Login
Book a demo
Login
Book a demo
Login
Book a demo

Data Protection at Mentessa

Secure, Transparent, GDPR-Compliant

We process all data in accordance with the EU General Data Protection Regulation (GDPR) and host it securely in Germany.

Book a demo today
TRUSTED BY
63d8fa027da01f84f1a8fd6e_hll-logo
63d8fadfbd85e2647130dcc0_zollhof-tech-incubator-logo (1)
63d8fa02149687d9265eee03_opt-bank-logo
63d8fa0202e1804428859513_the-linde-group-logo
63d8fa0249fdb3ce6aaf9a94_telekom-logo
63d8fa02c7a6895e195c1af1_melitta-professoinal-logo
63d8fa035fb76384fbe81ae8_immocation-logo
63d8fa028b9671837f53946f_women-startup-uvc-logo
kick-start-innovation-logo-3
Do_Work_You_Love_logo-3
63d8fa037de2b760cfd58720_hll-digita-space-logo
MENTESSA'S COMMITMENT TO

Data Protection and GDPR Compliance

Privacy Policy

This privacy policy applies to data processing by Mentessa GmbH, (“Mentessa”/“we”/“us”/”our”). Our contact details are c/o Wayra Germany, Kaufingerstrasse 15, 80331 Munich, Germany. We provide a platform for peer-to-peer learning and knowledge exchange as further described in our Terms of Use (“Mentessa Platform”). Any processing of your data within the scope of the Mentessa Platform is carried out exclusively in accordance with the following privacy policy.

Table of contents
I. How we collect and process your Technical Data

As with most technology services delivered over the Internet, our servers automatically collect information when you access or use the Mentessa Platform and store this information temporarily in so-called log files (“Technical Data”). 

Technical Data include especially the IP-address and name of the access-provider, the address of the web page that you visited before using the Mentessa Platform, the operating system, the browser type and settings, information about browser configuration and plugins and language preferences. This data is processed by us to ensure a smooth connection and a comfortable use of the Mentessa Platform, to analyse the security and stability of the Mentessa Platform and for other administrative and statistical purposes.

The legal basis for processing Technical Data is our legitimate interest resulting from the need to provide a convenient and user-friendly online service. The collected data will in no case be used to draw any conclusion to your identity. The data is deleted when it is not required for the mentioned purposes anymore and no other legal grounds for processing the data apply.

II. How we collect and process your Usage Data

We collect usage data when you use the Mentessa Platform, such as when you view or click on content, perform a search or share content or otherwise interact with the Mentessa Platform (“Usage Data”). Usage Data include especially the type of shared content, number of communities you use, number of your contacts, type of your search requests and the time and extent of your interactions.

In order to better understand how our service is used and to better tailor our service to the needs and desires of our users, we analyse pseudonymized data about our users’ use of the Mentessa Platform. The analysis allows us to understand general usage habits and derive different target and user groups. We use this information to improve the user experience of the Mentessa Platform. For example, we may improve search functionality by using this data to help determine and rank the relevance of content, communities or expertise as well as make suggestions based on historical use.

This information is processed in accordance with our legitimate interest in improving the functionality of the Mentessa Platform. The data is deleted when it is not required for the mentioned purposes anymore and no other legal grounds for processing the data apply. In some cases, we anonymize this information and use this data for statistical purposes.

III. How we collect and process your Customer Data

When you register with and use the Mentessa Platform, we have to collect and process certain personal data as your login data and certain contact information. If you use our paid services, you will need to provide payment and billing information (collectively referred to as “Customer Data”). Customer Data includes especially first and last name, date of birth, address (e.g., street, city, zip code), telephone number, email address, password, billing information (e.g., billing period, tax numbers) and payment details (e.g., credit card information). You are required to complete certain mandatory fields during the registration. This mandatory information is essential to serve the overarching purpose of the Mentessa Platform. Your first and last name are always visible without limitation to other users. For other information, you can determine the extent to which it should be visible to other users.

