Privacy Policy

In our privacy policy (“policy”) we will explain what information we collect about you, how we process your personal data, what we use it for and how we store and protect it. Furthermore, the policy explains the rights that you have when we process your personal data.

1. Who are we (we’re the data controller)

We are the company responsible for the processing of your personal data in accordance with this policy which means that we are the data controller.

Here’s our information:

Mindpool ApS

Address: Artillerivej 86, 2.th., 2300 København S, Denmark

Company registration number: 34464804

Email: hello@mindpool.com

Telephone: +45 27982575

To make the policy more user friendly we use “we”, “us”, “our” etc. to describe our company. When we talk about our “website” we mean https://mindpool.com/. When we refer to “you” we mean you as a user of our website or customer of our online services or products.

In order to view the Data Processing Agreement (DPA) between Mindpool and the Customer, please find our generic DPA here, or make a request to privacy@mindpool.com to receive a signed copy.

2. Our data protection officer

Data protection is important to us and we have appointed a data protection officer (also known as a “DPO”). If you want to get in contact with our DPO, here is the contact details:

Mindpool ApS, att.: Data protection officer

Artillerivej 86, 2.th., 2300 København S, Denmark

Mail: privacy@mindpool.com

3. When does the policy apply?

The policy is related to the information we collect and process about you when you visit and sign up to our services via our website (see section 1) and use our services and products. So this privacy policy doesn’t apply when you use or visit or use other Mindpool websites.

4. Links to other websites etc.

On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data and we therefore encourage you to read the privacy notices on the other websites you visit.

5. Why, what type of data, what legal basis and for long we process your data

Here is information about us: Mindpool provides a platform that supports companies to tap into actionable insights generated by employees from across the organization.

To give you a better understanding of why, what and for how long we process your data, we’ve divided our processing activities into areas describing the different purposes we process your data for.

Deliver our services & products.

As mentioned above, we’re a platform that supports companies to tap into actionable insights generated by employees from across the organization. So we process your data to deliver these services, products and platforms to you. This includes:

  • Registering and identifying you as a customer/user,
  • Creating your account and setting up your company’s profile on our platform,
  • Logging and saving the actions you take when you use our website and platform, including your account, company profile and settings,
  • Delivering the services and/or products as mentioned above,
  • Handling payment transactions,
  • Responding to your questions and providing you with customer service and support, including sending service related messages to you, and
  • Providing you with other services that can be ordered through the website.

The data we process about you in that regard is:

Ordinary personal data:

  • Your contact and account details, incl. your name, email, address, country, the company you work for,
  • Your requests and actions, e.g. sign-up and use of our website, when you accepted our terms & conditions and when you contacted us for support etc. If you email us, we will collect the content of your message.
  • Information about what choices you made when you became a customer and how you use our service,
  • The type of service / product you have bought and information about our delivery of our service / product to you,
  • UX research, customer feedback etc.
  • Payment information, incl. billing address, credit or debit card details, and payment and purchase history,
  • Other types of interactions you will have with us and our service, e.g user interviews, tests, customer feedback etc.
  • Information required to comply with requirements of public or governmental authorities,

Sensitive personal data:

We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

  • Your consent (GDPR Article 6.1.a)
  • To perform our contract with you (GDPR Article 6.1.b)
  • Comply with our legal obligations (GDPR Article 6.1.c),

We will keep these data for as long as they are necessary for the purposes for which they are being processed and in accordance with our data retention policy. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

Marketing:

We process your data for marketing-related purposes, including

  • sending you newsletters and email marketing (if you’ve given consent),
  • providing you with offers, sending you guides,
  • tailoring our communication with you to accommodate your areas of interests and focus,
  • sending you relevant promotions,
  • If you sign up for an event, webinar etc. we’ll process your data in that regard.

The data we process about you in that regard is:

Ordinary personal data:

  • Your contact details, incl. your name, email, address and country
  • Purchase history, interest areas and use of our services,
  • What newsletters you signed up for, when you asked to receive email marketing and guides,
  • What events, webinars, courses and other arrangements you signed for, when, about what and if you provide feedback, what you thought it.

Sensitive personal data:

We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

  • Your consent (GDPR Article 6.1.a)
  • Legitimate interest, cf. GDPR article 6 (1) (f) so we can give you the best experience when interacting with us and / or make use of our services and products.

We collect the data directly from you for the purpose of carrying out the marketing activities.

We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for a specific period after your request so we can show that we have honored your request and to make sure that you aren’t receiving the material. For the other types of information, we’ll keep such data for as long as the relevant activity is ongoing and for the period after that as outlined in our data retention policy. Regarding events, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course or the event in question and for evaluating them.

Business- and product development:

We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities.

The data we process about you in that regard is:

  • Your contact details, incl. your name, email, the company you work for and their domain, and address and country
  • How you are using our products and services
  • Purchase history, interest areas and use of our digital services,
  • UX research, customer feedback etc.

The data we process about you in that regard is:

Sensitive personal data:

We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

  • Your consent (GDPR Article 6.1.a)
  • Legitimate interest, cf. GDPR article 6 (1) (f).

We collect your data directly from you and we’ll keep such data for as long as the relevant activity is ongoing and for the period after that as outlined in our data retention policy.

