Last updated: September 2021.

Data protection means protecting personal data and safeguarding appropriate data processing. Personal data is data related to an identified or identifiable person. This Privacy Statement explains how HyperMemo Oy (“Hypermemo”, “we”, “us”, “our”) processes personal data when we are the controller of personal data.

We process individuals’ personal data for a number of reasons. When we write “you”, we mean you as, for example, our customer, a potential customer, our customer’s employee or our employee.

Whose personal data do we process?

Hypermemo processes in its business operations the following groups of individuals:

  • Hypermemo’s customers
  • Hypermemo’s potential customers
  • Persons belonging to Hypermemo’s stakeholder groups
  • Hypermemo’s employees, other people working for Hypermemo and job applicants

What personal data do we process?

Personal data is collected directly from You, or it is obtained from the use of website or services.

The personal data we process can be grouped into the following categories:

  • Identification information such as name and personal identity code
  • Contact information such as e-mail address, telephone number and address
  • Payment information such as payments made, invoices and bank details
  • Interaction information and the contract information such as employment agreement or customer agreement, correspondence, emails, and information on you relating to the use and provision of the Services, and/or your customer relationship or other business with us.
  • Technical data, such as cookie data and log data including information such as your computer’s Internet Protocol (“IP”) address, URL of the site from which you came, browser type and version, the pages of our site that you visit, the time and date of your visit, the time spent on those pages, the devices used to access the Service, and other traffic data

How can we use your personal data and on what legal bases?

Performance of a contract

The main purpose of the personal data processing is to make an offer and conclude an agreement and to document, manage and carry out the tasks specified in the agreement. Examples of tasks related to the performance of a contract:

  • Performance of co-operation agreement, an employment agreement or an agreement concerning the transmission of orders and the performance of its terms and obligations.
  • Customer service and other interaction during the contractual period

Statutory obligation

In addition to the performance of a contract, compliance with the obligations laid down in the law, regulations and decisions issued by authorities requires us to process personal data. Examples of statutory obligations that require the processing of personal data:

  • Accounting
  • Tax regulations

Legitimate interest

Moreover, Hypermemo has a legitimate interest to process personal data for customer communications and in connection with marketing, product, and customer analyses. This allows us to improve products and services provided to the customers.


In certain situations, we ask for your consent to process your personal data. The consent request contains information on the processing of such data. If you have given your consent to the processing of your personal data, you also have the right to withdraw your consent.

Automated decision-making and profiling

Automated decision-making means making decisions based solely on automated processing of personal data. Currently we don’t use any automated decision-making.

Profiling means automated processing of personal data, involving, for example, the anticipation of a person’s areas of interest or behavior. We may use profiling to target direct marketing. In targeting direct marketing, we use customer information and information obtained from the use of our website. The targeting of online advertising is based on website visitor data: visitors can be shown, for example, advertisements on products and services related to pages they have visited earlier.

To whom we can share personal data?

We share your data in the following circumstances:

  • Our third-party vendors, who provide us with IT (including cloud-based) services may need to process your data. All such third parties are operating under contract and acting on behalf of us.
  • We may share your data in accordance with applicable law or in response to a legal process or request from a competent authority according to applicable laws or in connection with a legal proceeding or process.
  • Your data may also be disclosed as part of a merger, acquisition, sale of assets (such as service agreements), or transfer of services to another group entity or another company.

When transferring and disclosing your data outside the EU/EEA, where the local law may not provide the same level of protection, we shall comply with applicable legal requirements for providing adequate safeguards to such transfers by incorporating the European Commission’s Standard Contractual Clauses (SCC).

How Long Do We Store Them?

We will only retain your data as long as is necessary for the performance of the contract and as long as required by the provisions laid down by laws and regulations concerning the retention of the data. If we retain your data for purposes other than the performance of a contract, such as accounting and the fulfillment of the tax requirements, we will retain the data only if it is necessary for that purpose and/or provided for by law and regulations.

Changes to this Privacy Statement

From time to time we may change this Privacy Statement.  We encourage you to regularly check for the latest version of this Statement.

What are Your Rights as a Data Subject?

  • Request access to your personal data.
  • Request correction of incorrect or incomplete data.
  • Request erasure
  • Limitation of processing of personal data.
  • Object to processing based on our legitimate interest.
  • Data portability

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

How to use your rights?

Data controller is Hypermemo. If you have any questions or concerns regarding our privacy Statement and how we process your personal data, you can always contact us via email at

You can also lodge a complaint or contact the local data protection authority. For more information, see for example