Terms of Service for the Mind Garden Website and Services (the “Agreement”)

Effective Date: May 5, 2026

Printable Version of This Document
For Mind Garden Privacy Policy

Welcome to www.mindgarden.com and all related subdomains and other electronic platforms hosted by Mind Garden, including the Transform platform (together, this “Site”). This Site is owned and operated by Mind Garden®, Inc., a California corporation (“Mind Garden”). Mind Garden is a registered trademark of Mind Garden, Inc.

INTRODUCTION

These Terms of Service (“Terms”) govern your access to the Site. By visiting and using the Site, you agree to be bound by these Terms. Those that use the Services, or visit our Site or are subjects of any of the Pre-Written Inventories or other Services are referred to as “End Users”, which includes Customers and test-takers as the case may be (each as defined in these Terms).

These Terms also govern your purchase and use of our services and Products including Inventories (collectively referred to as the “Services”) as well as your access to the Site. By signing up for and/or purchasing, licensing, or otherwise accessing the Services, you agree to be bound by these Terms. Those that purchase the Services are deemed “Customers”. For purposes of clarification, those that purchase the Services for their own personal use are both Customers and End Users.

"You" refers to End Users, Customers, and any other individuals or entities that access or use the Site or the Services, all of whom are bound by the terms of these Terms by their use or access.

If you have any questions about these Terms, you may contact Mind Garden at:

https://www.mindgarden.com/contact-us

TERMS

1) User Account, Password, and Security

When you are using a Mind Garden Service that requires a login, you are responsible for maintaining the confidentiality of the password and account that you receive from Mind Garden, and you are fully responsible for all activities that occur under your password or account. You hereby agree to (a) immediately notify Mind Garden of any unauthorized use of your password or account or any other breach of security, and (b) ensure that you exit from your account at the end of each session. You are solely liable for any loss or damage arising from your failure to comply with this Section 1.

2) Ineligible Persons

(a) Legal ineligibility.

You may not use the Services and may not accept these Terms if you are a person barred from receiving the Services under the laws of the United States or other countries including the country in which you are resident or from which you use the Services. You may not use the Services and may not accept the Terms if you are a Child, and you may not use our Services with Children. “Child” or “Children” means (a) in the United States, UK, and European Union, you are not at least 16 years of age and of legal capacity to form a binding contract with Mind Garden, or (b) in other countries or territories, you are not the minimum age of threshold or over to be considered an adult in those countries or territories. Our Services are not directed to persons under 16. If you become aware that your Child has provided us with personal information without your consent, please contact us. We do not knowingly collect personal information from Children. If we become aware that a Child has used or accessed our Services or provided us with personal information, we take steps to remove such information and terminate the Child's account.

(b) Assessment-specific Eligibility Criteria.

Certain assessments supplied by us have specific eligibility criteria as follows:

(i) California Psychological Inventory™ (CPI-260™)

The purchase, administration and use of the California Psychological Inventory and associated reports is restricted to those who are eligible to purchase on the basis of either:

(1) educational qualification - in order to meet the educational qualification criteria, you will meet the requirements set forth at Educational Eligibility for Assessments (https://www.themyersbriggs.com/en-US/Support/Educational-Eligibility); or

(2) certification in the CPI 260 – in order to meet this criterion, you will be a certified practitioner in the CPI 260 having successfully completed the CPI 260 Certification course offered by The Myers-Briggs Company, details of which are available at CPI Public-Certification (https://www.themyersbriggs.com/en-US/Get-Certified/CPI/Public-Certification).

By purchasing the CPI 260 from Mind Garden, you are representing that you have met one or both of these eligibility criteria. either completed the CPI certification program or are educationally qualified to purchase.

(c) Compliance with Ethical Guidelines and local laws and regulations.

Other provisions of these Terms regarding ethical use, compliance with local laws and customs, and other requirements for the use of psychological instruments in your locality remain in force and you, the Customer, remain responsible for ensuring compliance with such.

3) Prohibited Conduct

In connection with any use of the Sites or Services you represent and warrant that you shall:

a) not violate any applicable laws;

b) not copy, reproduce, amend, modify, or make any alteration to the Mind Garden products (including assessments, Pre-written Inventories and associated materials, reports, descriptions or other Mind Garden products and information) (together “Products”);

c) not disclose, share, circulate, transfer or otherwise disseminate any Products, including assessment items, except to permitted End Users as explicitly provided in these Terms where you are authorized hereunder to provide Product(s) questionnaires to test-taker for the purposes of administration of Product(s) other than on the Mind Garden platform under these Terms or a license to administer or other terms agreed with Mind Garden from time to time. In such event, you shall ensure that the test-taker understands and accepts by electronic or written means that they shall not circulate, transfer or otherwise disclose or disseminate the Products questionnaire or items with any third party;

d) not back/ reverse engineer, decompile or make any other attempts to extract source code from the Product, including in relation to the scoring of Product(s) questionnaires specifically;

e) not license, lend, exchange, give or otherwise dispose of Products to third parties other than as set out above in relation to providing the Product questionnaire to test-takers;

f) not act as an agent, distribution channel or stocklistist of the Products;

g) not upload, download, post, email, reproduce, distribute or otherwise transmit any materials including but not limited to text, data, photos, graphics, etc. ("Content") that are unlawful, harmful, threatening, abusive, vulgar, harassing, defamatory, obscene, pornographic, indecent, inflammatory, libelous, tortuous, hateful, or racially, ethnically or otherwise objectionable, or invasive of another's (including without limitation Mind Garden’s and/or its licensors’) rights, including but not limited to rights of celebrity, privacy, and intellectual property;

h) not use or integrate any AI (artificial intelligence tool) with any customization of the Products that you may be permitted to undertake hereunder ie in any Customer Created Inventories, or otherwise;

i) not impersonate any person or entity or falsely state or otherwise misrepresent your affiliation with a person or entity;

j) not upload, download, post, email, reproduce, distribute or transmit any Content that infringes any patent, trademark, trade secret, copyright, or other intellectual or proprietary right or moral right. By uploading or downloading any Content, you represent and warrant to Mind Garden that you have the lawful right to upload, download, email, post, reproduce, distribute, and transmit that Content;

k) not upload, download, post, email, reproduce, distribute or transmit any: (i) Content that would constitute or encourage a criminal offense, violate the rights of any person, or that would otherwise create liability or violate any applicable local, state, national, or international law, (ii) unsolicited or unauthorized advertising, promotional materials, junk mail, spam, chain letters, or any other form of solicitation; (iii) software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; (iv) false or misleading information;

l) not disrupt or interfere with the security of, attempt to access non-public areas of, or otherwise abuse the Site, or any services, system resources, accounts, servers, or networks connected to or accessible through the Site or affiliated or linked websites; or

m) not disrupt or interfere with any other user's use of the Site or affiliated or linked websites.

4) Pre-Written Inventories and Customer- and Custom-Created Works

Under the licenses granted to Mind Garden and/or licensors, Mind Garden is licensed to undertake activities to enable it to supply Services (which may, amongst others, include provision of Products and reproductions of the Pre-Written Inventories to Customers for the Customers to administer in connection with the Customer's own internal business, research, and/or personal operations, as the case may be).

