limited to, personal, device and device profile names (meta-data related to the same) and contact information.
      2. End User / Customer Network Information.  If a Data Subject uses the Minim Solution, Minim collects certain information about how the Minim Solution is used, which such information includes: connected device information; network connection information; mesh network information; network router information; internet provider information and network management information.
      3. End User / Customer Website Application Use and Device Information.  If a Data Subject uses the Minim Solution, Minim collects certain information about how the Minim Solution is used, which such information includes: device identifiers, device configuration information, what objects on the website application the Data Subject interacts with; the frequency and duration that a Data Subject spends engaging with various parts of the website application.
      4. End User / Customer Mobile Application Use and Device Information.  If a Data Subject uses the Minim Solution, Minim collects certain information about how the Minim Solution is used, which such information includes: device identifiers, device configuration information, mobile application use information and mobile device location information.  When a customer uses our mobile application, Minim may collect and store information about the customer’s location by converting his or her IP address into a rough geo-location or by accessing the customer mobile device’s GPS coordinates or approximate location if the customer enables location services on his or her device. Minim may use location information to improve and personalize our services for customers. If customer does not want us to collect location information, he or she may disable that feature on the mobile device. The customer agrees and acknowledges that it has been informed about this the foregoing.
 d.  More specifically, Category 3 and 4 data include, but may not be limited to the following
      1. Minim Website & Email Use Information.  If a Data Subject visits websites maintained by Minim or opens an email sent by Minim, Minim collects certain information, using Cookies and Web Beacons, about how a person interacts with the website or the email, which such information includes: what objects on a website / email the Data Subject interacts with; the frequency and duration that a Data Subject spends engaging with various part of a website / email.

8. Protection of Personal Data and PII

  1. Minim takes reasonable administrative, physical and electronic measures designed to protect Personal Data and PII from unauthorized or unlawful processing and against accidental loss, destruction or damage.  
  2. More specifically, these measures include, but may not be limited to:
      1. Compartmentalized Digital Access
      2. Encryption at Rest
      3. Encryption in Transit
      4. Restricted Digital Access and 
      5. Restricted Physical Access 
    1.  

9. PII Retention Periods and Protection Protocols

  1. Minim acts as a Data Processor for Data Controllers.  Such processing and any retention periods and protection protocols associated therewith may be subject to the terms of Minim’s contractual arrangements with those Data Controllers and any additional requirements or restrictions that result from the doing business in the jurisdictions in which an applicable Data Controller is located.  
  2. Minim retains and protects PII as set forth below:

Table 2: PII Retention Periods and Protection Protocols

Information Category 

PII Type

Retention Period

Protection Protocols In Use

1

End User / Customer Account Information

For the life of the Account plus thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Minim is processing data

Compartmentalized Digital Access, Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

1

End User / Customer Network Information

Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Minim is processing data

Compartmentalized Digital Access, Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

1

End User / Customer Website Application Use and Device Information

Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Minim is processing data

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

1

End User / Customer Mobile Application Use and Device Information

Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Minim is processing data

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

2

End User / Customer Meta data

As long as necessary to achieve the purpose set forth in Section 3.1

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

3

Personal data used for direct marketing

As long as necessary to achieve the purpose set forth in Section 3.1

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

4

Prospective Customer (legal entity)

As long as necessary to achieve the purpose set forth in Section 3.1

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

5

Third parties (suppliers, distributors, etc.) contact data

As long as necessary to achieve the purpose set forth in Section 3.1

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

6

Candidates for employee data

One year

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

7

Employee data

As long as necessary to achieve the purpose set forth in Section 3.1 

Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. 

  

10.  Sharing with Third Parties / Onward Transfer of Personal Information / PII / Third Party Collection

  1. Minim will appropriately manage and coordinate the onward transfers of PII to third parties in accordance with this Policy.  
  2. Minim will not sell, share or otherwise distribute PII to third parties except as provided in this Policy.
  3. Minim will not directly disclose the identity of any person except as provided in this Policy. 
  4. PII may be transferred to third parties who act for or on Minim behalf and that are contracted to:
      1. not sell the PII to third parties and 
      2. not disclose the PII to third parties (except as may be required by law, as permitted by us or as stated in this Privacy Policy).
  5. If Minim has knowledge that Data Processor is processing PII provided to it by Minim in a manner contrary to this Policy, it will take all reasonable steps to prevent or stop the processing.
  6. In accordance with its obligations under the Privacy Shield Principles, under certain circumstances, Minim may remain liable for the processing of PII by Data Processors and the onward transfer thereof.
  7. Notwithstanding the above, Minim may also share PII as follows:
      1. If Minim is acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if its assets are acquired by a third party in the event Minim goes out of business or enters bankruptcy, some or all of its assets, including PII, may be disclosed or transferred to a third-party acquirer in connection with the transaction.
      2. Minim will cooperate with government and law enforcement officials or private parties to enforce and comply with applicable law(s). As a result,  Minim may disclose information about a Data Subject to government or law enforcement officials or private parties that Minim, in its sole discretion, believes is necessary or appropriate:
      3. to respond to claims, legal process (including subpoenas); 
      4. to protect our property, rights and safety and the property, rights and safety of a third party or the public in general;
      5. to stop any activity that Minim, in its sole discretion, believes is illegal, unethical or legally actionable activity or
      6. in response to other lawful requests by public authorities, including to meet national security or law enforcement requirements.
  8. The Minim Solution may contain links to third-party websites and applications that collect and process your Personal Information / PII.  Minim is not responsible for the privacy policies or practices of such third parties. You should carefully read and review the privacy policies and practices of such third parties.

