Privacy Policy

1. About This Policy

At MIMIR Fellows Oy (“MIMIR”) we take data protection seriously. We hope that you will take a moment to read this policy.

This Privacy Policy has been put together to provide our website (“Service”) users and visitors (“Users” or “you”) with transparent information about our applicable processing of personal data. This Privacy Policy aims to answer the following questions:
- What personal data we collect when you use or browse on our Service;
- How we may use and share your personal data;
- Our use of cookies and similar technologies; and
- Your legal rights and how to exercise them.

Please note that this Privacy Policy only applies to the processing of personal data carried out by us a data controller and only in the context of running our website or any subdomains thereof. To the extent we process personal data in relation to our MIMIR Fellows’ program, such processing shall be subject to a separate privacy policy available at

This Privacy Policy does not concern nor are we responsible for, the privacy, data, or other practices of any third parties, including our stakeholders or any other third party operating any site or service incorporating or linking to our Service.

This Privacy Policy may be updated from time to time, so please check back regularly. If we materially change our Privacy Policy, we will provide a prior notification on our website.


MIMIR collects two types of information from our Users: (i) User Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual or combine the technical data with your personal data, you can sometimes be recognized from it. In such situations, Technical Data can also be considered personal data under applicable laws.

Within our Service we process the following User data:
- Your full name;
- E-mail address;
- Possible communication with us or with other Users;
- Where applicable, your consent for certain processing activities described hereunder; and
- Direct marketing opt-outs and opt-ins.

Technical data may include for example the following data:
- IP address;Device type;
- Operating system;Time of visit;
- Browsing patterns on our website;
- Browser type and version; and
- Language settings.

We may also update and supplement personal data with information provided by third parties in accordance with applicable data protection laws.


We may collect and use Users’ personal data for the following purposes:
- For customer service, feedback and support;
- For security improvements;
- To personalize User experience;
- To improve and develop our service, including improvements made to algorithms, processes and service experience;
- Trend detection and statistics;
- Prevention on fraud or other illegal activities or misuse of the Service;
- For direct marketing and advertising purposes;
- User analytics and statistics; and
- To comply with laws and regulations.

Our legal grounds for processing your personal data are carrying out our user contract, fulfilling our legal obligations and based on our legitimate interests.


Your personal data shall not be stored by us any longer than necessary for the purposes of providing the Service or parts thereof, or for another individual purpose for which your data is being processed hereunder. The exact storage period depends on the nature of the information and the purposes of processing. Hence, the maximum storage period may vary per use case.

Generally, personal data of Users is deleted within a reasonable time after the User has visited our Service or unsubscribed from our newsletters or when the User requests the deletion of such personal data, unless we are obligated to store the data for longer periods due to applicable law.

Notwithstanding the above, we may have to store Users’ personal data a bit longer to the extent such data is included in our automatic encrypted back-up processes. However, your data shall not be accessed or used for any purposes while such data is included in the back-ups, which shall be permanently deleted in every thirty (30) days’.

Once the data is no longer necessary, we delete or anonymize it as soon as reasonably possible.


Our Service may use “cookies” and other industry standard local storage technologies and tools like pixel tags, web beacons and local shared objects (flash cookies) to enhance user experience and analyze the use of our Service.

A cookie is a small text file that is stored on a User's device for record-keeping purposes which contains information about that User. We use cookies to track and target your interests and in order to provide a customized experience. Cookies also allow us to collect Technical Data from you, like which pages you visited and what links you clicked on. Pixel tags and web beacons are tiny graphic images placed within the website allowing us to determine whether you have performed a specific action. When you interact with the website, pixel tags and web beacons generate Technical Data of that action.

Local storage technologies and tools may also be placed on your device by our third-party partners and service providers. The services may also contain advertisements served by third parties that deliver third-party cookies or other tracking technologies to your device so your online activities across third-party sites or online services can be tracked for advertising purposes. We have no access to or control over the third-party cookies and technologies. The Network Advertising Initiative provides opt-out mechanisms from some behavioral online advertising: Users located in the European Union can learn of their rights relating to online advertising at

This Privacy Policy covers the use of cookies and similar technologies by MIMIR only and does not cover the use of third-party cookies or other tools by any advertiser or other third party.

