Please note that any changes to our privacy pages are published online. For the latest valid version, please go to

Data Processing Agreement and Privacy Policy

Version 2.0.7, Updated at 2019-06-18

1. Introduction

This Data Processing Agreement and Privacy policy is aimed to define how and why Mentimeter collects and handles Personal Data. Its goal is to let Users use the Application to its full capability and in the same time protect and limit the use of Personal Data. This Data Processing Agreement and Privacy policy is aimed to be written in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Mentimeter stores Personal Data to provide the Services in a reliable and safe way and in accordance with Controller's lawful instructions. Any questions related to this Data Processing Agreement and Privacy policy can be sent to

1.1. Scope

This Data Processing Agreement and Privacy policy is part of the Terms and Conditions applied to all Users of Mentimeter (the "Terms").

1.2. Definitions

The following definitions in this Data Processing Agreement and Privacy policy shall have the meaning as set forth in this provision:

  • "Application" – the web-based audience response system developed and provided by Mentimeter in which the Presenter creates online Surveys with questions that the Audience responds to via their computers or mobile devices. The result is shown in real time.

  • "Audience" - the person(s) for which the Survey is created and who is (are) the respondent(s) of the Survey. For clarification, when a person in the Audience has entered his/hers email address to receive the results from the Survey, such person is defined as a Presenter under these Terms

  • "Basic version" - the basic version of the Application.

  • "Controller" - the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data

  • "Credit card information" - complete data set related to a customer credit card

  • "Custom version" - the customized version of the Application.

  • "Customer" - the person or company who purchases a License to use a Paid version of the Application.

  • "Customer Initiation Day" - the day when the Customer agrees to purchase a License to use any of the Application's Paid versions and agrees to these Terms.

  • "Data Protection Legislation" means (i) prior to 25 May 2018 Personal Data is regulated by the provisions in the Swedish Personal Data Act (1998:208) (ii) after 25 May 2018 Personal Data is regulated by GDPR (Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data).

  • "EEA" means the European Economic Area, which constitutes the member states of the European Union, the United Kingdom, Norway, Iceland and Liechtenstein.

  • "Free version" - the free version of the Application.

  • "GDPR" - Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data

  • "License"" – the right for one Presenter to use either a Paid version of the Application or a Free version of the Application.

  • "License Period" – as defined in section 4.

  • "Mentimeter" - Mentimeter AB, a Swedish Aktiebolag (private limited company) registered at Alströmergatan 22, 112 47 Stockholm, Sweden, with Swedish company registration number 556892-5506, VAT number SE556892550601 and e-mail

  • "Mentimeter Organisation" – When a Customer purchases more than one License of the Pro or Custom version Mentimeter will automatically create a group for the Users of the Licenses purchased by the same Customer. Such a group is called a Mentimeter organisation.

  • "Paid version" - the Pro, Basic, Custom or any other version of the Application that the Customer pays for.

  • "Presenter" - the person(s) who create(s) the Survey.

  • "Presenter account" - the account, identifiable by unique email, belonging to one Presenter.

  • "Presenter's Personal Data" – any information about the Presenter that can be related to an identified, or identifiable living natural person ('Data Subject'), or as otherwise defined by law, regulation or contractual agreement. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Presenter Personal Data collected by Mentimeter is limited to Presenter's email address, name, IP-address and billing address.

  • "Pro version" - the Pro version of the Application.

  • "Processor" - shall mean an entity which processes Personal Data on behalf of the Controller.

  • "Services" – all services furnished by Mentimeter to a User under these Terms, such as, but not limited to the Application and the Website.

  • "Survey" - questions created by the Presenter.

  • "Terms" - these Terms and Conditions including any separate agreement that might have been entered into between Mentimeter and the User regarding the Services.

  • "Third Party Application" – the software for which the copyright obviously belongs to a third party or is listed by Mentimeter to be a Third Party Application.

  • "User" - A Customer, Presenter, Audience or other person having used the Website or the Application.

  • "User Data" – all data that a User provides when using the Website or Application including Surveys and answers to Surveys.

  • "User Personal Data" – any information about the User that can be related to an identified, or identifiable living natural person ('Data Subject'), or as otherwise defined by law, regulation or contractual agreement. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

  • "Website" - all sites related to,, sub-site or versions of them connected to help/support the User to use the Application. If a term or definition is not defined above it shall have the same meaning as in the "Terms".