11. Data Subject Rights

  1. Access
    1. Data Subjects have the right to access PII that is collected from them and processed by Minim and to obtain information, free of charge, on the sources and the type of the PII that has been collected, the purpose of processing of such PII and the data recipients to whom the PII are disclosed or have been disclosed by Minim in connection with the Minim Solution, and other related information according to GDPR Article 15.Access
    2. Data Subjects may request this access by emailing dataconsent@minim.co.
    3. Minim shall reply not later than 30 calendar days from receipt of such an access request in writing and shall provide the requested information or justification for the refusal to grant the request of the data subject.
    4. Upon the request of the data subject, such information must be provided by Minim in writing.
    5. Under California's "Shine the Light" law, California residents who provide Personal Information in obtaining products or services for personal, family or household use are entitled to request and obtain from Minim once a calendar year information about the PII we have shared, if any, with other businesses for their own direct marketing purposes. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2017 will receive information regarding 2016 sharing activities).
    6. To obtain this information, please send an email message to dataconsent@minim.co. with "Request for California Privacy Information" on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
  2. Correction / Rectification
    1. If the Data Subject finds out that PII that has been collected from them by Minim is incorrect, incomplete or inaccurate, he or she may contact Minim by emailing dataconsent@minim.co. 
    2. Minim will then review the data elements at issue and rectify any incorrect, incomplete and inaccurate PII without delay and/or suspend processing of such PII, except for the purpose of storage, or provide a written explanation to the data subject describing why such efforts were not necessary.
    3. Minim may keep archive copies of such data if doing so is necessary to fulfill contractual obligations to the data subject and/or if it is required by applicable law or regulation (for example, for accounting purposes, cybercrime investigation, etc.).
  3.  Erasure / Right to be Forgotten
    1. A Data Subject may request that Minim erase some or all of his or her PII from Minim’s systems by emailing dataconsent@minim.co.  
    2. Such erasure may prevent the Data Subject from successfully accessing, using or benefiting from the Minim Solution.
    3. If Minim discovers that Personal Information / PII of a child under the age of 18 has been submitted without verifiable parental consent, we will immediately delete such Personal Information / PII. 
  4. Restriction of Processing
    1. A Data Subject may ask Minim to restrict further processing of his or her PII by emailing dataconsent@minim.co.
    2. Such processing restrictions may prevent the Data Subject from successfully accessing, using or benefiting from the Minim Solution. 
  5. Portability
    1. A Data Subject may ask for a copy of his or her PII in a machine-readable format by emailing dataconsent@minim.co. 
    2. He or she can also request that Minim transmit the data to another controller where technically feasible by emailing dataconsent@minim.co.
  6. Objection
    1. A Data Subject may contact Minim via email at dataconsent@minim.co to let Minim know that he or she objects to the further use or disclosure of his or her PII for certain purposes, such as for direct marketing purposes or for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
  7. Right to File Complaint
    1. A Data Subject may appeal the validity or appropriateness of Minim’s actions (either as a Data Controller or Data Processor), to the appropriate Supervisory Authority or enforcement agency within three months of receipt of the refusal to grant the request or within three months of the date when the period imposed by applicable law or regulation for giving a reply (if any) expires. 
    2. In order to avail himself or herself of the rights set forth in this section, the Data Subject must provide a valid identity document or otherwise verify his or her identity according to applicable laws or through electronic means of communication, which must provide reliable identification of the person.
    3. Minim has registered with JAMS to serve as its third party alternative dispute resolution provider for Data Subject complaints.  Data Subjects may seek recourse with JAMS free of charge.

12. Enforcement and Dispute Resolution

  1. Minim complies with the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, processing / use, and retention of Personal Data transferred from the European Union to the United States.
  2. Minim has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
  3. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ In compliance with the Privacy Shield Principles, Minim commits to resolve complaints about our collection or use of your PII.
  4. Individuals residing in the EU, United Kingdom, Lichtenstein, Norway or Iceland (collectively, “EU Residents”) who have inquiries or complaints regarding our Privacy Shield policy should first contact Minim via email at privacy@minim.co. 
  5. Minim does not currently collect or transfer human resources data from the EU in the context of the employment relationship.  If and when this business practice changes, Minim will further commit to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
  6. If a Data Subject does not receive timely acknowledgement of his or her complaint, or if a complaint is not satisfactorily addressed, as a last resort and in limited situations. 
  7. The Federal Trade Commission (FTC) has jurisdiction over Minim’s compliance with the Privacy Shield.

13. Updates

  1. Minim periodically reviews and may, as necessary and/or appropriate, make updates to this Policy. 
  2. Minim will provide notice of updates to this Privacy Policy by posting them on our website, on our web application or mobile application, by sending an email to relevant Data Subjects or by undertaking other notification methods.  
  3. Upon each material update, the Version Date set forth above will also be updated. 

14.  How to Contact Us About this Policy

  1. Please contact us at privacy@minim.co if you have any questions about this Policy.