Personal data is dealt with and the provided services and maintained in accordance with the Personal Data Act (523/1999), effective Finnish law and the general data protection regulation (GDPR, 2016/679/EU).
Peltokatu 25-27 A8
Company ID: 2653511-8
Contact person for the register:
Mindfindr Ltd. Client and Personal Data register
This data protection document covers 1) Mindfindr test participants and 2) organizational administrators and users of Mindfindr assessments.
Participant: a person invited by a client organization to part take in a Mindfindr assessment
Client organization: an organization responsible for administering a Mindfindr test and utilizing results thus produced
Client: user of the client organization
Use of personal data
Any personal data gathered from participants is used to enable provision of services to client organizations of Mindfindr and maintaining information thereby gathered, identifying participants for test purposes, and safeguarding the rights of users. Saving and handling the information gathered from participants is based on consent given by them.
Client organizations (i.e. organizational administrators of tests) of Mindfindr may use the information produced on participants for various purposes, such as recruitment processes, career planning, coaching or staff development.
The Mindfindr system does not produce any automatic decisions related to the above processes (e.g. recruitment) as it is client organizations’ responsibility to interpret and utilize results reports.
Gathered participant data is retained in the system for five years after which all contact information related to the data is destroyed, and anonymous data is retained in archives. A participant is entitled to request that his or her contact information and test data are removed from the system. Mindfindr may use anonymous data for development of the system and for analytics.
Information content of the register
Data gathered and saved in all test processes include information related to the functionalities of the system, such as user (participant, client) logs and cookies; responses given by participants to digital psychological test items, response times and information on the consent given by users; profiles and descriptions based on response data.
Data related to the functionality of the service:
- Information required to identify a participant for test purposes
- Information required to organize tests, communicate with and provide feedback to test participants
- Contact information of test participants when the participant is not anonymous (name, email, phone number)
Client organization data/information:
Data related to the functionality of the service (username and password). Basic client information: name, address, email, contract specifications and billing information.
Data related to the functionality of the service:
- Information required to ensure authentication of users (participants, clients)
- Information facilitating arrangement of tests and communicating with and contacting clients
Regular data sources of the register
Data provided by clients and test participants. Information that is not related to test items or is provided by third parties is not retained in the system. Third parties may be granted an access to retained information to provide services on behalf of Mindfindr. Other uses of user information will be based on a particular applicable regulation or on a stated consent from the part of the test participants.
Granting access to information
Without a specified consent from the part of an user (participant, client) no information is made accessible to other parties. However, subcontractors of Mindfindr Ltd may be granted access to data within the limitations stated in relevant regulations. Test data may also be provided to authorities in statutory instances.
Data storage and transferring
The data in the Mindfindr system is stored in servers located in The European Union.
The use of the Mindfindr services is secured with usernames and passwords (client). Data is transferred between users (participants, clients) and the system by secured encrypted methods. Data is retained and used in a confidential manner.
Data retention and the right to require rectification, updating or removal of data
Data on participants is retained in the system for five (5) years.
A user (participant, client) is entitled to require that his or her personal data is rectified, updated or removed from the system.
Right to check personal information
A user (participant, client) has the right to check the contents of the data the user has saved in the system.
Contacting the register holder
A user (participant, client) shall present the requests defined above in writing to the register holder.
The register holder may demand that a user verifies his or her identity as the user in question by presenting official documents to the register holder before the register holder proceeds to handle the request.