Privacy Policy – MindEarth S.r.l.
1. Introduction
Welcome to the Privacy Policy of MindEarth S.r.l. (“MindEarth”, “we”, “us”).
This notice explains how we collect, use, store and protect personal data related to our users, customers and partners, including high-frequency mobility data (HFLBMD – High Frequency Location-Based Mobility Data) acquired from third parties.
By accessing or using our website, applications or services, you confirm that you have read, understood and accepted this policy. If you disagree, you are invited not to use our services.
2. Who we are
MindEarth S.r.l.
Registered office: Corso Vittorio Emanuele II, 30 – 20121 Milan (MI), Italy
VAT no.: 12983520961
Website: www.mindearth.ai
Email: [email protected]
MindEarth is the data controller of personal data pursuant to Regulation (EU) 2016/679 (GDPR) and applicable Italian data protection law, for the purposes indicated in this notice.
For any questions or to exercise your rights, you may contact our Data Protection Officer (DPO) at: [email protected].
3. What data we process
3.1 Mobility data acquired from third parties (HFLBMD)
MindEarth acquires mobility data from third-party providers, supplied in pseudonymised or aggregated form, which may include:
- Anonymized technical identifiers (e.g., advertising IDs, hashed IDs, pseudonymous codes);
- Geolocation data (GPS coordinates, timestamps, frequency and movement patterns);
- Mobility behavioural data, such as dwell times, visit frequency and anonymous trajectories;
- Device-related technical data (type, operating system, resolution, time zone).
These data are provided by third-party partners (data providers) who collect information in compliance with applicable laws, ensuring that users have given informed consent or that processing relies on a valid legal basis (e.g., legitimate interest) or concerns anonymous data.
MindEarth never processes data that directly identifies individuals (e.g., name, surname, email, phone).
However, for the analysis, processing and modelling purposes described below, carried out on behalf of MindEarth’s clients, the mobility data may be integrated and modelled together with other data provided by the same clients, including pseudonymised data and anonymized, aggregated or statistically representative information.
3.2 Data collected directly from you
When you use our website or interact with us, we may collect:
- Contact details (name, surname, email, company, role);
- Browsing data (IP address, browser, device, pages visited, technical logs);
- Cookies and similar technologies (for technical, analytical and — with consent — profiling purposes);
- Voluntarily provided information (e.g., contact forms, event registration, newsletter sign-up).
4. Purposes of processing and legal bases
Purpose of Processing | Types of Data | Legal Basis |
Service delivery and management | Contact and technical data | Contract performance or pre-contractual steps |
Analysis, processing and modelling of mobility data (HFLBMD) for statistical, research or territorial insight purposes | Mobility data from third parties | Consent |
Security management, monitoring and improvement of the website and services | Technical and browsing data | Legitimate interest (cybersecurity, optimisation) |
Commercial and marketing communications via email (newsletter, events, demos) | Contact data, preferences | Consent |
Legal and regulatory compliance | All relevant data categories | Legal obligation |
4.1 Processing based on consent
In certain cases, MindEarth processes personal data based on the explicit consent of the data subject under Articles 6(1)(a) and, where applicable, 9(2)(a) of GDPR.
This applies primarily to the analysis, processing and modelling of mobility data (HFLBMD) for statistical, research or territorial insight purposes. These activities may also be carried out for third-party clients to whom anonymous or aggregated output is provided—possibly by combining mobility data with other data supplied by the client and/or publicly available data.
MindEarth develops proprietary algorithms which generate final outputs consisting of aggregate mobility tables.
Consent for the collection of mobility data, its transmission to MindEarth and its subsequent use is freely given by the data subject through an “opt-in” mechanism in a consent management platform, compliant with the IAB Transparency & Consent Framework, embedded within the app in use. No consequences arise if consent is not provided.