2. Roles and responsibilities

2.1 Parties' Roles

To the extent that Mentimeter processes Personal Data in the course of providing the Services, it will do so only as a Processor acting on behalf of a Presenter or a Customer (as Controller) and in accordance with the requirements of the Agreement.

2.2 Compliance

Presenter or Customer, as Controller, shall be responsible for ensuring that:

  • it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection, including EU Data Protection Legislation; and

  • it has, and will continue to have, the right to transfer, or provide access to, the Personal Data to Mentimeter for processing in accordance with the and this Data Processing Agreement. When it comes to Presenter Personal Data, Mentimeter is seen as the Processor and the Presenter, or when applicable, the Customer, as the Controller. When it comes to User Personal Data that is collected from the Audience in a Survey the Presenter is seen as Controller and solely responsible for the collection, storing and management of such potential Personal Data. Mentimeter, as a Processor, will only store such data as a result of the Presenter's use of the Application and use certain User Data from Free versions of the Application in an anonymized format without the possibility to identify separate individuals. The Presenter is responsible for ensuring that the processing of data within the Application takes place in accordance with applicable legislation.

3. User's right to its own data

Mentimeter recognize that the User own and have full right to its own data, Mentimeter hereby receives a right to process that data for the purpose to enable Mentimeter to deliver the Services to the User.

3.1 Purpose Limitation

Mentimeter will process the Personal Data only for the purpose of providing the Services in a reliable and safe way and in accordance with Controller's lawful instructions.

3.2 Right to access

The Presenter has, at any time, right to obtain from Mentimeter confirmation as to whether or not Presenter Personal Data concerning the Presenter is being processed, where and for what purpose. Mentimeter will comply with such a request at latest within 30 days. Requests regarding User Personal Data, which the Presenter is responsible for, should be directed to the Presenter and the Presenter is obliged to grant access to such User Personal Data.

3.3 Right to be forgotten

The Presenter shall have the right to request that Mentimeter erases Presenter Personal Data concerning the Presenter without undue delay. Mentimeter will comply with such request at latest within 30 days. If the Presenter exercises the right to be forgotten - the Service can no longer be provided the Presenter. Mentimeter may be mandated by law to keep some Personal Data even if the Presenter has requested to be forgotten. User shall have the right to request that the Presenter erases User Personal Data. The Presenter shall comply with such request within 30 days.

3.4 Processing of special categories of personal data

Mentimeter does not process any special categories of Personal Data defined under article 9 of GDPR.

4. Security within Mentimeter

The Mentimeter platform is built to be easy accessible and beautiful, a simple way to create interactivity and engagement in meetings, webinars, workshop, presentations and other real-time gatherings of people. The openness and easy accessible process is a very valuable and important aspect of the the Mentimeter value proposition to our Users. Presenters and/or Users can share URLs, ID or other information to make the presentations non-secure. Mentimeter cannot take responsibility for security that is breached by the fundamental openness of the platform or by some of our Users sharing information they shouldn't have. Mentimeter will have in place and maintain throughout the term of this agreement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing (a "Security Incident"). In the event of a Security Incident, Mentimeter will notify User and provide reasonable assistance in order to remedy or mitigate the effects of the Security Incident.

4.1 Organization of Information security

Top management shall set direction for and show commitment to information security. The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy and effectiveness. See Security Revision Schedule. Mentimeter maintains separation/segregation of duties to prevent error and fraud by ensuring that at least two individuals are responsible for separate parts of any task, so that no single role or account, can access, modify or use User Data without authorization or detection.

4.2 Human resource security

Mentimeter has a process that ensures that all personnel with access to systems or information that can have access to User Data have signed a Non-Disclosure Agreement (NDA) as part of their contract with Mentimeter. Mentimeter has a staff onboarding process that includes verifying the identity of staff and the background and skill they state. Mentimeter has a rigorous staff termination process that includes revoking access rights, seizing IT equipment, invalidating company access card as well as notification of continuous confidentiality obligations. Any staff with access to User Data shall be required to take appropriate security training on a regular basis. See Security Revision Schedule To gain access to the internal resources from remote locations, users must have the required authorization. Remote access for an employee, external user or partner can be requested only by members of the leadership team.

