Privacy Policy

Your privacy is important to us and we are responsible for the personal information you provide to us. This policy describes how we process, store, and manage your personal data both as a customer and when you apply for a job with us.

It also describes your rights and how you can exercise them. It’s important that you read and understand this privacy policy and feel confident in how we handle your personal data.

Data controller

Mindfully Sweden AB is the data controller for the processing of personal data described in this policy.

If you have any questions or wish to exercise any of your rights, you can reach us at:

Email: support@mindfully.now
Address: c/o Norrsken House Birger Jarlsgatan 57C box 69
Postal address: 113 56 Stockholm

How do we obtain your personal data?

We collect data from you when you become a customer, use our service, contact us, or apply for a position with us.

Personal data related to subscriptions, payments, and updates for purchases made through the App Store or Google Play are handled by Apple and Google respectively.

What personal data do we process?

We may process the following categories of personal data:

• Contact details such as email address.
• Identity details such as name and customer number. If you register via Facebook, Apple, or Google, we store the ID you use for the service.
• Purchase information such as details about current and past subscriptions and offers you have used.
• User-generated data such as profile pictures you choose to upload, usage statistics, reminders, favourited and downloaded content.
• Employment-related data such as employment details, applications, CVs, and cover letters.
• Other data such as data about the content and features you use in the service, and device data such as your operating system.

How do we process your personal data?

We process your personal data primarily to fulfil our obligations to you. Our starting point is to process no more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive data available.

Below is an overview of our personal data processing activities.

Providing and fulfilling agreements for services/products
We process personal data to fulfil our agreement and provide services/products to you. This includes administration and invoicing, credit checks, handling complaints and returns, assisting you with questions about your service/product via customer support, and otherwise upholding our rights and obligations under our agreement with you. The personal data we process here includes contact details, identity details, and financial data.

Accounting
We process your personal data to fulfil our statutory obligations, such as the requirements of the Accounting Act regarding the archiving of financial records. The personal data we process here includes contact details and identity details.

Marketing
We process personal data to enable marketing of products/services, to send newsletters about services you’re interested in, and to provide general company updates and event invitations relevant to your interests. The personal data we process here includes contact details, purchase information, and user-generated data.

Recruitment
We process your personal data when you apply for open positions or express an interest in working with us, in order to evaluate your application and carry out the recruitment process. The personal data we process here includes contact details and identity details.

Prospective customer register
People the company has contacted who wish to continue a discussion about potentially becoming a customer. The personal data we process here includes contact details.

Customer surveys
We process personal data to conduct customer and market analyses. The personal data we process here includes contact details and user-generated data.

What is the legal basis for our personal data processing?

We process your personal data to administer and provide the agreed service. For processing required by law — such as the Accounting Act or tax legislation — the legal basis is legal obligation.

For marketing and recruitment processing, the legal basis is our legitimate interest. This means we consider our interests in processing your personal data for these purposes to outweigh the privacy impact on you, particularly as we believe the processing will be beneficial to you.

For job applications not connected to an active or completed recruitment process, we will only retain your personal data for potential future recruitment needs if you have given explicit consent.

How long do we retain your personal data?

We retain your personal data for as long as you are a customer and for up to 12 months thereafter. Some data is retained longer to comply with legal requirements such as the Accounting Act and tax legislation. Once the purposes of the processing have been fulfilled and the retention period has expired, your personal data is securely deleted or anonymised.

A note on cookies

A cookie is a small text-based data file that a web server asks to store in your browser. Since the cookie content is generally sent back with each request to the relevant website, the server can track your preferences, behaviour, or identity (to the extent it is known). We use the following cookies on our website:

• Session cookies – Temporary cookies that expire when you close your browser or device.
• Persistent cookies – Cookies that remain on your device until you delete them or they expire.
• Third-party cookies – Cookies set by third-party websites, primarily used for analytics such as Google Analytics.

The cookies we use are intended to improve the services we offer. They enhance website functionality and improve your experience as a user. We also use cookies to collect and analyse behavioural data based on your use of the website and services, in order to improve the user experience and enable personalised communication. We also use cookies to deliver relevant marketing to you.

How can you manage cookies?

You can change your cookie settings in your browser at any time. You can choose to block all cookies, accept only certain cookies, or delete cookies when you close your browser. Please note that blocking or deleting cookies may mean that some services are unavailable or that the website does not function correctly in all respects.

Who do we share personal data with?

Our starting point is not to share your personal data with third parties unless you have consented or it is necessary to fulfil our contractual or legal obligations. Where we do share personal data, we ensure it is handled securely.

Service providers
To fulfil the purposes of our data processing and meet our obligations as a company, we share personal data with companies that provide services to us. These companies may only process personal data in accordance with the data processing agreement signed with them and the instructions they receive. They may not use your personal data for their own purposes and are legally and contractually obliged to protect it. A service provider may not share your personal data with third parties or subcontractors without our approval.

Authorities
We may share necessary information with authorities if required by law. This may include your personal data. In the event of a legal dispute, information that may contain personal data may also be transferred to other parties involved.

How is your personal data protected?

We protect your personal data through a combination of technical and organisational measures. We have implemented specific security measures to protect your personal data against unlawful or unauthorised access. We develop routines and working methods to ensure your personal data is handled securely. Only those who actually need to process your personal data as part of their role have access to it.

Your rights

As a registered user, you have the following rights:

• Right of access – You can request a register extract showing what personal data we hold about you.
• Right to rectification – You can request correction if we hold inaccurate or incomplete personal data about you.
• Right to erasure – You have the right to have your personal data deleted if:
  • the data is no longer needed for the purpose it was collected
  • the data is stored based on your consent and you withdraw that consent
  • the processing is based on a balancing of interests and there are no overriding legitimate grounds
  • the data has been processed unlawfully
  • deletion is required to fulfil a legal obligation
  • or you object to processing for direct marketing purposes.
    
    The right to erasure does not apply where we are legally required (e.g. under the Accounting Act) to retain the data.
• Right to data portability – Where the legal basis is consent or contract, you have the right to receive personal data concerning you that you have provided or that has been generated by your actions/activities, in a portable format.
• Right to restriction – You can request that the processing of your personal data be restricted. Note that this may affect our ability to fulfil our obligations to you during the restriction period.
• Right to object – You can object to processing based on legitimate interest. To continue such processing, we must demonstrate compelling legitimate grounds that override your interests, rights, or freedoms — otherwise we may only process the data for legal claims.
• Right to object to direct marketing – You always have the right to object to your personal data being used for direct marketing. If an objection is made, the data may no longer be processed for such purposes.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority.