Our Privacy Policy
v2.0 18 May 2018Who are we
We are Contract Mill, a Finnish company developing a document automation platform for lawyers.
We respect your privacy and we are committed to protect it.
If there is anything you want to ask about your privacy, please email us at info@contractmill.com.
Our official data:
Contract Mill Oy
Business ID: 2776605-7
Address: Kampinkuja 2, 00100 Helsinki
Contact person:
Hannele Korhonen
hannele@contractmill.com
+358 50 514 7776
We as data controller and data processor
- our client
- user of our service
- website visitor or
- you are receiving marketing communication from us
We collect and process the following data
Data you give | Data we collect | Why the data is needed | Legal basis | Our role |
---|---|---|---|---|
Browsing in our website | Legitimate interests: our interest in being able to provide a smooth user experience on our website as well as being able to improve the service further. | Data controller | ||
Latest IP address | To maintain and improve services | |||
Information on your OS and browser | To maintain and improve services | |||
Information on your use of CM website | To maintain and improve services | |||
Request of demo / registration | Contract, Consent, Legitimate interests: our interest in sending information regarding our service to those who specifically express that they are interested in the service. | Data controller | ||
Name | To provide the requested service | |||
Email address | To provide the requested service | |||
Title | To provide the requested service | |||
Phone number | To provide the requested service | |||
Organisation details | To provide the requested service | |||
Opt-in to marketing | To send you our newsletter and other updates | |||
Information relating to you or your organisation which you may provide us when communicating with us | To provide the requested service and manage the business relationship | |||
Using Contract Mill | Contract, Legitimate interests: our interest in being able to improve the service further and provide relevant content to interested clients | |||
Email addresses of users in your organisation | Latest IP address | To provide the requested service | Data controller | |
Personal data in your contracts | To provide the requested service | Data processor | ||
Email addresses when sending Self-Check-In or Do-It-Yourself Documents | To provide the requested service | Data processor | ||
Information on your OS and browser | To provide the requested service | Data controller | ||
Contract data that is anonymised | To develop and provide the requested service | Data controller | ||
Information on your use of Contract Mill service | To provide the requested service | Data controller | ||
Information relating to you or your organisation which you may provide us when communicating with us | To provide the requested service and manage our business relationship with you | Data controller |
Marketing: We collect and process the following data
Data you give | Data we collect | Why the data is needed | Legal basis | Our role |
---|---|---|---|---|
Subscribe to our newsletter | Consent | Data controller | ||
Name | To send you our newsletter and other updates | |||
Email address | To send you our newsletter and other updates | |||
Phone number | To send you our newsletter and other updates | |||
Opt-in to marketing | To send you our newsletter and other updates | |||
Outbound marketing | Legitimate interest: our interest in extending our network and sending information about our service to those we think will be interested | Data controller | ||
Name | To send or target marketing to you | |||
Email address | To send or target marketing to you | |||
Role in the organisation | To send or target marketing to you | |||
Organisation details | To send or target marketing to you | |||
Information relating to you or your organisation which you may provide us when communicating with us | To communicate with you and manage our business relationship with you |
Sources from where we get your data
From you |
|
From your use of services |
|
From third parties |
|
Third parties processing your data
Service provider | Purpose | Location | |
---|---|---|---|
Infrastructure | Heroku | Used for web hosting | EU and US (Privacy Shield) |
Amazon Web Services | Used for web hosting | EU | |
Google G-suite | Our email accounts and document management | EU and US (Privacy Shield) | |
Analytics | Google Analytics | Used for website analytics | EU and US (Privacy Shield) |
Communications | Mailgun | Used for email deliverability | US (Privacy Shield) |
Pipedrive | Used for client relationship management (CRM) | EU and US (Privacy Shield) | |
Mailchimp | Used for our newsletter | US (Privacy Shield) | |
Netvisor | Used for invoicing | EU | |
Hubspot | Used for target marketing | US (Privacy Shield) | |
Calendly | Used for meeting scheduling | US (EU Commission Standard Contractual Clauses) | |
Subcontractors | Kisko Labs Oy | Software development | FI |
Difogic Oy | Software development | FI |
Cookies
What? | Cookies are strings of information that may be stored on your computer to recognise and track visitors. Information collected based on cookies can be connected to individual website visitors only based on the IP address, which we as such cannot (and do not want to) use to identify any specific persons. |
Why? | We use only necessary cookies to run and improve our services |
How? | For this purpose we use Google Analytics, which is a service provided by Google, Inc. For an overview of Google Analytics, please visit https://www.google.com/analytics |
Your rights | You can turn off cookies by changing your browser settings |
For how long do we process your personal data
Client data | We keep the personal data for the duration of the contract and max 2 years after that. |
Marketing data | We keep the personal data of non-clients for marketing purposes max 2 years after collecting the personal data. If you use your right to opt-out from receiving marketing messages, we will delete your personal data from our marketing database without delay. |
Website users | We keep the personal data of website users max 1 year after collecting the data. |
How we protect your data
Secure communication | All connections between you and our service is secured over HTTPS using certificates from an established and reliable independent CA. |
Secure infrastructure | Our service runs on Amazon EBS and contract data is stored in Amazon S3. Data integrity and database backups are handled by Heroku. Our service has built-in protection for CSFR attacks. |
Document security | Your documents can be accessed by only such users of your organisation with an active authenticated session. The authoritative authentication store is managed by the application and is not accessible by any other application. User-inputs are technically prevented from injecting malicious code-scripts to our service. |
Access to the personal data requires username and password | User credentials are stored only using industry standard cryptographic hashes and has salting. |
Users of the personal data bound by confidentiality obligations | Only authorised staff that are committed to the strict confidentiality obligations can access the data. |
Your rights
Right to access | You have the right to access your personal data. |
Right to correct | You have the right to have any inaccurate information about you corrected. |
Right to object | You have the right to object to processing of personal data which is based on our legitimate interest. |
Right to restriction | You have the right to request the restriction of processing for example when you think that the personal data we process about you is not accurate. |
Right to opt-out | You have the right to opt-out of any marketing communication from us. |
Right to be forgotten | You have the right to request deletion of your personal data at any time. |
Right to complain | You have the right to lodge a complaint with a supervisory authority. |
Right to data portability | You have the right to port your data to another service. |