Privacy Policy
Mindforce Game Lab Website
–> Integritetspolicy Webbplats på Svenska
Last updated: 7 November, 2022
- Introduction
1.1 This privacy policy (the “Privacy Policy”) describes how Mindforce Game Lab AB, reg. no 559132-9346, (“Mindforce”, “we”, “us” and “our”), process your personal data when you visit and interact with us on our website https://mindforcegamelab.com/ (the “Website”), or interact with us in person (such as by phone or email) or for business purposes.
1.2 We respect and safeguard your personal integrity. It is therefore important for us to protect your personal data and ensure that our processing of your personal data is correct and lawful. We ask that you read this Privacy Policy carefully and familiarize yourself with its content. We may sometimes need to make updates or changes to this Privacy Policy, you can always find the latest version of this Privacy Policy on our webpage https://mindforcegamelab.com/.
- Identity and contact details of the data controller
2.1 Mindforce is the data controller in regard to the processing of your personal data within the scope of this Privacy Policy and thus responsible for the processing of such personal data under applicable data protection laws and regulations.
2.2 If you have any questions regarding the processing of your personal data, please contact Mindforce at info@mindforcegamelab.com or by post at:
Mindforce Game Lab AB
Laboratorgränd 7
931 62 Skellefteå, Sweden - The content of this Privacy Policy
3.1 This Privacy Policy applies to processing of personal data of visitors to the Website. This Privacy Policy also applies to processing which is initiated when you as a customer, supplier or representative of a customer or a supplier, purchase our services or provide services to us.3.2 If you are a user of our mobile game application Fig: A Playtient Journey (referred to as “Fig”),please see additional information on how we process your personal data here Privacy policy.
3.3 This Privacy Policy will include information on for what purposes we process your personal data when you visit and interact with us on our Website or in person, with which parties we share your personal data as well as information on your rights as a data subject.
3.4 If you want to read more about how we manage cookies on our Website, please read our cookie policy Cookie policy.
- What categories of personal data do we process, for what purpose do we process them and on what lawful basis do we base or processing activities?
4.1 How we in general process your personal data
4.1.1 The personal data Mindforce process depends on how you interact with Mindforce. We process your personal data in the way and for the purposes described in the tables below in this Section 4, and we are accountable in the role as data controller for the processing activities described in each table.
4.1.2 We need to base each purpose on a lawful basis. A lawful basis can for example be (i) your consent to the specific processing activity, (ii) that the processing is necessary for the performance of a contract to which you as data subject is party, or (iii) that we, based on weighing of interests, have a legitimate interest to process your personal data, which is not overruled by your interest of not having your personal data processed. In the tables below you will find on what lawful basis we process your personal data, for what purpose we process your personal data as well as for what period in time we will keep your personal data.
4.2 Analysis of Website visitor traffic
Lawful basis: Legitimate interest, wherein our legitimate interest is to gather information in order to maintain, facilitate and improve the functionality, content and security on our Website.
Gathering of information through use of cookies or other similar technologies is done on the basis of your consent, except where such use is strictly necessary to the foundational functions of our Website. For more information on how we use cookies and other similar technologies, please see our cookie policy Cookie policy.
Retention period: We process and keep information of how visitors interact with our Website for a period of maximum six (6) months. In most cases, the collected data will be transformed into aggregated data (thus anonymised) at an earlier stage, in connection to us creating statistics.
4.3 Communicating with us via the Website
Lawful basis: Legitimate interest, where our legitimate interest is to be able to communicate with you and respond to the messages you send to us when you contact us via the communication channels featured on our Website.
Retention period: We process your personal data as above as long as your request is still unanswered or as long as our communication is ongoing, but no longer than six (6) months after the last communication has ceased.
4.4 Initiation of business relations
Lawful basis: Legitimate interest, wherein our legitimate interest is to create a business relation with you or the firm you represent.
Retention period: We process and keep your personal data for a period of six (6) months from the time of gathering the data. If a business relation is established between Mindforce and you or the firm you represent during the mentioned time period, then your personal data will be processed in accordance with the purposes mentioned below.
4.5 Maintaining business relations
Lawful basis: Legitimate interest, wherein our legitimate interest is to maintain and develop our business relation with you or the firm you represent.
Retention period: We process and keep your personal data as long as we have a business relationship with you or the firm you represent, however for a maximum of three (3) years from the time we last were in contact because of our business relation.
We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defence of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.
