Mindtickle and the California Consumer Privacy Act (CCPA)

At Mindtickle, we take data security and privacy seriously. Mindtickle is committed to protecting our customers’ data by complying with California Consumer Privacy Act (CCPA). CCPA is a data privacy law regulating how businesses worldwide are allowed to handle the personal information of California residents. CCPA is one of the first laws of its kind in the United States and is effective from January 1, 2020.

We are Here to Support our Customers

The CCPA defines organizations’ different roles when dealing with personal information. There are two major roles – ‘Businesses’ and ‘Service Providers’

  • ‘Businesses’ are organizations that own personal information. Mindtickle customers are ‘Businesses’ because they collect personal information, decide its purpose, and the method for using it.
  • Mindtickle plays the role of the ‘Service Provider’ since Mindtickle receives this personal information provided by the customers and operates under a contract entered with the customer.

We’re committed to helping our customers meet their obligations in their role as a ‘Business’ under the CCPA.

Mindtickle’s Responsibility

For our customers that need to comply with CCPA, Mindtickle is a ‘Service Provider’ as defined in the CCPA. The personal information submitted by our customers and processed by Mindtickle may contain California consumer personal information. As a ‘Service Provider,’ Mindtickle will limit the use of this information as per the specific purposes defined in our terms of service, data processing addendum, and privacy policy. Further, Mindtickle has implemented data security and privacy processes and controls to ensure that our customers meet their CCPA obligations.

We do not sell your personal information

We strictly use the information received from our customers for providing services to our customers, aligned with the signed contract. We do not sell this information, and it is not used for any other commercial purposes. We have provided this information in our privacy policy and will happily sign any contractual document or amendments to reflect this intent. Mindtickle hosts data as part of the service it provides to its customers but doesn’t make any claim to said data. Mindtickle’s customers are the owners and controllers of all data they submit onto the platform.

Data Processing Addendum (DPA)

Mindtickle offers a CCPA-compliant Data Processing Addendum (DPA) to provide our customers with privacy protection assurance, which helps us comply with our obligations as a ‘Service Provider’ and helps our customers meet their obligations as a Business. This addendum reflects Mindtickle’s requirements as a ‘Service Provider’ to use, retain and disclose customer personal information for delivering services, including (i) disclosures to Subprocessors under a written contract with Mindtickle; and (ii) as authorized by the CCPA.

Privacy and Security Measures

Information security is our highest priority, and we have implemented robust technical and organizational measures to ensure that our customers’ data remains secure. Mindtickle’s technical and organizational security measures, as updated from time to time, provide an appropriate level of security and privacy to all its users.

Privacy Policy

We have worked with independent auditors and lawyers to ensure our privacy policy complies with CCPA. Our policy outlines our commitment to maintaining the privacy of our customers’ data. It also explains what we have done to ensure our customers’ data is secure and what choices are available.

Controls with Subprocessors

“Subprocessor” means any subcontractor engaged by Mindtickle as a ‘Service Provider’ that processes CCPA Personal Information on behalf of Mindtickle.

As specified in the Data Processing Addendum, Mindtickle

  1. takes responsibility for the actions of its Subprocessors, and
  2. has entered into a written agreement with each Subprocessor containing, in substance, data protection obligations no less protective than those in our Customer agreements.

Customers can find up-to-date information about the hosting locations of Subprocessors in our Sub Processor Repository. Customers may subscribe to notifications of new Subprocessors. Mindtickle will notify all subscribed Customers before authorizing a new Subprocessor to process customer personal information. Customers may object to the intended use of a new Subprocessor using the procedure set out in the Data Processing Addendum.

The Rights of Consumer under CCPA

Our customers and end-users may ask to disclose what personal information we have about them and what we do with that information, to delete their personal information, and not to sell it. End-users can contact us at support@mindtickle.com if they want to access, correct, or remove their data. As a ‘Service Provider,’ we will forward these requests to the relevant Customers and help them respond if needed.

Right to Access and Data Portability

Mindtickle supports individuals’ right to access and right to portability of their data. Mindtickle provides easy access and options to export all platform data, including user personal information. Mindtickle administrators of customer organizations can perform these actions from the admin site via reporting APIs and download or email the required data. Further, they can reach out to the Mindtickle support team at support@mindtickle.com for assistance.

Right to Notice

Mindtickle enables customers to notify their users about collecting and using their data through a privacy policy link (drafted by the customer) that can be displayed on the Mindtickle platform login page.

We Are Here to Answer Your Questions

We are always happy to answer any questions about the privacy and security of our customers’ data, CCPA, or Sales Enablement, in general. Feel free to contact us at infosec@mindtickle.com for security questions or privacy@mindtickle.com for privacy questions.

MSIRobot