MINT Privacy Policy
LAST UPDATED: July 2024

Dear User,
This privacy policy is provided not only to comply with legal obligations relating to the
protection of personal data – Regulation (EU) 2016/679 (hereinafter “GDPR”), Italian
Legislative Decree (D.Lgs.) No 196/2003, as updated by D.Lgs. 101/2018 (or “Data Protection
Code”) and significant orders issued by the Data Protection Authority and other privacy
laws that may apply to our processing of your personal data in other countries, including
the United States. But in addition, we provide you this notice because MINT S.p.A
(hereinafter also “MINT” or the “Company”) believes that the protection of personal data is
a fundamental value of its activities and wishes to provide all information which can help
you to protect your confidentiality and control the use you make of your personal data
when navigating the mint.ai website (hereinafter the “Website”).

Personal data are information relating to an identified or identifiable natural person
defined “data subject” (hereinafter also “User”), including for example name, surname and
navigation data.

This Policy describes our collection and use practices.

1. DATA CONTROLLER

The Data Controller is MINT S.p.A., in the person of its legal representative, with its registered office via Ripa di Porta Ticinese 113, 20143 - Milan, Italy (“Company” or “Data Controller”).

2. DATA PROTECTION OFFICER

Due to the processing activities carried out, the Data Controller has deemed it necessary
to appoint a Data Protection Officer, who can be reached by writing to the email address
[email protected].

3. SOURCE AND TYPES OF DATA PROCESSED, PURPOSE OF THE DATA PROCESSING AND LEGAL BASIS

The processed personal data is collected mainly on the User’s device when navigating on the Website or using the services made available by the website. This privacy policy analyses the personal data processed in the different sections of the Website and governs exclusively the processing of personal data on the Website and not any other websites the User may be redirected to. The data collected by the Website are processed mainly using electronic means, with software and IT procedures suited to guaranteeing the technical and IT security measures (e.g. the implementation of the https transmission protocol to transfer information entered in the Website).In order to allow you to use the Website and its services, including the possibility ask for a demo of our products, get a product tour and contact us (collectively, “Services”), the Data Controller needs to collect and process some of your personal data.

DATA YOU PROVIDE TO US

Using the Services.  To allow you to use the Services, the Data Controller needs to collect your name, your business email address, your job title, your company and the annual media spend (optional).  You may also provide this information to us to ask for a demo of our products, get a product tour and contact us through the Website.
Communicating With Us.  The optional, explicit, and voluntary sending of mail involves the collection of your name, your surname, your email address, as well as other personal data included in the requests you submit.

LEGAL BASIS
The legal basis for our processing of the above types of personal data is to take steps at the request of the data subject prior to entering into a contract (in case of trial period of MINT Solutions) or the performance of a Contract (Art. 6 (1) (b) of the GDPR).

NATURE OF PROVISION OF THIS PERSONAL DATA
The provision of personal data for the above-mentioned processing purposes is optional but necessary, since failure to provide such data will make it impossible for the User to use the services provided by the Data Controller. 

DATA RETENTION PERIOD
Regarding data voluntarily shared by the User, MINT not being able to predetermine in advance their retention period, as they will be connected to the duration of the Agreement for the provision of the Services. The Data Controller commits as of now to inspire its processing to the principles of adequacy, accuracy, and minimization of data, as required by the GDPR, checking annually the need for its retention. This, except in the case where it is necessary to maintain such data to fulfill regulatory obligations, or to ascertain, exercise or defend a right in court.

Subscribe MINT’s Newsletter

In the Website homepage there is a box that permit to the user to submit a request for subscription to the promotional newsletter relating to the MINT’s products. This section collects the email address of the User.

LEGAL BASIS
Consent of the User (Art. 6 (1) (a) GDPR) having entered e-mail address in the specific box. This consent is expressed by clicking the button “SIGN UP” and can be withdrawn at any time, without compromising the lawfulness of the processing performed prior to withdrawal, following the instructions given in the “Rights of the data subject” section or clicking the button “Unsubscribe” at the bottom of each newsletter sent.

NATURE OF THE PROVISION
The provision of your personal data for the purpose above is optional. Failure to authorize its processing would make it impossible for the Users to subscribe the MINT’s newsletter.

DATA RETENTION PERIOD
Until withdrawal of consent by the User.

DATA COLLECTED AUTOMATICALLY FROM YOUR DEVICES

The computer systems and software procedures used for the Website operations acquire, during their normal functioning, some personal data whose transmission is implicit in the use of Internet communication protocols. MINT Solutions collects personal data automatically from your devices for the following purposes:

Functioning and Statistics of the Services. Website collects certain data automatically
from your devices, for the sole purpose of obtaining statistical information on the use of
Website (e.g., most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the Services. This data we collect forthese purposes includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time ofthe request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the
server (e.g., successful, error, etc.) and other parameters regarding the operating system
and computer environment.