Statistics:

We process your data to compile statistics and analytics for the use of our website and to monitor and analyse usage and trends. The data we process about you in that regard is:

Ordinary personal data:

  • When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our website, e.g. when you visit our website, log into your account and receive emails from us. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

Sensitive personal data:

We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

  • Your consent (GDPR Article 6.1.a)
  • Legitimate interest, cf. GDPR article 6 (1) (f)

Please read our cookie policy for more information about the data processors we use, the duration of the different cookies and the purposes for the processing of your data related to statistics. You can find our cookie policy here.

We collect the data directly from you and from the cookies and similar technologies. Improve, optimize or modify the experience on our website and online service: We process your data collected by your use of our website and online services and products to improve the user experience on our website and the services we offer. We use the data to operate our website, enhance the security of our website and services and its reliability and performance. We’ll also use the data to improve the content we show you, incl. determining what content is most helpful and how we can make the experience when visiting our website better.

You can read about the cookies we use on our website here.

The data we process about you in that regard is:

Ordinary personal data:

  • When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our website, e.g. when you visit our website, log into your account and receive emails from us. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

Sensitive personal data:

We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

  • Your consent (GDPR Article 6.1.a)
  • Legitimate interest, cf. GDPR article 6 (1) (f)

We keep this data for up to 5 years and cookie information is kept in accordance with the cookie policy.

We collect your data from you and your use of cookies, our website and products.

Here is the data we process:

  • Your contact details such as name, email,
  • The company you work for, incl. their domain, address and country
  • Information required to comply with public and governmental authorities
  • Purchase history and use of our digital services,

The data retention period will be based on statutory requirements and we collect your data from you, your use of our products, services and platform and from government authorities etc.

6. Additional information

Some of the grounds for processing your data may overlap, so there may be several reasons which justify us processing your data. We may also use your data in other ways but we will inform you about these purposes when we collect your data.

If you would like more information about our legal basis for processing your data, feel free to contact us.

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

7. Keeping your data safe

Here is information about how we keep your data safe: https://mindpool.com/privacy/platform

We use reasonable organisational, technical and administrative measures to protect the personal data that we process about you. However, the Internet is not a 100% secure environment which means we can’t guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

8. Third parties and processors

8.1 Processors (companies helping us, e.g suppliers)

We use companies (processors) to help us, e.g. with payments, send out newsletters, run our website etc. When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place.

We use reasonable organisational, technical and administrative measures to protect the personal data that we process about you. However, the Internet is not a 100% secure environment which means we can’t guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

Here you can see which processors we are using. They are processing data on our behalf:

  • Amazon AWS,
  • Google Analytics,
  • Google Data Studio,
  • Openli,
  • MailChimp,
  • Sentry,
  • Slack.

If you would like to see a detailed description of what measures each of our processors use, you can access our sub-processor schedule here.

Read our cookie policy regarding the processors we use for those services.

8.2 Third parties (e.g. partners)

We`ll share anonymous and aggregated data with our partners who are researchers at the IT University of Copenhagen. The purpose of sharing data with the IT University of Copenhagen is solely related-research, for example publishing research-articles, etc. All data shared will be on an anonymous and aggregated level.

In addition to that, we only use processors as mentioned above.

However, please note that in the event that we are involved in a bankruptcy, merger, acquisition, reorganization, your information may be transferred as part of that transaction.

9. Transfer to countries outside the EU/EEA

In some cases, we’ll transfer personal data to countries outside the EU/EEA. The transfers will take place on the basis of the following legal basis:

We’ll provide appropriate safeguards for the transfer by using

  • `Model Contracts for the Transfer of Personal Data to Third Countries`, as published by the Commission of the European Union,
  • Binding Corporate Rules
  • or any other contractual agreement approved by the competent authorities.

You can always get a copy of the contract by contacting us at privacy@mindpool.com

10. Your rights

You have the following rights:

Access and rectification:
You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. We are obligated to inform you whether or not we are processing personal information about you, the purpose of the processing, the categories of the personal information and any other available information as to the source of such data. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.

Erasure:
You can ask us to erase your personal information in certain circumstances.

Withdrawal of consent:
If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by sending an email to privacy@mindpool.com

Objection and restriction:
You have the right to ask us to restrict the processing of your data and a similar right to object to processing. You may at any time object to our processing of the data concerning you. If your objection is justified, we’ll no longer process such information.

Data portability:
You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.

There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.


The law gives us one month to respond to you, but we’ll try to respond sooner.

a. Complaints

If you wish to report an issue or if you feel that we haven’t addressed your concerns in a satisfactory manner, you may contact the Danish Data Protection Agency:

Website: https://www.datatilsynet.dk

Email: dt@datatilsynet.dk

Address: Borgergade 28, 5., 1300 Kbh K

Telephone: +45 33 19 32 00

b. Assistance and support

You can take steps to exercise your rights by using this email: privacy@mindpool.com

If you have questions about the policy, feel free to contact us by using the contact details in this policy.

11. How to unsubscribe to email marketing material?

If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you can always click the link and easily unsubscribe.


You can also unsubscribe by sending us an email to support@mindpool.com or by using the unsubscribe link in the footer of our newsletter.

12. Children and our Services

Our services and website are not directed to children, and you must be over 18 years old to use our services and website.

13. Questions

Please contact us if you have any questions about our policy.

14. Changes to this policy

Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website.


If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.


The policy was last updated on September 14th, 2021.