For the purposes of these Terms:

“Pre-Written Inventories” means those inventories which are provided by Mind Garden as standard on the Mind Garden platform, all intellectual property rights of Mind Garden which are exclusively owned by Mind Garden and/or its applicable licensor;

“Customer Created Inventories” means those inventories which are added to Pre-Written Inventories by the Customer, whereby Mind Garden and its licensors as applicable retain all intellectual property rights in the Pre-Written Inventories except that the intellectual property rights in relation to add Customer- added inventories is owned by the Customer; and

“Custom Created Reports” means bespoke reports created by Mind Garden, on request for a particular customer, whereby Mind Garden and its licensors as applicable retain all intellectual property rights in the Custom Created Reports except that any intellectual property rights in relation to Customer-confidential content is owned by the Customer.

In connection with Pre-Written Inventories, you represent and warrant that:

(a) Compliance With Instructions & Law. You will only use and report the Pre-Written Inventories and Pre-Written Inventories results in conformance with the Pre-Written Inventories' instructions and rules and only in conformance with applicable law, including but not limited to conformance with all laws relating to data protection and privacy, confidentiality, personnel selection, discrimination, disabilities and accessibility;

(b) No Further Distribution. You will not act as a distributor or reseller, i.e., you will not sell Pre- Written Inventories to others who re-use or re-sell, the Pre-Written Inventories without Mind Garden’s (or its pertinent licensor’s) written approval. You will not, therefore, sell Pre-Written Inventories to others who in turn use Pre-Written Inventories with their own client or who sell Pre-Written Inventories to their own customers or clients. Mind Garden reserves the right to determine at its sole, absolute discretion whether your conduct constitutes a breach of this section (or any section under these Terms). If Mind Garden makes such a determination, then Mind Garden may terminate the Services provided under these Terms and terminate your account including deactivating your password, account (or any part thereof) or use of the Site, and remove and discard any Content you may have contributed to the Site, and you agree to pay to Mind Garden immediately all proceeds you received in connection with such unauthorized sales of Pre-Written Inventories;

No Sharing or App Development. You may administer assessment questionnaires to research participants/ test-takers via the Mind Garden platform or, in the case of researchers, via a third-party online survey platform set up by you, or in paper form in person. Except upon Mind Garden's (and/or its pertinent licensor’s) advance written consent, you may not make a Pre-Written Inventory available to anyone as a written document or a software program, circulate versions of the Products to third parties, nor provide PDF versions of the Products, including Pre-Written Inventory, to third parties including research participants/ test-takers, by email or otherwise or via a software program. For example, you may not create a program or an "app" that when run on a computer, iPad or other device would allow persons to act as subjects in completing a Pre-Written Inventory. Pre-Written Inventories shall only be provided via the Transform platform and not be provided in PDF or other electronic or written form.

5. Select Remedies

(a) Right To Halt Wrongful Use. Mind Garden (and its licensors) shall be entitled (but not obligated) to halt any use of any Pre-Written Inventory in breach of any of the provisions of these Terms or in violation of any applicable laws or regulation.

(b) Right To Halt Wrongful Emails. In the event that the Customer enters email addresses on the Site for the purposes of generating emails to the Customer's subjects, participants, or to any other persons, Mind Garden may (but is not required to) elect not to send any such emails which it believes may violate SPAM laws or other applicable laws, rules, or regulations.

(c) Payment Of Copyright Holder's License Fees. If you have purchased a license to reproduce or administer a fixed number of copies of an existing Mind Garden Pre-Written Inventory, manual, or workbook, it is your legal responsibility to compensate the copyright holder of this work -- via payment to Mind Garden for reproduction or administration of that Pre-Written Inventory, manual or workbook in any medium, including but not limited to furnishing or administering the same electronically, on a computer network or over the Internet.

The terms "reproduce" and "administer" include all forms of physical or electronic administration or reproductions including on a physical medium such as paper, on a computer, via a CD-loaded onto a computer, through an application or "App" on any electronic device, any online survey, any handheld survey devices, or any other means or method of reproduction or administration, whether using technology now known or created in the future. If you plan to use a website other than Mind Garden to administer the Inventory for research, you must get written permission from Mind Garden according to the License to Administer associated with each Product

(d) Tracking Number of Copies. If you are a Customer, you must track the number of reproductions or administrations of the inventories and you will be responsible for compensating Mind Garden for any reproductions or administrations in excess of the number purchased or for any reproductions or administrations after the end of the three year license period. For purposes of clarification, you may administer assessment questionnaires to research participants/ test-takers via the Mind Garden platform or, in the case of researchers, via a third-party online survey platform set up by you, or in paper form in person. You may not circulate versions of the Products to third parties, nor provide PDF versions of the Products, including Pre-Written Inventory, to third parties including research participants/ test-takers, by email or otherwise or via a software program. you may not share in any form a .pdf or any other form, of any materials such as an inventory to its Subjects, End-Users or other third parties. This is a violation of these Terms as it creates an unrestricted distribution and does not allow for tracking of copies.

6. Data Protection and Privacy

Your use of the Site and Services involves several types of data, including (without limitation): personal information of you and End-Users and responses to assessments from End-User test-takers, and business contact data of Customers.

6.1 Personal Information

(a) All personal information will be used in accordance with Mind Garden’s Privacy Policy (https://www.mindgarden.com/content/22-privacy). Mind Garden will comply with applicable US laws governing the use of personal information.

(b) As between you and Mind Garden with regard to Site account data, you are the data controller and the Company is the data processor, except in respect of any business contact data you and End-Users provides to Mind Garden, in which case Mind Garden is data controller (each of data controller and data processor as defined in applicable data protection legislation).

(c) As data controller of personal information on behalf of your test-takers, you are responsible for ensuring you comply with data protection requirements based on your location and that of your End-User test-takers, including any required obtaining of consent.

(d) If you and any End-User provide personal information to Mind Garden, other than business contact data, Mind Garden will process that personal information in accordance with our Privacy Policy and only on your documented instructions, unless required to do otherwise by applicable law.

(f) Mind Garden may engage additional sub-processors to provide the Services, as set out in our Privacy Policy, and you agree to Mind Garden’s use of such additional sub-processors.

(g) Your use of the Site and that of your End-Users requires the collection and/or transmission of your personal information to Mind Garden in the United States. If you are using the Site outside the United States, then by agreeing to these Terms you acknowledge and agree to such transfer.

(h) Notwithstanding the foregoing, Mind Garden reserves the right to alter or remove a Subject’s personal information if required to do so by applicable law. If a Subject exercises a right afforded to that Subject under applicable law against you as the data controller, either to us or via you, Mind Garden will reasonably cooperate with you and provide reasonable assistance and information to facilitate your ability to respond to such a request.

(i) Mind Garden will store data associated with your Mind Garden account as follows:

- in relation to personal information provided by test-takers in relation to administration of our Products, Mind Garden hold personal information [for at least one (1) year, and] indefinitely unless you notify us of your wish for test-takers’ personal information to be deleted, or where we receive a data deletion request from a Subject; and

- in relation to research data, we hold aggregated Non-Person Specific Data (as defined in Section 6.2) for research and development purposes indefinitely, as further set forth in Section 6.2 below; and

- in relation to business contact data of Customers, we hold personal information for the time that you are a Customer, plus at least 7 years.

(j) Notwithstanding the foregoing, in the event that a Subject requests that Mind Garden delete their personal information, and such request is authorized by the applicable data controller, then any contact details and other personal information will be removed from the Site.

(k) Notwithstanding any Privacy Notices to users on the Site, it is your duty to ensure that you comply with applicable data protection and privacy laws and requirements, including that you have the consent of the Subject to provide any personal information to Mind Garden for use in connection with the Services.

