Mirum Agency Oy (“we ”, “our” or “us”) is committed to ensuring that your personal data is processed in accordance with applicable data protection laws, properly protected and never misused. We take responsibility for the personal information we collect about you, and we aim to be transparent about how we process it, and give you control over it.


 This privacy policy explains in specific:


  • what personal data we collect;
  • for what purposes we collect and process your personal data;
  • how and for how long we process your personal data;
  • to whom and where we may transfer and disclose personal data;
  • the rights and controls you have over your personal data as the data subject; and
  • the procedures that we have in place to protect the privacy and security of your personal data.


This privacy policy applies to the personal data we collect through our website and also at possible later stage during registration process.


We may update this privacy policy from time to time, for example, due to changes in applicable data protection laws. We aim to provide reasonable means to inform you of any possible changes and their effects in due time beforehand. Therefore, we advise you to review this privacy policy always after becoming aware of any changes made to it.


Data controller and contact

Mirum Agency Oy is the data controller in relation to the processing of your personal data we describe in this privacy policy.


If you have any questions, comments, requests or concerns about any aspect of this policy or how we process your personal data in relation to our website or the recruitment process, please email us at, and we are happy to assist you with your request.


What kind of personal data we process?

When you sign up for a webinar with Think Good Thoughts (, we collect and process, your basic contact information, such as, name and email address. In addition, we process data about the events you have signed up and/or participated.


We get your personal data and other information mainly from you directly or, based on your consent, from our trusted partners during the registration process (Eventbrite, Zoom).


Please note that should you not wish to provide us with the personal data and information we request, you may not be able to participate in the webinar discussions as an attendee.


For what purposes is your personal data processed and on what legal basis?

We use your personal data collected during the registration process only for purposes that are necessary for ensuring the smooth running of the webinars (e.g counting how many attendees will be present).


Below we have detailed the legal bases on which the processing of your personal data takes place:

  • Our legitimate interest: We process your personal data and information based on our legitimate interest. Think Good Thoughts has the mission of spreading knowledge and inspiration for as many people from the creative industry as possible. We have assessed that the personal data we collect and process during the webinar registration process is customary for its purpose and, having regard to the mutually beneficial interest between Think Good Thoughts and you as an individual gaining knowledge, our interest does not jeopardise your interests or rights in your personal data.


For how long is your personal data processed?

The personal data of webinar attendees will be stored for the duration of the Think Good Thoughts process, but no longer than 36 months.


To whom and where do we transfer or disclose your personal data?

We do not transfer or disclose your personal data to any third parties, unless we have your consent to do so. However, please note that other participants of the event may see your personal information during the event.


Our partners, such as Eventbrite, may process data outside EU/EEA area. When transferring personal data outside EU/EEA area, we make sure that the transfer is made by using the mechanisms laid down by the applicable legislation, such as the Privacy Shield certification or the Standard Contractual Clauses approved by the European Commission.


What rights do you have as a data subject?

You have the right as a data subject at any time to:

  • request confirmation whether or not your personal data is processed, and if that is the case, access to your personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of your personal data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise;
  • where your personal data is processed because of our legitimate interest, object to such processing. In that case, we shall not process your personal data, unless we can demonstrate compelling legitimate grounds to resume processing (and those grounds override your interests, rights and freedoms), or we need to process your personal data for the establishment, exercise or defense of legal claims;
  • request that we delete your personal data where, for example, the personal data is no longer necessary for the purposes it was originally collected, our processing of your personal data is based solely upon your consent, and you withdraw your consent or we are relying on the legal basis of legitimate interest to process your personal data;
  • restrict our processing of your personal data, for example, in situations where we no longer need your personal data for the purposes it was originally collected, but you require the personal data for the establishment, exercise or defense of legal claims or where the processing is unlawful, and instead of asking us to delete your personal data you request that we restrict our use of it; or
  • request a machine-readable copy of your personal data processed on the basis of your consent or an agreement, and which you have provided to us.


Please note that objecting to the processing or the deletion of your personal data may lead to a situation where it is not possible for you to participate in the webinar discussions.


Please also note that if you withdraw your consent, it shall not affect the lawfulness of the processing of your personal data based on your consent before your withdrawal. You may withdraw your consent by contacting us at


You should present your request for exercising any of your above-mentioned rights by contacting us at Please be advised that in some cases we may need to request additional information from you in order to, for example, verify that you are the person you claim to be. We may refuse to fulfil your request on grounds set out in applicable data protection laws.


You also have the right to lodge complaints pertaining to the processing of your personal data to the competent data protection authority if so provided under applicable data protection laws. The contact details of all data protection authorities of the European Union’s member states can be found on the European Commission’s website.


What data security measures do we use?

We use a variety of technical and organisational security measures to secure your personal data in accordance with applicable data protection laws. We are committed to protecting the security of the personal data you share with us. Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes and sufficient training of our personnel involved in the processing as well as other necessary measures.  Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your personal data.