Mira Network Privacy Policy
This privacy policy describe how we process personal identifiable data as required by the General Data Protection Regulation (GDPR).
Who we are
About whom do we process data
Personal data we process as data controller
We use cookies
What do we do with the data
Personal data we process as data processor
Legal grounds for processing of personal data
Do we disclose any information to third parties?
How long do we retain information?
How do we protect your information?
Procedure in case of personal data incident
Your rights
Revisions to this privacy policy
Who we are
We are Mira Network AB (Managing Interactive Relations Agency Network AB, registration number 556524-6237), a limited company based in Stockholm, Sweden. We provide the leading CRM-system for commercial and higher education in the Nordics and related consulting services (“the Services”).
You can reach us at +46 8 412 84 01 or live@mira.se. To contact us writing, please write to
Mira Network AB
Kungsgatan 55
se-111 22 Stockholm
Sweden
Our CEO is Magnus Bratt who can be reached at magnus.bratt@mira.se. For more information about Mira Network, see www.mira.se.
About whom do we process data
We process personal data both as a data processor and as a data controller for our clients.
As a data controller we process personal data relating to our clients, partners and individuals relevant for our marketing and business development, employees, and potential employees.
As a data processor we process personal data as required to provide the Service to our clients aas regulated in our data processing agreement.
Personal data we process as data controller
When carrying out our work to provide our Services and develop our business, we process the personal information. This information include:
- Basic personal details, including name and age
- Nature of our relationship
- Employment and contact details
- Educational information and affiliations to organisations which are in the public domain;
- Notes of meetings, correspondence and conversations which we may have with you;
- Usage logs and statistics.
For all our contacts, we record communication preferences when they’re known. For example, if you’d prefer not to receive communications by email, or if you’d prefer not to receive any communications at all. Contacts can change their communication preferences at any time. This means we don’t get in touch with people who don’t want us to. It helps us reduce wastage and make sure that our contacts are in control of how and if we stay in contact.
We use cookies to understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
If you do not accept cookies, you can disable them via your browser's security settings. You can also set your browser to alert you every time a website tries to set a cookie on your computer. The browser can also delete previously stored cookies.
See your browser's help pages for more information on how you can view the cookies stored in your browser, how to remove them and adjust settings for cookies, for example if they should be accepted or not.
If you in your browser choose not to accept cookies you will not be able to fully take advantage of this website's many services.
What do we do with the data
We use the data to carry out our work to provide our Services and develop our business. This includes
- Marketing and sales. We use our own CRM-system for contact information, activities, e-mail marketing and event management.
- Customer support. We use Target Process for customer service and to manage our product development. We also use Intercom to understand and communicate with our users.
- Recruitment. We receive candidate information from recruitment companies. We use the information to evaluate candidates and network.
- Administration and human relations. We use a partner Mazars for accounting and payroll services. We use Benify to manage employee benefits.
- Business development. We use personal data to network to find new clients, new partners and to learn more about our markets.
Personal data we process as data processor
As data processor, we process our client’s data. The types of processing that is available for each client is determined by which modules in Mira the client use. According to the regulation, both the Controller and the Processor shall maintain a record of processing activities under its responsibility. In Mira, persons are classified into defined Person Categories and/or Collaboration Categories. For these Categories, the Controller defines what categories of personal data is processed, the purpose of the processing, the legal ground of the processing, etc.
We will process personal data about our client’s data subjects during the main contract’s duration by providing systems and services that our clients use for marketing, maintaining and developing relations, analyze statistics and follow up activities.
Legal grounds for processing of personal data
When we process data as a data controller we rely on these grounds for lawful processing.
For the purpose of administering contracts with clients, partners and employees, to the extent that we process personal data we do so because it is necessary for the administration of a Contract.
For our marketing and other business development activity we process data because it is in our Legitimate Interest unless the law requires us to obtain your Consent in which case we will only process data with your consent.
Please see “your rights” below for details of what Legitimate Interest and Consent mean in this context, and your rights associated with either of terms.
Do we disclose any information to third parties?
We do not sell, trade, or otherwise transfer to third parties your personally identifiable information. This does not include trusted third parties who assist us in operating our service, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We may also release personal information when we believe release is appropriate to comply with the law, enforce our policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing or other uses.
As a data processor we will only process client data to the extent required to provide our services as regulated by our data processing agreement.
How long do we retain information?
As data processor we keep information for so long as the contract with our client requires.
As a data controller we keep information for as long as is necessary for us to carry out our work including providing our services and our business development.
For administering our own business, we retain personal data while clients are working with us and for a reasonable time beyond until such a time as repeat business seems unlikely. A data subject may ask us to remove them from our database or from the receipt of communications at any time.
How do we protect your information?
We do our utmost to protect your privacy. Data protection legislation obliges us to follow security procedures regarding the storage and disclosure of information in order to avoid unauthorized loss or access. We have implemented industry-standard security systems and procedures to protect personal information from unauthorized access, disclosure, alteration, misuse, or destruction.
We commit to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks.
Procedure in case of personal data incident
The GDPR states that in the case of a personal data breach, the controller shall document the facts relating to the personal data breach, its effects and the remedial action taken. Also, as a data processor we are obligated to notify the controller if we become aware of a personal data breach. We have therefore this established procedure in the case of a suspected personal data incident:
- Registration. All incidents are registered in our issue tracking system when discovered
- Analysis. All registered incident are analyzed to understand the nature of the incident and enable prioritization and deciding of appropriate response
- Prioritization. All incidents are prioritized and classified
- Resolution and reporting. If a data incident occur when we act as a data processor, we commit to inform the data controller without delay, as set out in our data processing agreement.
- Evaluation and procedure revision.
Your rights
If we are processing data with your consent then you have the right to withdraw that consent without prejudice.
We will make reasonable efforts to ensure that personal data is accurate and complete, and we will update or correct your information as needed when notified by you.
You may have the right to access the personal information we hold about you. In some cases, however, access rights may not apply, including when providing access is unreasonably burdensome or expensive under the circumstances. To request access to, correction of, amendment to, anonymization of, or erasure of your information, please contact us by email as described above.
You have the right to complain about the way in which we process your data. The address to which any complaints should be addressed is above.
Revisions to this privacy policy
We review this policy regularly. This Policy was last updated on 21 May 2018.