4.3 Roles, accountability and responsibilities

Chief Executive Officer
  • Accountable for all aspects of the Mentimeter's information security and data processing.

  • Determine the privileges and access rights to the resources within their areas.

Security Officer
  • Responsible for the security of the IT infrastructure.

  • Plan against security threats, vulnerabilities, and risks.

  • Implement and maintain Security Policy documents.

  • Ensure security training programs.

  • Ensure IT infrastructure supports Security Policies.

  • Respond to information security incidents.

  • Help in disaster recovery plans.

All employees
  • Must uphold and meet requirements of Mentimeter Security Policy.

  • Report any attempted security breaches.

In consideration of being entrusted rights to use Mentimeter's systems, repositories and information all employees must acknowledge the following:

  • That disclosure of information that would cause harm to Mentimeter irrespective of the form in, or the media on, which the information is displayed or contained, is considered confidential information.

  • That employees will not, directly or indirectly, make use of information other than in the course of work duties;

  • That employees will keep passwords, PIN codes, etc. entrusted to the employee, strictly confidential;

  • That employees use at least 2 factor authentication for systems with user data. We also require password protected SSH keys.

  • Mentimeter implements host based (i.e. per work station) security by contractually requiring strong (at least AES128) encryption and firewalls on all work stations. This is verified at start of employment and at least twice a year.

  • Firewall enabled on all workstations

  • That employees will log off the computer or activate the screensaver configured with password immediately upon completion of each work session;

  • That the employee understand that his/her rights to use Mentimeter systems, repositories and information expire upon the termination of their work duty, or at any time upon the request by Mentimeter. If the employee is not otherwise instructed, Mentimeter requests that the employee shall immediately return all intellectual properties that the employee hold when his/hers rights have expired.

  • A clear desk policy to protect customer information.

Mentimeter Password Control Policy defines the requirements for the proper and secure handling of passwords in the Organization. All employees who handle assets and services related to Mentimeter uses password management via a certified password management system and strong passwords are required.

4.4 Operations security

Losses, theft, damages, tampering or other incident related to IT-assets that compromises security must be reported as soon as possible to the VP-Engineering.

4.5 Continuous improvements

Mentimeter shall implement new updates and versions of the Application, to the extent deemed suitable by Mentimeter. Mentimeter has world class engineering practices to ensure everything we do has a security perspective. This list is an example of things we do to uphold information security.

Engineering practices:

  • Clear code conventions enforced by static code analysis;

  • Use of well known frameworks to protect against common attack vectors (XSS, CSRF, SQL Injection);

  • Incident response plans are maintained and followed to quickly act on incidents;

  • Continuous check up to keep libraries up-to-date;

  • Continuous integration builds and testing;

  • Continuous improvement process with entire product team where security issues are a standing item;

  • Penetration testing is done continuously by an external part to ensure the system is protected from any new security threats

  • All code is peer reviewed to find bugs and security holes early;

  • Passwords are always kept in password safes or as configuration.

5. Business continuity

Mentimeter shall always have the right to disconnect the Application for service and upgrading without giving prior notice to the User. Mentimeter intends to give notice on beforehand to the User before updates or maintenance of the Application.

6. Incident management

Mentimeter has an incident management process to detect and handle breaches of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

6.1 Breach Notification

All privacy or security related incidents shall be reported to the VP Engineering ( as soon as they are detected. This applies to Mentimeter employees and all sub-processors that handle personal data. All incidents are documented and evaluated internally and an action plan for each individual incident is made, including mitigatory actions. If the incident is grave and the risk of damage to personal rights and freedoms of natural persons are high, Mentimeter shall as soon as possible (but no later than 72 hours):

  • inform the supervisory authority in Sweden, "Datainspektionen"

  • inform the affected individuals

Mentimeter reserves the right to decide what level of notification is needed for what severity of breach of data.

If the incident is grave Mentimeter will also continuously inform the Controller how we work to ensure Personal Data is kept safe.

