1. Purpose of This Policy

This Privacy Policy defines how Minterminds collects, processes, stores, and protects employee-related information through its internal software system. The purpose of this policy is to ensure transparency regarding data handling practices and to demonstrate the Company's commitment to protecting employee privacy while enabling efficient internal operations and workforce management.

2. Scope of Use

The internal software system is designed exclusively for use by authorized Minterminds personnel, including employees, interns, contractors, and approved representatives. It is not intended for public use, external clients, or third parties, and access is strictly limited to individuals with a legitimate business need.

3. Data Collected

The software may collect various categories of data, including employee personal information, work-related and operational data, attendance and time records, project and task assignments, internal communications related to work activities, and system usage data such as login history and activity logs, all of which are necessary for internal management and operational oversight.

4. Use of Data

Collected data is used solely for internal business purposes such as managing employee workloads, tracking attendance and working hours, assigning and monitoring projects, maintaining accurate internal records, improving operational efficiency, ensuring system security, and supporting compliance with internal policies and legal obligations.

5. Lawful and Fair Processing

Minterminds processes employee data in accordance with generally accepted data protection principles, including fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and confidentiality, ensuring that data is handled responsibly and only to the extent necessary for legitimate business operations.

6. Data Storage and Security

Employee data is stored on secure internal systems or authorized infrastructure providers and protected through appropriate technical and organizational security measures such as role-based access controls, authentication procedures, data encryption where applicable, system monitoring, and internal security policies designed to prevent unauthorized access, loss, or misuse.

7. Access Control

Access to the internal software and the data it contains is granted strictly on a need-to-know basis, determined by an individual's role and responsibilities within the Company, and is reviewed regularly to ensure that access remains appropriate throughout the course of employment or engagement.

8. Data Sharing

The Company does not sell, rent, or commercially exploit employee data and does not share such data with third parties except where required by applicable law, regulatory authorities, legal proceedings, or where limited sharing is necessary with trusted service providers operating under strict confidentiality and security obligations.

9. Employee Rights

Employees may have the right to request access to their personal data, seek correction of inaccurate or incomplete information, request deletion or restriction of processing where permitted, and raise concerns regarding data handling practices, subject to applicable laws, internal policies, and operational requirements.

10. Data Retention

Employee data is retained only for the duration necessary to support business operations, employment relationships, legal compliance, and audit requirements, after which it is securely deleted, archived, or anonymized in accordance with the Company's data retention and disposal practices.

11. Employee Responsibilities

Employees are expected to use the internal software responsibly, comply with Company policies, protect their access credentials, maintain the confidentiality of information they access, and promptly report any suspected data breaches, security incidents, or unauthorized use of the system.

12. Policy Updates

Minterminds reserves the right to update or modify this Privacy Policy as needed to reflect changes in legal requirements, business operations, or system functionality, and any material updates will be communicated internally in a timely manner.

13. Internal Use Disclaimer

This Privacy Policy is intended solely for internal guidance and compliance purposes, does not constitute a public-facing privacy notice, and does not create contractual rights beyond those required under applicable laws or Company policies.

14. Monitoring and Logging

The internal software may record system activity, usage logs, and access history to support operational oversight, performance analysis, troubleshooting, and security monitoring. Such monitoring is conducted strictly for legitimate business purposes and is not intended for intrusive or unlawful surveillance.

15. Data Breach Management

In the event of a suspected or confirmed data security incident, the Company will take appropriate steps to investigate, mitigate risks, and implement corrective measures. Where required, affected individuals and relevant authorities may be notified in accordance with applicable legal and regulatory obligations.

16. Confidentiality Obligations

All employees and authorized users with access to the internal software are subject to confidentiality obligations. Information accessed through the system must not be disclosed, copied, or used for purposes outside the scope of authorized business activities.