Coursio Logo Watermark
Data Protection

GDPR Compliance

Last updated: May 15, 2018

Our Commitment to Personal Data Protection

Coursio knows that personal integrity is important to our customers, vendors, and website visitors, and our goal of this policy is to clearly and transparently describe how we collect, use, display, transfer, and store your personal data to make you feel confident that we handle your personal data in a legal and secure manner.

All our handling of personal data is in accordance with the General Data Protection Regulation (2016/679) and other applicable privacy laws.

Personal Data Controller

Coursio AB, corp. ID 556751-3212, Tegnérgatan 1 SE-111 40 Stockholm, Sweden, info@coursio.com, ("the Company"), is the personal data controller and responsible for ensuring that the processing of your personal data is carried out in accordance with applicable privacy laws.

If you have any questions or would like additional information about the processing of your personal data, please contact: Christoffer Elings-Pers, info@coursio.com

What is Personal Data?

Personal data includes all type of information that can be directly or indirectly attributed to a physical person who is alive. Examples of personal data are names, personal ID numbers, e-mail addresses, and phone numbers. However, they can also include customer numbers, encrypted data, and various electronic identities, such as IP numbers, etc. if they can be linked to a physical person.

How We Collect Data About You

We collect personal data about you in several ways. They may, for example, be collected when you sign up to use one of our services, when you sign an agreement with us for the use of our services, or when you want to know more about our services via, for example, newsletters or demos. We may also collect data about you from your employer, if your employer is one of our customers or vendors.

What Personal Data About You Are Processed

We process the following personal data about you:

Customers

If you are a customer with us, we will process the following personal data about you:

  • name, e-mail address, address, and phone number
  • corporate/personal ID number

Vendors

If you are a vendor to us, we process the following personal data about you:

  • name, e-mail address, address, and phone number
  • corporate/personal ID number

Users/Students

If you participate in our training videos on our platform, we process the following personal data about you:

  • name and e-mail address

Purposes for Processing Your Personal Data

Processing of your personal data takes place for the following purposes:

  • in order for us to provide, perform, and improve our services to you
  • in order for us to fulfil our obligations under applicable laws and regulations, such as required reporting
  • in order for us to communicate and send marketing materials and other information about our services to you

Legal Basis for Processing

The legal bases for our processing of your personal data are:

  • that processing is necessary in order for us to fulfil our agreement with you or your employer
  • that processing is necessary in order for us to fulfil our legal obligations, such as required reporting
  • your consent to process your personal data for communication and marketing purposes

Your personal ID number is processed to obtain a secure identification.

Marketing

We may process your personal data to market and inform you of our services. You may notify us at any time if you no longer wish to receive marketing information by unsubscribing from mailings in a current e-mail.

Who May Access Your Personal Data

The Company's starting point is to not disclose your personal data to third parties. However, in certain situations it will be necessary. Your personal data may, for example, be disclosed to vendors with which the Company works in order for them to perform the services we depend on to run our business and provide our services to you.

This mainly concerns the following vendors:

Google

We use Google's products and system services for our internal work. This means that your personal data will be processed by Google, which we have contracted as a personal data processor. Personal data is stored by Google in a cloud service within the EU.

Vendors and IT providers

We use a number of different IT services and IT systems in our business. In some of these, personal data are stored and handled. We care about your privacy and the security of your personal data in all such handling. Some systems are installed locally with us and only our staff has access to the data. In these cases, no transfer takes place to third parties. However, some systems are cloud-based or installed with our vendor, which means that we transfer personal data to the vendor. In these cases, the vendor is our personal data processor and handles data on our behalf and according to our instructions. Some of the vendors we use include Digital Ocean, Scrive, and Intercom.

Internal IT systems

Internally, we handle personal data in our Pipe Drive and Planhat. These systems are used to provide the services you order from us and to handle queries and customer care in connection with the performance of such services. All personal data collected by us may be processed in these systems.

Payment solutions

We use external providers to handle payments. These providers gain access to personal data in the form of names, addresses, and payment information. This handling is necessary in order for us to provide the services you order from us. We currently work with Klarna and Stripe.

Marketing services

We use external providers such as Mailchimp to send marketing and information about our services to you by e-mail. These providers gain access to personal data in the form of e-mail addresses and names.

Furthermore, we process customer and vendor information via the system PE Accounting. Other internal systems include Trello and Zendesk as well as marketing through social media, such as Facebook, Twitter, and Instagram.

The Company always takes appropriate steps to ensure that the recipients of your personal data do not process them for purposes other than those set out in this appendix, and that processing is carried out in a secure manner.

Where We Process Your Personal Data

Our goal is to make sure that processing of your personal data takes place within the EU/EEA. However, in some cases, for example because we use cloud service providers, your personal data may be transferred to and processed in a country outside the EU/EEA.

If your personal data are processed outside the EU/EEA, we will take all reasonable legal, technical, and organisational steps required to ensure that your personal data are handled and protected in an adequate manner, comparable to the protection offered within the EU/EEA.

How Long We Save Your Personal Data

The Company will process your personal data as long as the contractual relationship exists and then as long as processing is necessary in order to fulfil the purpose of the processing.

  • Customer and vendor information: we retain data for 7 years after termination of the agreement
  • Students or course participants: data is erased 5 years after the last active course on the account
  • Training materials: erased within 2 years of termination of the agreement
  • Maximum retention: your personal data will be retained for a maximum of 10 years from the termination of the agreement. After that, the data will be erased.

Your Rights

Under the General Data Protection Regulation and Swedish law, you have the following rights with respect to your personal data:

Right of access - You have the right to request confirmation of how and what personal data we process about you, as well as to obtain a copy of the data at no charge.
Right to rectification - You have the right to request that inaccurate data be corrected at no charge. Corrections must be made without unnecessary delays. You also have the right to request to complete incomplete information about you.
Right to erasure (right to be forgotten) - Under certain circumstances, you have the right to request to have your personal data erased. However, this right does not apply if the Company is able to demonstrate particularly important reasons against erasure.
Right to restriction of processing - In certain situations, you have the right to request a restriction of processing of your personal data, such as during the time when the Company examines whether personal data about you are inaccurate.
Right to data portability - You have the right to obtain the personal data about you that you have provided to the Company. You also have the right to demand that the Company facilitates the transfer of your data to another party.
Right to object - In certain situations, you have the right to object to our processing of your personal data. However, this right does not apply if the Company is able to demonstrate particularly important reasons for continuing the processing. In terms of objecting to marketing, that right is absolute.

Cookies

Cookies are used on the Company's website. Cookies are small text files stored on the visitor's computer and used to improve your website experience, its functionality, and to analyse how the website is used. For more information on how we use cookies, please visit our privacy policy page.

In your browser settings, you can choose to not allow websites to save and read data in cookies. You can also choose to delete previously stored cookies in your browser. If you choose to restrict the use of cookies on our website, it may affect your experience and its functionality.

Amendments to the Privacy Policy

We keep this privacy policy constantly updated. Updates to the privacy policy will be available on this website. This privacy policy was last updated on 15/5/2018.

Complaints

We always strive to process your personal data in a legal and secure manner in accordance with applicable legislation. If you have any questions or concerns regarding our processing of your personal data, please contact Christoffer Elings-Pers, info@coursio.com.

If you believe that we are processing your personal data in violation of applicable law, you may file a complaint with the Swedish Data Protection Authority.

Learn more about how to file a complaint with the Swedish Data Protection Authority at www.datainspektionen.se.