7. Sub-processing

Mentimeter have entered into Data Processing Agreements that meet the GDPR requirements for all our subcontracts. Users authorize Mentimeter to subcontract processing of Personal Data under the Agreement to a third party provided that:

(i) Mentimeter provides Presenter and Customer with reasonable prior notice of any such subcontracting; and

(ii) Mentimeter flows down Purpose Limitation and Security to any subcontractor it appoints. Third Party Sub-Processors shall be restricted to only the necessary access, use, retention and disclosure of customer Information needed to fulfill contractual obligations.

7.1 Transfer of personal data to third country

In accordance with GDPR a transfer of personal data to a third country may take place where the Commission has decided that the third country in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

The European Commission has so far (as of May 2018) recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (If part of EU-US Privacy Shield Framework) as providing adequate protection. For more information on International dimension of data protection, please click here.

Mentimeter hereby reserves the right, and in compliance with GDPR, to use sub-suppliers in countries approved by The European Commission at the current date.

Mentimeter use subcontractors to deliver the best Application possible to our Users, we don’t sell Personal Data to sub-processors.

7.2 List of subcontractors and location

NameAddress / CountryPurposeData Processing Agreement in placeApproved through EU-US Privacy Shield Inc (Heroku)The Landmark @ 1 Market St. Suite 300 San Francisco, CA 94105, USAData hostingYesYes
PayPal (Europe) S.à.r.l. (Braintree)et Cie, S.C.A., 22-24 Boulevard Royal L-2449, LuxembourgPaymentYesn/a
Mixpanel Inc405 Howard Street, 2nd Floor, San Francisco, CA 94105, USAData AnalyticsYesYes
New Relic Inc188 Spear St., Suite 1200 San Francisco, CA USA 94105, USAIncident / issue trackingYesYes
Rollbar Inc51 Federal St, San Francisco, CA 94107, USAIncident / issue trackingYesYes
Rapid7 Ireland Limited ( Works, Windmill Lane, Dublin 2, IrelandIncident / issue trackingYesn/a
Dropbox Inc 333Brannan Street San Francisco, CA 94107, USAInternal file storageYesYes
Slack TechnologiesLimited 4th Floor, One Park Place Hatch Street Upper Dublin 2, IrelandInternal communicationYesn/a
Facebook, Inc1601 Willow Rd. Menlo Park, CA 94025, USAAdvertisingYesYes
Intercom, Inc55 2nd Street, 4th Fl., San Francisco, CA 94105, USAUser communication (chat and email)YesYes
Peaberry Software Inc.( 921 SW Washington St, Suite #820, Portland, OR 97205, USAUser communication (email)YesYes
Google Inc1600 Amphitheatre Parkway, Mountain View, CA 94043, USAUser & internal communication (email), bot detection (reCaptcha) and advertisingYesYes Inc (Amazon Web Services)410 Terry Avenue North. Seattle, WA 98109-5210. USAData hostingYesYes
The Rocket Science Group, LLC (Mailchimp)1526 DeKalb Ave NE, Atlanta, GA 30307, USAUser communication (email)YesYes
LIVESTORM SAS ( rue Rodier 75009 Paris, FranceUser communication (webinar and email)Yesn/a
Wootric Inc3616 18th Street Apartment 1 San Francisco, CA 94110, USAUser communication (NPS & survey)YesYes
APIHub, Inc (Clearbit)90 Sheridan St, San Francisco, CA 94103, USAData AnalyticsYesYes
Pipedrive OÜPaldiski mnt 80 Tallinn 10617, EstoniaUser communication and sales adminYesn/a
Lunaweb Ltd (Cloudconvert)Mühlfeldweg 8, 85738 Garching b. München, GermanyContent hosting and uploadingYesn/a
Trello Inc55 Broadway, 25th Floor, New York NY 10006, USAInternal communication (task management)YesYes
Linkedin Corporation2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043, USARecruitment, AdvertisingYesYes
Jobylon ABHälsingegatan 49, 113 31 Stockholm, SwedenRecruitmentYesn/a
Mixmax, Inc512 2nd Street, First Floor, San Francisco, CA 94107, USAUser Communication (email)YesYes
TYPEFORM S.LB65831836 Bac de Roda, 163 Barcelona 08018, SpainUser Communication (survey & email)Yesn/a
Zapier, Inc548 Market St #62411, San Francisco, California 94104, USAInternal CommunicationYesYes
Scrive ABBarnhusgatan 20 2TR, 111 23 Stockholm, SwedenContract ManagementYesn/a
Wave Financial Inc235 Carlaw Ave., Suite 501, Toronto, ON M4M 2S1, CanadaInvoicingYesn/a
Igil Webs SRL (FirstPromoter)Str. Talmacelului, nr. 30, Talmaciu, Sibiu, RomaniaAdvertisingYesn/a
PE Accounting Sweden ABKlarabergsviadukten 90, 111 64 Stockholm, SwedenAccountingYesn/a