Cookies. We automatically collect certain information when you visit, use or navigate the Services. For more information about the use of cookies used in our Services and the choices you have, please see the specific section of this policy.

LEGAL BASIS
The legal basis for the purpose above is the legitimate interest of MINT Solutions (Art. 6 (1) (f) of the GDPR) to maintain the security of MINT Solutions and ensure that they are not used in a way which may harm the rights of others or as a channel for the commission of crimes or fraud (see recital 47 of the GDPR). Furthermore, according to the “Guidelines on the use of cookies and other tracking tools - 10 June 2021”, the use of any technical cookie and/or technical tracking tool made by Data Controller indeed falls within the scope of one of the legally permitted exemptions from the obligation to obtain the data subject’s consent. 

NATURE OF THE PROVISION
Except as indicated otherwise in our Cookies Policy, the provision of your personal data for the purpose above is mandatory. Failure to authorize its processing would make it impossible to access MINT Solutions and use the Services. Furthermore, failure to authorize its processing would make it impossible to guarantee network and information security.

DATA RETENTION PERIOD
The navigation data acquired through the use of MINT Solutions will not be kept for more than 6 (six) months.  The browsing data does not persist for more than 6 (six) months, except for the possible need to ascertain crimes by the judicial authorities.

Do-Not-Track Features (U.S. Residents only). Many web browsers and some mobile
operating systems and mobile applications include a “do-not-track” feature or setting you can activate to signal your privacy preference not to have data about your online
browsing activities monitored and collected. No uniform technology standard for
recognizing and implementing do-not-track signals has been finalized and, as such, we
do not currently respond to do not track browser signals or any other mechanism that
automatically communicates your choice not to be tracked online. We will update this
policy if that changes in the future. These features are not an alternative to the settings
you choice in our cookie banner.
DATA WE COLLECT FROM THIRD PARTIESWe may use third party service providers to help us with our day-to-day business
activities. Where we use third parties, they may share personal data about you with us. In addition, sometimes in the course of providing the Services, we will collect data from a third party – such as your employer – rather than directly from you.

OTHER PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL DATA
We may use any personal data we collect as described above for the following business purposes:

To develop our products and services.  We may use your personal data to further
develop our existing products and services, including artificial intelligence tools and features, or to develop new products and services.

To protect the Services, us, and others. We may use your personal data as part of our efforts to keep the Services safe and secure (for example, for fraud monitoring and prevention) and to protect others from harm or abuse.

To enforce our terms, conditions and policies.  We may use your personal data to
ensure you and others are complying with our terms, conditions and policies, including providing your information to law enforcement if we believe it is appropriate to do so and using your information in connection with legal proceedings brought by us or against us.

To respond to legal requests and comply with applicable law.  If we receive a subpoena, discovery request, or other legal request, we may need to review and evaluate your personal data and potentially provide your personal data in response to the request. We may also need to use your personal data as needed to comply with applicable laws and regulations.

For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve the Services, products, and your experience.

MINORS’ PERSONAL DATA

Our Services are not directed to minors under the age of 16 (or under the age of majority as determined by applicable, local law) and we do not intend to collect personal data from minors under the age of majority. If you believe that we inadvertently have collected personal data about your child, please contact us at [email protected] and we will promptly delete or de-identify this information. For clarity, we do not knowingly collect or sell the personal data of minors under the age of 16.

DE-IDENTIFIED AND AGGREGATE DATA

MINT may de-identify (as also referred to as “anonymize”) and aggregate data for its
business purposes, including but not limited to, to improve the products and features of its Services, to maintain the security and integrity of its systems, for analytics, and other legitimate business purposes. "De-identified Data" means information that cannot reasonably be used to infer information about, or otherwise be linked to a particular data subject. De-identified Data includes anonymized data and is no longer “personal data” under applicable data protection laws. Where we process De-identified Data, we commit to maintain and use the information in de-identified form and not attempt to reidentify the information, except where permitted by law. MINT may disclose De-identified Data to third parties who commit themselves to maintaining the De-identified Data in anonymized form and not attempt to re-identify the data for any business purpose.
The content of a cookie is limited to an identification number. Name, IP-address or other information regarding your true identity is only collected to the extent necessary for the operation of the functionality cookies (i.e., in connection with the log-in function).



Legal Basis.  The use of the cookies identified above is based on the consent (Art. 6 (1) (a) GDPR and 122 of the Data Protection Code) expressed by the User through the Consent Management Platform ("CMP") that allows by opt-in the granular expression of consent to the installation of the different cookies at the first access of the User. The User can change the consent expressed at any time by accessing the CMP and modifying his or her choices.