6.2 Non-Person-Specific Data

(a) Defined. ”Non-Person-Specific Data” is information furnished by a data subject (“Subject”) but which information does not contain any information that can be used to specifically identify the Subject. For example, Non-Person-Specific Data would not contain the Subject's (i) name; (ii) mailing address; (iii) any identification number (e.g. passport, driver's license, social security, etc.); (iv) employer's name; (v) any family members' names; (vi) other data that could under normal circumstances link the Non-Person-Specific Data to any identifiable person.

(b) Right To Use Non-Person-Specific Data. Mind Garden will have the right, but not the obligation, to store, aggregate, use, and publish Non-Person-Specific Data received through performance of the Services, from Pre-Written Inventories or otherwise, for research and development purposes, provided such is stored without identifying the Customer. Mind Garden will not use the name, address, contact information, social security number, exact date of birth, or other individual identifying characteristics for any of Pre-Written Inventory subjects but, Mind Garden may, for example, use Non-Person-Specific Data to report that males in the age range of 25 to 34 with a college education scored thus and so on a certain Pre-Written Inventory.

You hereby grant Mind Garden a non-exclusive, irrevocable, perpetual, transferable, and sublicenseable license to use Non-Person-Specific Data from Pre-Written Inventories or otherwise as follows:

(i) Aggregation of Non-Person-Specific Data. Mind Garden may aggregate and use, without compensation to Customers, End Users, or other subjects, Non-Person-Specific Data furnished in connection with Pre-Written Inventories or otherwise obtained from the forms, scoring, or other processing of any products or materials published by Mind Garden or otherwise sold by or licensed by Mind Garden, and Mind Garden may utilize those data for research, product development, statistical purposes, or for any other purposes whatsoever.

(ii) Disclosure of Non-Person-Specific Data. Mind Garden may disclose Non-Person-Specific Data to third parties, with or without compensation to Mind Garden, as Mind Garden sees fit from time to time.

(iii) Data Retention Limitation. Mind Garden has the right to retain personal information indefinitely but is not obligated to keep data or honor unused or unrequested assessments beyond a period of one year from the creation of the personal information or assessment data, unless the Customer contacts Mind Garden via email prior to the end of that year with a request to retain it longer. Mind Garden may choose to grant or reject the request in its sole discretion. This does not affect a Subject’s rights to request deletion of personal information.

7) Representations and Warranties of Customer.

Customer represents and warrants that:

a) it will not, under these Terms, collect or transmit any protected health information as defined by HIPPA or other applicable laws;

b) it will follow best practices in securing all data related to these Terms;

c) it will get proper consents and provide proper notices to all End Users or other subjects as required by applicable law or as necessary under industry best practices including under applicable data protection legislation;

d) it will ensure that all End Users or other subjects review and agree to these Terms including if they access the Services in a manner other than the Site;

e) it will ensure that the administration and use of all Services comply with all applicable laws;

f) it will ensure that it and all End Users are aware of the ownership of Services including Products intellectual property rights of Mind Garden as set out in Section 8;

g) it will ensure that where any translations are made for any Products, all intellectual property rights will be assigned to Mind Garden and all moral rights waived; and

h) it will ensure that no End Users are Children.

8) Intellectual Property Rights and Copyright Violations

Mind Garden and its licensors, as applicable, are the exclusive owners of all intellectual property rights in relation to the Services, including the Products. Where any amendments, adaptations, derivatives, translations or other works of the Services, including the Products are made, whether authorized or unauthorized, such shall be deemed works made for hire and accrue to the benefit of, or otherwise be assigned to and exclusively owned by Mind Garden and its licensors, as applicable.

All copyright and trademark statements on the Services, including Products, shall remain visible and not be removed.

If you are a copyright holder and believe that your copyrighted content has been copied in a way that constitutes copyright infringement, please promptly notify Mind Garden's Copyright agent as below, and provide the following information:

i) an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest;

ii) a description of the copyrighted work claimed to have been infringed;

iii) a description of where the claimed infringing Content is located on our Site and details about any claimed infringing use of your copyrighted materials;

iv) your address, telephone number, and email address;

v) a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;

vi) a statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are authorized to act on behalf of the owner of the copyright interest involved.

For purposes of this IPR and Copyright Violations section, “you” refers to any individual or entity.

Mind Garden's Copyright Agent can be reached at:

Mind Garden, Inc.
info@mindgarden.com

More information about Mind Garden’s copyright policies in general is at: https://www.mindgarden.com/content/23-faq#horizontalTab5

9) Indemnity

You agree to defend, hold harmless and indemnify, Mind Garden and its licensors and Mind Garden's and its licensors’ officers, directors, employees, and agents harmless from all judgments, awards, losses, liabilities, costs and expenses, including but not limited to reasonable attorney's fees, expert witness fees, and costs of litigation arising out of or based on (a) your use of the Site, Services, or Pre-Written Inventories or any combination of the foregoing, (b) your violation of these Terms; (c) your violation of any rights of a third person (including without limitation privacy or non- discrimination rights) or any applicable law, rule, or regulation; (d) your administration, scoring, evaluation, release, or distribution of any Pre-Written Inventories, Customer Created Inventories, Mind Garden created reports, Custom Created Reports, scorings, or evaluations. If you are a Customer, you also agree to defend, indemnify, and hold Mind Garden and its licensors and Mind Garden's and its licensors’ officers, directors, employees, and agents harmless from all judgments, awards, losses, liabilities, costs and expenses, including but not limited to reasonable attorney's fees, expert witness fees, and costs of litigation arising out of or based on any claims by (x) your End Users or (y) any other individual or entity that gains access to the Site or Services through you.

10) No Resale or Reuse; Proprietary Rights

You agree not to reproduce, duplicate, copy, sell, resell or exploit for any commercial purposes, any portion of the Site, use of the Site, Services, or access to the Site without Mind Garden's (and/or its pertinent licensor’s) express written consent. While you are granted a limited license to use the Site, and Services provided that you have paid for the applicable use and otherwise are in compliance with these Terms, any other rights and licenses are expressly retained by Mind Garden and the rights holders and no implied licenses are granted.

11) Termination

(a) Mind Garden May Terminate. If you or your End Users breach these Terms or Mind Garden determines in its sole discretion that it is no longer commercially reasonable to offer you the Site and/or the Services, it may terminate these Terms and terminate access to your password, account (or any part thereof) or use of the Site, and remove and discard any Content you may have contributed to the Site. If termination is based on a reason other than yours or End-User’s breach or Customer’s at-will termination, namely, where Mind Garden terminates at-will and without cause, Mind Garden will refund any prepaid subscription fees for periods in which the Services will not be available.

(b) Termination Effective Without Advance Notice. If necessary in order to avoid legal violations, to comply with applicable law, or to avoid harm to any person or property, Mind Garden may terminate your access to the Site without prior notice and Mind Garden may immediately deactivate or delete your account and all related information and files in your account and/or may bar any further access to such files on the Site in its sole discretion. Further, you agree that Mind Garden shall not be liable to you or any third-person for any such termination of your access to or use of the Site and/or Services.

(c) Survival. In the event of a termination of these Terms, your obligations and liabilities hereunder these Terms will survive as applicable, but any licenses granted to you shall immediately terminate concurrent with such termination of these Terms.

(d) Your Only Recourse Is Termination. Should you object to any terms and conditions within these Terms or become dissatisfied with the Services and/or Site in any way, your only recourse is to immediately discontinue your use of the Services and Site and terminate your account. Should you terminate your account in this manner, then you will not receive any refunds for any Services you have purchased or licensed hereunder these Terms.

