Data Processing Addendum

When your organization uses InterMIND under its own agreement with us, your organization is the data controller and we process personal data on its behalf as the data processor. For that relationship we make a Data Processing Addendum (DPA) available. This page explains what the DPA covers and how to get a signed copy. It is a summary — the DPA itself is the binding document.

Parties

  • Processor (Service Operator and Contracting Entity): Golden Fish CSP LLC (UAE), operating InterMIND. Publisher and Intellectual Property Owner of the Service: MindMeeting OÜ (Estonia).
  • Controller: your organization.
  • EU/EEA representative (Article 27 GDPR): MindMeeting OÜ, Juhkentali 8, Tallinn 10132, Estonia, acts as our representative in the European Union under Article 27 GDPR. Contact: privacy@mind.com.

What the DPA covers

The DPA governs the personal data we process to provide the Service on your behalf:

  • Subject matter and duration: provision of the InterMIND meeting and translation service for the term of your agreement with us.
  • Nature and purpose: hosting and transmission of meetings (audio and video), realtime speech transcription and translation, chat, document translation, an optional post-meeting AI summary, billing, and support.
  • Categories of data subjects: your users and their meeting guests, including external invitees.
  • Categories of personal data: account data (email, name, photo), meeting metadata, speech transcriptions (including speaker names), chat messages and attachments, recordings, and billing data. The Service does not require special categories of data; meeting content may incidentally contain anything participants choose to discuss.

Our commitments as processor

The DPA reflects the Article 28(3) GDPR obligations, including:

  • We process personal data only on your documented instructions.
  • Our personnel are bound by confidentiality.
  • We apply appropriate technical and organizational security measures.
  • We use subprocessors under a general written authorization and give at least 30 days' prior notice of any addition or replacement, so you can object on reasonable data-protection grounds. The current list is published at /legal/subprocessors.
  • We assist with data-subject requests. Deletion and export are self-service in the product; we assist with the rest.
  • We notify you of a personal data breach affecting your data without undue delay and in any event within 72 hours of becoming aware of it.
  • On termination we delete or return your personal data, subject to backup aging.

We do not currently hold SOC 2 or ISO 27001 certification. On request we provide a security questionnaire and our compliance documentation instead.

International transfers

Processing happens in the EU by default (see the subprocessor list for provider regions). Where a provider's corporate entity is outside the EU/EEA, transfers are covered by Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework (DPF), together with supplementary technical measures such as encryption in transit and at rest. Because InterMIND is operated from the UAE, the specific Chapter V mechanism and SCC module are confirmed per customer when the DPA is signed.

Requesting a signed copy

The DPA is signed per customer, so we adapt the international-transfer terms to your situation before signature — it is not a self-serve download. To request a copy for review or signature, email privacy@mind.com with the subject "DPA request".