Our Privacy Policy

v2.0   18 May 2018

Who are we

We are Contract Mill, a Finnish company developing a document automation platform for lawyers. We respect your privacy and we are committed to protect it. If there is anything you want to ask about your privacy, please email us at info@contractmill.com.
 
Our official data: Contract Mill Oy Business ID: 2776605-7 Address: Kampinkuja 2, 00100 Helsinki   Contact person: Hannele Korhonen hannele@contractmill.com +358 50 514 7776

We as data controller and data processor

If you are reading this, you are probably either
  • our client
  • user of our service
  • website visitor or
  • you are receiving marketing communication from us
This privacy policy explains how we process your personal data as a data controller. We also process personal data as a data processor when we process contracts or other legal documents submitted to our service and those documents include personal data. In this case the data controller is the client who submitted the documents to our service, and we process such personal data in accordance with a contract we have with our client.

We collect and process the following data

Data you give Data we collect Why the data is needed Legal basis Our role
Browsing in our website Legitimate interests: our interest in being able to provide a smooth user experience on our website as well as being able to improve the service further. Data controller
Latest IP address To maintain and improve services
Information on your OS and browser To maintain and improve services
Information on your use of CM website To maintain and improve services
Request of demo / registration Contract, Consent, Legitimate interests: our interest in sending information regarding our service to those who specifically express that they are interested in the service. Data controller
Name To provide the requested service
Email address To provide the requested service
Title To provide the requested service
Phone number To provide the requested service
Organisation details To provide the requested service
Opt-in to marketing To send you our newsletter and other updates
Information relating to you or your organisation which you may provide us when communicating with us To provide the requested service and manage the business relationship
Using Contract Mill Contract, Legitimate interests: our interest in being able to improve the service further and provide relevant content to interested clients
Email addresses of users in your organisation Latest IP address To provide the requested service Data controller
Personal data in your contracts To provide the requested service Data processor
Email addresses when sending Self-Check-In or Do-It-Yourself Documents To provide the requested service Data processor
Information on your OS and browser To provide the requested service Data controller
Contract data that is anonymised To develop and provide the requested service Data controller
Information on your use of Contract Mill service To provide the requested service Data controller
Information relating to you or your organisation which you may provide us when communicating with us To provide the requested service and manage our business relationship with you Data controller
If you are our client and opt-out from our marketing communications, we may still send you non-promotional information, such as emails about your subscription.

Marketing: We collect and process the following data

Data you give Data we collect Why the data is needed Legal basis Our role
Subscribe to our newsletter Consent Data controller
Name To send you our newsletter and other updates
Email address To send you our newsletter and other updates
Phone number To send you our newsletter and other updates
Opt-in to marketing To send you our newsletter and other updates
Outbound marketing Legitimate interest: our interest in extending our network and sending information about our service to those we think will be interested Data controller
Name To send or target marketing to you
Email address To send or target marketing to you
Role in the organisation To send or target marketing to you
Organisation details To send or target marketing to you
Information relating to you or your organisation which you may provide us when communicating with us To communicate with you and manage our business relationship with you

Sources from where we get your data

From you
  • when you subscribe to our newsletter
  • when you request for demo or sign up
  • when you import or type in personal data in your templates or documents
  • when you send emails from Contract Mill
  • when you communicate with us using different communication channels
From your use of services
  • when you browse our website
  • when you use Contract Mill service
From third parties
  • public company registers
  • company directories

Third parties processing your data

Your data may be shared with some of our third party service providers. Your data is shared only when necessary and in strict compliance with our privacy policy and the applicable data protection regulations.
Service provider Purpose Location
Infrastructure Heroku Used for web hosting EU and US (Privacy Shield)
Amazon Web Services Used for web hosting EU
Google G-suite Our email accounts and document management EU and US (Privacy Shield)
Analytics Google Analytics Used for website analytics EU and US (Privacy Shield)
Communications Mailgun Used for email deliverability US (Privacy Shield)
Pipedrive Used for client relationship management (CRM) EU and US (Privacy Shield)
Mailchimp Used for our newsletter US (Privacy Shield)
Netvisor Used for invoicing EU
Hubspot Used for target marketing US (Privacy Shield)
Calendly Used for meeting scheduling US (EU Commission Standard Contractual Clauses)
Subcontractors Kisko Labs Oy Software development FI
Difogic Oy Software development FI

Cookies

What? Cookies are strings of information that may be stored on your computer to recognise and track visitors. Information collected based on cookies can be connected to individual website visitors only based on the IP address, which we as such cannot (and do not want to) use to identify any specific persons.
Why? We use only necessary cookies to run and improve our services
How? For this purpose we use Google Analytics, which is a service provided by Google, Inc. For an overview of Google Analytics, please visit https://www.google.com/analytics
Your rights You can turn off cookies by changing your browser settings

For how long do we process your personal data

Client data We keep the personal data for the duration of the contract and max 2 years after that.
Marketing data We keep the personal data of non-clients for marketing purposes max 2 years after collecting the personal data. If you use your right to opt-out from receiving marketing messages, we will delete your personal data from our marketing database without delay.
Website users We keep the personal data of website users max 1 year after collecting the data.

How we protect your data

Secure communication All connections between you and our service is secured over HTTPS using certificates from an established and reliable independent CA.
Secure infrastructure Our service runs on Amazon EBS and contract data is stored in Amazon S3. Data integrity and database backups are handled by Heroku. Our service has built-in protection for CSFR attacks.
Document security Your documents can be accessed by only such users of your organisation with an active authenticated session. The authoritative authentication store is managed by the application and is not accessible by any other application. User-inputs are technically prevented from injecting malicious code-scripts to our service.
Access to the personal data requires username and password User credentials are stored only using industry standard cryptographic hashes and has salting.
Users of the personal data bound by confidentiality obligations Only authorised staff that are committed to the strict confidentiality obligations can access the data.
However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot warrant the security of the data you transmit to or store in our service.

Your rights

Right to access You have the right to access your personal data.
Right to correct You have the right to have any inaccurate information about you corrected.
Right to object You have the right to object to processing of personal data which is based on our legitimate interest.
Right to restriction You have the right to request the restriction of processing for example when you think that the personal data we process about you is not accurate.
Right to opt-out You have the right to opt-out of any marketing communication from us.
Right to be forgotten You have the right to request deletion of your personal data at any time.
Right to complain You have the right to lodge a complaint with a supervisory authority.
Right to data portability You have the right to port your data to another service.
If you wish to make a request, or if you have any questions relating to your rights or this privacy policy, please contact us at info@contractmill.com.