12) Links

Under certain circumstances the Site may provide, or third parties may provide, links to other websites or resources. Mind Garden is not responsible for the availability of such sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. Mind Garden shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such site or resource.

13) DISCLAIMER OF WARRANTIES; WAIVER OF CERTAIN LIABILITIES; LIMITATION OF LIABILITY

ACCESS TO AND USE OF THE SERVICES AND THE INFORMATION AND CONTENT CONTAINED ON THE SITE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND MIND GARDEN HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESSED, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE. MIND GARDEN DOES NOT WARRANT THAT THE SERVICES AND/OR THE SITE WILL BE UNINTERRUPTED, ERROR FREE, OR WITHOUT BREACHES OF SECURITY, AND YOU AGREE THAT YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON MIND GARDEN SERVICES AND/OR THE INFORMATION IN THE SERVICES AND/OR SITE, INCLUDING INACCURATE OR INCOMPLETE INFORMATION, LOSS OF DATA FROM DELAYS, NONDELIVERIES OF CONTENT OR EMAIL, ERRORS, SYSTEM DOWN TIME, MISDELIVERIES OF CONTENT OR EMAIL, NETWORK OR SYSTEM OUTAGES, FILE CORRUPTION, MALWARE, OR SERVICE INTERRUPTIONS. MIND GARDEN EXPRESSLY DISCLAIMS ANY LIABILITY WITH RESPECT TO ANY INJURY CAUSED BY ANY END USER, OR ANY DAMAGE SUFFERED BY ANY END USER, AS A RESULT OF THE ACTIONS OR INACTIONS OF ANY OTHER END USER. IF YOU ARE DISSATISFIED WITH THE SERVICES, THE SITE, OR ANY INFORMATION OR CONTENT CONTAINED THEREIN, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING AND ACCESSING MIND GARDEN SERVICES AND THE SITE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO IN THESE JURISDICTIONS THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY.

YOU ACKNOWLEDGE THAT MIND GARDEN DOES NOT CONTROL IN ANY RESPECT ANY INFORMATION OR SERVICES OFFERED BY THIRD PARTIES THROUGH MIND GARDEN. EXCEPT AS OTHERWISE AGREED IN WRITING, MIND GARDEN AND ITS AFFILIATES ASSUME NO RESPONSIBILITY FOR AND MAKE NO WARRANTY OR REPRESENTATION AS TO THE ACCURACY, CURRENCY, COMPLETENESS, RELIABILITY, OR USEFULNESS OF CONTENT OR SERVICES DISTRIBUTED OR MADE AVAILABLE BY THIRD PARTIES THROUGH THE SITE.

YOU ACKNOWLEDGE THAT MIND GARDEN MAKES NO WARRANTY OR REPRESENTATION THAT CONFIDENTIALITY OF INFORMATION TRANSMITTED THROUGH THIS SITE WILL BE MAINTAINED.

Risks You Assume

WITHOUT LIMITING ANY OF THE OTHER RISKS MIND GARDEN HAS DISCLOSED TO YOU IN THESE TERMS, YOU ARE SOLELY RESPONSIBLE FOR YOUR USE OF THE SERVICES AND THE SITE, INCLUDING ANY CONTENT YOU (INCLUDING YOUR CUSTOMERS OR THEIR END USERS) SUBMIT OR ANY INVENTORIES YOU, YOUR CUSTOMERS OR END USERS USE, AND YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOUR (AND END USERS’) USE AND ACCESS TO THE SERVICES, THE SITE, AND THE INFORMATION AND CONTENT CONTAINED IN EITHER OF THE FOREGOING, AND ANY SITES LINKED THROUGH THE SERVICES AND ANY DATA TRANSMITTED THROUGH THE SERVICES IS AT YOUR SOLE RISK. ACCORDINGLY, MIND GARDEN, ANY OF ITS SUBSIDIARIES OR AFFILIATES, ITS RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, REPRESENTATIVES, PARTNERS, AND LICENSORS (COLLECTIVELY, THE “MIND GARDEN ENTITIES”) DO NOT ASSUME ANY LIABILITY TO YOU FOR OR RELATING TO ANY OF YOUR ACTIONS, INCLUDING THE PUBLICATION OF ANY CONTENT YOU SUBMIT, THE RESULTS OF ANY TESTS OR INVENTORIES TAKEN, OR MIND GARDEN’S EXERCISE OF THE RIGHTS YOU GRANT TO MIND GARDEN.

Limitation of Liability

IN NO EVENT SHALL THE MIND GARDEN ENTITIES OR ITS LICENSORS BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES OR OTHER LOSS OF BUSINESS, LOSS OF USE, LOSS OF GOODWILL OR LOSS OF INFORMATION, HOWEVER CAUSED AND WHETHER BASED ON CONTRACT, WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF THE MIND GARDEN ENTITY HAS BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING IN THESE TERMS TO THE CONTRARY, MIND GARDEN ENTITIES’ TOTAL AGGREGATE LIABILITY, AND THAT OF ITS LICENSORS, IN RESPECT OF ANY CLAIM OR ACTION YOU MAY BRING AGAINST MIND GARDEN OR ANY OF THE MIND GARDEN ENTITIES, REGARDLESS OF FORM OF ACTION OR THEORY OF LIABILITY, SHALL BE LIMITED TO THE GREATER OF (1) ONE HUNDRED UNITED STATES DOLLARS (US$100), OR (2) THE AGGREGATE FEES ACTUALLY PAID BY YOU (OR THE APPLICABLE CUSTOMER ON YOUR BEHALF) TO MIND GARDEN FOR THE 6 MONTH PERIOD PRECEDING THE EVENT FIRST GIVING RISE TO SUCH CLAIM OR ACTION. YOU ACKNOWLEDGE THAT YOU MAY BE WAIVING RIGHTS WITH RESPECT TO CLAIMS THAT ARE UNKNOWN OR UNSUSPECTED. ACCORDINGLY, YOU AGREE TO WAIVE THE BENEFIT OF ANY LAW, INCLUDING, TO THE EXTENT APPLICABLE, CALIFORNIA CIVIL CODE § 1542 (OR SIMILAR PROVISIONS OF THE LAWS OF OTHER STATES), WHICH STATES, A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM OR HER MUST HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH THE DEBTOR.

IN THE CASE OF A JURISDICTION THAT RESTRICTS LIMITATION CLAUSES, THIS LIMITATION SHALL BE APPLIED TO THE GREATEST EXTENT PERMITTED BY LAW. NOTHING IN THESE TERMS OF USE IS INTENDED TO LIMIT ANY RIGHTS YOU MAY HAVE THAT MAY NOT BE LAWFULLY TERMINATED.

14) Services Are No Substitute For Professional Help

(a) Only Informational Tools. Mind Garden's Site and Services are intended to be informational tools to be used by professionals in evaluating certain aspects of human responses, actions, attitudes, personalities and conditions. Customers are responsible for proper administration of Mind Garden’s Content and Services and ensuring that proper professionals are engaged at all stages of the testing process. For example, Mind Garden Inventory that is improperly scored, interpreted, or applied may yield an inaccurate assessment and other injury.

