For our customers or end-users that have executed a Statement of Work, Services Agreement, or analogous document with Vastmindz, this Policy will supplement any personal data and privacy terms set forth in such ancillary documents.
1. Introduction & general terms
We are committed to protecting your personally identifiable information (the “PII”) when you use our Services. This Policy also applies to PII collected through the mobile version of our website, independently of the mobile operative system, mobile device, or browser you use to access it.
PII shall also mean information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context and shall be construed in accordance with governing privacy laws and information security standards.
In addition, the terms “collect”, “process”, “treat”, “use”, “share”, “disclose”, “divulge” and analogous words shall refer to your PII and other data collected from our customers, visitors and end-users.
- Social media or official Vastmindz content on other websites;
- Applications and Software development kits (the “Apps” and “SDK’s”).
2. What does Vastmindz do?
Vastmindz is a software company providing a Software as a Service (“SAAS”) solutions using AI in the health and well-being sector; registered in England UK with company registration number 12921097. We are also registered with the Information Commisioners office (ICO) registration number ZB187462. Our mission is to make healthcare data more accessible for all by providing non-invasive screening tools based on the latest research in artificial intelligence, signal processing and computer vision. We deliver a Software Development Kit (“SDK”) and an application (“Visix’) to organisations to use our technology for health data extraction for wellness.
By using our application or SDK, integrated into a third-party application, we use various technologies to collect and store information via a browser or a mobile device. We explicitly request access or ask permission to access certain features from your device; this will include the use of the camera to capture a video feed, which is then converted into RGB signals and pixelated data for processing.
3. What information will Vastmindz collect about me from the website and the SDK ?
We collect two types of information from the Vastmindz’ website: The information you give to us and information we collect from you. The Vastmindz website does not generally capture or store any personal information about individuals who access it, except where they voluntarily choose to give us personal details by email or by using an electronic form to register, request a demo, use online chat, or to enquire about our services. Our SDK extracts a pixelated video feed which contains no Personal Identified Information, which is then processed and health vital data is returned to the customers application.
Generally, through the provision of the Services, Vastmindz collect, process, treat, analyze and/or temporary access the following types of PII:
Yourself. Includes information that can be used to personally identify an individual person, obtained when you visit, use, or navigate our Services, processing of personal information depends on how you interact with Vastmindz and the Services, the choices you make, and the products and features you use. You hereby represent and warrant to Vastmindz that you have the necessary rights and authorizations required for the disclosure of any and all PII.
- IP address & geo-location
- Metadata of emails
- Usernames and credentials
Commercial Information. This collection will occur through our website as per the execution of our Services. There may be sections of the Site displaying third party components, which may or may not be evident to the end-user. In such regard, for said third party platforms, their own privacy policies will govern such service provision.
- Business name
- Business address
- Commercial contacts list
- Email address
- Telephone number
Non-Personal Information. Includes information such as anonymous usage data, that is, that cannot be used to personally identify an individual person, including general demographic information that we may collect and preferences that are generated based on the data you submit.
- Number of clicks
- Platform type
- Anonymized data
Social Media Platforms. Includes information obtained from third party social media platforms when our users use single sign on authentication services such as those provided by Amazon, Google and Facebook (only as available). It also includes information publicly available from third party social media platforms.For more information, please read the terms and policies of such third party platforms. Please take into account that such third party platforms may in turn disclose and share your personal information according to their own rules, guidelines and policies. Any changes in such platform’s functionalities will be the sole and final responsibility of the social media network.
- Viewing history
- Viewing preferences
- Saved Items
- Saved Pages
Technical Website Information. As you navigate through the website, a desktop or a mobile browser, certain information can be passively collected (that is, gathered without you actively providing the information) using various technologies and means.
- HTML5 local storage
- Browser cache
- IP Address
- Internet tags
- Navigational data
Internet Protocol (IP) addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personally identifiable information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer).
Financial Information. If you make a purchase with us, our third party payment processors will be Microsoft within the Teams application. We don’t collect financial info from the website or the application. Microsoft will collect the funds from you and then Microsoft will execute and manage the payments and your purchase history.