We process your payment details such as credit card and bank details for the purpose of payment processing and invoicing in accordance with the method of payment you choose. Your payment details will be transferred, to the extent needed, along with other required data for processing the transaction, including invoicing and debt collection, where applicable, to providers such as credit card institutes, payment providers and debt collection providers, and processed there, or the data will be collected directly by these providers. In order to process payments, we forward the necessary payment data to our authorized payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”). We have concluded a data processing agreement with Stripe which allows Stripe to process the data solely in accordance with our instructions and not for its own purposes. For clarification purposes: Mentessa does not store credit card information of customers.

The data processing is carried out on the basis of the fulfilment of our contract with you. The data is deleted when it is not required for the mentioned purposes anymore and no other legal grounds for processing the data apply. This is generally the case for the data collected during the registration process when you cancel your user account or change or update your data. Even after termination of your user account, however, it may be necessary to continue to store personal data for as long as is necessary to fulfil contractual or legal obligations. The corresponding data will be deleted as soon as the contractual or legal obligation no longer exists.

IV. How we collect and process your Content Data

We offer our users the opportunity to search, connect and communicate with other users in a created community for matching their skills, networking and mentoring purposes based on the information provided in their profile on the Mentessa Platform. Users can share various information either publicly on the Mentessa Platform or individually in communications with other users (“Content Data”). Content Data includes especially profile information that are not Customer Data (e.g., skills, education, company, job title, industry, educational background, photo, portfolio), posts (e.g., in communities), comments, messages and any other interaction with the Mentessa Platform.

The Mentessa Platform allows viewing and sharing information including posts, favorites, and comments. Other users of your community will be able to find and see your shared content and your interactions. You can choose which information you want to share on your profile, such as your education, work experience, skills, photo, city and endorsements. You don’t have to provide additional information on your profile. However, providing more information allows us to improve your user experience on the Mentessa platform, for example, by helping other users find you. It is your choice whether to include sensitive information on your profile and to make that sensitive information available to other users of the community. Please do not post or add personal data to your profile that you would not want to be available to other users of the community. The default setting for messages is that all other users in your community on the Mentessa Platform may send you messages. You can adjust these settings at any time so that either nobody or only selected users can send you private messages. 

The data processing is carried out on the basis of the fulfilment of our contract with you. The data is deleted when it is not required for the mentioned purposes anymore and no other legal grounds for processing the data apply. This is generally the case for Content Data when you cancel your user account or change or update your data. We will erase them in full or make them anonymous when you delete your user account. The recipients of your messages will, however, not have this data erased when you delete your user account. This data is only deleted in full once it has been deleted by both the sender and the recipients.

Even after termination of your user account, however, it may be necessary to continue to store personal data for as long as is necessary to fulfil contractual or legal obligations. The corresponding data will be deleted as soon as the contractual or legal obligation no longer exists.

V. How we use “Cookies”

We use “cookies” to provide you with a variety of features and to enhance your user experience. Cookies are small text files that are temporarily stored on your device via your browser. We only use cookies that are strictly necessary for the provision of the Mentessa Platform. We use both cookies that are automatically deleted when you close the browser or log out (“transient cookies”) and cookies that are automatically deleted after a specified period of time (“persistent cookies”). 

The processing of personal data associated with the use of cookies is necessary for the performance of the contract or justified by our legitimate interest in providing our service. If you do not want us to use cookies, you can change your browser settings accordingly. You can also view the cookies set and their runtimes in your browser settings at any time and delete the cookies manually. Please note that if you completely disable the use of cookies, the functionality and scope of the Mentessa platform may be impaired.

VI. Your obligation to provide data

In principle, no user is obliged to provide us with data. However, failure to provide some personal data (e.g. contact details) would mean that the contract with you could not be concluded. Furthermore, certain information is collected automatically when using the service (e.g. technical data).

VII. We do not transfer personal data to third countries

We do not transfer your personal data to third countries (including the United States). Personal data in connection with the use of the Mentessa Platform is processed exclusively within the European Union.

VIII. The relationship between you, the Customer, and Mentessa

An organization or other third party that we refer to in this Policy as “Customer” has invited you to a Mentessa instance (i.e., a unique domain where a group of users may access Mentessa). If you are joining one of your employer’s Mentessa instances, for example, Customer is your employer. If you are joining a Mentessa instance created by an association, connecting experts with people, who need a mentor then the association is our Customer and it is authorizing you to join its Mentessa instance.

The Customer is a controller of your data, meaning that the Customer has administrative access over your data, and can view, download, analyze, and delete it from a Mentessa instance at their discretion.

Mentessa is a processor of your data, meaning that it provides the programs and infrastructure to process and store your data, and, among other things, keep it secure from unauthorized access.

IX. When we disclose your data to third parties

Your personal data will not be transmitted or disclosed to third parties for purposes other than the ones mentioned in this privacy policy. 

Your personal data will be shared with the organization (Controller).

Your data will only be disclosed to third parties in case you expressly consented to the disclosure, or the disclosure is necessary for compliance with a legal obligation that we are subject to. We can also disclose your data if the processing of the data is legally admissible and necessary for the performance of a contract of which you are a contracting party. Moreover, we disclosure your data if it is required for the establishment, exercise or defence of legal claims or this is required for legal representation while there is no indication to assume that you have a prevailing legitimate interest for the non-disclosure of your data.

In addition, we may provide access to your data to selected third parties. These providers perform a variety of services for us, including sales, marketing, content and feature delivery, advertising, analytics, research, data storage, security and fraud prevention. The processing of the data is done exclusively on our behalf and we have entered into a data processing agreements  with all processors.

This privacy policy does not apply to any third-party applications that is integrated in the Mentessa Platform and offer their services under their own terms of use and privacy policies. You can choose to permit or restrict third-party services or whether we can receive personal data from such third-party services.

X. How we process your data when you use the Social Login

In order to make the Mentessa Platform easy to use, we use a so-called social login feature as descried in our Terms of Use (“Social Login”). This enables you to log in to our Mentessa Platform with the login data of a single sign-on provider and thus not have to maintain any further login data. The use of a Social Login requires that you have already created an existing user account with the single sign-on provider, for example a social network. In order to log in with the Social Login, you must click on the Social Login button on the Mentessa Platform login screen and, when redirected to the login screen of the single sign-on provider, enter your login data of the Social Login.

To perform the authentication, we receive certain personal data about you. Among other things, this includes a user ID together with information that you are registered with the ID with the respective single sign-on provider. We receive this ID exclusively for the purpose of authentication, i.e. any processing on our part that goes beyond authentication is not permitted. Whether additional data is transmitted to us, and if so, which, depends on the single sign-on provider used, your account settings made with this provider, and any data releases selected as part of the authentication process. Which data we receive from the respective Social Login providers can vary. As a rule, however, it is the email address and the user name. We cannot view the password entered, nor are we able to store it. 

Currently, we give our users the possibility to use a Social Login provided by the business network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland). You can find more information on how your data is being processed here: https://www.linkedin.com/help/linkedin/answer/a705937.

The legal basis for processing the above-mentioned data is our legitimate interest that follows from the need to provide our users with an uncomplicated login to use the Mentessa Platform. The data is deleted when it is not required for the mentioned purposes anymore or other legal grounds for processing the data apply.

XI. Your right to object data processing

If your personal data is processed on the basis of legitimate interest, you have the right to object to the processing of your personal data, provided that there are grounds for doing so that arise from your particular situation. If you wish to exercise your right of objection, an email to us will suffice.

XII. Further rights you have as a data subject

As a data subject, you have various rights under the GDPR. You have especially the right to access information about your personal data. Furthermore, you have a right to rectification, deletion or restriction of processing as well as to data portability insofar as you are entitled to this by law. 

If you provide us with a consent for the data processing, you can withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal.

Furthermore, you also have the right to lodge a complaint about the processing of personal data by us with the competent supervisory authority.

Automated decision making in the sense of the GDPR does not take place.