(b) Not A Substitute For Licensed Professionals. A Mind Garden Inventory can never be a substitute for professional evaluation and counseling. The Inventory is a tool designed to help skilled professionals, not as a substitute for a professional's personal evaluation of a Subject. No one should view Inventories, Scoring or Reports as substitutes for professional evaluation and counseling of a Subject and no one should view them as error-free, always correct or infallible. They should be used within the inherent error in the Inventory and the context of the assessment and the Subject’s understanding. For more information see https://www.mindgarden.com/content/23-faq#horizontalTab2

(c) No Warranty By Mind Garden. Mind Garden does not warrant that any of Services can substitute for skilled professional evaluations and counseling. In contrast, Mind Garden specifically discloses that its Services are not substitutes for professional evaluation and counseling.

15) General Provisions

(a) Severability. If any provision of these Terms is invalid, illegal, or unenforceable under any applicable statute or rule of law, such provision shall be deemed amended to achieve as nearly as possible the same economic effect as the original provision and the remaining provisions of these Terms shall in no way be affected or impaired.

(b) Applicable Law. These terms and conditions shall be governed by and construed in accordance with the laws of the state of California, without resort to its conflict of law provisions. You agree that any action at law or in equity arising out of or relating to these Terms or the Services shall be filed only in the Superior Court of San Mateo, California, or the United States District Court for the Northern District of California, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such courts over any such suit, action, or proceeding.

If you administer any Pre-Written Inventories or Customer Created Inventories to persons outside the United States or if you furnish scoring, evaluations, or reports to persons located outside the United States then you will comply with all laws applicable to such Inventories, scoring and reports including, but not limited to privacy laws.

(c) Headings. The headings are for navigational purposes only and shall not be deemed to constitute terms of these Terms.

(d) Entire Agreement. These Terms are the parties’ entire agreement relating to its subject and supersedes any prior or contemporaneous agreements on that subject. The terms of any purchase order, invoice, sales request shall be given no effect as these Terms are the sole and exclusive terms governing Mind Garden Products, Services and Site even if you require us to acknowledge your terms and conditions. These Terms may be amended by Mind Garden by providing you notice of the new terms. Your continued use of the Products, Services and/or the Site indicates your assent to the new terms.

(e) No Assignment. You may not assign these Terms and any attempt to do so will be void.

(f) Rights of Third Parties. Mind Garden is an authorized reseller of certain products. As such, the licensor of such licensed products reserves the right, and Mind Garden agrees that the licensor holds such right, to independently, or together with Mind Garden, enforce through all legal means available, any violations of these Terms or any other terms and conditions of Mind Garden relating to the Services, in relation to Services provided by Mind Garden which are owned by such licensors and authorized for use by Mind Garden.

(g) Compliance and Remedies. In the event of any breach, unauthorized use, reproduction, distribution, or modification of any materials made available to you under these Terms, licensors may, at its discretion and in addition to any remedies available to Mind Garden: (i) seek injunctive relief or other equitable remedies to prevent further misuse or unauthorized use; (ii) demand immediate cessation of the infringing activity and/or destruction of unauthorized copies; and/or (iii) pursue claims for damages, including but not limited to, unpaid licensing fees, lost revenue, or statutory damages. You agree to cooperate with any requests made by licensors of any products licensed to Mind Garden in connection with an investigation or enforcement action related to your use of the materials licensed to you under these Terms.

16) Personal Data Processing Agreement

The parties agree that in relation to Protected Data (as it may be applicable to the parties under Data Protection Laws), you, the Customer shall be the Data Controller and Mind Garden shall be the Data Processor.

You and the company, institution or other entity (“Business Entity”) employing, contracting or retaining you, or on whose behalf you are using the Mind Garden Service described below (collectively, you and such “you”, the “Business Entity”, “Data Controller”) agree to be bound by and become a party to this Mind Garden Data Processing Agreement (this "DPA") with Mind Garden (“we”, “us”, “Mind Garden”, “Data Processor”). You represent, warrant and agree that you are authorized to enter into this Agreement on behalf of yourself and the Business Entity and to bind yourself and the Business Entity to the terms and conditions herein. This Agreement supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof.

This DPA outlines the obligations between the parties where Mind Garden acts as a data processor in providing Services to the Customer insofar as it relates to Customer contact personal data.

Definitions
Applicable Law means as applicable and binding on the Controller, the Processor and/or the Services:

(a) any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of, as may be specified in Terms;
(b) the common law and laws of equity as applicable to the parties from time to time;
(c) any binding court order, judgment or decree; or
(d) any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;

Data Controller means the party determining the processing activities conducted in relation to Personal Data, as may be more described under applicable Data Protection Laws;

Data Processor means the party conducting processing activities at the instruction of the Data Controller in relation to Personal Data, as may be more described under applicable Data Protection Laws;

Data Protection Laws means as applicable and binding on the Controller, Processor and/or the Services:

(a) specifically in relation to the Customer, all data protection and/or privacy laws in which recipient Data Subjects are contacted through the Services are located;
(b) all state and federal legislation applicable to the processing of Personal Data in the United States of America
(c) any Applicable Laws replacing, amending, extending, re-enacting or consolidating any of the above Data Protection Laws from time to time.

Data Protection Losses means:

(a) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority; and/or
(b) compensation which is ordered by a Supervisory Authority to be paid to a Data Subject;

Data Subject means the individual to whom Personal Data relates (as may be further defined by applicable Data Protection Laws, whether defined under the same term or as an equivalent term);

Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;

International Recipient has the meaning given to that term in clause 6.2 and 6.5;

Personal Data has the meaning given to that term in Data Protection Laws, or, where that term is not identically defined in the applicable Data Protection Law, the meaning given to the equivalent defined term in that applicable Data Protection Law;

Personal Data Breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

Processing has the meanings given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);

Processing Instructions has the meaning given to that term in clause 3.2.1;

Protected Data means Personal Data received from or on behalf of the Customer in connection with the performance of the Processor’s obligations under this DPA;

EU SCCs means the standard contractual clauses for the transfer of personal data to third countries authorised by the Commission Decision of 4 June 2021 pursuant to Regulation (EU) 2016/679 (2010/87/EU), or such alternative clauses as may be approved by the European Commission from time to time;

Sensitive Data means any personal information, that due to its nature or context, requires enhanced protection under applicable data protection laws, privacy regulations, and any other relevant legal requirements;

Sub-Processor means another Data Processor engaged by Mind Garden or any Associated Company of Mind Garden for carrying out processing activities in respect of the Protected Data on behalf of the Customer;

Supervisory Authority means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws;

Terms means Mind Garden’s terms of service agreement, including addendums.

UK SCCs means the Information Commissioner’s Office’s (“ICO”) International Data Transfer Agreement (“IDTA”) for the transfer of personal data from the UK and/or the ICO’s International Data Transfer Addendum to EU Commission Standard Contractual Clauses, or such alternative clauses as may be approved by the UK from time to time.

References to any Applicable Laws (including to the Data Protection Laws and each of them specifically, as the case may be) and to terms defined in such Applicable Laws shall be replaced with or incorporate (as the case may be) references to any Applicable Laws replacing, amending, extending, re-enacting or consolidating such Applicable Law (including any new Data Protection Laws from time to time) and the equivalent terms defined in such Applicable Laws, once in force and applicable. A reference to a law includes all subordinate legislation made under that law.

1 Interaction with the Agreement
1.1 This DPA will take effect from the date on which the Customer accepts the terms of this DPA and shall continue until the end of the Processor’s provision of the Services (including any period of suspension, where relevant).
1.2 Except for the changes made by this DPA, the Terms remain in full force and effect.

