Data Processing Overview

DPA Summary

Transparent Data Processing Practices

Mindpex processes personal data strictly on behalf of its enterprise clients.

This page provides a high-level overview of how data is handled within the Mindpex platform.

A detailed Data Processing Addendum (DPA) is executed as part of enterprise agreements.

Roles and Responsibilities

In the context of data protection laws:

  • The Client organization acts as the Data Controller
  • Mindpex acts as the Data Processor

Mindpex processes data only on documented instructions from the Client.

Types of Data Processed

Depending on the Client's implementation, Mindpex may process:

  • Employee identifiers (e.g., name, employee ID)
  • Role, department, and organizational structure
  • Performance-related data
  • Engagement and survey data
  • Workforce analytics indicators

Mindpex does not independently collect employee data and does not use data for purposes outside the Services.

Purpose of Processing

Data is processed solely to:

  • Generate workforce analytics and insights
  • Identify organizational patterns and potential risk
  • Provide dashboards and reporting tools
  • Improve system performance and accuracy

All processing is aligned with the Client's instructions.

Data Protection Principles

Mindpex follows key data protection principles:

  • Data minimization: Only necessary data is processed
  • Purpose limitation: Data is used only for defined purposes
  • Confidentiality: Data is protected against unauthorized access
  • Privacy by design: Safeguards are built into system architecture

Security Measures

Mindpex implements industry-standard security practices, including:

  • Encryption in transit and at rest
  • Access control and authentication
  • Secure infrastructure and monitoring
  • Logical data isolation between clients

For additional details, please refer to our Security Overview page.

Subprocessors

Mindpex may engage trusted third-party service providers (such as cloud infrastructure providers) to support the delivery of Services.

All subprocessors are required to maintain appropriate data protection and security standards.

Data Retention and Deletion

Data is retained only as long as necessary to provide the Services.

Upon termination of services:

  • Data may be returned to the Client
  • Data may be deleted or anonymized

Aggregated and anonymized data may be retained for system improvement.

Data Subject Rights

Data subject rights (such as access, correction, or deletion) are managed by the Client organization as the Data Controller.

Mindpex supports Clients in fulfilling such requests where required.

Compliance

Mindpex is designed in alignment with:

  • General Data Protection Regulation (GDPR)
  • India Digital Personal Data Protection Act (DPDP Act)

Enterprise Agreements

A detailed Data Processing Addendum (DPA), including contractual obligations and security commitments, is executed with enterprise clients as part of the Master Services Agreement (MSA).

Contact

For data protection or compliance-related queries:
contact@mindpex.com

Summary

Mindpex ensures that:

  • Data is processed only on behalf of clients
  • Privacy and security are built into the platform
  • Organizations retain full control over their data