In accordance with Article 14 GDPR, this privacy notice is made available to the data subject directly at the time of collection by our partners, through a dedicated link shown prior to consent, ensuring full transparency.
Consent is also required for receiving marketing and commercial communications via email (e.g., newsletters, event invitations).
4.2 Processing based on legitimate interest
In some cases, MindEarth processes personal data based on its legitimate interest pursuant to Article 6(1)(f) GDPR.
This legal basis is used only when:
• processing concerns pseudonymised technical data that does not allow direct identification;
• processing is necessary for statistical purposes, security, fraud prevention or improving our services;
• a Legitimate Interest Assessment has been carried out, demonstrating that the rights and freedoms of data subjects do not outweigh MindEarth’s legitimate interest.
Data subjects may object at any time to processing based on legitimate interest under Article 21 GDPR by contacting MindEarth using the details in this notice.
5. How we use mobility data (HFLBMD)
Mobility data provided by partners are used by MindEarth for:
• Statistical analyses of movement flows, density and territorial behaviours;
• Development of socio-spatial indicators and predictive models (e.g., urban mobility, retail analytics, urban resilience);
• Research and innovation projects for public or private entities (e.g., utilities, public administrations, telecom, healthcare);
• Production of aggregated, non-identifying territorial datasets and insights.
As noted above, these data may be integrated and modelled with other data supplied by our clients.
MindEarth never attempts nor allows any form of re-identification and adopts strict technical and contractual safeguards to prevent any risk of tracing data back to individuals.
6. Data sharing
MindEarth may share data with:
• Mobility data providers (data partners) under compliant contractual arrangements (e.g., Pickwell, Cuebiq or equivalents);
• IT and cloud service providers acting as data processors (hosting, data warehouse, analytics);
• Legal advisors or public authorities, if required by law or legal proceedings;
• Institutional or corporate clients, exclusively in aggregated and anonymized form, following processing for the purposes described above.
All parties are bound by confidentiality agreements and, where applicable, data processing agreements under Article 28 GDPR.
7. Data transfers outside the EU
If data is transferred outside the European Economic Area (EEA), MindEarth ensures—where no adequacy decision exists—the adoption of European Commission Standard Contractual Clauses (SCCs) and appropriate technical and organisational measures to ensure an equivalent level of protection.
8. Data security
MindEarth applies technical and organisational security measures to protect data against loss, misuse, unauthorised access or disclosure. These include encryption, pseudonymisation, authenticated access, periodic audits, and controlled data retention policies.
9. Data retention
Data is stored only as long as necessary for the purposes for which it was collected.
• Mobility data (HFLBMD): up to 12 months from acquisition, then permanently anonymized or aggregated;
• Contact data for contractual purposes: until the end of the contract and thereafter for legal obligations;
• Marketing-related contact data: up to 24 months or until consent withdrawal;
• Technical/log data: up to 12 months for security or diagnostics.
10. Your rights (Arts. 7, 15–22 GDPR)
You have the right to:
• withdraw consent at any time, without affecting prior lawful processing;
• obtain confirmation and access your personal data;
• request rectification or updates;
• request deletion (“right to be forgotten”);
• restrict processing;
• object to processing on legitimate grounds;
• request data portability.
To exercise your rights, write to [email protected] or [email protected].
You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
11. Cookies and similar tools
Our website uses technical, analytical and profiling cookies.
A consent banner will appear on first access.
For more details, please see our Cookie Policy.
12. Minors
MindEarth does not intentionally collect personal data from individuals under 16 years of age.
If you believe that a minor has provided personal data, please contact us to request immediate deletion.
13. Policy updates
MindEarth may update this policy to comply with regulatory changes or technological developments.
Any updates will be published on this page with the date of the last modification.
14. Contacts
For questions, notifications or to exercise your rights:
MindEarth S.r.l.
Corso Vittorio Emanuele II, 30
20121 – Milan (MI), Italy
Email: [email protected]
DPO: [email protected]