2 Data Processor and Data Controller
2.1 The Processor shall process Protected Data in compliance with:

2.1.1 the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations herein; and
2.1.2 the terms of this DPA and the Terms which sets out the Controller’s instructions in relation to such processing activities.

2.2 The Data Controller shall comply with:

2.2.1 all Data Protection Laws in connection with the processing of Protected Data, use of the Services and the exercise and performance of its respective rights and obligations under this DPA, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
2.2.2 the terms of this DPA.

2.3 The Controller warrants, represents and undertakes, that:

2.3.1 all data sourced by the Controller for use in connection with the Services shall comply in all respects, including in terms of its collection, storage and processing (which shall include the Controller providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws; and
2.3.2 all instructions given by it to the Processor in respect of Personal Data shall at all times be in accordance with Data Protection Laws.

2.4 The Controller shall not unreasonably withhold, delay or condition its agreement to any change or amendment requested by Processor in order to ensure the Services and the Processor (and each Sub-Processor) can comply with Data Protection Laws.

3 Instructions and details of processing
3.1 By entering into this DPA, Controller instructs the Processor to process Customer Protected Data only in accordance with Applicable Law:

3.1.1 To provide the Services;
3.1.2 As further specified by Controller’s use of the Services or the Software;
3.1.3 As documented in the form of the Terms and this DPA; and
3.1.4 As further documented in any other written instructions provided by the Controller and acknowledged by the Processor as being instructions for the purposes of this DPA.

3.2 Insofar as the Processor processes Protected Data on behalf of the Controller, the Processor:

3.2.1 unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with the Controller’s documented instructions as set out in this clause, as updated from time to time as agreed between the parties (“Processing Instructions“);
3.2.2 if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the Controller of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and
3.2.3 shall inform the Controller if the Processor becomes aware of a Processing Instruction that, in the Supplier’s opinion, infringes Data Protection Laws, provided that:
(a) this shall be without prejudice to clauses 3 and 2.4; and

(b) to the maximum extent permitted by mandatory law, the Processor shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection with any processing in accordance with the Customer’s Processing Instructions following the Customer’s receipt of that information.

3.3 The subject matter and details of the processing of Protected Data to be carried out by the Processor under this DPA shall comprise the processing set out in Schedule 1 (Data Processing details), as may be updated from time to time as agreed between the parties.

3.4 The Processor confirms that it has appointed a data protection officer where such appointment is required by Data Protection Law. The appointed data protection officer may be contacted by email at info@mindgarden.com.

3.5 Further to the above, the Processor acknowledges that its processing of Protected Data is limited to that as set out in this DPA in order to supply the Services to the Controller and in accordance with the Terms.

4 Technical and organisational measures
4.1 The Processor shall implement and maintain, at its cost and expense appropriate technical and organisational measures in relation to the processing of Protected Data by the Processor; taking into account the nature of the processing, to assist the Controller insofar as is possible in the fulfilment of the Controller’s obligations to respond to Data Subject Requests relating to Protected Data. These measures are outlined in the Mind Garden Data Protection Policy.

5 Using Sub-Processors
5.1 The Controller specifically authorises the engagement of Mind Garden’s existing and future Associated Companies as Sub-Processors. During the term of this DPA, the Processor shall provide the Controller with 30 days’ prior notice of the appointment of any new third-party sub-processor, including details of the Processing to be undertaken by the Sub-Processor, via email.

5.3 The Controller may object (on reasonable grounds and only relating to data protection) to the use of a new or replacement Sub-Processor appointed per clause above within fourteen (14) days of the Processor’s notice; If the Controller notifies the Processor in writing of any objections to the proposed appointment: The Processor shall work with Controller in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub-Processor; and where such a change cannot be made within fourteen (14) days of the Processor’s receipt of the Controller’s notice, the Controller may by written notice to the Processor with immediate effect terminate their use of the Services which require the use of the proposed Sub-Processor. This termination right is Controller’s sole and exclusive remedy to Customer’s objection of any Sub-Processor appointed by the Processor during the Term.

5.4 The Processor shall ensure:

5.4.1 via a written contract that the Sub-Processor only accesses and processes Protected Data to perform the obligations subcontracted to it and does so in accordance with the measures contained in this DPA that is enforceable by the Processor; and
5.4.2 remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.

5.5 The Controller agrees that the Processor and its Sub-processors may make Restricted Transfer of Personal Data for the purpose of providing the Services to the Controller in accordance with the Agreement. The Processor confirms that such Sub-Processors: (i) are located in a third country or territory recognised by the EU Commissioner a Supervisory Authority, as applicable, to have an adequate level of protection; or (ii) have entered into the applicable SCCs with the Processor, or (iii) have other recognised appropriate safeguards in place.

6 International data transfers
6.1 Australian Transfers Where the Processor receives Protected Data protected by Australian Data Protection Laws, the Controller acknowledges and agrees that the Processor may transfer such Personal Data to Sub-Processors located outside of Australia, as contemplated under this DPA subject to the Processor complying with this DPA and applicable Data Protection Laws.

6.2 European Transfers The Controller agrees that the Processor may transfer any Protected Data to Sub-Processors located in countries outside the European Economic Area (EEA) (an “EEA International Recipient“), provided all transfers by the Processor of Protected Data to an EEA International Recipient shall (to the extent required under Data Protection Laws) be subject to and in compliance with the EU SCCs and other requirements of Data Protection Laws including, but not limited to, data transfer impact assessments, third country assessments and agreeing additional safeguards as necessary.

6.3 Where there is a transfer of Protected Data to the Processor by a Controller established in the European Economic Area, and the United States of America is a third country under European Data Protection Laws, the Processor agrees to abide by and process Protected Data in compliance with the EU SCCs.

6.4 Singapore Transfers Where the Processor receives Protected Data protected by Singaporean Data Protection Laws, the Controller acknowledges and agrees that the Processor may transfer such Protected Data to Sub-Processors located outside of Singapore (including but not limited to the physical storage of Protected Data within hosting facilities located in the United States of America), as contemplated under this DPA subject to the Processor complying with the DPA and applicable Data Protection Laws.

The Processor has taken appropriate steps to ascertain whether, and to ensure that, any recipient of the Protected Data is bound by legally enforceable obligations to provide to the transferred Protected Data a standard of protection that is at least comparable to the protection under the PDPA.

6.5 UK Transfers The Controller agrees that the Processor may transfer any Protected Data to Sub-Processors located in countries outside the United Kingdom (UK) (a “UK International Recipient“), provided all transfers by the Processor of Protected Data to a UK International Recipient shall (to the extent required under Data Protection Laws) be subject to and in compliance with the UK SCCs and other requirements of Data Protection Laws including, but not limited to, data transfer impact assessments, third country assessments and agreeing additional safeguards as necessary.

6.6 Japan Transfers Where the Processor receives Protected Data protected by Japanese Data Protection Laws, the Controller acknowledges and agrees that the Processor may transfer such Protected Data to Sub-Processors located outside of Japan (including but not limited to the physical storage of Protected Data within hosting facilities located in the United States of America), as contemplated under this DPA subject to the Processor complying with the DPA and applicable Data Protection Laws.

7 Staff
7.1 The Processor shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law, in which case the Processor shall, where practicable and not prohibited by Applicable Law, notify the Controller of any such requirement before such disclosure).

8 Assistance with the Customer’s compliance and Data Subject rights
8.1 The Processor shall refer all Data Subject Requests it receives to the Controller within three Business Days of receipt of the request.

