Privacy Policy

1. Important information and who we are

Mindset Technologies Limited (“Mindset”) respects your privacy and is committed to protecting your personal data. This privacy policy will explain how we process your personal data when you visit the Mindset Application(s) ("our app") (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

2. Purpose of this privacy policy

This privacy policy aims to give you information on how we collect and process your personal data provided to us through your use of our app and our website at

We don’t intend to collect personal data whilst you are on our app or website. Third-parties like Apple or Google may share personal data with us to facilitate your use of our services. If we do collect any of your personal data, it will be stored and processed in accordance with this privacy policy. We are, and continue to strive for ongoing compliance with all regulations and responsibilities under GDPR 2018 where possible.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we might provide, so that you are fully aware of how and why we are using your data. This privacy policy is in addition to other notices and privacy policies we provide, and is not intended to override them.

3. Controller

We (Mindset) are the Controller of your personal data. Mindset is a private limited company registered in England and Wales under company number 11092048 and we have our registered office at Mindset Technologies LTD, 3rd Floor, 5 Chancery Lane, London, England, WC2A 1LG.

4. Information Commissioner's Office (ICO)

We are registered with the ICO in the Register of fee payers. Our data protection registration number is ZA501157. The Register is available at here. The registered Data Protection Officer under ICO is Aaron Lin who may be contacted at

You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues ( You also have the right to complain to any supervisory authority in the EU Member State where you reside. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

5. Contact details

If you have any questions about this privacy policy or our privacy practices, please contact:

Mindset Technologies LTD 3rd Floor 5 Chancery Lane London England WC2A 1LG

6. Changes to the privacy policy

We keep our privacy policy under regular review. As we don’t collect your contact details, we may be unable to tell you when we’ve updated our privacy policy. We will however, highlight the fact we have updated it on this page, so you can be aware of any material changes that might affect you.

This version of the privacy policy was last updated on 26 January 2021.

7. Third-party links

Our app and website may include links to third-party apps, plug-ins and websites. As we don’t control or manage these platforms, we cannot be responsible for the content published on any such websites. Clicking on those links or enabling those connections may enable third-parties to collect or share data about you. We don’t control this and are not responsible for their privacy statements. When you leave our app and/or the website, we encourage you to read the privacy policy of every website and app you visit.

8. How is your personal data collected?

We use different methods to collect data from and about you. These include:

  • Direct interactions. Such as when you use our app or visit our website.
  • Automated technologies or interactions. When you interact with our app and/or the website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. Cookies and similar technologies may be used to collect this information.

9. How we use your personal data

We will only use your personal data when we need to and the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where you have consented to us processing your data.

10. The personal data we collect about you, our purpose and how we use it

Personal data or personal information means any information about a person from which they can be identified. It does not include data where the person’s identity has been removed (anonymous data).

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also described what our legitimate interests are where appropriate. We only use the minimum data from you required for the purposes of this App, and for the purposes laid out in our Privacy Policy, and our Terms and Conditions of use. You may request a copy of our Data Protection Impact Assessment by writing to if you would like further information regarding how we process your data in relation to use of our App.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on.

Type of personal data Description of personal data Purpose: How we use your personal data Lawful basis: Our reasons for collecting your personal data
Personal information Responses to questions provided in our app

Carry out analysis, market research and testing in relation to dementia

To facilitate your use of our services

Necessary for our legitimate interest to:

  • Study the tests outcomes to develop the algorithm and understand dementia further
  • Running and improving our app

Where we need to comply with a legal obligation.

Biometric data Behaviour demonstrated in our app’s interactive activities such as the balloon game

Carry out analysis, market research and testing in relation to dementia

To facilitate your use of our services

Necessary for our legitimate interest to:

  • Study the tests outcomes to develop the algorithm and understand dementia further
  • Running and improving our app

Where we need to comply with a legal obligation.

Special category data Information about your health and background provided during our app’s user journey Carry out analysis, market research and testing in relation to dementia

Where you have consented to us processing your data.

Where we need to comply with a legal obligation.

Contact information Your name, addresses, e-mail addresses, phone numbers and other contact details

To contact you where you have made direct communication with us such as through our website

To update the records, we hold

Carry out analysis, market research and testing in relation to dementia

Necessary for our legitimate interest to:

  • Contact individuals who have contacted us

Where we need to comply with a legal obligation.

We also collect, use and share "aggregated data" such as statistical or demographic data. Aggregated data may come from your personal data, but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Mindset may process special category data about you whilst using our app. Special category data means details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We request your explicit consent at the outset of our app before processing any special category data. Mindset cannot use any special category data you may provide to identify you as a person. We request that you do not provide any sensitive personal data on our website, as the “sign-up” option is for general enquiries only.