Mentimeter reserves the right to add subcontractors if they comply with the rules and regulations of this Data Processing Agreement and Privacy statement

8. Physical and environmental security

8.1 Office

Physical access to Mentimeter's office premises shall be restricted to staff individually and on a need to have basis. Physical access to where Services are performed shall log physical access related events such as date, time, swipe/proximity card-id, door-id, access denied or access granted.

8.2 Data Centers

Mentimeter is working with the best in class service providers for data storage. The service providers' physical infrastructure is hosted and managed within Heroku's and Amazon's secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • PCI Level 1

  • FISMA Moderate Sarbanes-Oxley (SOX) - As a publicly traded company in the United States, is audited annually and remains in compliance with the Sarbanes-Oxley (SOX) Act of 2002. Amazon security is covered here ( Heroku security is covered here (

9. User privacy and data integrity

Keeping User Data secure is extremely important and Mentimeter spend a lot of effort and time to ensure all data sent to Mentimeter is handled securely. We will, in this section and the section regarding Security Revision Schedule, describe what Mentimeter do to accomplish this. Top management is responsible for setting direction for and show commitment to data integrity and user privacy. Mentimeter have experienced engineers designing and building our systems according to best practices to ensure highest data security in all parts of the application. We only use well-recognized and highly secure 3rd party systems with proper security certifications and practices. Our employees are required to use 2 factor authentications for all systems where data is stored, together with individual accounts to ensure that we can follow who did what and when. When an employment is ended, we immediately revoke all accesses that such employee had. Security measures are taken to protect User and User Data both for "Data at rest" and "Data in transit ". (Read more below). Mentimeter respects intellectual property rights and will remove any content that infringes copyright, trademark, patent or other intellectual property rights of third parties upon notification from a Presenter, Customer or third party.

9.1. Personal Data

We avoid storing any Personal Data that is not needed to supply our users with a great experience and gain value from Mentimeter. We have deemed the following to be the minimum amount of Personal Data we need from a User:

  • Presenters' and Customers' name

  • User Email address

  • Customer billing address

  • User IP address

  • User agent

Mentimeter stores this Personal Data the minimum time we can and at the same time deliver a safe, reliable and valuable Application. We have deemed the following timeframes appropriate until we delete Personal Data needed:

  • Presenters' and Customers' name (stored until requested to be deleted)

  • User Email address (Presenter email is stored until requested to be deleted, Audience email is deleted after 12 months unless converted to Presenter)

  • Customer billing address (stored until requested to be deleted)

  • User IP address (Audience IP address stored for 14 days and then deleted, Presenter IP address stored until requested to be deleted)

  • User agent (stored until requested to be deleted)

9.2. Access to User Data

Mentimeter's staff do not access or interact with User Data or applications as part of normal operations. There may be cases where Mentimeter is requested to interact with User Data at the request of the Presenter or Customer for support purposes or where required by law. User Data is access controlled and all access by Mentimeter's staff is accompanied by customer approval, government mandate or top management approval. Reason for access, actions taken by staff, and support start and end time is recorded for each access.

9.3. Data at Rest

Mentimeter uses Encryption of all data "at-rest".

Mentimeter gets powerful and automatic protection through our database provider. Read more here: +

Mentimeter stores User Personal Data, Presenter Personal Data and User Data on AWS (an Amazon service servers. The geographical location of our AWS hosting is "US east, N. Virginia".

Mentimeter have legally binding Data Processing Agreement with Amazon and Amazon is certified under the EU-U.S.

Privacy shield framework. This setup gives Mentimeter “adequacy of the protection of personal data in non-EU countries” under the GDPR-regulation as stated by the European Commission:

Mentimeter utilizes ISO 27001, SOC2 and FISMA certified data centers managed by Amazon. Credit card information is stored with a Level 1 PCI compliant third party vendor, see 9.7. Payment Details for more information.

