Privacy Policy

We are committed to handling personal data transparently. We process your personal data in accordance with legal requirements and only collect information necessary for each specific purpose.

This privacy notice, in compliance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR), was originally issued on April 13, 2018, with the most recent update on June 1, 2020.

​

1. Data Controller

Supermind Oy
Business ID: 2766008-4

c/o Werstas
Tykistökatu 4
20520 Turku, Finland

​

2. Contact Person Responsible for the Register

Petri Lindholm
Phone: +358 400 420 583
Email: petri.lindholm@supermind.com

​

3. Name of the Register

The registers maintained by Supermind include: Supermind Oy’s customer register, marketing register, stakeholder register, and the web service user register.

​

4. Legal Basis and Purpose of Processing

The legal basis for processing personal data under the EU General Data Protection Regulation is:

​

• Consent of the individual, and/or

• Performance of a contract to which the data subject is a party, and/or

• Legitimate interest of the data controller (e.g., customer or employment relationship).

 

The purpose of processing personal data is to communicate with customers, maintain customer relationships, and conduct marketing activities. Information may also be used for automated profiling in Google Analytics.

​

5. Content of the Register

The web service user register records the pages visited by users on Supermind.com. Visitor data is collected via Google Analytics.

​

The customer and stakeholder registers may include: name, position, company/organization, contact details (phone number, email address, business address), website URLs, IP addresses, and social media profiles/accounts.

​

We maintain data using the following services (links to their GDPR guidelines in parentheses):

• Pipedrive (https://support.pipedrive.com/hc/en-us/articles/360000335129-Pipedrive-and-GDPR)

• MailChimp (https://mailchimp.com/gdpr/)

• ValueFrame (https://support.valueframe.fi/hc/fi/sections/360001366714-ValueFrame-ja-GDPR)

 

Data is retained indefinitely unless otherwise required by law.

​

6. Regular Sources of Data

Data recorded in the customer and stakeholder registers is obtained directly from the individual through web forms, email, phone, social media channels, contracts, customer meetings, or other situations where the individual provides their information.

​

7. Regular Disclosures and Transfers Outside the EU/EEA

Data is not disclosed to third parties except as agreed with the customer. Data may also be transferred outside the EU or EEA by the data controller where necessary.

​

8. Principles for Securing the Register

We handle personal data with care and implement appropriate security measures in our information systems. When storing data on internet servers, both physical and digital security are ensured. Access to data, server rights, and other sensitive information are strictly controlled and limited to employees whose duties require it.

​

9. Right of Access and Correction

Individuals have the right to review their personal data in the register and request corrections or additions to inaccurate or incomplete information. Requests must be submitted in writing to the data controller. Proof of identity may be requested. The data controller will respond within the timeframe stipulated by the EU GDPR (typically within one month).

​

10. Other Rights Regarding Personal Data

Individuals have the right to request deletion of their personal data from the register (“right to be forgotten”). They also have other rights under the EU GDPR, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller, who may require proof of identity. The controller will respond within the EU GDPR timeframe (typically within one month).