Mindpool ApS of Artillerivej 86 2.th, 2300 Copenhagen S, Denmark and its group companies (collectively, “Mindpool” / “we” / “our” / “us”) are committed to protecting and respecting your privacy.
Our status and responsibilities
For information on how to contact us, please see the “How to contact us” section below.
Purpose of this policy
- visit our Site;
- visit our offices;
- receive marketing communications from us, including emails, phone calls or texts;
- use our products and services as a platform user, where we act as a controller of your personal data (for example, in respect of each client contact which we hold for account and contract management questions);
- register or attend our events or webinars.
PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We will collect and process the following data about you:
Information you give us.
- When you complete an enquiry via our Site or register for a demo or otherwise contact us to request information about our products and services, we will typically obtain contact information such as your name, employer, company email address and company telephone number.
- If you use our “chat” function or similar features, register for an event, webinar, or download certain content, we may require that you provide your contact information such as your name, job title, company name, address, phone number or email address.
- If you contact or correspond with us (for example, using any support function made available by us) and we may keep a record of that correspondence (either directly or through our service providers).
- If you visit our offices, you may be required to register as a visitor and provide your name, email address, phone number, company name and time and date of arrival.
- If you use and interact with our Site and/or emails, we automatically collect information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type.
- We may also collect other information about your use of the Site, including the pages you have viewed, the duration spent, and how you navigate through the Site.
Information we receive from other sources.
- We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party service providers who provide contact enrichment and lead generation services to us.
- We work closely with third parties (including for example, business partners, other companies within our group, subcontractors and analytics providers) and may receive information about you from them. Details of third party providers are set out in the section below entitled “Who we share your personal data with”.
HOW WE USE YOUR PERSONAL DATA
Where we have collected, received or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
- Providing our Site and services. We process your personal data to provide you with access to our Site and services. We rely on our legitimate interest to operate and administer our Site and to provide you with content you access and request (e.g., to download content from our Site).
- Promoting the security of our Site and services. We process your personal data by tracking use of our Site and services, creating aggregated, non-personal data, verifying users and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others.
- Providing necessary functionality. We process your personal data to perform our contract with you for the use of our Site and services; where we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to provide you with the necessary functionality required during your use of our Site and services.
- Managing user registrations. If you have registered for an account with us on behalf of your employer (i.e. a potential client of Mindpool), we process your personal data by managing your user account for the purpose of performing our contract with your employer for our services.
- Handling contact and user support requests. If you use our “chat” function or request user support, or if you contact us by other means including via a phone call, we process your personal data to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.
- Managing event or webinar registrations and attendance. We process your personal data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you.
- Developing and improving our Site and services. We process your personal data to analyse trends and to track your usage of and interactions with our Site and services to the extent it is necessary for our legitimate interest in developing and improving our Site and services and providing our users with more relevant content and service offerings, or where we seek your valid consent.
- Assessing and improving user experience. We process device and usage data as described in ‘Technical information’ above, which in some cases may be associated with your personal data, in order to analyse trends in order to assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent.
- Identifying customer opportunities. We process your personal data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences.
- Registering office visitors. We process your personal data for security reasons, to register visitors to our offices, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorised access.
- Displaying personalised advertisements and content. We process your personal data to conduct marketing research, advertise to you, provide personalised information about us on and off our Site and to provide other personalised content based upon your activities and interests to the extent it is necessary for our legitimate interest in advertising our Site or, where necessary, to the extent you have provided your prior consent.
- Sending marketing communications. We will process your personal data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, or SMS) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or, alternatively, to the extent you have provided your prior consent (please see the “Your rights” section, below, to learn how you can control the processing of your personal data by Mindpool for marketing purposes.
- Complying with legal obligations. We process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Site, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data with other companies in our group, where necessary or desirable to do so in the course of the provision of services to you or in the course of undertaking marketing activities.
- subprocessors, service providers (for example of IT services), business partners and/or suppliers, in the course of undertaking marketing activities.
- analytics and search engine providers that assist us in the improvement and optimisation of our marketing activities and the analysis of data supplied via the platform for contact enrichment and lead generation purposes, including Google Analytics.
- government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons.
We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
- if we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
- if Mindpool ApS or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets;
- we may disclose your personal data to our legal advisers if they need to have access to this information in order to advise us on our legal rights and obligations; and
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
INTERNATIONAL DATA TRANSFERS
A number of our service providers are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to undertake marketing activities.
We have put in place appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the EU laws on data protection, including putting in place written contractual agreements to meet EU-approved data protection obligations. If you require further information about these protective measures, please contact us at [email protected].
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the Site or platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will retain your personal data for a period consistent with the original purpose of collection (see the “How we use your personal data” section above). We determine the appropriate retention period for personal data on the basis of the amount, nature and sensitivity of your personal data processed, the potential risk of harm from unauthorised use or disclosure of your personal data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
You have the following rights in regards to your personal data:
- You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
- Right to object to processing. You have the right to object to processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
- You have the right to request that we rectify any inaccurate personal data that we hold about you.
- To the extent permitted by applicable data protection laws, you have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
- Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
- You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.
- Automated processing. Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our Site or in our services.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) in accordance with applicable data protection laws. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
To update billing information on behalf of your employer (where your employer is an existing Mindpool Client), discontinue your account and/or request return or deletion of your personal data or to exercise any of your other rights, please contact us by emailing [email protected]. Please allow at least 5 working days for your request to be actioned.
Your preference for email and SMS marketing communications
If we process your personal data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Mindpool by clicking on the “unsubscribe” or “update subscription preferences” link located on the bottom of Mindpool marketing emails, by unsubscribing if you receive Mindpool SMS communications, or by emailing [email protected].
Please note that opting out of marketing communications does not opt you out of receiving important service communications related to your current relationship with us, such as communications about any contract you have entered into with us, event registrations, service announcements or security information.
HOW TO CONTACT US
We are committed to resolving any privacy concerns you have. However, if you feel we have not addressed your specific concern, you have the right to make a complaint at any time to the relevant supervisory authority in your country responsible for data protection issues.