Privacy Policy for MindsForest
Effective Date: 21 May 2024
Last Updated: 11 June 2025
1. Scope of this Privacy Policy
This Privacy Policy applies to all personal and non-personal data collected and processed by MindsForest in its role as a sample supplier and data processor for market research purposes.
This includes data collected through:
- Our website (accessible globally)
- Proprietary opt-in panel recruitment and management
- Market research activities (surveys, interviews, and related engagements)
- Communication channels (email, phone, and third-party platforms)
- Partnerships and vendor collaborations
MindsForest operates in compliance with applicable data protection laws, including:
- General Data Protection Regulation (GDPR – EU/UK)
- California Consumer Privacy Act (CCPA/CPRA – USA)
- India Digital Personal Data Protection Act (DPDP)
- Other applicable regional data protection laws
2. Role of MindsForest
MindsForest primarily acts as a Data Processor, processing personal data on behalf of research agencies and end clients (Data Controllers).
- We do not independently determine the purpose of research studies
- We do not sell personal data
- We process data strictly for respondent recruitment, survey participation, and quality control
3. Information We Collect
A. Personal & Panel Data
- Full name, email address, and phone number (where applicable)
- Demographic details (age, gender, location)
- Professional information (company name, job title, industry)
B. Research Participation Data
- Responses to surveys (open-ended and close-ended)
- Audio, video, or written inputs (only with explicit consent)
C. Technical & Usage Data
- IP address and approximate geolocation
- Device identifiers, browser type, and operating system
- Cookies and usage analytics
D. Sensitive Personal Data
In specific research contexts (e.g., healthcare studies), sensitive data may be collected only:
- With explicit, informed consent
- Under enhanced security and access controls
4. Legal Basis for Processing
We process personal data based on:
- Explicit consent (panel registration and survey participation)
- Legitimate interests (fraud detection, quality assurance, panel integrity)
- Contractual necessity (fulfilling client research requirements)
5. How We Use Your Information
Personal data is used strictly for:
- Respondent recruitment and survey participation management
- Panel administration and engagement
- Quality control, validation, and fraud prevention
- Operational improvements related to survey delivery
We do not use personal data for independent profiling, decision-making, or marketing beyond consented communication.
6. Data Sharing and Disclosure
We do not sell personal data.
A. Research Clients (Data Controllers)
- Typically in anonymized or pseudonymized format
- Identifiable data is shared only when explicitly required and agreed
B. Sub-processors / Service Providers
- Cloud hosting providers
- Survey platforms and technical infrastructure vendors
All sub-processors are bound by strict data protection agreements.
C. Legal Authorities
Where required to comply with applicable laws or regulations.
7. International Data Transfers
Given the global nature of research, data may be transferred across jurisdictions.
We ensure appropriate safeguards, including:
- Standard Contractual Clauses (SCCs)
- Secure encrypted data transfer mechanisms
8. Data Retention Policy
We retain personal data only for as long as necessary to:
- Fulfill research project requirements
- Meet legal and contractual obligations
Typical retention period: 6 to 24 months, after which data is:
- Securely deleted, or
- Anonymized for archival purposes
9. Data Security Measures
We implement industry-standard security controls, including:
- Encryption (SSL/TLS in transit; secure storage practices)
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Secure servers and monitored infrastructure
- Regular vulnerability assessments and security reviews
- Defined incident response and breach management protocols
10. Your Data Rights
Subject to applicable laws, individuals have the right to:
- Access their personal data
- Request correction of inaccuracies
- Request deletion (right to be forgotten)
- Restrict or object to processing
- Withdraw consent at any time
Requests can be submitted via: privacy@mindsforest.com
11. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Survey functionality and session management
- Fraud detection and quality assurance
- Performance monitoring and analytics
Users may manage cookie preferences via browser settings.
12. Children’s Data
Personal data of minors is collected only where explicitly required for research purposes and always subject to:
- Parental or guardian consent
- Applicable legal requirements
13. Data Breach and Incident Management
MindsForest maintains a structured incident response framework to:
- Detect and contain potential breaches
- Assess impact and risk
- Notify clients within contractually agreed timelines
- Take corrective and preventive actions
14. Employee Training and Confidentiality
- Employees undergo periodic data protection and compliance training
- All personnel and partners are bound by confidentiality agreements
15. Updates to this Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in legal, regulatory, or operational requirements. The latest version will always be available on our website.
16. Contact Information
MindsForest50,51, 2nd Floor,
Regal Building, Outer Circle, New Delhi,
New Delhi-110001
For general inquiries: info@mindsforest.com
For data protection and compliance matters: compliance@mindsforest.com
For data subject requests: privacy@mindsforest.com