We process data on behalf of the organisation you are employed by or the organisation that is providing the service for you.
When processing your personal data your employer or service provider is the data controller and we are the data processor. The obligation to provide a privacy notice resides with the controller.
The basis for processing your personal data is grounded in a so called legitimate interest when we are setting up the service for you. If you are employed in the public sector in Sweden the legal ground is that the processing is necessary for the performance of a task carried out in the public interest. As an additional legal ground we also rely on consent, see below.
The first time you log in to the service you will be asked to give your consent. You can withdraw your consent whenever you want, by going to your preferences and withdrawing the consent. By doing this, all of your personal data will be deleted but answers given in surveys and mappings will be kept as anonymous information.
Types of personal data that we collect
All of the data we collect is connected to the provision of the service and its functions:
Under legitimate interest or public interest:
- Your name and your e-mail address
Technical information, to make the service work as well as possible for you:
- IP address
- What web browser and device you are using
Information that you choose to contribute yourself:
Information that you give specific consent to:
- Profile picture
- Answers to surveys and mappings
- Personal posts
- Access to images on your mobile device
A cookie is a small text file that is saved to your computer/mobile device.
We use two types of cookies.
Session cookie. To let you be logged in. This disappears from your computer when you close your browser.
Stay logged in cookie. Makes sure you are logged in for as long as you want to be.
You can choose to disable or remove cookies, which will decrease the functionality of the service.
All web browsers are different. Search your browser’s help function for information regarding how to change cookie preferences.
How we handle your personal data and data retention
When we engage processors we take actions to ensure that personal data is only processed according to this policy:
- All personal data is processed according to the current Data Protection Regulation (2016/679).
- All personal data is processed in a secure way, e.g. encrypted.
- Only persons who are authorised and needed for providing and supporting the services have access to personal data.
- We do not transfer data to any other country or any other party or organisation that has no connection with the service. This is in exception to if we are required to, by law or authority decision, for example in the case of a criminal investigation.
- The data is stored for as long as you are a user of the service and will be automatically deleted within 12 months after your user or the service has been deregistered. Answers to surveys and mappings become anonymous for statistical purposes.
You have a number of rights concerning your personal data:
- You have a right to access your data. Therefore, you may request a transcript of records if you would like to know and verify your personal data stored and processed by us.
- We take all reasonable steps to ensure that your personal data is correct and up-to-date. You have the right to rectify inaccurate or incomplete information about yourself. If you believe that your personal data stored by us is incorrect, please notify us and provide us with the correct data.
- You have the right to request the deletion of your personal data insofar as this personal data is no longer necessary for the purpose it was collected (“right to be forgotten”).
- You have the right to object to our processing of your personal data. The effect may be that you are no longer able to use our services. If you object, we will stop the processing of your personal data.
- You have a right to data portability.
You also have the right to lodge a complaint with a supervisory authority. In Sweden this is Datainspektionen, www.datainspektionen.se
To claim any of these rights, contact your data controller. If the service is provided as part of an employment, this is your employer, otherwise it is the service provider.
We use adequate technical and organizational security measures to ensure that your personal data is not misused, lost or unlawfully accessed. We only give access to your personal data to those employees and third parties who require it to provide our services. When you use the service, personal data provided by you will be encrypted.
You can reach us here:
Olof Palmes gata 23
111 22 Stockholm