General Information

WinMind Ltd. offers SaaS-based applications for social services professionals and staff. WinMind Ltd. acts as a data processor, while WinMind Ltd.'s client acts as the data controller for the WinMind App and the WinMind Professional section. WinMind Ltd. is the data controller for the feedback section related to product development and cookie data.

For Website Visitors and Job Applicants

WinMind Ltd. collects data from users of its website to improve the usability of its solutions and to provide a better user experience. WinMind Ltd. acts as the data controller for the following purposes.

Registry Name: Mandatory Cookie Data

• Collected Data: The data collected via mandatory cookies does not identify individuals. Cookies are text files stored on your computer or mobile device by the website.
• Processing Purpose: Mandatory cookies contain information related to session management, such as the location used to offer services. These cookies are used to ensure the website works correctly and is pleasant to use.
• Legal Basis: Mandatory cookies are used as part of ensuring the functionality of WinMind services.
• Retention Period: 2 years.

Registry Name: Optional Cookie Data and Consents

• Collected Data: Analytics cookies contain visitor statistics, such as browser information and device screen resolution.
• Processing Purpose: Analytics cookies are used to analyze the website's usage and to develop the service. The cookies provide valuable information for service developers to improve the service.
• Legal Basis: Consent for the processing of personal data provided by the user according to the General Data Protection Regulation (GDPR).
• Retention Period: Depends on the validity of the user's consent. Data will be deleted no later than two years after the data collection.

Registry Name: Customer Feedback Registry

• Collected Data: No personal data is collected during feedback submission; responses are intended to be given anonymously. If the feedback provider includes personal data, it will be deleted after processing the feedback.
• Processing Purpose: Customer feedback is collected regarding the functionality, reliability, and usability of the service. Data is processed only to the extent necessary, such as to respond to feedback.
• Legal Basis: The legitimate interest of the data controller in processing customer feedback.
• Retention Period: Customer feedback data will be stored for the duration of the feedback processing. If the feedback includes personal data, it will be deleted after the process is complete.

Contact Information for the Data Controller

WinMind Ltd.
Business ID: 3273873-9
Address: Kuusikkotie 31 D 31, 42500 Kouvola
Email: niko.wass(at)winmind.fi
Phone: 0406628869

Data Transfer to Subcontractors

Personal data processing may involve subcontractors. The data controller and data processor will enter into appropriate agreements with subcontractors regarding the processing of personal data.

International Transfers of Personal Data

Personal data will generally not be transferred outside the EU/EEA. If personal data is transferred outside the EU/EEA, the transfer will be carried out using standard contractual clauses of the European Commission or other mechanisms allowed under the EU General Data Protection Regulation.

Principles of Data Protection

Personal data will be processed in a manner that meets security and legal requirements. The data controller will assess any risks related to the processing activities and take necessary measures to manage these risks. Both the data controller and data processor will implement appropriate technical and organizational measures to protect personal data. Measures include, among others, access control, protection of hardware and files, and guidance and advice on processing. The data controller requires appropriate protective measures from its subcontractors and partners.

Rights of the Data Subject

1. Right to Access: The data subject has the right to know what personal data is being processed and to request a copy. This right includes information on the purposes of and legal basis for the processing.
2. Right to Rectification: The data subject has the right to request the correction or completion of incorrect, incomplete, or outdated personal data.
3. Right to Erasure: The data subject may have the right to request the deletion of personal data if it is no longer necessary for the original purpose or if there is no legal basis for processing.
4. Right to Withdraw Consent: If processing is based on consent, the data subject may withdraw consent at any time without affecting the lawfulness of processing before the withdrawal.
5. Right to Object: The data subject has the right to object to processing, especially if the processing is based on legitimate interests or involves direct marketing.
6. Right to Restrict Processing: The data subject may request restriction of processing, e.g., when the accuracy of the data is disputed or when retention is necessary for legal requirements.
7. Right to Data Portability: The data subject has the right to receive personal data in a commonly used, machine-readable format and transfer it to another service or system.

The data subject can exercise their rights by contacting the data controller. The controller may request proof of identity when processing requests.

WinMind Application Privacy Notice for End Users

This section of the privacy notice describes how our applications generally handle data and how we ensure data security. WinMind follows customer-provided privacy guidelines, and the general principles of security or processing may differ from the data controller's instructions. If there are any doubts, please contact the data controller to clarify the use of your data.

Our Role as a Data Processor

WinMind does not collect personal data from users or their devices. WinMind processes personal data in accordance with the data controller's instructions and the agreement between the parties.

• The customer organization using our application is responsible for collecting, storing, and processing data.
• The customer organization and WinMind together agree on the principles of processing and the required level of data security.
• Data processing is carried out following the organization's guidelines and conditions.

Use of the Application Requires:

• A customer contract between WinMind and the Customer.
• The creation and maintenance of a user account by the organization that is a WinMind customer.
• A unique user ID, through which the individual can be identified within the Customer's organization.
• 
  

WinMind does not use the data from the WinMind application for its own purposes. WinMind may create anonymized data based on the information in the system, which can be used for research and statistical purposes. For research use, the researcher must apply for research permission from WinMind. Research data will always be minimized, and studies will always be conducted without personal data. Anonymized research data may be used, for example, to monitor the well-being of youth in Finland or within the client's environment. WinMind has ensured that the anonymization process is effective and irreversible. Furthermore, WinMind regularly checks the effectiveness of its anonymization process to ensure that technological developments do not undermine the permanence of anonymization.

How We Protect Your Data

Data security is of utmost importance to us. In our applications, we use:

• Encryption technologies: Encrypted databases, and all our service data is pseudonymized.
• Privacy by design: Our privacy policy is based on the privacy by design principle, and we prioritize data protection in all our development processes. Data collection and processing must be based on data minimization.
• Technical protective measures: To ensure the confidentiality, integrity, and availability of your data.

Additionally, the healthcare organization you are in contact with uses its own physical, administrative, and technical protective measures.

Your Rights While WinMind Acts as a Processor

WinMind is not the data controller for the WinMind App or the Professional section. Any rights related to the processing of your personal data, such as reviewing, correcting, or deleting data, should be addressed to the customer organization using the application.