Managing Cookies and Withdrawing Consent.  We will obtain your opt-in consent to the use of the non-essential cookies and other tracking technologies on this website when you first access the website and if we introduce any new cookies to the website, unless they are essential cookies, in which case your consent is not required. When you visit this website, a pop up will appear to inform you about our use of such cookies. You can then consent by clicking on “Accept”, or you may refuse cookies (except necessary cookies) by clicking on “Continue without accepting”. You may alternatively click on the link to the cookie manager to visit our Consent Management Platform and decide the categories of cookies that you wish to accept, and the cookies you wish to reject.

You may withdraw your consent at any time with effect for the future.  If you deny cookies, we will not set those cookies on your device, except essential cookies and a cookie to remember that you don't want any cookies set when you visit this website.

If you have accepted cookies but want to deny them (withdraw your consent) for the future, you can delete the cookies in your website browser and the cookies window including the link to the cookie manager.

Cookies and Browser Settings. You can disable cookies by changing your website browser settings to reject cookies. How to do this will depend on the browser you use. Rejecting cookies will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit this website. All modern browsers allow you to change your cookie settings, typically by going to the ‘options’ or ‘preferences’ menu of your browser. Use the ‘Help’ option in your browser for more details.
Blocking all cookies (including necessary cookies) will have a negative impact upon the usability of many websites, including ours. If you block necessary cookies, you may not be able to use all the features on this website. You can also delete cookies already stored on your computer. However, deleting cookies might have a negative impact on the usability of many websites, including ours.

To find out more about cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

5. HOW YOUR PERSONAL DATA IS SHARED

The personal data processed will not be disclosed to third parties, but may, however, be shared in relation to the purposes of processing set out above to the following subjects:
  • Legal Requirements: those who can access the personal data according to legal provisions provided by the law of the European Union or the law of the Member State to which the Data Controller is subject, or other applicable laws
  • Service Providers: subjects that perform ancillary purposes to the activities and services referred to in this policy, including companies that offer IT infrastructures and IT assistance and consultancy services as well as design and implementation of software and websites, companies that offer services useful to customize and optimize our services, companies that offer data analysis and development services (including those related to user interactions with our services), service centers, companies or consultants responsible for providing further services to the Data Controller, within the limits of the purposes for which they were collected
  • Related Companies: data controllers belonging to our business group or entities linked to a central body exclusively for internal administrative purposes
  • Changes in Business Structure: we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The Data Controller may transfer your personal data to third countries outside the European Union, for the purpose of providing you the Services through the Website. Such transfer is always subject to an adequacy decision, under article 45 of the GDPR, or to the Standard Contractual Clauses, under article 46 of the GDPR. For more information about the rules for transferring data to countries outside the European Union, including the mechanisms on which we rely, you can visit the European Commission’s website here. To request a copy of the Standard Contractual Clauses signed by the Data Controller you can send an email to [email protected].

7. AUTOMATED DECISION-MAKING PROCESSING

The Data Controller does not use automated decision-making processes without your consent, including profiling as referred to in Article 22 paras. 1 and 4 of the GDPR.

8. DATA SUBJECTS’ RIGHTS

The rights described in this section apply to all users.

Right to Access and to Know — You have the right to access the personal data collected about you. You also may request to know the categories of personal data collected about you, the information or categories of information shared with third parties, or the specific third parties or categories of third parties to which the information was shared; or, some combination of similar information. However, there are certain exemptions, meaning that data subjects may not always receive all of the information we process.

Right to Correct — Without prejudice to your right to review or change the information in your account to make sure it is accurate and up-to-date, you also have the right to request rectification of any other of your personal data, provided to us if you consider it to be inaccurate or incomplete.

Right to Data Portability — Under certain circumstances, you may request us to transfer your personal data, provided by you, to another controller. Also, you have the right to receive your personal data, which have been provided by you, in a structured, commonly used and machine-readable format and to transmit those data to another controller.

Right to Delete / Erasure — You generally have a right to request your personal data or part of it to be erased (e.g., when your personal data are no longer necessary for the stated purposes in this policy, the personal data have been unlawfully processed); however, we may not always erase your personal data because sometimes the processing is still necessary. For example, for complying with statutory obligations or for lodging, exercising or substantiating legal claims. Therefore, we will weigh your interest in having your personal data erased against the necessity of maintaining the personal data for our legitimate interests. Please be aware that if you request us to delete your personal data, you may also not be able to continue to use the Services.

Right to Restriction Under certain circumstances, you may have the right to restrict a business’s ability to process personal data about the you. For example, if the accuracy of your personal data is contested, the processing is unlawful or personal data is no longer needed for purposes of the processing. However, we can still use restricted data in certain circumstances (e.g., when your personal data is needed for legal claims or to protect another data subject’s rights).

