Data Protection and Privacy Policy

 

This Data Protection and Privacy Policy describes how the Mandat International website (hereafter referred to as the “Website”) collects and processes personal data. The Website has been designed to comply with the principle of data protection by design and by default, as well as with the applicable European data protection regulations. The Data Controller is the foundation Mandat International located in Geneva, Switzerland. More information is available on the DP-ID record of this website.

Data Minimization

The Website avoids collecting unnecessary personal data and follows “data protection by design” and “data minimization” principles with regards to data collection.

Purpose and Use of Collected Information

The Website processes personal data for the sole purposes of its aims, activities and services, including:

  • Delivering services mentioned in the Website;
  • Contacts, interactions with users of the Website;
  • Where applicable, administrative processes, invoicing and billing of users of Mandat International services;
  • Improving users experience and the quality of delivered services;
  • Authenticating, securing and collecting statistics on remote connections.

How Data Can Be Collected

The Website can receive information and personal data through its web interface, email notifications, and other interactions means, and may include:

  • Information provided by the users when using our services;
  • Information provided by users’ devices for connectivity, such as your IP address;
  • Cookies and similar technologies, whose use is voluntarily limited and minimized on the Website.

Cookies Policy

The Website does not store any cookies. However, it uses temporary JSON Web Token (JWT) to serve as user session while using the Website.

Policy Towards Children

The Website is not directed to minors of age. Minors of Age shall have a parental agreement before sharing any personal data with us. Anyone who becomes aware that someone under 16 years of age has provided us with personal data without parental agreement should inform us and we will delete the related data.

Data Storage and Retention Period

The Website servers are located in Europe. The data retention period is minimized and data that are not useful anymore are deleted. The data retention period is determined by taking into account the legal, security, management, anonymized statistics and other legitimate interests.

Sharing and Transfer of Information

Personal data are processed with care and our policy requires to avoid any unnecessary data transfers to third parties or to geographic locations that may expose personal data at risk. Personal data may be shared in the following cases:

  • With the Website processors and partners for its services and activities, such as online payment solutions, onsite registration processes, or data storage infrastructure. The list of data processors is available by simple request to the data protection officer.
  • When required by law or for legitimate purpose, such as protecting the legal rights and safety of the application, its partners, and the users of its services.

Security

The Website uses physical, technical, and administrative measures to safeguard personal information in its possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while the Website strives to protect the information it processes, this should not be taken as a warranty. If you identify any weakness in our security, please inform us.

Data Subject Rights

Users have rights on their personal data. They can contact our data protection officer in order to assert your rights as a Data Subject, including the right to access, rectify, erase your personal data; the right to withdraw consent and to restrict or object to the processing of your personal data; and the right to portability of your personal data. Data Subjects also have the right to lodge a complaint with a supervisory authority in case their rights would be violated.

Changes to this Policy

Mandat International may revise this Privacy Policy from time to time and make changes at its sole discretion. The most current version of the policy will govern the use of processed information and will be available on the Website. By continuing to access or use the services after those changes become effective, the user agrees to be bound by the revised Privacy Policy.

Data Protection Officer and Contact

A Data Protection Officer (DPO) and supervising expert is entrusted to handle privacy related questions on the Website and can be contacted as indicated on the Contact Page.