Privacy policy

1. General

1.1 This privacy policy describes how Mindset AB, company registration no. 556520-5555, (“Mindset”, “we” or “us”) processes personal data.

1.2 Mindset creates training solutions in project management, leadership, sales and communication (the “Service”). The service is provided to Mindset’s customers (“Customers”). When providing the service, Mindset will be processing personal data. Unless otherwise specified, Mindset is the data controller for the processing of personal data which takes place in accordance with this Privacy Policy.

1.3 Mindset also processes personal data as data processor for customers who use the Service. In these cases, the customer is the data controller for this processing. In this privacy policy, it is clearly stated if Mindset performs processing as a data processor. For questions relating to the processing of personal data performed by Mindset as data processor, please contact us or the Customer who is the data controller for the processing.

1.4 Mindset will only collect and process personal data in accordance with the Data Protection Regulation (EU 2016/679). This privacy policy also describes a data subject’s rights and opportunities to e.g. request records.

1.5 The latest version of the privacy policy can be found on Mindset’s website.

2. Collection of personal data

2.1 Mindset processes the following data as data controller:

(a) Personal data relating to those of a Customer’s users who use the service:

– name

– company name

– e-mail

– phone number

– title

– in some cases, video recordings

– in some cases, DiSC profile

– profile image

– links to social media

– self presentations

– comments

(b) If a person at a Customer contacts Mindset by e-mail, telephone, or through the Service, Mindset collects name, phone number and e-mail address, depending on the contact form, as well as other personal information necessary to assist the person contacting Mindset.

(c) Personal data relating to contacts at potential customers:

– name

– e-mail

– phone number

– title

2.2 During visits to the Mindset Website or use of the Service, Mindset also collects additional data, namely:

(a) traffic data, location data, weblogs and other communication data as well as IP address, device type, operating system and browser used by the visitor

(b) the personal information which visitors themselves leave via live chat

3. How Mindset processes personal data

3.1 Mindset processes personal data to provide and improve the Service, and fulfil our commitments to you. Mindset processes personal data for the following purposes and based on the following legal grounds.

Purpose of the processing Legal basis for the processing Categories of personal data Storage period
In order to provide the Service. In order to fulfil Mindset’s contractual obligations. The categories listed in section:

2.1 (a).

Three years from when a customer stops using the service.
To be able to inform about Mindset and the Service. Other legitimate interests. The categories listed in section:

2.1 (c) and 2.2 (b).

1 year from when the potential customer was contacted, unless the recipient does not object to further communication.
To ensure that content is presented to users of the Service effectively, and to improve the Service. Other legitimate interests. The categories listed in section 2.2. 1 year from user session.
To issue invoices and process payments for the use of the Service. In order to fulfil Mindset’s contractual obligations and comply with applicable law. The categories listed in section:

2.1 (a).

Until the claim is paid, then for up to seven years in accordance with Swedish accounting rules.
To comply with applicable legislation such as the Act on Accounting. In order to comply with applicable legislation. The categories listed in section2.1 (a) + (b) In accordance with the law (for seven years, according to Swedish accounting rules).

4. Disclosure of personal data

4.1 Mindset may transfer or share data with other parties processing data on Mindset’s behalf, in order for Mindset to be able to provide the Service. Mindset uses the following subcontractors or categories of subcontractors.

Subcontractor (name of service) Country/region where the service is provided Mechanism for transfer to third countries Type of service
John Wiley & Sons Incorporated USA EU-US Privacy Shield Framework Analysis tools, personal profiles
Hotjar Limited EU Not transferred Statistics tool website
On1Call Support AB Sweden Not transferred Hosting service server
Salesforce.com Incorporated US/EU EU-US Privacy Shield Framework Pardot, system for digital marketing
Promote International AB Sweden Not transferred Learning support system
SugarCRM EU Not transferred CRM system
Wistia Incorporated USA EU-US Privacy Shield Framework Video recording
Visma SPCS AB EU Not transferred Invoicing system

4.2 Mindset only cooperates with companies that process personal data within the EU/EEA or companies that maintain the same level of protection as in the EU/EEA, e.g. by joining the so-called Privacy Shield agreement between the EU and the US.

4.3 Mindset discloses necessary personal data to authorities such as the police, tax authorities or other agencies if Mindset is required to do so by law. An example of legal disclosure is disclosure with the aim of combatting money laundering and financing terrorism.

5. Processing of personal data as a data processor

5.1 Mindset processes personal data about a Customer’s employees. Such processing is carried out by Mindset as a data processor for the respective Customer, who is the data controller. Mindset processes personal data about a customer’s employees in accordance with the data controlling Customer’s instructions, as well as the applicable data processing agreement between Mindset and the data controlling Customer.

5.2 For more information about which personal data Mindset processes as data processor for a Customer, we recommend that you read the relevant Customer’s information about their handling of personal data, or contact the data controlling Customer.

6. Rights of data subjects

6.1 Right to records. Once per calendar year and at no cost to you, you have the right to receive records of your personal data which we store and process. Your request must be submitted to us in writing and bear your signature.

6.2 Right of rectification. You have the right to correct inaccurate or incomplete information about yourself. You can correct inaccurate or incomplete information through the Service. You can also contact us if you need help with this.

6.3 Data portability. For personal information you have provided to us, you have the right to request a transfer to another provider. Contact us if you need help with this.

6.4 Deactivating and deleting user account (the right to be forgotten). You have the right to object to our processing of your personal data. The consequence of this may be that you can no longer use the Service. If you want to delete your account, please contact us using the contact details below.

6.5 Marketing communications. You can always opt out of receiving marketing communications from Mindset by clicking “unsubscribe” in e-mail and SMS communications sent by Mindset. Data subjects are always welcome to contact Mindset for help to opt out of Mindset communications.

7. Security

7.1 Security is important to Mindset, and we take adequate technical and organisational security measures to ensure that personal data cannot be misused, lost or accessed by unauthorised persons in connection with Mindset’s processing of personal data in accordance with this privacy policy.

8. Changes to this data protection policy

8.1 Mindset reserves the right to make changes to this privacy policy.

8.2 Any changes to this privacy policy will be published on our website. Please visit our website regularly to stay informed of any changes.

9. Contact

9.1 For more information about Mindset’s personal data management, or if you have questions, you are welcome to contact Mindset on:

Mindset AB
Nina Spegel
Head of Sales and Marketing
nina.spegel@mindset.se
Tel: +46 (0)70-675 84 08

9.2 If you are unhappy with how we process your personal information, you can contact the Swedish Data Protection Agency, +46 8 657 61 00, datainspektionen@datainspektion.se, Box 8114, 104 20 Stockholm.

10. Effective date

This privacy policy applies from 2018-05-25 and until replaced by an updated version.