8.2 Further to the above and notwithstanding anything to the contrary in the Terms, the Processor reserves the right to disclose the identity of the Controller to any relevant Data Subject following any such request from a Data Subject.

8.3 The Processor shall provide such reasonable assistance as the Controller reasonably requires (taking into account the nature of processing and the information available to the Processor) to the Controller in ensuring compliance with the Controller’s obligations under Data Protection Laws with respect to:
8.3.1 security of processing;
8.3.2 data protection impact assessments (as such term is defined in Data Protection Laws);
8.3.3 prior consultation with a Supervisory Authority regarding high-risk processing; and
8.3.4 notifications to the Supervisory Authority and/or communications to Data Subjects by the Controller in response to any Personal Data Breach.

9 Records, information and audit
9.1 The Processor shall maintain, in accordance with Data Protection Laws binding on the Processor, written records of all categories of processing activities carried out on behalf of the Controller.

9.2 The Processor shall, in accordance with Data Protection Laws, make available to the Controller such information as is reasonably necessary to demonstrate the Processor’s compliance with the obligations of Data Processors under Data Protection Laws, and allow for and contribute to audits, including inspections, by the Controller(or another auditor mandated by the Controller) for this purpose, subject to the Controller:
9.2.1 giving the Processor reasonable prior notice of such information request, audit and/or inspection being required by the Controller;
9.2.2 ensuring that all information obtained or generated by the Controller or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);
9.2.3 ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to the Processor’s business and the business of other Customers of the Processor; and
9.2.4 paying the Processor’s reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits on-site, calculated on a time & materials basis.

10 Breach notification
10.1 In respect of any Personal Data Breach involving Protected Data, the Processor shall, without undue delay (but in any event within 24 hours) from when the Processor becomes aware of the same:
10.1.1 notify the Controller of the Personal Data Breach; and
10.1.2 provide the Controller, where possible, with details of the Personal Data Breach.

10.2 Notice of a Personal Data Breach as contemplated under 10.1.1 above shall include:
10.2.1 the nature of the Personal Data Breach (including, where possible, the categories and approximate number of data subjects and data records concerned);
10.2.2 the likely consequences of the Personal Data Breach; and
10.2.3 the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects; and
10.2.4 such other information as may be required by Data Protection Law.

10.3 Unless otherwise requested, notifications will be sent to the email address associated with the account owner.

11 Deletion or return of Protected Data and copies
11.1 The Processor shall meet its obligation to delete or return Protected Data by providing facilities for the Controller to perform such actions. Upon written request from the Controller, any return of Protected Data shall be in such form as the Controller reasonably requests, within a reasonable time after the earlier of:

11.1.1 the end of the provision of the relevant Services related to processing; or
11.1.2 once processing by the Processor of any Protected Data is no longer required for the purpose of the Processor’s performance of its relevant obligations, and delete existing copies (unless storage of any data is required by Applicable Law and, if so, the Processor shall inform the Controller of any such requirement).

12 Liability
12.1 Any claims brought under or in connection with this DPA shall be subject to the terms and conditions, including, but not limited to, the exclusions and limitations set out in the Terms.

12.2 Notwithstanding the foregoing, the limitations specified in 12.1 above shall not apply to Data Protection Losses. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.

12.3 Any Data Protection Losses incurred by one party arising from or in connection with the other’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall be considered a liability to the non-compliant party.

13 Cooperation
13.1 If a party receives a compensation claim from an individual or Supervisory Authority relating to processing of Protected Data, it shall promptly provide the other party with notice and full details of such claim. The party with conduct of the action shall:
13.1.1 make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and
13.1.2 consult fully with the other party in relation to any such action.

14 Government Requests
14.1 The Processor does not, as a matter of course, voluntarily supply government authorities, agencies or law enforcement access to or information relating to the Processors Customer accounts or Protected Data. If the Processor receives a compulsory request (whether via court order, warrant, or other valid legal process) from any government authority, agency or law enforcement for access to or information relating to a Customer account (including Protected Data) belonging to a Controller (hereafter, a “Government Request”), the Processor shall take all such reasonable steps as necessary to confirm the validity of such a request.

14.2 In the event that the Processor satisfies itself that a Government Request is valid, the Processor shall:
14.2.1 inform the government authority, agency or law enforcement that Mind Garden is a processor of the Protected Data;
14.2.2 attempt to redirect the government authority, agency or law enforcement to request the data directly from the Controller; and
14.2.3 notify the Controller via email of the Government Request to allow Customer to seek their own appropriate remedy, whereby the Processor may provide the Controller’s contact information.

14.3 The Processor shall not be required to comply with the provisions of clauses 14.1 or 14.2 above if:
14.3.1 The Processor is legally prohibited from doing so; or
14.3.2 if the Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, the safety of the public, or the Processor’s Services or property.

SCHEDULE 1: DATA PROCESSING DETAILS
1 Subject-matter of processing:
Protected Data relating to the Processor’s provision of the Services to the Controller.

2 Duration of the processing:
The term of any order, defined as: until the Controller notifies the Processor that they no longer need the data for processing and the Processor then deletes all Protected Data in accordance with the DPA.

3 Nature and purpose of the processing:
The Processor will process Customer Protected Data for the purposes of providing the Services to the Controller in accordance with the DPA and the Terms and as initiated by the Customer in its use of the Services.

4 Type of Personal Data:
Types of Personal Data provided to the Processor via the provision of the Services by or at the direction of the Controller, including but not limited to contact data (such as email address, name), IP address and usage information.

5 Categories of Data Subjects:
Data subjects include the individuals about whom data is provided to the Processor via the Services by or at the direction of Controller or end-users of the Controller.

6 Sensitive Data (if applicable)
Our collection of Sensitive Data and the safeguards for this is outlined in and bound by the below Protected Health Information Agreement

7 Physical location of data centres: Full legal name; Address (with country)
Google Cloud Platform; Iowa, USA

8 List of approved sub-processors: Subprocessor (full legal name); Address/country; Description of services provided by the subprocessors
Google Cloud Platform; Iowa, USA; Server hosting and data storage
SocketLabs, INC; Pennsylvania, USA; Email delivery

17) Protected Health Information (PHI) Agreement

You and the company, institution or other entity (“Business Entity”) employing, contracting or retaining you, or on whose behalf you are using the Mind Garden Service described below (collectively, you and such “you”, the “Business Entity”) agree to be bound by and become a party to this Mind Garden Business Associate Agreement (this "Agreement") with Mind Garden (“we”, “us”, “Mind Garden”, “Business Associate”). You represent, warrant and agree that you are authorized to enter into this Agreement on behalf of yourself and the Business Entity and to bind yourself and the Business Entity to the terms and conditions herein.

This Agreement is being entered into in connection with your use of our online service which may include, without limitation billing, reminder notifications and/or related functionality, and/or other services (the “Transform Service”) under the terms and conditions of the Mind Garden Terms of Service Agreement (“TOS Agreement”) entered into between you and us. This Agreement, (a) is intended by the parties as a final, complete and exclusive expression of the terms of our agreement regarding the subject matter hereof; and (b) supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof.

By providing services pursuant to the TOS Agreement and receiving PHI for or on your behalf, Mind Garden shall become a business associate, as such term is defined under HIPAA, and will therefore have obligations regarding the confidentiality and privacy of PHI that we receive from or on your behalf.

