Privacy Policy

Privacy Policy for www.miinto.co.uk

At Miinto Host A/S, Corporate ID No. 32091059, Prags Boulevard 49, #9., 2300 Copenhagen S, we highly prioritize confidentiality and data security. Unless otherwise stated, Miinto Host A/S is the data controller for the handling activities described below.

This privacy policy applies to our handling of personal data collected from you when you make a purchase with us, use our website and pages on social media, apply for a job and interact with us as a contact person for our B2B customers, suppliers and other partners.

The policy sets out guidelines for Miinto's methods for handling your personal data and provides you with the information that you are entitled to receive under applicable data protection laws.

1. If you visit/make purchases via the website
   

The following section describes Miinto's handling of personal data about visitors to www.miinto.co.uk as well as customers who make purchases through the website.

Collection of personal data

Miinto may collect, process and store personal data about you in the following cases:

• When you visit and browse our website
• When you purchase items online at Miinto's webshop
• When you sign up for the Miinto newsletter
• When you participate in one of Miinto's contests or events
• When you communicate with Miinto
• When you use other features and services offered by Miinto

Types of personal data
Miinto may collect, process and store the following personal data about you:

• Name
• Address
• E-mail address
• Information about your orders
• Telephone number
• Information you enter when creating a user account
• IP address
• Information about your use of the website
• Interests, including which products and services you have shown interest in

In connection with purchases over the website (e.g. payment for purchases), you provide your card information. Miinto does not store the card information, but uses its business partners for the purpose of implementing payments. The payment information is therefore stored and processed by the payment processor.

Purpose of processing
Your personal data may be processed for the following purposes:

• User account management
• Execution of orders
• Invoicing and other collection of payment
• Administration and fulfilment of agreements entered into between you and Miinto
• Distribution of newsletters and other advertising/marketing
• Administration of contests and other events
• Marketing in general
• Customer service administration and general communication
• Sending service messages
• Sending out customer satisfaction surveys
• Handling of requests from you
• Development of products and services
• Statistics and analysis
• Compliance with applicable laws
• Establishment, defending and exercising legal claims
• Preventing, detecting, investigating and combating security breaches, fraud and other potentially illegal activities

Basis for processing
Miinto processes personal data on one or more of the following bases:

• Fulfilment of agreement: The processing of personal data may in some cases be necessary to fulfil an agreement between Miinto and you, for example when making purchases via the website (Article 6(1) (b) of the General Data Protection Regulation).

• Legitimate interests: The processing of personal data is based on our legitimate interests when, for example, we conduct statistics, analyses, marketing activities (which do not require consent), issue customer satisfaction surveys, provide support and improve and develop our products and services (Article 6(1)(f) of the General Data Protection Regulation).

• Consent: Miinto will only use your personal data to send you product information, newsletters and other marketing materials by e-mail if you have given your prior and express consent to do so, unless applicable law allows us to contact you without such consent (Article 6(1)(a) of the General Data Protection Regulation).

• Legal obligation: The processing of personal data may in some cases be necessary in order to comply with legal obligations, e.g. under the Accounting Act (Article 6(1)(c), of the General Data Protection Regulation).
  

• Legal requirements: Processing may also be necessary to prevent fraud or to establish, prosecute or defend legal claims (Article 6(1)(f) and Article 9(2)(f) of the General Data Protection Regulation).
  

Storage period

Personal data collected in connection with your purchases is stored as a starting point in 3 years from the last purchase.

Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the data is deleted.

Documentation of your marketing consent is kept for 2 years from the time you have withdrawn your consent to receive direct marketing material.

However, we may retain the personal data for a longer period of time if required by law or if it is necessary for a legal claim to be determined, asserted or defended. The data may also be processed and stored longer in anonymised form.

1. If you are a visitor or user of our social media pages
   

The following sections describe Miinto's processing of personal data that you leave and/or provide when you visit Miinto's social media pages such as Miinto's Facebook page (including Instagram) and LinkedIn ("social media"). The section complements the general privacy policy developed by the individual social media companies.

