1. Introduction
This Privacy Policy explains how Mindflow Interactive processes personal data through its website and associated communications. We are the controller of personal data processed through the website unless we expressly state otherwise.
Contact: contact@mindflow-interactive.com.

2. Controller Details Controller:
Mindflow Interactive. Registered office: The Black Church St. Mary's Place Dublin Dublin 7 D07 P4AX Co. Dublin Company registration number: 810600 Contact email for privacy matters: contact@mindflow-interactive.com.

3. Categories of Personal Data
We may process identification and contact data, such as name, email address, organisation name, and any information you include in messages submitted through contact forms or direct email. We may also process technical and usage data, such as IP address, browser type, device information, referring pages, timestamps, security logs, and website interaction data, subject to the technologies actually used on the website.

4. Sources of Personal Data
We collect personal data directly from you when you contact us, submit a form, correspond with us, or otherwise interact with the website. We may also receive limited technical data automatically from your device or browser, and from service providers involved in hosting, security, website delivery, or analytics, where applicable.

5. Purposes of Processing and Legal Bases
We process personal data to respond to enquiries, manage communications, evaluate business opportunities, maintain website security, prevent abuse, operate and improve the website, and comply with legal obligations. Depending on the context, our legal bases may include
Article 6(1)(b) GDPR where processing is necessary to take steps at your request prior to entering into a contract, Article 6(1)(c) GDPR where processing is necessary for compliance with a legal obligation,
Article 6(1)(a) GDPR where consent is required, and Article 6(1)(f) GDPR where processing is necessary for our legitimate interests, including website administration, security, fraud prevention, and proportionate business communications. Where consent is required by law, including for certain non-essential cookies or similar technologies, we rely on consent and provide a mechanism to manage preferences.

6. Legitimate Interests
Where we rely on legitimate interests, those interests may include running and protecting our website, receiving and responding to genuine business enquiries, maintaining records of communications, understanding how our website is used at an appropriate level, and preventing misuse or malicious activity. Where required, we assess whether those interests are overridden by your interests, rights, or freedoms.

7. Recipients and Processors
We may share personal data with carefully selected processors and service providers who support website hosting, content delivery, security, analytics, communications, technical maintenance, and professional advisory services, but only to the extent necessary for those purposes. We may also disclose personal data where required by applicable law, regulation, court order, or valid request from a competent authority, or where disclosure is reasonably necessary to establish, exercise, or defend legal claims.

8. International Transfers
Some service providers may process personal data outside Ireland or outside the European Economic Area. Where this occurs, we seek to ensure that appropriate safeguards are implemented in accordance with applicable data protection law, such as an adequacy decision, the European Commission’s Standard Contractual Clauses, or another lawful transfer mechanism.

9. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including to respond to enquiries, maintain appropriate business records, resolve disputes, enforce legal rights, and comply with legal, tax, accounting, or regulatory requirements. Retention periods vary depending on the nature of the data, the context in which it was collected, and the legal or operational need to keep it.

10. Your Rights
Subject to applicable law, you may have the right to request access to your personal data, request rectification, request erasure, request restriction of processing, object to processing, request portability of data, and withdraw consent at any time where consent is the legal basis. To exercise your rights, contact us at contact@mindflow-interactive.com. We may ask for information necessary to verify your identity before acting on a request.

11. Complaints
If you believe that your data protection rights have been infringed, you may lodge a complaint with the Data Protection Commission in Ireland, without prejudice to any other administrative or judicial remedy available to you.

12. Security
We use technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. However, no website, transmission, or storage environment can be guaranteed to be completely secure.

13. Children
This website is not directed to children, and we do not knowingly collect personal data from children through the website in the ordinary course of our activities.

14. Automated Decision-Making
We do not use the website to carry out solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, unless we expressly state otherwise.

15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The latest version published on the website will apply from its stated effective date.