The parties hereby agree as follows:

1. Definitions

1.0 CFR: Code of Federal Regulations.

1.1 Business Associate: “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean us.

1.2 Covered Entity: “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean you.

1.3 HIPAA: “HIPAA” shall mean collectively, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, each as amended.

1.4 “Protected Health Information” or “PHI” is any information, whether oral or recorded in any form or medium that is created, received, maintained, or transmitted by us for or on your behalf, that identifies an individual or might reasonably be used to identify an individual and relates to: (i) the individual’s past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present or future payment for health care.

The following terms used in this Agreement shall have the same meaning as those terms in HIPAA: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

2. Our Obligations and Activities

We agree to:

2.1 Not use or disclose PHI other than as permitted or required by this Agreement, the TOS Agreement, or as required by law;

2.2 Not use or disclosure PHI in any manner that violates applicable federal and state laws;

2.3 Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement or the TOS Agreement;

2.4 Within ten (10) business days, report to you any use or disclosure of PHI not provided for by the Agreement of which we become aware, including Breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any successful Security Incident of which we become aware. The parties acknowledge that unsuccessful Security Incidents that occur within the normal course of business shall not be reported pursuant to this Agreement. Such unsuccessful Security Incidents include, but are not limited to, port scans or “pings,” and unsuccessful log-on attempts, broadcast attacks on our firewall, denials of service or any combination thereof if such incidents are detected and neutralized by our anti-virus and other defensive software and not allowed past our firewall;

2.5 In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information;

2.6 Make available to you PHI maintained in a Designated Record Set as necessary to satisfy your obligations under 45 CFR 164.524. In the event that any Individual requests access to PHI directly from us, we shall forward such request to you. You will be responsible for making all determinations regarding the grant or denial of an Individual’s request for PHI and we will make no such determinations. Except as Required by Law, only you will be responsible for releasing PHI to an Individual pursuant to such a request. Any denial of access to PHI determined by you pursuant to 45 CFR Section 164.524, and conveyed to us by you, shall be your responsibility, including resolution or reporting of all appeals and/or complaints arising from denials;

2.7 Identify and respond internally to any suspected or known Breach of any Unsecured Protected Health Information, Security Incident or other improper use or disclosure of PHI, and will mitigate, to the extent practicable, their harmful effects, document their outcomes, and provide documentation of any successful Security Incident and Breach of any Unsecured PHI to you upon request.

2.8 Make any amendments to PHI maintained in a Designated Record Set as directed or agreed to by you pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy your obligations under 45 CFR 164.526. You will be responsible for making all determinations regarding the grant or denial of an Individual’s request for an amendment to PHI and we will make no such determinations. Any denial of amendment to PHI determined by you pursuant to 45 CFR Section 164.526, and conveyed to us by you, shall be your responsibility, including resolution or reporting of all appeals and/or complaints arising from denials;

2.9 Maintain and make available the information required to provide an accounting of disclosures to you as necessary to satisfy your obligations under 45 CFR 164.528. In the event that any Individual requests an accounting of disclosures of PHI directly from us, we shall forward such request to you. You will be responsible for preparing and delivering an accounting to Individual. We shall implement an appropriate record keeping process to enable us to comply with the requirements of this Agreement;

2.10 Comply with the requirements of Subpart E of 45 CFR Part 164 that apply to you in the performance of your obligations under Subpart E of 45 CFR Part 164, to the extent we are to carry out one or more of such obligations; and

2.11 Make our internal practices, books, and records available to the Secretary for purposes of determining compliance with HIPAA.

3. Permitted Uses and Disclosures by Business Associate

3.1 We shall only use or disclose PHI as necessary to perform the services set forth in the TOS Agreement between the parties as outlined in this Agreement.

3.2 We may use or disclose PHI as required by law.

3.3 We agree to use and disclosure the minimum necessary PHI for its specific purposes.

3.4 We shall not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by you, except for the specific uses and disclosures set forth below.

3.5 We may use PHI for our own proper managerial and administrative duties, or to carry out our legal responsibilities.

3.6 We may disclose PHI for our own proper managerial and administrative functions, or to carry out our legal responsibilities, provided the disclosures are required by law, or that we obtain reasonable assurances as governed by our Policies and Procedures from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies us of any instances of which it is aware in which the confidentiality of the information has been breached.

3.7 We may provide data aggregation services to the extent permitted under HIPAA and combine PHI created or received on behalf of you by us pursuant to this Agreement with PHI, as defined by 45 C.F.R. 160.103, received by us in our capacity as a business associate of other covered entities, to permit data analyses that relate to the Health Care Operations of the respective covered entities and/or you.

3.8 We may de-identify any and all PHI created or received by us under this Agreement to permit anonymized data analyses. Once PHI has been de-identified pursuant to 45 CFR 164.514(b), such information is no longer PHI subject to this Agreement.

4. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions

4.1 You agree to notify us of any limitations in your notice of privacy practices under 45 CFR 164.520, to the extent that such limitations may affect our use or disclosure of PHI.

4.2 You agree to notify us of any changes in, or revocation of, the permission by an Individual to use or disclose their PHI, to the extent that such changes may affect our use or disclosure of PHI.

4.3 You agree to notify us of any restriction on the use or disclosure of PHI that you have agreed to or are required to abide by under 45 CFR 164.522, to the extent that such restriction may affect our use or disclosure of PHI.

5. Permissible Requests by Covered Entity

You shall not request that we use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by you, except as specified in Section 3 of this Agreement.

6. Term and Termination

6.1 Term: The Term of this Agreement shall be effective as of the date that the parties first exchanged PHI, and shall continue in perpetuity until either party terminates the agreement.

6.2 Termination: Either party has the right to terminate this Agreement for any reason upon written notice to the other party in the same manner as outlined in the TOS Agreement. This Agreement shall terminate immediately upon termination of the TOS Agreement, subject to Section 6.3 of this Agreement.

6.3 Obligations of Business Associate Upon Termination: Upon termination of this Agreement for any reason, with respect to PHI received from you, or created, maintained, or received by us on your behalf, we shall:

Retain only that PHI which is necessary for us to continue to properly perform our own managerial and administrative duties, or to carry out our legal responsibilities;
If feasible, as determined by us, return or destroy the remaining PHI that we still maintain in any form;
Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section, for as long as we retain the PHI;
Not use or disclose the PHI we retain other than for the purposes for which such PHI was originally retained, and subject to the conditions in Section 3 of this Agreement which applied prior to termination; and
Return or destroy the PHI we retain when it is no longer needed to properly perform our own managerial and administrative duties, or to carry out our legal responsibilities.

6.4 Material Breach: Where either party has knowledge of a material breach by the other party, the non-breaching party shall provide the breaching party with an opportunity to cure. Where said breach is not cured to the reasonable satisfaction of the non-breaching party within twenty (20) business days of the breaching party’s receipt of notice from the non-breaching party of said breach, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the TOS Agreement affected by the breach. Where either party has knowledge of a material breach by the other party and cure is not possible, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the TOS Agreement affected by the breach.

7. Survival

The obligations of the parties under this Agreement, which by their terms are intended to survive, shall survive the termination of this Agreement.

8. Miscellaneous

8.1 Amendment: If any of the regulations promulgated under HIPAA are amended or interpreted in a manner that renders this Agreement inconsistent therewith, the parties shall amend this Agreement to the extent necessary to comply with such amendments or interpretations.

8.2 Interpretation: Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA.

8.3 Conflicting Terms: In the event that any terms of this Agreement conflict with any terms of the TOS Agreement, the terms of this Agreement shall govern and control.

8.4 Severability: The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein.

Website copyright ©2005-2026