Geographical Location Information. Includes information on the precise geo-location of your device with your consent. This option can be disabled on your web browser and your mobile device.
Camera & Microphone. Certain features of our Services require access to your camera and microphone. This option can be disabled on your web browser and your mobile device.
4. What personal information do we process?
When you visit, use, or navigate our Services, processing of personal information depends on how you interact with Vastmindz and the Services, the choices you make, and the products and features you use.
5. Do we process any sensitive personal information?
We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law.
6. How do we process your information?
We may process your information to improve and provide and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process this information for other purposes with your prior consent. Information is only processed when we have a valid legal reason to do so.
7. Keeping your information safe?
We have rigorous processes and procedures in place to protect your personal information (PII). However, transmission over the internet cannot be guaranteed to be 100% secure, so we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all requirements and implement additional generally accepted industry standards.
You can be assured that personal information collected through the Site is secure and is maintained in a manner consistent with current industry standards. The importance of security for all personal information associated with our subscribers is of utmost concern to us.
Your personal information is protected in several ways, and we protect inputted information by undertaking the reasonable technical and administrative security measures (e.g. firewalls, data encryption, physical & administrative access controls to the data and servers) that limit the risk of loss, abuse, unauthorized access, disclosure, and alteration
8. Your rights?
Based on your location, the applicable privacy law may mean you have certain rights regarding your personal information, please contact firstname.lastname@example.org for further information to discover more on how to exercise your rights. You have the right to be provided easily understandable information about how we use your information and your rights.
For the purposes of the General Data Protection Regulation (“GDPR”), in the European Union, Vastmindz AI Ltd is a “data controller” of the PII you provide to us for the primary purposes of providing you or your customers with our Services.
For our customers and users in the European Union, by clicking the “I Accept” button or otherwise accepting the terms and conditions of our services through a clickable action or similar action, you hereby acknowledge, agree and unequivocally consent to the collection, process, management, treatment, transfer and authorized of your Personal Information by Vastmindz and/or its affiliates, clients, sub-processors and/or authorized third parties.
If you are resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
The sections here below cover certain situations that you, as data subject, and we as a data controller, are most likely to encounter; but you should also carefully review the full list of data subject rights here: https://www.gdpr-info.eu/chapter-3/.
- Right to be Forgotten: You can request us to be “forgotten”; that is, to have your entire Personal Information removed from our service. If we are asked to do this, in accordance with Article 17 GDPR we will remove any Personal Information that we have collected from you as requester. We will also need to contact any third parties that process your PII on our behalf, such as our cloud service providers using the adequate mechanisms. To ensure that any personal data in Vastmindz’ possession can be removed in a timely manner, you can relay any request to be “forgotten” to us by submitting a request.
- Right to Data Portability: In accordance with Article 20 GDPR our users located in the EU may request Vastmindz to send them any PII in our possession. In this case, we will provide you with any PII that you have in a commonly used, machine-readable format.
- Right to Data Access: As a data subject, in accordance with Article 15 GDPR you can ask Vastmindz to confirm how and where your PII is being stored and processed. You also have the right to know how such that data is shared with third parties by us.
- Right to Data Rectification: As a data subject, in accordance with Article 16 GDPR you have the right to obtain from Vastmindz, without undue delay, the rectification of inaccurate PII concerning you.
- Right to be Informed: You have the right to be informed about the PII we collect from you, and how we process it.
- Right to Withdraw Consent. In accordance with Article 7(3) GDPR, you have the right to withdraw your consent given to us at any time.
- Right to Object: In accordance with Article 18 GDPR you have the right to object to us processing your PII for the following reasons:
- Processing was not based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling);
- Processing for purposes of scientific/historical research and statistics; and
- Rights in relation to automated decision-making and profiling.
- Automated Individual Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Complain: You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the GDPR. Furthermore, in accordance with Article 77 GDPR, if the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
Lastly, you retain the right to access, amend, correct, or delete your PII where it is inaccurate at any time. To do so, please contact us as indicated on our contact section. We reserve the right to charge a reasonable fee, as permitted by applicable laws and regulations, to comply with complex requests or repetitive requests from individual users.
Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address for us to notify you of the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the PII with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.
Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your PII from our Services for the maximum term allowed by the GDPR for each applicable case. In case of secure databases under our control where deletion is impossible, we will make such information permanently inaccessible.
Where we need to transfer your data to countries outside of the UK and/or European Economic Area (“EEA”), we will generally transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. We will ensure a similar degree of protection is afforded to it by engaging service providers that have executed use specific contracts with us (such as a Data Protection Agreement) approved by the European Commission (in the case of transfers out of the EEA) and/or the UK Government (in the case of transfers out of the UK), in both cases which give personal data the same protection it has within the EEA and/or UK as applicable.
9. Web browser cookies?
10. What information will Vastmindz collect?
For purposes of clarification, we use the camera of the phone or webcam of the end-user laptop or desktop to analyse the face, pixelate the face on his/her device, extract the current vital signs and send these vital signs to the application in which our technology is used. We temporarily process certain health and biometric information from the device or camera of the end-users of our customers, for the purpose of extracting and analyzing the following data:
- Vital signs such as pulse rate, oxygen saturation, respiration and stress levels.
- Facial landmarks and features.
- Vital signs such as heart rate (BPM), blood pressure (BP), respiration (RPM) and heart rate variability metrics (HRV-SDNN).
- Anatomic measurements such as height and weight where provided.
In such manner, vital signs are then analyzed and calculated to generate results and related data to track and maintain the historical measurement data of the end-user.
For the Visix product, the authorized employee of our customer must sign up to use our Services in Microsoft teams, where they need to agree to the terms and conditions of use. We can then collect the name, email, date of birth, height and weight of end-user and when they take scans, the analysis of vital signs are captured and we store their BPM, Stress levels and HRV so that they can review this over time and forms part of their historical data set.
11. How does Vastmindz collect data?
This Policy may not apply in some instances where Vastmindz processes PII as a service provider (or as a data processor as it may result analogous on other personal data regulations) on behalf of a customer or entity who acts as the data controller (e.g., you as the owner of the proper health application platform). Upon the case where the parties hereto execute a Data Protection Agreement or analogous document, then the terms of said agreement will prevail over the ones set forth in this Policy.
For more information on the data practices of our sub-processors, please visit:
- www.azure.microsoft.com/en-us/explore/trusted-cloud/privacy/ or more information on the privacy practices of Microsoft Azure services.
- www.aws.amazon.com/compliance/data-privacy-faq/ for more information on the privacy practices of Amazon Web Services.
- www.cloud.google.com/privacy for more information on the privacy practices of Google Cloud Services.
12. What security measures do we employ to protect your data?
Our website is hosted in secure platforms which includes SSL (Secure Socket Layer) encryption standard in all secure areas, including login pages, customer information and payment details. Provided that you are using an SSL-compliant browser such as Google Chrome, Microsoft’s Internet Explorer, Opera or Firefox, you will be able to conduct encrypted transactions without fear of an intermediary obtaining your private information We use application firewall software to protect the website application. We use application firewall software to protect the website application.
When using our SDK all processing of data is in Microsoft Azure cloud servers which is protected by Microsoft technologies.
13. How will Vastmindz use the information it collected about me?
We will use the information we collect to provide, personalise, maintain and improve our products and services. We do not sell , rent or lease your personally identifiable information. We only disclose your PII to third parties in a specific circumstances eg compliance with Law and enforcement agencies.
Vastmindz will use the information we collect to provide, personalise, maintain and improve our products and services. This includes using the information for the following:
- To provide our services, activities and to deal with your requests and enquiries.
- To let you know if your account is likely to become inactive or dormant for some reason.
- To provide you with email newsletter, if you are signed-in or subscribed to them. If you do not wish to continue to receive these services, then you can unsubscribe from the newsletters.
- To use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine wherever you are accessing the services from.
- We collect and keep the information you provide us with when you apply for employment with the company. This includes your first name, surname, day and month of birth, mobile number, email address and the content within the CV you provide.
- We use your information for pre-employment assessment purposes. We do not share your information with companies or organisations outside of Vastmindz.
- If you are signed-in or subscribed to email newsletters, you will receive this service. If you do not wish to continue to receive these services, then you can unsubscribe from the newsletters.