Right Against Automated Decision Making/ Profiling You may have the right to not be subject to a decision based solely on an automated process without human input.  However, please note that we will not process your personal data like this without your consent.

Right of Objection — Under certain circumstances, you may object to the processing of your personal data by us or third parties engaged by us. For example, you have the right to object at any time, on grounds relating to your situation, to the processing of your personal data carried out pursuant to Art. 6 (1), letter (e) or (f) of the GDPR, including profiling on the basis of these provisions, as stated in Art. 21 of the GDPR. In addition, where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you carried out for such purposes. We will consider several factors when assessing an objection to our processing in furtherance of our legitimate interests, including: our users’ reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Right to Withdraw Consent — If we have requested your explicit consent for data processing, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal.

Right to Opt Out of Sale or Sharing — Where applicable, in the U.S., you may opt out of the Sale or Sharing of personal data to third parties, as those terms are defined by U.S. federal, state and local laws.  We do not sell or share your personal data with third parties for the purposes of cross-context behavioral advertising, targeted marketing, or profiling.

Right of Complaint — If you believe that the processing of your personal data violates applicable laws and regulations, please contact us at [email protected].  We will always try to find a solution together. Should this not be possible, you have the right to complain to a Data Protection Authority about our processing of your personal data. If you are in the EEA, please contact your local Data Protection Authority in the EEA.  For contact details of your local Data Protection Authority, please see here.  

In addition, we will not discriminate against you if you exercise your privacy rights under any applicable privacy and data protection laws, including by:
  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
HOW TO SUBMIT A REQUEST TO EXERCISE YOUR RIGHTS

Submission of Requests.  You may submit a request regarding your personal data by:
  • In the U.S. you can call us at [include phone number].
  • Email us at [email protected] or [email protected] – please provide your name, telephone number, and type of request.
  • Mail us at [insert address]
EEA: Ripa di Porta Ticinese, 113, 20143 Milan, Italy
United States: 1251 Avenue of the Americas, 37th Floor, New York, NY 10020

What We May Need from You.  
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to someone who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Verifying Your Identity. To protect your privacy and security, we will take reasonable steps to verify your identity before providing your personal data and before deleting your information. Only you or someone legally authorized to act on your behalf may make a verifiable request related to your personal data. For example, if you make a request, we will ask you to confirm your name, email address, and/or other information we in our records to verify your identity, so that we can help protect your information.

Requests from Authorized Agents.  You may designate an authorized agent to make a request for you.  If you designate an authorized agent to make a request on your behalf, we may require you to verify your identity and provide the authorized agent’s identity and contact information to us.

Responses to Requests.  We will respond to your request as soon as possible, and no later than one month from receipt of your request. In doing so, we will also assess whether, and if so to what extent, we can or must comply with your request under the applicable laws. If a longer period of time is needed, we will inform you within one month of receipt of the request. The submission and processing of your request is free of charge, unless your request is manifestly unfounded or excessive, in particular because of a repetitive character.

California Shine the Light Notice
We provide California residents with the option to opt-in to sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, other than with our affiliates, for such third parties’ own direct marketing purposes. We do not share personal information with non-Affiliate third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law and/or withdraw previously given consent to sharing with non-Affiliate third parties for their direct marketing purposes by contacting using the methods in the How to Submit a Request to Exercise Your Rights section. Requests must include “California Direct Marketing Privacy Request” in your description of which right(s) you wish to exercise. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the provided e-mail address or mailing address.

9. HOW WE PROTECT YOUR PERSONAL DATA

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal data we collect, receive, use, or store, including measures designed to protect data transferred to different countries for use or processing in accordance with this privacy policy. We will do our best to protect your personal data taking into account the state of art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for your rights and freedoms posed by the processing. You should however access the Services within a secure environment.  If you believe your account has been compromised or you suspect any type of data breach, please contact us at [email protected]

10. UPDATES TO THIS POLICY

We may update this policy from time to time. The updated version will be indicated by the “Last Updated” date and the updated version will be effective as soon as it is accessible. If we make any material changes to the policy, we will notify you by reasonable means, which may be by email or posting a notice of the changes on our website prior to the changes becoming effective.  We encourage you to check this policy from time to time.

11. HOW YOU CAN CONTACT US ABOUT THIS POLICY

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) by email at [email protected].
ANNEX I – ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
This Annex summarizes how MINT processes personal data in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”). The terms used in this Annex 1 shall have the same meanings as given to them under the CCPA.

In the last 12 months, we have collected or received the following categories of Personal Information, where we have a legitimate interest, legal obligation or consent for processing:
MINT does not sell users’ personal data.