GDPR Compliance
Last updated: May 15, 2018
Our Commitment to Personal Data Protection
Coursio knows that personal integrity is important to our customers, vendors, and website visitors, and our goal of this policy is to clearly and transparently describe how we collect, use, display, transfer, and store your personal data to make you feel confident that we handle your personal data in a legal and secure manner.
All our handling of personal data is in accordance with the General Data Protection Regulation (2016/679) and other applicable privacy laws.
Personal Data Controller
Coursio AB, corp. ID 556751-3212, Tegnérgatan 1 SE-111 40 Stockholm, Sweden, info@coursio.com, ("the Company"), is the personal data controller and responsible for ensuring that the processing of your personal data is carried out in accordance with applicable privacy laws.
If you have any questions or would like additional information about the processing of your personal data, please contact: Christoffer Elings-Pers, info@coursio.com
What is Personal Data?
Personal data includes all type of information that can be directly or indirectly attributed to a physical person who is alive. Examples of personal data are names, personal ID numbers, e-mail addresses, and phone numbers. However, they can also include customer numbers, encrypted data, and various electronic identities, such as IP numbers, etc. if they can be linked to a physical person.
How We Collect Data About You
We collect personal data about you in several ways. They may, for example, be collected when you sign up to use one of our services, when you sign an agreement with us for the use of our services, or when you want to know more about our services via, for example, newsletters or demos. We may also collect data about you from your employer, if your employer is one of our customers or vendors.
What Personal Data About You Are Processed
We process the following personal data about you:
Customers
If you are a customer with us, we will process the following personal data about you:
- name, e-mail address, address, and phone number
- corporate/personal ID number
Vendors
If you are a vendor to us, we process the following personal data about you:
- name, e-mail address, address, and phone number
- corporate/personal ID number
Users/Students
If you participate in our training videos on our platform, we process the following personal data about you:
- name and e-mail address
Purposes for Processing Your Personal Data
Processing of your personal data takes place for the following purposes:
- in order for us to provide, perform, and improve our services to you
- in order for us to fulfil our obligations under applicable laws and regulations, such as required reporting
- in order for us to communicate and send marketing materials and other information about our services to you
Legal Basis for Processing
The legal bases for our processing of your personal data are:
- that processing is necessary in order for us to fulfil our agreement with you or your employer
- that processing is necessary in order for us to fulfil our legal obligations, such as required reporting
- your consent to process your personal data for communication and marketing purposes
Your personal ID number is processed to obtain a secure identification.
Marketing
We may process your personal data to market and inform you of our services. You may notify us at any time if you no longer wish to receive marketing information by unsubscribing from mailings in a current e-mail.
Who May Access Your Personal Data
The Company's starting point is to not disclose your personal data to third parties. However, in certain situations it will be necessary. Your personal data may, for example, be disclosed to vendors with which the Company works in order for them to perform the services we depend on to run our business and provide our services to you.
This mainly concerns the following vendors:
We use Google's products and system services for our internal work. This means that your personal data will be processed by Google, which we have contracted as a personal data processor. Personal data is stored by Google in a cloud service within the EU.
Vendors and IT providers
We use a number of different IT services and IT systems in our business. In some of these, personal data are stored and handled. We care about your privacy and the security of your personal data in all such handling. Some systems are installed locally with us and only our staff has access to the data. In these cases, no transfer takes place to third parties. However, some systems are cloud-based or installed with our vendor, which means that we transfer personal data to the vendor. In these cases, the vendor is our personal data processor and handles data on our behalf and according to our instructions. Some of the vendors we use include Digital Ocean, Scrive, and Intercom.
Internal IT systems
Internally, we handle personal data in our Pipe Drive and Planhat. These systems are used to provide the services you order from us and to handle queries and customer care in connection with the performance of such services. All personal data collected by us may be processed in these systems.
Payment solutions
We use external providers to handle payments. These providers gain access to personal data in the form of names, addresses, and payment information. This handling is necessary in order for us to provide the services you order from us. We currently work with Klarna and Stripe.
Marketing services
We use external providers such as Mailchimp to send marketing and information about our services to you by e-mail. These providers gain access to personal data in the form of e-mail addresses and names.
Furthermore, we process customer and vendor information via the system PE Accounting. Other internal systems include Trello and Zendesk as well as marketing through social media, such as Facebook, Twitter, and Instagram.
The Company always takes appropriate steps to ensure that the recipients of your personal data do not process them for purposes other than those set out in this appendix, and that processing is carried out in a secure manner.
Where We Process Your Personal Data
Our goal is to make sure that processing of your personal data takes place within the EU/EEA. However, in some cases, for example because we use cloud service providers, your personal data may be transferred to and processed in a country outside the EU/EEA.
If your personal data are processed outside the EU/EEA, we will take all reasonable legal, technical, and organisational steps required to ensure that your personal data are handled and protected in an adequate manner, comparable to the protection offered within the EU/EEA.
How Long We Save Your Personal Data
The Company will process your personal data as long as the contractual relationship exists and then as long as processing is necessary in order to fulfil the purpose of the processing.
- Customer and vendor information: we retain data for 7 years after termination of the agreement
- Students or course participants: data is erased 5 years after the last active course on the account
- Training materials: erased within 2 years of termination of the agreement
- Maximum retention: your personal data will be retained for a maximum of 10 years from the termination of the agreement. After that, the data will be erased.
Your Rights
Under the General Data Protection Regulation and Swedish law, you have the following rights with respect to your personal data:
Cookies
Cookies are used on the Company's website. Cookies are small text files stored on the visitor's computer and used to improve your website experience, its functionality, and to analyse how the website is used. For more information on how we use cookies, please visit our privacy policy page.
In your browser settings, you can choose to not allow websites to save and read data in cookies. You can also choose to delete previously stored cookies in your browser. If you choose to restrict the use of cookies on our website, it may affect your experience and its functionality.
Amendments to the Privacy Policy
We keep this privacy policy constantly updated. Updates to the privacy policy will be available on this website. This privacy policy was last updated on 15/5/2018.
Complaints
We always strive to process your personal data in a legal and secure manner in accordance with applicable legislation. If you have any questions or concerns regarding our processing of your personal data, please contact Christoffer Elings-Pers, info@coursio.com.
If you believe that we are processing your personal data in violation of applicable law, you may file a complaint with the Swedish Data Protection Authority.
Learn more about how to file a complaint with the Swedish Data Protection Authority at www.datainspektionen.se.