Miinto and the individual social media are joint data controllers for the processing of your personal data. Together with other companies, we continuously try to have a dialogue with social media about the regulation of joint controllership. In this connection, both Facebook and LinkedIn have published an addendum on the joint controllership, which you can access via the following links:

• Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
  
• LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
  

Depending on your behaviour on social media Miinto and social media companies may collect the following personal data about you:

• Your "likes" or other reactions expressed on the pages
• Comments you leave on the pages
• Your visits to the pages

Miinto uses your personal data to improve Miinto's products and services, and to compile statistics. In this regard, Miinto uses aggregated data provided by social media via their cookies, such as data on age, gender, marital status, work, lifestyle, areas of interest as well as purchase and geographic information.

Miinto processes your personal data on the basis of Miinto's legitimate interests in being able to improve Miinto's products and services, cf. Article 6(1)(f), of the General Data Protection Regulation.

You can read more about the social media companies' processing of personal data by visiting their privacy and cookies policies:

• Facebook: https://www.facebook.com/about/privacy# and https://www.facebook.com/policies/cookies/
  
• LinkedIn: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy?trk=hb_ft_cookie
  

Under the General Data Protection Regulation, you have several rights, which you can read more about in section 5 of this policy. The general set-up of social media and the agreements entered into between Miinto and the social media companies dictate that you should contact the social media companies in question if you wish to exercise your rights towards the social media companies. This is because only the social media companies are functionally able to take the necessary steps to accommodate most of your requests.

If you are a Facebook user, you may exercise your rights by changing your privacy settings to influence how your personal data will be collected and processed when you visit and use the Facebook page. Click here to change your settings or to find out more about exercising your rights: https://www.facebook.com/ads/preferences and https://www.facebook.com/settings

If you are a LinkedIn user, click here to change your settings or exercise your rights: https://www.linkedin.com/psettings/data-privacy/ and https://www.linkedin.com/help/linkedin/answer/50191?trk=microsites-frontend_legal_privacy-policy&lang=en

However, if you believe that Miinto can accommodate your request, please feel free to contact us.

1. If you are a job applicant
   

We process the personal data that appears in your application and your CV, as well as any attachments submitted, in order to evaluate your application. If you are called in for an interview, we will collect and evaluate the information you provide in that regard. The basis for our processing of your personal data is your application for the conclusion of an employment contract with Miinto, cf. Article 6(1)(b) of the General Data Protection Regulation, as well as our legitimate interests in processing information that you yourself have given us, cf. Article 6(1)(f) of the General Data Protection Regulation.

In addition, on the basis of the above, we can search the Internet for relevant and accessible information, including content on social media. We will typically look for information about your previous employment relationships, activity, competencies and performance.

If the position in question requires you to complete personality tests or the like, you will be informed of this once we have processed your application. The results of such tests are treated confidentially but are included in our assessment of your application. The results will be deleted when the evaluation process is completed. The basis for this processing is Article 6(1)(b) of the General Data Protection Regulation.

In some cases, you may also be asked to submit a copy of your criminal record, depending on the position in question. Such personal data will also be treated confidentially. In such cases, we will process the personal data on the basis of Section 8(3) of the Danish Data Protection Act.

As part of our evaluation of you and your application, we may obtain references from your past and/or current employers. We only collect references from people you have specified in your application or have provided to us. The basis for this processing is Article 6(1)(f) of the General Data Protection Regulation, or if you have given your consent, Article 6(1)(a) of the General Data Protection Regulation.

We recommend that your application does not contain sensitive personal data, such as personal data that reveals racial or ethnic background, religion, union membership, sexuality, health information, etc. If the performance of a position places special demands on physical health conditions, we will (after a specific assessment) ask for your consent to process such personal data, cf. Article 6(1)(a) and Article 9(2)(a) of the General Data Protection Regulation.

If you are offered a position at Miinto, your application as well as any additional relevant personal data collected in connection with the recruitment procedure, will be stored in your personnel file with us.

If you are not offered a position, we will retain your application and any additional personal data collected in connection with the recruitment procedure for a period of 12 months after our refusal, unless you have given your consent to a longer storage of such personal data.

1. If you are a contact person for Miinto's B2B customers, suppliers and other business partners
   

This section describes Miinto's policy for the processing of personal data collected from contact persons of Miinto's B2B customers, suppliers and other business partners who cooperate with Miinto.