You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of the Service may not function properly. For more information about cookies and how to delete them, visit

The Services uses Google Analytics and Webflow to compile reports on visitor usage and to help us improve the Service. For an overview of Google Analytics, please visit You can opt-out of Google Analytics with this browser add-on tool: For an overview of Webflow, please visit

The Service may also contain so called social media plugins (such as Instagram). When the User visits the Service, a link is formed between the User’s browser and the server of the provider of the social media plugin. Due to the link, the User's browser may automatically transfer technical data and personal data relating to our website visitor to the social media plugin provider in question. This data may include e.g. IP address and the information that the IP address in question has visited our website.

If the User opens the social media plugin while logged into their user account in the social media platform in question, the content of our website may be linked with User’s user account in that platform. In that case, the service provider in question may be able to connect the User’s visit to our website with User’s personal user account in the social media platform in question.

If the User is not willing to allow the social media service provider to connect their visit to our website with their user account in the social media platform in question, User shall log out of the social media platform. Notwithstanding, User’s browser may still transmit the IP address and other information to the social media plugin service provider when they visit our website, as described above.

The services of the social media plugin service providers are subject to their own terms of use, other terms and data protection policies. Below is a list of the services to which the social media plugins found on our website relate to. The relevant terms of use and the privacy policies can be found on the websites of the services in question.


We may share information regarding Users with our trusted partners and affiliates strictly for the limited purposes outlined above.

We may use third party service providers to enable us to provide the website or administer related activities on our behalf, such as services for sending out newsletters or surveys. We may share your information with these third parties only for those limited purposes.

In addition to disclosing personal data, we may disclose pseudonym data, and aggregated or other anonymous data to third parties for advertising and user analytics purposes.We may disclose personal data to public authorities if we are legally required to do so. We may also transfer or assign your information to our group companies, subsidiaries and affiliates as well as to a subsequent or new owner/operator of the Service in case the Service, we, our stock and/or assets are acquired or in case of merger, restructuring, bankruptcy, or other corporate reorganization.

We may process or transfer your personal data in and to any country where we operate or where we have employees or service providers or partners, including countries outside the European Union or the European Economic Area. Such processing, transfer and assignments will be carried out in compliance with applicable law. In cases where the level of data protection may not be deemed adequate by the European Commission, we always, by applying contractual and other measures, ensure that adequate protection for your personal data is provided as required by applicable laws, for personal data transfers to third countries. If you wish to know more about international transfers of your personal data, you may contact us via the contact details given below.

As with any other business, MIMIR could merge with or be acquired by another company, sell all or substantially all of its assets or a line of business, or undergo a similar event. MIMIR has the right to assign or share the information it maintains, including personal data, to one or more affiliates or to one or more successors, assigns, acquirers, or affiliates in connection with a restructuring, reorganization, merger, acquisition or other change of control of MIMIR, as well as in the unlikely event of MIMIR's insolvency, bankruptcy or receivership.

However, personal data will remain subject to this Privacy Policy unless you agree to the contrary. MIMIR will notify Users of such an occurrence by posting a notice on the Service and/or e-mailing to the e-mail address you have provided us.


We will only send you direct marketing content if you have opted in to receiving it.

In any case you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us or by using the unsubscribe possibility offered in connection with our newsletter.


We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. We shall also test our systems, and other assets for security vulnerabilities at appropriate intervals.

Should, despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.


Right to Access
You have the right to know what personal data we have stored about you by sending us a written request to the address indicated below.

Right to Correct
You also have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us on the address indicated below. In case you consider your personal data collected by us to be inaccurate, or you wish your personal data to be erased in a case where the processing of your personal data has been deemed unlawful, or the personal data is no longer necessary, or you have objected to the processing and the existence of legitimate grounds for processing are being verified, you may request restriction of processing of your personal data.

Right to erasure
You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Right to withdraw your consent
You have the right to opt out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated below. In case your personal data is processed based on your consent, you have the right to withdraw your consent for such processing.

Please note that in case you prohibit us from processing your personal data, we may not be able to continue to provide all parts of the Service to you.

Other rights
Users may object to the processing of personal data if such data are processed for other purposes than those necessary for the provision of the Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our website.

In certain cases, Users may have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use these rights
These rights may be used by sending a letter or secure email to us on the addresses set out above, including the following information: name, address, phone number and a copy of a valid ID.

We may request the provision of additional information necessary to confirm the identity of the data subject. We may charge a reasonable administrative processing fee in case less than 6 months have passed since your last data request.

We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.


In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.

In Finland, the local supervisory authority is the Data Protection Ombudsman (


The Service is not intended for Users under the legal age of 16. We do not knowingly collect any personal data from children under this age.


MIMIR Fellows Oy
Business ID: 3253622-1
Address: Aarnivalkeantie 5 A 13, 02100 Espoo Finland