4.6 Conclusion and performance of business contract
Lawful basis: Processing is necessary in order for us to enter into agreements and/or perform our contractual obligations with/for you or the firm you represent. If you act on behalf of others, for example in the role of a representative of a customer, business partner or supplier of Mindforce, then our processing is based on legitimate interest, wherein our legitimate interest is entrance and performance of contracts with the firm you represent.
Retention period: We process and keep your personal data for as long as the contract is valid and for a maximum of three (3) years thereafter.
We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defence of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.
4.7 Marketing of Mindforce business
Lawful basis: We will only send you direct marketing via email if you have subscribed and registered for such marketing and thus have consented to receive them.
Retention period: We process and keep your personal data in order to administer and send out marketing via email as long as you do not unsubscribe (withdraw your consent). Such unsubscription can be done whenever by using the link for unsubscription which is featured in all our marketing emails.
4.8 Selection and recruitment
Legal basis: Legitimate interest, where our legitimate interest is to make it possible for us to evaluate your qualifications and personal qualities in connection with decisions on recruitment and for fulfillment of a legal obligation to document information about education, professional experience and other qualifications for the persons employed to meet the legal requirements in Chapter 2 Section 4 of the Discrimination Act (2008: 567).
Retention period: Until the recruitment process is completed and 2 years thereafter.
4.9 To comply with our legal obligations or to exercise legal claims
4.9.1 We may process your personal data in order to comply with legal obligations according to legislation which is applicable to our operations and organisation, such as to satisfy tax or reporting obligations. We may also process your personal data in order to comply with a decision by public authority or court which requires us to keep and process your personal data.
4.9.2 We may also process your personal data because you or the firm you represent, ourselves or affected third party shall be able to establish, exercise or defend a legal claim, for example upon forthcoming or ongoing dispute.
- From where do we collect your personal data?
We process personal data which are collected directly from you, from the firm you represent, as well as personal data which are collected via use of cookies.
- What happens if you do not want to share your personal data with us?
You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have. It is also possible that the functionality of our Website becomes limited and does not work as you may expect.
- How we share your personal data
Access to your personal data is limited to parties which needs access in order to fulfil the purposes described under Section 4 above. We will share your personal data with the following parties in order to fulfil the stipulated purposes under Section 4 above:
(a) Service providers. We may engage third parties to act as our service providers and perform certain tasks on our behalf, such as processing or storing data, including personal data, in connection with your use of our services. Whenever using third party service providers, we establish data processor agreements as well as take other adequate measures in order to make sure that your personal data is processed in a way that conforms with this Privacy Policy; and,
(b) Business partners. We may share your personal data with third parties with whom we transact or collaborate with to provide and deliver products, solutions or services and/or third parties with whom we seek to develop and deliver new or improved products, solutions or services with.
(c) Authorities. We may share your personal data with governmental and/or state authorities (such as the Medical Products Agency or the Swedish Tax Agency) when required by law, regulation or by a court order.
- Protection of personal data at Mindforce
We use administrative, technical, and physical safeguards to protect your personal data, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure.
- Will we transfer your personal data outside of EU/EEA?
We may transfer your personal data to countries outside of the European Union (“EU”)/European Economic Area (“EEA”). If the European Commission has not issued a decision that the country to which your persona data are transferred has an adequate level of protection for your personal data, then we will provide a description of what safeguarding measures we have taken and what lawful basis we base the transfer upon in order to ensure that the transfer of your personal data is done in accordance with European data protection legislation. Please contact us by sending us a written notice to the contact details featured in this Privacy Policy if you want to have more information about whether we have transferred your personal data outside of EU/EEA, what countries we have transferred your personal data to and what safeguarding measures we have taken to protect the transfer.
- Your rights as data subject
10.1 In this section we describe your rights under applicable European data protection legislation. You will not be charged if you want to exercise your rights and you can exercise them by contacting us. Do not hesitate to contact us if you have any questions regarding your rights.
10.2 Please note that we will always do an assessment of a request of exercising a right in order to determine whether the request is legitimate. Not all rights listed below are absolute and there are exemptions which can be valid.
10.3 Your rights are the following:
(a) Right of access. You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.
(b) Right of rectification. You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.
(c) Right to erasure. You have the right to request that we erase your personal data without undue delay in the following circumstances:
(i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
(iii) you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
(iv) the processed personal data is unlawfully processed; or
(v) the processed personal data has to be erased for compliance with legal obligations.
(d) Right to restriction. You have the right to restrict the processing of your personal data in the following circumstances:
(i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
(ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead;
(iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or
(iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
(e) Right to data portability. If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
(f) Right to object. You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
(g) Right to object to direct marketing. You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.
(h) Right to withdraw consent. When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.
- Complaints to the supervisory authority
The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority.