MintIQ

MintIQ Privacy Policy

Effective date: 1 March 2025
Controller: MintIQ Group B.V. ("MintIQ Group", "MintIQ", "we", "us"), Piet Heinkade 55, 1019GM Amsterdam, the Netherlands.
Email (privacy & rights requests): privacy@mintiq.com

MintIQ Group is a group of companies providing business-to-business software and related services. This Privacy Policy explains how we process personal data when we act as a controller—for example, for our public websites, prospecting and business development, vendor and partner management, and corporate communications.

When we process customer data in the MintIQ SaaS products on behalf of our customers, we act as a processor and our Data Processing Agreement (DPA) governs that processing. Please refer to the DPA for those activities.

This notice is designed to meet Articles 13–14 GDPR transparency requirements.

1) Who we are and how to contact us

  • Controller: MintIQ Group B.V., Piet Heinkade 55, 1019GM Amsterdam, the Netherlands.
  • Data Protection Officer (DPO): You can contact our DPO at privacy@mintiq.com.
  • Supervisory authority: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). Guidance on submitting a complaint is available from the AP.

2) What data we collect (as controller)

We collect and process the following categories of data in a B2B context:

  • Business identity & contact data: name, employer, job title, business email, business phone.
  • Account & communications: account identifiers, authentication details (if you create a website account or subscribe to updates), correspondence and support inquiries.
  • Online identifiers & usage: IP address, device and browser information, pages viewed, time stamps, and interaction logs on our sites and marketing emails. Under EU law, IP addresses and similar identifiers are personal data when they relate to an identifiable person (e.g., when combined with other data).
  • Product interest and preferences: form submissions, event registrations, and your preferences for communications.
  • Billing and vendor records (B2B only): company billing contacts, invoices and payment records.

Note on "usage statistics": If usage statistics or telemetry can be linked to an individual user or device, they are treated as personal data. If we aggregate and irreversibly anonymize such data so no individual is identifiable, GDPR no longer applies to the anonymous dataset.

We do not offer services to consumers or knowingly collect data from children.

3) Why we process data and legal bases

We process personal data only where we have a lawful basis under GDPR. Here are our key purposes and legal bases:

Operate our websites & security

  • Examples: Load pages, prevent fraud/abuse, keep logs
  • Legal basis: Legitimate interests (IT security, service operability) (Art. 6(1)(f))

Answer inquiries & pre-contract steps

  • Examples: Demos, quotes, RFPs
  • Legal basis: Contract or pre-contract steps (Art. 6(1)(b))

B2B sales & relationship management

  • Examples: Contact prospective or existing corporate customers; CRM hygiene
  • Legal basis: Legitimate interests, balanced against your rights; you can object at any time (Art. 6(1)(f), Art. 21)

Direct marketing to business contacts

  • Examples: Newsletters about our services; event invites
  • Legal basis: Legitimate interests where permitted by law (Recital 47) and consent where required by ePrivacy rules; opt-out always honored

Analytics & product interest measurement

  • Examples: Understanding site content performance; improving UX
  • Legal basis: Legitimate interests; where cookies/trackers are not strictly necessary we seek consent

Legal & compliance

  • Examples: Accounting, tax, regulatory requests
  • Legal basis: Legal obligation (Art. 6(1)(c))

Consent-based uses

  • Examples: Non-essential cookies; optional sign-ups
  • Legal basis: Consent (Art. 6(1)(a)); can be withdrawn anytime

You have an absolute right to object to direct marketing at any time; we will then stop using your data for that purpose.

4) Cookies and similar technologies

We use cookies and similar technologies to operate our websites (strictly necessary cookies) and, with your permission, to measure usage and improve our services.

  • We will ask for consent before setting non-essential cookies (e.g., analytics, advertising).
  • Refusing must be as easy as accepting, and you can change or withdraw your choices at any time via our cookie banner or settings.

Detailed information about each cookie category and vendor appears in our Cookie Notice.

5) Sources of data

We obtain data directly from you (forms, emails, meetings), from your employer if you are designated as a contact, from automated interactions on our sites, and occasionally from public B2B sources (e.g., professional profiles, corporate websites) where lawful to do so.

6) Sharing and recipients

We share personal data only with:

  • MintIQ affiliates within the EEA, for group-level operations consistent with this policy.
  • Service providers (processors): e.g., Amazon Web Services (AWS) for EU hosting and Google Workspace for corporate email and collaboration. We configure EU data regions and controls where available.
  • Professional advisors and authorities where necessary (legal, accounting, compliance).
  • Prospective buyers or investors in a corporate transaction, under confidentiality.

For processing in our SaaS products on behalf of customers (processor role), see the Sub-processor List referenced in our DPA and updates thereto.

7) International data transfers

We host and process controller-side data primarily in the European Economic Area (EEA). We do not intentionally transfer personal data outside the EEA. If in the future a transfer is necessary (for example, specific support scenarios), we will implement appropriate safeguards (e.g., EU Standard Contractual Clauses) consistent with EDPB guidance on international transfers.

8) Retention

We keep personal data only as long as needed for the purposes above or to meet legal requirements:

  • Website logs and security events: typically up to 12 months unless an incident requires longer retention.
  • Sales and marketing records: no longer than 24 months after last meaningful interaction or until you opt out.
  • Contractual and billing records: retained to comply with Dutch tax/accounting laws (generally 7 years).

For customer data in the MintIQ SaaS products (processor role), retention and deletion follow the terms in our DPA (including post-termination deletion windows).

9) Your rights

Under GDPR, you have the right to access, rectify, erase, restrict, port your data, and to object to processing based on legitimate interests, including an absolute right to object to direct marketing. You can also withdraw consent at any time (where processing is based on consent). We respond within one month of receiving your request (extendable by two months for complex or multiple requests).

To exercise your rights, email privacy@mintiq.com. We may ask for information to verify your identity, as permitted by law.

You also have the right to lodge a complaint with your local supervisory authority, including the Autoriteit Persoonsgegevens in the Netherlands.

10) Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means in our controller-side activities. If this changes, we will provide required information about the logic and consequences and ensure appropriate safeguards.

11) Security

We apply appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit and at rest, and security monitoring. Details for customer data processed in our SaaS products are described in our DPA and security documentation available to customers.

12) Our roles (controller vs. processor) and minimising overlap with the DPA

  • Controller: MintIQ Group B.V. acts as controller for website operations, corporate communications, and business development described in this policy.
  • Processor: For data you or your organisation upload to our SaaS products, we act as processor and the DPA governs (including sub-processors, breach notifications to customers, audits, data deletion). We avoid duplicating those processor-specific obligations here; please consult the DPA.

13) Legal bases and expectations in B2B marketing

GDPR Recital 47 recognises direct marketing may be carried out on a legitimate-interest basis, subject to a proper balancing test and compliance with ePrivacy rules (which often require consent for unsolicited electronic marketing). In all cases, your right to object to direct marketing is absolute, and we will honour it.

14) Third-party sites

Our websites may link to third-party sites. Their privacy practices are governed by their own notices.

15) Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the updated version with a new "Effective date" and, where appropriate, notify affected stakeholders.

Contact us: privacy@mintiq.com • MintIQ Group B.V., Piet Heinkade 55, 1019GM Amsterdam, the Netherlands.

Questions?

If you have any questions about this Privacy Policy, please contact us.

Email Privacy TeamBack to Home