2. Collection of personal data
2.1 Mindset processes the following data as data controller:
(a) Personal data relating to those of a Customer’s users who use the service:
– company name
– phone number
– in some cases, video recordings
– in some cases, DiSC profile
– profile image
– links to social media
– self presentations
(b) If a person at a Customer contacts Mindset by e-mail, telephone, or through the Service, Mindset collects name, phone number and e-mail address, depending on the contact form, as well as other personal information necessary to assist the person contacting Mindset.
(c) Personal data relating to contacts at potential customers:
– phone number
2.2 During visits to the Mindset Website or use of the Service, Mindset also collects additional data, namely:
(a) traffic data, location data, weblogs and other communication data as well as IP address, device type, operating system and browser used by the visitor
(b) the personal information which visitors themselves leave via live chat
3. How Mindset processes personal data
3.1 Mindset processes personal data to provide and improve the Service, and fulfil our commitments to you. Mindset processes personal data for the following purposes and based on the following legal grounds.
|Purpose of the processing||Legal basis for the processing||Categories of personal data||Storage period|
|In order to provide the Service.||In order to fulfil Mindset’s contractual obligations.||The categories listed in section:
|Three years from when a customer stops using the service.|
|To be able to inform about Mindset and the Service.||Other legitimate interests.||The categories listed in section:
2.1 (c) and 2.2 (b).
|1 year from when the potential customer was contacted, unless the recipient does not object to further communication.|
|To ensure that content is presented to users of the Service effectively, and to improve the Service.||Other legitimate interests.||The categories listed in section 2.2.||1 year from user session.|
|To issue invoices and process payments for the use of the Service.||In order to fulfil Mindset’s contractual obligations and comply with applicable law.||The categories listed in section:
|Until the claim is paid, then for up to seven years in accordance with Swedish accounting rules.|
|To comply with applicable legislation such as the Act on Accounting.||In order to comply with applicable legislation.||The categories listed in section2.1 (a) + (b)||In accordance with the law (for seven years, according to Swedish accounting rules).|
4. Disclosure of personal data
4.1 Mindset may transfer or share data with other parties processing data on Mindset’s behalf, in order for Mindset to be able to provide the Service. Mindset uses the following subcontractors or categories of subcontractors.
|Subcontractor (name of service)||Country/region where the service is provided||Mechanism for transfer to third countries||Type of service|
|John Wiley & Sons Incorporated||USA||EU-US Privacy Shield Framework||Analysis tools, personal profiles|
|Hotjar Limited||EU||Not transferred||Statistics tool website|
|On1Call Support AB||Sweden||Not transferred||Hosting service server|
|Salesforce.com Incorporated||US/EU||EU-US Privacy Shield Framework||Pardot, system for digital marketing|
|Promote International AB||Sweden||Not transferred||Learning support system|
|SugarCRM||EU||Not transferred||CRM system|
|Wistia Incorporated||USA||EU-US Privacy Shield Framework||Video recording|
|Visma SPCS AB||EU||Not transferred||Invoicing system|
4.2 Mindset only cooperates with companies that process personal data within the EU/EEA or companies that maintain the same level of protection as in the EU/EEA, e.g. by joining the so-called Privacy Shield agreement between the EU and the US.
4.3 Mindset discloses necessary personal data to authorities such as the police, tax authorities or other agencies if Mindset is required to do so by law. An example of legal disclosure is disclosure with the aim of combatting money laundering and financing terrorism.
5. Processing of personal data as a data processor
5.1 Mindset processes personal data about a Customer’s employees. Such processing is carried out by Mindset as a data processor for the respective Customer, who is the data controller. Mindset processes personal data about a customer’s employees in accordance with the data controlling Customer’s instructions, as well as the applicable data processing agreement between Mindset and the data controlling Customer.
5.2 For more information about which personal data Mindset processes as data processor for a Customer, we recommend that you read the relevant Customer’s information about their handling of personal data, or contact the data controlling Customer.
6. Rights of data subjects
6.1 Right to records. Once per calendar year and at no cost to you, you have the right to receive records of your personal data which we store and process. Your request must be submitted to us in writing and bear your signature.
6.2 Right of rectification. You have the right to correct inaccurate or incomplete information about yourself. You can correct inaccurate or incomplete information through the Service. You can also contact us if you need help with this.
6.3 Data portability. For personal information you have provided to us, you have the right to request a transfer to another provider. Contact us if you need help with this.
6.4 Deactivating and deleting user account (the right to be forgotten). You have the right to object to our processing of your personal data. The consequence of this may be that you can no longer use the Service. If you want to delete your account, please contact us using the contact details below.
6.5 Marketing communications. You can always opt out of receiving marketing communications from Mindset by clicking “unsubscribe” in e-mail and SMS communications sent by Mindset. Data subjects are always welcome to contact Mindset for help to opt out of Mindset communications.
8. Changes to this data protection policy
9.1 For more information about Mindset’s personal data management, or if you have questions, you are welcome to contact Mindset on:
Head of Sales and Marketing
Tel: +46 (0)70-675 84 08
9.2 If you are unhappy with how we process your personal information, you can contact the Swedish Data Protection Agency, +46 8 657 61 00, email@example.com, Box 8114, 104 20 Stockholm.
10. Effective date