Privacy Policy

This privacy policy explains how MENTINESS processes the personal data to which it has access.

It also describes, in accordance with the principles of lawfulness and transparency, how it uses AI tools to provide certain services that help individuals improve their well-being within the company.

1.- IDENTIFICATION AND CONTACT INFORMATION OF THE DATA CONTROLLER

Company	MENTINESS HEALTH CARE, S.L.
VAT Number	B06962302
Address	Calle Santa Eulalia N4 6A, CP 36600, Vilagarcía de Arousa
Email	hola@mentiness.com

We have appointed a Data Protection Officer (DPO) who can be contacted at the above email address.

The purpose of this Privacy Policy is to provide information about the rights of users who interact with Mentiness, in accordance with the provisions of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”), and the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

2.- MENTINESS’S ROLE IN THE PROCESSING OF PERSONAL DATA

Mentiness acts as the data controller for the personal data of its clients, suppliers, employees, collaborators, contacts, and information requesters, among others.

At the same time, with respect to its clients, Mentiness acts as the data processor, as it provides services that involve access to personal data owned by the companies that contract such services. This relationship is governed by the corresponding data processing agreement that Mentiness makes available to its clients, in compliance with the provisions of Article 28 of the GDPR.

3.- PURPOSE OF DATA PROCESSING AND CATEGORIES OF DATA

Mentiness processes personal data for various purposes:

• Clients: For the purpose of providing services, based on the legal grounds of the existing contractual relationship and compliance with legal obligations. Contact details of the legal representatives and relevant interlocutors required for service delivery are processed.

• Suppliers: For the purpose of managing the contractual relationship, based on the corresponding legal grounds.

• Mentiness employees: For the purpose of managing the employment relationship and fulfilling legal obligations.

• Contacts and information requesters: For the purpose of responding to inquiries, providing information about our services, and sending relevant updates.

• Users of our platform: For the purpose of delivering the services contracted by their company, offering training and other services, and monitoring employee well-being.

• Data analysis and service improvement: Mentiness may anonymize collected data for statistical analysis and research purposes. Such anonymized data do not contain personally identifiable information and are used to improve our services, produce aggregated statistics, and conduct research in areas including, but not limited to, mental health, well-being, and AI-mediated well-being in performance management systems or management accounting.

4.- LEGAL BASIS FOR PROCESSING

• Clients, suppliers, and Mentiness employees: Contractual performance (Article 6.1(b) GDPR) and compliance with legal obligations (Article 6.1(c) GDPR).

• Platform users: Performance of the contract with their company, and subsequently, the user’s own consent regarding the use of the different options offered by the platform.

• Information requesters and contacts: Consent (Article 6.1(a) GDPR).

• Data analysis, service improvement, and statistics: The legal basis for this processing is our legitimate interest in advancing knowledge of mental health and improving the effectiveness of our platform.

• Services provided as data processor: Mentiness provides external services for the management of psychosocial risks under the service agreement signed with its clients, who are required to perform such management in accordance with applicable labor regulations. For these purposes, Mentiness only processes the data necessary to deliver the contracted service and will sign with the data controller the corresponding Data Processing Agreement (DPA).

Data will be retained for the duration of the contractual relationship or for as long as there is a legal obligation to do so. Once the mandatory retention period has expired, and after being duly blocked, the data will be deleted.

5.- RECIPIENTS AND INTERNATIONAL TRANSFERS

Personal data will not be disclosed to third parties, except where necessary for the proper provision of the service or when required by law.

We work with service providers who may have access to data. We have ensured that all of them comply with the GDPR and/or provide appropriate safeguards in accordance with this legal framework.

All our data processing activities are carried out within the European Union.

Third-party websites or platforms that users may access, along with links to their respective Privacy Policies, include:

• Zoom: https://zoom.us/docs/es-es/privacy-and-legal.html
• Google Meet: https://policies.google.com/privacy?hl=es
• Google Calendar: https://policies.google.com/privacy?hl=es
• Google API: https://developers.google.com/terms/api-services-user-data-policy
• HeyGen (Avatar Provider): www.heygen.com/privacy
• OpenAI: https://openai.com/es-ES/enterprise-privacy/

These service providers may collect and access the information necessary to perform their functions, but they are not authorized to share or use the information for any other purpose.

In the case of Google Calendar, only the information necessary to facilitate synchronization of professionals’ calendars is obtained. The use and transfer of information obtained through Google API will adhere to the terms and conditions of the Google API Services User Data Policy, including the Limited Use requirements.

MENTINESS HEALTH CARE, S.L. has signed service and data processing agreements with all providers to ensure data confidentiality. In addition, MENTINESS HEALTH CARE, S.L. will share information when there is a legal obligation to do so, or when it deems it appropriate to enforce its terms and conditions, or for security reasons.

6.- USER RIGHTS

Under current Spanish legislation, the user and data subject has the right to:

1. Access their personal data to determine whether it is being processed and to obtain information about the processing operations carried out.
2. Rectify any inaccurate personal data.
3. Erase their personal data, where possible.
4. Data portability, when the legal basis for processing is the contractual relationship or consent.
5. Object to the processing of their personal data, in whole or in part, when the legal basis for processing is legitimate interest. This right is excluded when there is a compelling legitimate interest or when the data are necessary for the establishment, exercise, or defense of legal claims.
6. Request restriction of the processing of their personal data when the accuracy, legality, or necessity of such processing is in doubt, in which case the data may be retained for the establishment, exercise, or defense of legal claims.
7. Withdraw consent at any time when consent is the legal basis for processing.

If the user wishes to exercise any of these rights, they may contact MENTINESS HEALTH CARE, S.L. at:

• Email: hola@mentiness.com
• Address: Calle Santa Eulalia N4 6A, CP 36600, Vilagarcía de Arousa, Spain

If the user believes that data protection legislation has been infringed with respect to the processing of their personal data, they have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

7.- COOKIES

We will only use “non-essential cookies” when the user has given us their prior and explicit consent. For more information, the user may access the Cookie Policy.

8.- SECURITY MEASURES

MENTINESS HEALTH CARE, S.L. adopts all necessary technical and organizational measures to protect the security and integrity of personal information, both against unauthorized access and against accidental alteration, loss, or destruction.

Nevertheless, MENTINESS HEALTH CARE, S.L. cannot guarantee the absolute security of the information collected, and therefore users are encouraged to exercise caution and common sense regarding the information they share. For its part, MENTINESS HEALTH CARE, S.L. will do everything reasonably possible to ensure protection.

9.- DISCLAIMER

We are responsible only for matters related to this website or its linked platform, and therefore for its Terms and Conditions, Privacy Policy, and Cookie Policy.

In cases where the user is redirected to third-party websites or platforms, the legal terms and policies of those third parties shall apply, and MENTINESS HEALTH CARE, S.L. shall not be held responsible.

10.- USE OF ARTIFICIAL INTELLIGENCE TOOLS

The use of Artificial Intelligence (AI) allows us to provide a more efficient service by extracting insights that enable companies to better understand the well-being of their teams and make more informed decisions.

Users are informed at all times when they are interacting with an AI tool, and their data are processed in a trusted and fully confidential environment.

Work is carried out using secure tools in controlled environments. The models’ learning processes are not trained with personal data or individualized information.

Policy updated in November 2025