Mindset uses TrueDepth API to automatically collect information to track the facial expressions of the user for a period of approximately 20 seconds. Mindset uses this data to attempt to determine the emotions displayed by a user in response to a stimulus provided by the app. No personal data is collected during the test. Data is sent over HTTPS to a secure access-controlled database in our AWS account, which is encrypted at rest, and is not shared with any third parties. Mindset will require access to your microphone and/or camera to be able to use TrueDepth API.

TrueDepth API does not capture or store any personally identifiable information through the app nor does it record any unique facial features. TrueDepth API only provides to Mindset a set of numbers that relate to movement areas of the user’s face (such as “left eyebrow raised”). TrueDepth API is not used for any clinical setting and not specifically targeting individuals with dementia or any other health conditions.

As we aim not to collect your personal data in our app, it may be difficult for us to meet all your requests such as when exercising your data subject rights. Where possible, we will act to ensure your rights are met in a timely manner. You may request a copy of our Data Protection Impact Assessment by writing to if you would like further information regarding your rights in relation to use of our App.

11. Who we share your data with

We may only disclose your personal data if we are required to do so by applicable law and regulation. This may include third-parties that support our business, such as Amazon and Apple. Other third-parties may have access to your aggregated data, but will be unable to use the data to identify you. For example, we may share information about the number of users who have declared they are prescribed to a particular drug as asked on our app.

12. Change of purpose

We will only use your personal data for the purposes for which we collect it, unless we identify that any new purpose is compatible with the existing processing purpose.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

13. Data security

We will put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in a way it shouldn’t be, changed or shared. These methods include:

  • the pseudonymisation and encryption of personal data;
  • ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data quickly in the event of or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We will also limit access to your personal data to employees, agents, contractors and other third parties who need to see it. They will only process your personal data on our instructions and they will keep your personal data confidential.

We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law. The named Information Security Officer, with the equivalent title of Clinical Safety officer, is James Allardice who may be contacted at

14. Data retention

We will not keep your personal information for longer than we need it, for the purposes for which it was collected and is processed and for the purposes of meeting our legal, accounting or regulatory reporting requirements.

To decide on determine the appropriate retention period for personal data, we consider a number of factors, including:

  • amount, nature, and sensitivity of the personal data
  • the potential risk of harm to you that might be caused from unauthorised use or disclosure of your personal data
  • purposes for which we process your personal data
  • whether we can achieve those purposes without processing your personal data
  • any applicable legal requirements.

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. Data is retained for the purposes of legitimate interests and business purposes only, and will be appropriately destroyed once these purposes have been satisfied.

15. Where we store your personal information and international data transfers

The personal data that we hold about you will be stored in the UK and the European Economic Area (EEA), but may also be transferred to or stored at a destination outside the UK or EEA.

When we transfer your data to third party service providers based outside the EEA, we will be conducting a transfer of data outside the EEA. We ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • where we use certain service providers, we may use specific contracts (known as Standard Contractual Clauses) approved by the European Commission which give personal data the same protection it has in Europe, as well as any additional security measures as required.

We will make sure we meet any future requirements the UK or the EU provide following the UK’s exit of the EU, including (but not limited to) the legal safeguards discussed above.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

16. Your legal rights

Under certain circumstances, you have rights under the relevant data protection laws in relation to your personal information. The rights include:

Right to rectification

If your personal information is incorrect or incomplete any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.

Right of access

You have a right to:

  • request a confirmation from us that we are processing your personal information;
  • access your personal information held by us and request a copy (unless providing a copy adversely affects the rights and freedoms of others);
  • obtain certain information about how we process your personal information, categories of personal information processed, recipients or categories of recipients who receive personal information from us; and
  • request how long we store your personal information for and the criteria we use to determine retention periods.

Right to be informed

You have a right to be informed:

  • how your personal information is being processed;
  • how long it will be stored for;
  • the legal basis for processing;
  • recipients (or categories of recipients) of your personal information; and
  • whether personal information must be provided under statute or for another reason and the consequences of not providing the personal information to ensure the fair and transparent processing of your personal information.

Right to restrict processing under certain circumstances

You have a right to restrict processing under certain circumstances:

  • if you contest the accuracy of your personal information, we may restrict its processing, until we can verify its accuracy;
  • if the processing is unlawful;
  • If we no longer need to process your personal information, unless we still need your personal information for the establishment, exercise, or defence of legal claims; and
  • if you object to processing that relies on public interest or our (or third party’s) legitimate interest as the lawful processing ground.

Right to data portability

You have a right to receive from us a copy of your personal information in commonly used and machine-readable format and store it for further use on a private device.

You have a right to transmit personal information to another third party; or have your personal information transmitted directly from one third party to another where technically possible.

Right not to be subject of automated processing

You have a right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.

Right to object to processing

You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.

If you wish to exercise any of the rights set out above, please contact

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.