DATA CONTROLLER OR PROCESSOR
BoardClic AB (“BoardClic”) is classified as data controller for the processing of your personal data, provided that you have not entered into an license agreement with us and are using our services, in which case, BoardClic is classified as data processor for the processing of your personal data.
BoardClic AB, 559152-7063
Birger Jarlsgatan 18
SE-114 34 Stockholm
Telephone: +46 70 606 63 64
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
Personal data is all data that relates to an identified or identifiable physical person. This includes for example, name, age, address, telephone number, IP-address and user behavior. Data that cannot be related to you as a person does not constitute personal data.
The processing of personal data must always be based on a specific purpose and have legal support – a so called legal basis. A legal basis may, for example, be the treatment to fulfil an agreement, consent or legitimate interests pursued by the data controller. Personal data should only be processed during the time it is necessary to fulfil the purpose of the treatment.
OUR PROCESSING OF PERSONAL DATA
Visiting the website
When you visit our website, data is automatically collected from the call-off computer system. Temporary storage of this information is necessary for us to provide our website to you, and the legal basis of the processing is our legitimate interest in this. The data is deleted when the purpose of the treatment has been achieved. Information processed to make our website available to you is only stored during the time you visit the website.
Data that is being processed is: IP-address, internet operator, operating system, device type, date and time for access, location.
Registration as a licensee
Licensees may register and, in connection with the registration, submit personal data to us. The purpose of the processing is to be able to provide our services and enable the licensee to utilise our services. This information is processed based on the agreement we have with you made in connection with the registration. The information is processed during the time the licensee is registered and for a period of five years after de-registration takes place.
Data that is being processed is: name, username, e-mail and company affiliation.
Usage of our services
By the usage of our services, we process personal data about board members or other executives of the company to which the service relates, as personal data processor. Information and consent from board members or other executives for the processing of the personal data is obtained by the user. Companies that are users of our services are data controllers for the processing of this data. We only process the information based on the instructions of the person who is data controller for personal data and in accordance with the License Agreement General Terms & Conditions, and specific instructions from the data controller.
Data that is being processed is: name, user name, e-mail address, roles, competencies, company affiliation and the responses stated on the form or survey by the registered subject.
When using our services, we do not request so-called special categories of personal data, however, please note that users may enter this personal data to us by choice as replies in a form.
Processing of personal data is the same for users to customers who only try our services, as for users to customers who are licensees.
DATA SECURITY AND BACK-UP
We use Heroku EU as the infrastructure for the product. It’s a secure cloud services platform. Heroku’s physical infrastructure has been accredited under ISO 27001, 27017, 27018, SOC 2, PCI Level 1, HIPAA. On top of Heroku’s infrastructure, we have built extra layers to ensure the applications and data are protected and always accessible. Apart from security controls, we have also built data redundancy by running daily backups (retained up to 4 weeks).
We apply secure coding practices and ensure the app is at least being covered against the OWASP Top 10 (Most Critical Web Application Security Risks). The code undergoes frequent third-party security assessment tools to catch security bugs.
Only authorised employees/consultants have access to our production infrastructure. All the key authentication information is protected by two-factor authentication.
PROCESSING OF DATA OUTSIDE THE EU / EEA
If your personal data is processed outside of the EU/EEA, we ensure, for example through contract terms, that the processing meets a sufficient level of protection or that we obtain your consent for the processing. Your personal data will be processed within the EU/EEA. Your data may come to be processed in the US, unless specifically requested by you.
AUTOMATED DECISIONS INCLUDING PROFILING
For the usage of our services, we may use automated decisions and profiling. In the case of automated decisions and profiling, we will obtain consent in connection with the collection of your personal data.
BoardClic may come to use sub-processors for the processing of your personal data. When using sub-processors, we will ensure that the sub-processors are required to process your personal data in accordance with our instructions and in accordance with this policy. We are currently using the following sub-processors:
We use Heroku as the production environment for hosting the Boardclic application. You can read more about Heroku and their processes for handling personal data through the following link: https://www.heroku.com/policy/security
Amazon Web Services
We use Amazon Web Services EU for transactional email service. You can read more about Amazon Web Services and their processes for handling personal data through the following link: https://aws.amazon.com/privacy/
We use Google Analytics for tracking and analyzing user behaviour. You can read more about Google Analytics and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/us.html
Google Tag Manager
We use Google Tag Manager for managing and deploying marketing tags. You can read more about Google Tag Manager and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/tag-manager/
We use Hotjar for tracking and analyzing user behaviour on our web application. You can read more about Hotjar and their processes for handling personal data through the following link: https://www.hotjar.com/legal/policies/privacy
We use Mixpanel to track and analyze user behaviour on our web application. You can read more about Mixpanel and their processes for handling personal data through the following link: https://mixpanel.com/legal/terms-of-use/
As a registered person you have following rights regarding the processing of your personal data.
- You have the right to request information about the processing of your personal data. The information may include the purposes of the processing, categories of personal data and anticipated period of time for which the data will be stored.
- You have the right to have incorrect information deleted or corrected.
- Under certain conditions you have the right to have your information deleted.
- Under certain conditions you have the right to limit the processing of your personal data.
- You have the right to obtain the personal data you have provided to BoardClic in a structured, generally used and machine-readable format.
- You have the right to have your personal data transferred to another data controller.
- You have the right to object to processing based on a legitimate interest.
If you are displeased with how we process your personal data, you are welcome to contact us at the following address
Birger Jarlsgatan 18
SE-114 34 Stockholm
Telephone: +46 70 781 78 28
You also have the right to lodge complaints to a supervisory authority. The responsible supervisory authority in Sweden is:
104 20 Stockholm
Telephone: 08-657 61 00
Fax: 08-652 86 52
Cookies are small text files that are sent to your computer from a website. The text files store information about your use of the site. According to the Electronic Communications Act (2003:389), data can be retrieved from or stored in a user’s terminal only if the user gives consent to the processing and is given information about the purpose of the processing.
PURPOSE OF USE
Cookies are also used to collect statistics on how our visitors use the website. The statistics are used to improve the website and to develop our services.
FOR HOW LONG ARE COOKIES STORED
There are permanent cookies and session cookies. Session cookies are stored during the time you have your browser open and disappear when you close said browser. Permanent cookies are stored on your computer and can be saved for a long time and allow the website to recognise you as a user.
BoardClic uses web-analytics cookies and so-called monitoring cookies.
Third-party cookies mean that the cookie comes from another party other than the one responsible for the website. Third-party cookies are normally used for statistics and advertising. BoardClic uses the following third-party cookies:
- Google Analytics
- Google Tag Manager
PERSONAL DATA PROCESSING