Collection of personal data

Personal data about you will be collected in one or more of the following cases:

• When your company or the company you are employed with enters into an agreement with Miinto, including the purchase of products or services offered by Miinto
• When you have shown interest in Miinto's products or services, for example by giving Miinto your business card
• When you say yes to receiving Miinto's newsletter
• When you collaborate or communicate with Miinto

Types of personal data

Miinto may collect, process and store the following personal data:

• Names, email addresses, telephone numbers and similar identifying information
• Individual information such as preferred languages
• Organizational information such as company name, company address, position, business area, primary place of work and country
• Contractual information such as purchase orders, invoices, contracts and similar agreements between your company (or employer) and Miinto, which may include your contact information
• Financial information such as payment terms, bank account details and creditworthiness

Such information may be provided directly by you (primarily through e-mails and other correspondence), or by third parties such as your employer.

Purpose of processing

Personal data is collected for the following purposes:

• Generally to plan, fulfil and manage the collaboration, including any contracts
• Administration, e.g. processing of payments (including recovery of outstanding invoices), assessment of creditworthiness, execution of accounting, auditing and invoicing activities, shipping and delivery, as well as support services
• Newsletters and similar marketing communications
• Handling requests made by you
• General communication
• Development of products and services
• Statistics and analysis
• Compliance and regulatory purposes, such as fulfilling our legal and compliance-related obligations to prevent illegal activities
• Dispute resolution

Basis for processing

Miinto processes your personal data on the following bases:

• Fulfillment of agreement: In some cases, it may be necessary to process personal data in order to fulfill a contract concluded between your company (or employer) and Miinto, for example in connection with the handling of orders, administration of the cooperation, user accounts and profiles (Article 6(1)(b) of the General Data Protection Regulation).

• Legitimate interests: We may process personal data in accordance with our legitimate interests in, among other things, managing the day-to-day operations, including planning, fulfilling and managing the collaboration or our legitimate interest in, among other things, performing statistics, analysis, marketing activities (which do not require consent), providing support as well as to improve and develop our products and services (Article 6(1)(f) of the General Data Protection Regulation).

• Legal requirements: Processing may also be necessary to prevent fraud or to establish, prosecute or defend legal claims (Article 6(1)(f) and Article 9(2)(f) of the General Data Protection Regulation).
  

• Legal obligation: The processing of personal data may in some cases be necessary in order to comply with legal obligations, such as our obligation to comply with security requirements and to prevent illegal activity (Article 6(1)© of the General Data Protection Regulation).
  

• Consent: Miinto will only use your personal data to send you product information, newsletters and other marketing materials by e-mail if you have given your prior and express consent to do so unless applicable law allows us to contact you without such consent (Article 6(1)(a) of the General Data Protection Regulation).
  

Storage period

Your personal data will be stored for 3 years from the end of the collaboration. However, the data can be stored longer in anonymised form.

Personal data that is included in accounting materials, including documentation of orders, is stored for 5 years from the end of the financial year, after which the data is deleted.

Documentation of your marketing consent is kept for 2 years from the time you have withdrawn your consent to receive direct marketing material.

1. General information for everyone covered by this privacy policy
   

Disclosure to other data controllers and to data processors

In order to fulfill the above purpose, we may give data processors access to your personal data, which on the basis of an agreement with Miinto provide relevant services to Miinto, including suppliers of e.g. IT services, CRM systems, billing systems, marketing services, customer satisfaction surveys, newsletter distribution, website analytics, IT support, hosting providers, payment facilitator, shipping provider as well as other providers of systems or services. Such service providers will only process personal data in accordance with our instructions in accordance with concluded data processor agreements.

At Miinto, you can shop online from physical stores directly on our platform www.miinto.co.uk. In order for the stores to process and forward your order, your personal data is therefore disclosed to the stores/webshops that are to deliver your order. The stores are independent data controllers for personal data, since they process the personal data for their own purposes.

In addition, in certain circumstances it may be necessary to disclose your personal data to the following other data controllers, e.g. distributors, including GLS, (Article 6(1)(b) of the General Data Protection Regulation). In addition, Miinto may in some cases be required and in other cases entitled to disclose your data to the authorities (Article 6(1)(c) of the General Data Protection Regulation). We may also disclose your personal data in order to establish, exercise or defend legal claims (Article 6(1)(f) and Article 9(2)(f) of the General Data Protection Regulation). In addition, we may also disclose your personal data to external auditors in order to comply with our auditing obligation (Article 6(1)(c), of the General Data Protection Regulation).

In connection with Miinto's development, the company structure may change, for example through the full or partial sale of Miinto. In the case of partial transfer of assets containing personal data, the basis for the related disclosure of personal data is as a main rule Miinto's legitimate interests in transferring parts of its assets as well as making commercial changes (Article 6(1)(f) of the General Data Protection Regulation).

If your personal data is transferred to data processors or data controllers based in non-EU/EEA countries that do not have an adequate level of protection, such a transfer will as a main rule be based on the EU Commission's standard contractual clauses.

Cookies

Our website uses cookies. Read more about our use of cookies in our cookie policy, which can be found on any page on the site here.

Security

We protect the confidentiality, integrity and availability of your personal data and have implemented security measures to ensure that our internal procedures comply with the established security standards and applicable legal requirements.

We have internal rules on information security, which contain instructions and measures that protect your personal data against being destroyed, lost, altered, against unauthorized publication and against unauthorized access or knowledge of them.

Your rights

• You have the right to gain access to the personal data we process about you
• You have the right to object to our collection and further processing of your personal data
• You have the right to request rectification and deletion of your personal data, subject to certain statutory exceptions
• You have the right to request us to restrict the processing of your personal data
• In certain circumstances, you may also request to receive a copy of your personal data as well as the transmission of your personal data that you have provided to us to another data controller (data portability)
• You can withdraw any consent that you have given at any time. Our newsletter can be unsubscribed by clicking on the link at the bottom of the newsletter

Links to other websites

Our website may contain links to other websites or to integrated websites. We are not responsible for the content of other companies' websites or their practices in connection with the collection of personal data. When you visit other websites, you are encouraged to read the proprietor's privacy policy and other relevant policies.

Additional Privacy Policy Section: Processing of Phone Call Recordings

This section outlines how Miinto Host A/S handles the processing of phone call recordings in accordance with applicable data protection laws within the European Union (EU). This section is an extension of the existing Privacy Policy for www.miinto.co.uk.

Processing of Phone Call Recordings

At Miinto, we may record phone calls for purposes such as quality assurance, customer support, training, and dispute resolution. These recordings may include personal data, such as the caller's name, contact details, and potentially sensitive information shared during the call.

Legal Basis for Processing

The processing of phone call recordings is primarily based on the necessity for the performance of a contract (Article 6(1)(b) of the General Data Protection Regulation) and our legitimate interests (Article 6(1)(f) of the GDPR) in enhancing our customer service quality and training our staff.

Processing and Storage

Phone call recordings are stored securely within the EU on our servers for a period of three months from the date of recording. After this period, the recordings are automatically deleted, unless they are required to be retained for a longer period due to ongoing disputes or legal obligations.

Access and Disclosure

Access to phone call recordings is limited to authorized personnel who require access for the purposes specified in this policy. We do not generally disclose phone call recordings to third parties, except in the following cases:

• With explicit consent from the caller.
• To comply with legal obligations or respond to lawful requests from public authorities.
• To protect our rights, privacy, safety, or property, or those of our customers or the public.

Your Rights

As a caller whose phone call is recorded, you have certain rights under the GDPR, including:

• Right to Access: You can request access to the phone call recordings containing your pe
• rsonal data and obtain a copy.
• Right to Rectification: If your recorded information is inaccurate or incomplete, you can request corrections.
• Right to Erasure: You can request the deletion of your phone call recordings under certain circumstances.
• Right to Object: You have the right to object to the processing of your personal data in the recordings for specific reasons.
• Right to Restriction of Processing: You can request restrictions on the processing of your personal data under certain circumstances.
• Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.

Questions or complaints

If you have any questions about this privacy policy, or if you wish to submit a complaint about the way we process your personal data, please feel free to contact us by e-mail dataprotection@miinto.com or telephone via number. You can also write to us at the following address:

Miinto ApS

Corporate ID No. 32091059

Prags Boulevard 49, #9,

2300 Copenhagen S

If your complaint is not resolved by us and you want to proceed with the case, you may submit a complaint to the Danish Data Protection Agency:

Danish Data Protection Agency

Carl Jacobsens Vej 35

2500 Valby

Telephone: 33 19 32 00

E-mail: dt@datatilsynet.dk

Changes to the privacy policy

We reserve the right to make changes to this privacy policy from time to time. In the event of changes, the date at the bottom of the privacy policy will be changed. The privacy policy in force at any time will be available at www.miinto.co.uk/privacy-policy.

Last updated on [06 September 2023]