Privacy Policy
1. Introduction
1.1 This Privacy Policy is intended to provide you with information on how Brainy ApS, CVR: 43387553 ("Brainy", "we", "us", "our") collect and process your personal data which you have given to us, or we have collected from you via our website https://brainy.so ("The Website", "Website").
1.2 We will only process your personal data in accordance with this Privacy Policy and applicable law to which we are subject, including the General Data Protection Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR") and the Danish Data Protection Act No. 502 of 23 May 2018 supplementing the GDPR, any amendments thereto and other such legislation supplementing these rules.
1.3 Brainy is the data controller in relation to your personal data. You can contact Brainy by using the contact information specified in Section 8.
2. THE DATA WE COLLECT, THE PURPOSE AND THE LEGAL BASIS FOR PROCESSING
2.1 When you use our Website we may collect information about you, including through the use of cookies. We will only use cookies – other than technically necessary cookies if you have accepted the use of these. Among other things, we collect information about your IP address, your login data and time, browser type and version, time zone and network location, and other information about the devices you use to access our website and platforms. We also collect information about how you use and interact with our website.
2.1.1 The purpose of our processing is to optimise the user experience and the website's functionality including creating statistics and to improve our service. This processing of personal data is necessary for us to pursue our legitimate interest in operating and improving our Website and in marketing our services (article 6(1) (f) of the GDPR).
2.2 When you sign up to our service and create an account on our Website, we will collect data about your identity, such as your name, e-mail-address, password, and position at the company you are working. Your payment data is administered by Stripe, acting as a third party data controller. We refer to Stripe’s Privacy Policy for further information on their processing of your personal data.
2.2.1 The purpose of our processing is to administer and perform the agreement with you, including to set you up as a customer, allow you to subscribe to our service, manage and to collect payment for your subscription. The processing is necessary for the performance of a contract with you (article 6(1) (b) of the GDPR).
2.3 When you communicate with us or use the chat-function on our website, we may collect data about your identity, such as your name and e-mail-address and the information you have provided when contacting us.
2.3.1 The purpose of our processing is to being able to process your request and respond to other communication. This processing is necessary to pursue our legitimate interest to communicate with you and respond to your questions and other requests (article 6(1) (f) of the GDPR).
2.4 When you sign up for our newsletter, we collect personal data about you, including your name and your email address. We will not send you any e-marketing without you have given consent.
2.4.1 The purpose of our processing is to pursue our legitimate interest in marketing our services to you (article 6(1) (f) of the GDPR).
2.5 To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified above, we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please contact us by using the email provided in Section 8 below if you wish to receive more information on the balancing test.
3. HOW IS YOUR PERSONAL DATA COLLECTED
3.1 We will collect some of the personal data about you directly from you, for example when you sign up for newsletters or when you are using the chat-function on our Website. When you interact with our Website, we may collect technical data about your equipment, browser activity and patterns. We collect these personal data by using cookies and other similar technologies. We may also receive technical data about you, if you visit other websites that use our cookies.
4. DISCLOSURE OF YOUR PERSONAL DATA
4.1 Your personal data is disclosed to third parties who process personal data on behalf of Brainy, and therefore acts as our data processors. We use third parties to send out newsletters, hosting providers and to process payment on our Website. We have entered into data processing agreements that comply with article 28 of the GDPR with all our data processors to ensure that such data processors implement appropriate organisational and technical security measures in such a way that the processing complies with the requirements of the GDPR and ensures the protection of your rights.
5. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES
5.1 We will not transfer your personal data to recipients outside the EU or EEA unless we have ensured compliance with GDPR Chapter V.
5.2 Some of our third-party service providers are established outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal information receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data; or by use of specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data essentially equivalent protection as it has in Europe.
5.3 If you require further information about our current data processors established outside the EEA and the safety measures in place to allow for the transfer of personal data, you can request it from us – please send your request to us by email at: [email protected].
6. YOUR RIGHTS
6.1 Under certain circumstances, you have one or more of the following rights:
6.2 The right of access by the data subject
6.2.1 You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
6.3 The right to rectification
6.3.1 You have the right to request correction of your personal data that we hold about you. If you become aware that the personal data we process is inaccurate, we encourage you to contact us in writing which will enable you to have any incomplete or inaccurate information we hold about you corrected.
6.4 The right to erasure ("the right to be forgotten")
6.4.1 You may have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. To the extent the continued processing of your personal data is necessary, for example in order for us to comply with our legal obligations or for legal requirements to be established, enforced or defended, we are not required to delete your personal data.
6.5 The right to restriction of processing
6.5.1 You may have the right to request the restriction of processing of your personal data to consist only of storage. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
6.6 The right to data portability
6.6.1 You may have the right to obtain personal data that you have provided us with, in a structured, commonly used, machine-readable format and have the right to request a transfer of that information to another data controller.
6.7 The right to object
6.7.1 You have the right to object to our processing of your personal data at any time when it relates to our direct marketing efforts towards you.
6.7.2 Furthermore, you have the right to object to our processing of your personal data at any time, for reasons relating to your personal life, where we are relying on a legitimate interest as legal basis for processing, cf. section 2.1, 2.3-2.4.
6.8 The right to withdraw your consent
6.9 You have the right to withdraw a consent you have provided us with for the purpose of processing your personal data. If you wish to withdraw your consent, please contact us by using the contact information specified in Section 8.
6.10 The right to lodge a complaint
6.11 You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. In Denmark you can lodge a complaint with Datatilsynet at: https://www.datatilsynet.dk/borger/klage/-saadan-klager-du.
7. DATA RETENTION
7.1 Personal data about your use of our Website, cf. section 2.1, will be deleted upon your request. If you wish to have your personal data deleted, please contact us by using the contact information specified in Section 8.
7.2 Personal data about your account with us (name, address, position) is kept until you delete the account or have been inactive for 1 year. If you choose to delete your account, your login access will be deleted. However, please note that we may be required to retain certain data for up to 5 years from the end of the financial year, as described below in section 7.3.
7.3 Personal data about contact information and purchases is retained to document purchases you have made, agreements we have entered into, and for accounting and tax obligations. The data will be retained for 5 full fiscal years following the end of the year to which the purchase or agreement relates, or the later date the purchase price was paid in full.
7.4 Personal data about you collected when you signed up for our newsletter will be deleted when your consent to receive newsletters is withdrawn.
7.5 We do, however, reserve the right to retain your personal data for an extended period of time if deemed necessary to establish, exercise or defend a legal claim or in order to meet a legal obligation.
8. CONTACT INFORMATION
8.1 Brainy ApS is the data controller of the personal data, which are collected about you.
8.2 If you have any questions regarding this Privacy Policy or wish to exercise your rights pursuant to Section 6, please use the contact information set out below:
Brainy ApS
Business registration number: DK-43387553
Strandlodsvej 23E, 5. th
2300 København S
Denmark
Email: [email protected]
9. CHANGES TO THIS PRIVACY POLICY
9.1 If we make changes to this privacy policy, we will orientate you via email. Our privacy policy can always be found on https://brainy.so.
10. VERSIONS
10.1 This is version 1 of Brainy’s privacy policy, dated January 20, 2023.
Company