9.4. Data in Transit

Mentimeter uses standard SSL, ie. Encryption of data "in-transit, and are rated A+ by 3rd party vendor, SSL Labs. Privacy and the protection of User Data are of highest importance to Mentimeter and we both have technical and operational support in place to ensure this. We are using standard SSL, ie. encryption of data "in-transit". We also leverage all protection through

9.5. Backups and Data Loss Prevention

Data is backed up continuously and we have an automatic failover system if the main system would fail.

9.6. User Password

We encrypt (hashed and salted) passwords using the Bcrypt algorithm to protect them from being harmful in the case of a breach. Mentimeter can never see User passwords and Users can only self-reset them by email.

9.7. Payment Details

Mentimeter use PCI compliant payment processor Braintree for encrypting and processing credit card payments. Mentimeter employees do not see or handle credit card information.

9.8. Third Party Platforms

Mentimeter may collect information when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites. This may include information such as "Likes", profile information gathered from social networking sites or the fact that you viewed or interacted with our content. Mentimeter allows partner vendors to use and store limited amount of Personal Data that is needed for Mentimeter to provide support, marketing, business intelligence and monitoring. Mentimeter ensures that Personal Data is not excessively stored, printed, copied, disclosed or other means processed outside the purpose for use. We never sell User Personal Data, behavior data nor any other user generated data to any third party. We do however share Presenters email addresses with organisations connected to the User, but only in order to enable us to develop an even better Application. Credit card information is handled with a Level 1 PCI compliant third party vendor. (See 9.7. Payment Details for more information).

9.9. Audience Anonymity

Voting on Mentimeter's voting site is anonymous and we believe this is an important part of the voting experience. For preventing abuse we do, however, store the Audience's IP address for a short period of time (it is erased within 14 days).

The Website utilizes cookies to enhance online user experience. Below, you will see detailed information about what types of cookies we use, why and how to disable these cookies.

Cookies are small text files that are generated by the Website that you are viewing, allowing the Website to store information as you navigate web pages. These text files contain session data that can be useful to improve your browsing experience.

All of the cookies used by the Website are safe for your computer and they only store information that is used by the browser. These cookies cannot execute code and cannot be used to access content on your computer. Many of these cookies are necessary to ensure the proper functioning of the Website. They do not contain malware or viruses. Other cookies improve user experience by storing site preferences, language preferences, as well as information about previously viewed content. This information is stored by cookies and used to enhance user experience, such as identifying and resolving errors and navigation problems. We also use cookies to be able to target advertising to the correct User and the correct time, to make it as relevant as possible for our Users.

To enhance our understanding of your interaction with our Sites, we may use cookies to collect data for statistical purposes, including (but not limited to): date of first visit, number of visits, date of last visit, URL, domain, browser, and screen resolution. Cookies, by themselves, do not tell us any personally identifiable information other than your IP address.

You may voluntarily de-activate and/or eliminate cookies by following your Internet browser's instructions. However Mentimeter reserves the right to not provide you with the Application if you do, because some base functionality and the security of the Application depend on the use of cookies.

We may partner with third-party ad networks to either display advertising on our Web site or to manage our advertising on other websites. Our ad network partners use cookies and Web beacons to collect non-personally identifiable information about your activities on this and other websites to show you targeted advertising based on your interests. We may partner with third-party data providers to match IP addresses with company names and contact names. Our data partners may use cookies and Web beacons for the purpose of matching IP addresses.

You will find all our third-party-partners and sub-contractors in section "List of subcontractors and location". We have Data Processing Agreements with all of them.

10. Security Revision Schedule

This section shows how often Mentimeter conducts security revisions and conduct different types of test. If significant changes occur Mentimeter will initiate an otherwise planned activity to ensure continuing security.

Planned activityFrequency
Security training for personnelYearly and at beginning of employment
Revoke system, hardware and document accessAt end of employment
Ensures access levels for all systems and employees are correct.2 times a year
Audit of Access management process and catalogue2 times a year
Firewall settings verification for workstations and Network2 times a year
Ensure all critical system libraries are up-to-dateContinuously
Unit and integration tests to ensure system functionality and securityContinuously
External penetration tests to ensure system securityContinuously