- To use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine whether you are accessing the services from.
- To provide, maintain, protect and improve the services, to develop new ones and to protect Vastmindz and our users.
- To ensure that our website and SDK’s work in the most popular browsers and capture devices and to identify any related problems we may identify.
14. When will Vastmindz contact me?
Vastmindz may contact you:
- In relation to any correspondence, we receive from you or any comment or complaint you make about Vastmindz products or services;
- In relation to any contribution you have submitted to Vastmindz, e.g. on the Vastmindz message boards, support requests or via text or voicemail message;
15. Will I be contacted for marketing purposes?
Vastmindz will only send you emails or otherwise contact you for marketing purposes, or to promote new services, activities where you have agreed to this. Where you have agreed to receive these communications, we may personalise the message content based upon any information you have provided to us and your use of Vastmindz website.
16. Will Vastmindz share my information with anyone else?
We will keep your information within Vastmindz except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies). We will not share any information with any related parties, specifically, when using the Visix application , no PII data is shared with the employer.
Vastmindz uses third parties to process your information on our behalf, for example we use specialist companies to provide services, analysis, pre-employment checks, references and Disclosure & Barring Service (DBS) checks. Vastmindz requires these third parties to comply strictly with its instructions and Vastmindz requires that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. We may share your personal information internally (i.e. with other divisions) for example, to consider your employment application.
17. Offensive or inappropriate content on Vastmindz websites
If you create, post or send offensive, inappropriate or objectionable content anywhere on or to the Vastmindz websites or otherwise engage in any disruptive behaviour on any Vastmindz service, Vastmindz may use your personal information to stop such behaviour. Where Vastmindz reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), Vastmindz may use your personal information to inform relevant third parties such as your employer, internet provider or law enforcement agencies about the content and your behaviour.
18. What if I am a user aged under 18?
Please do not create an account if you are under 18 and want to register for a Vastmindz account.
If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to Vastmindz for an account that is registered to a company or and Adult over 18 years of age.
19. How long will Vastmindz keep my data?
If related to employment, we will keep your information collected from the website for pre-employment assessment purposes for up to 6 months from the point of your application, should your pre-employment application be declined. After 12 months your file will be deleted. Should your application be successful we will store your information for a period as is required by UK employment law. Any application/SDK related data regarding your account is kept as per the profile of the user.
20. Can I delete or amend my data?
You can request that your data be amended or deleted.
We may contact you from time to time to verify and update the data we hold on your records. You may also contact us at any time to request that we update or delete your personal information.
21. How can I find out what Personal Information Vastmindz hold about me?
We collect and keep the information you provide us with when you apply for employment with the company. This includes your first name, surname, day and month of birth, mobile number, and email address and if you are making an application for employment the content within the CV files you upload.
We use your information for pre-employment assessment purposes. We do not share your information with companies or organisations outside of Vastmindz.
22. Apps and Devices
Your web browser or device may provide Vastmindz with information about your device, such as a device identifier or IP address. Device identifiers may be collected automatically, such as the device ID, IP address, MAC address, IMEI number and app ID (a unique identifier relating to the particular copy of the app you are running). If you have any concerns about the information which might be accessed from or stored to your device by Vastmindz, you may wish to only access the Vastmindz service through a web browser.
23. Changes to our Privacy and Cookies Policy
This Privacy and Cookies Policy may be updated from time to time so you may wish to check it each time you submit personal information to Vastmindz. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use Vastmindz websites to submit personal information to Vastmindz. If material changes are made to the Privacy and Cookies Policy, for instance affecting how we would like to use your personal information, we will notify you by placing a prominent notice on the website.
24. Contacting Vastmindz about this privacy and cookies Policy
If you any questions or comments about this privacy and cookies policy please contact:
Data Protection Officer
Vastmindz, 19 Heather Park Drive
Wembley, London, HA0 1SS.
25. Who is the Data Controller for the website?
The Data Controller is the person who decides what data will be collected, how it will be collected, who will access it, what it will be used for, how it will be secured and how long it will be kept.
The Data Controller is:
Mr Nikhil Sehgal
Last modified: 24 Dec 2022.