Privacy and cookie policy

When you visit our website or use any of our services, we may come to process your personal data. The processing of personal data within the EU is regulated in the general data protection regulation (2016/679). In this privacy policy we will describe how we process your personal data and what rights you have as a registered user.

 

DATA CONTROLLER OR PROCESSOR

BoardClic AB (“BoardClic”) is classified as data controller for the processing of your personal data, provided that you have not entered into an license agreement with us and are using our services, in which case, BoardClic is classified as data processor for the processing of your personal data.

BoardClic AB, 559152-7063
Birger Jarlsgatan 18
SE-114 34 Stockholm
Telephone: +46 70 606 63 64
E-mail: info@boardclic.com

 

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

Personal data is all data that relates to an identified or identifiable physical person. This includes for example, name, age, address, telephone number, IP-address and user behavior. Data that cannot be related to you as a person does not constitute personal data.

The processing of personal data must always be based on a specific purpose and have legal support – a so called legal basis. A legal basis may, for example, be the treatment to fulfil an agreement, consent or legitimate interests pursued by the data controller. Personal data should only be processed during the time it is necessary to fulfil the purpose of the treatment.

 

OUR PROCESSING OF PERSONAL DATA

Visiting the website

When you visit our website, data is automatically collected from the call-off computer system. Temporary storage of this information is necessary for us to provide our website to you, and the legal basis of the processing is our legitimate interest in this. The data is deleted when the purpose of the treatment has been achieved. Information processed to make our website available to you is only stored during the time you visit the website.

Data that is being processed is: IP-address, internet operator, operating system, device type, date and time for access, location.

Registration as a licensee

Licensees may register and, in connection with the registration, submit personal data to us. The purpose of the processing is to be able to provide our services and enable the licensee to utilise our services. This information is processed based on the agreement we have with you made in connection with the registration. The information is processed during the time the licensee is registered and for a period of five years after de-registration takes place.

Data that is being processed is: name, username, e-mail and company affiliation.

Usage of our services

By the usage of our services, we process personal data about board members or other executives of the company to which the service relates, as personal data processor. Information and consent from board members or other executives for the processing of the personal data is obtained by the user. Companies that are users of our services are data controllers for the processing of this data. We only process the information based on the instructions of the person who is data controller for personal data and in accordance with the License Agreement General Terms & Conditions, and specific instructions from the data controller.

Data that is being processed is: name, user name, e-mail address, roles, competencies, company affiliation and the responses stated on the form or survey by the registered subject.

When using our services, we do not request so-called special categories of personal data, however, please note that users may enter this personal data to us by choice as replies in a form.

Processing of personal data is the same for users to customers who only try our services, as for users to customers who are licensees.

DATA SECURITY AND BACK-UP

BoardClic has taken technical and organisational security measures to ensure that your personal data is processed safely and in accordance with this Privacy Policy.

  1. Infrastructure.

    We use Heroku EU as the infrastructure for the product. It’s a secure cloud services platform. Heroku’s physical infrastructure has been accredited under ISO 27001, 27017, 27018, SOC 2, PCI Level 1, HIPAA. On top of Heroku’s infrastructure, we have built extra layers to ensure the applications and data are protected and always accessible. Apart from security controls, we have also built data redundancy by running daily backups (retained up to 4 weeks).

  2. The application.

    We apply secure coding practices and ensure the app is at least being covered against the OWASP Top 10 (Most Critical Web Application Security Risks). The code undergoes frequent third-party security assessment tools to catch security bugs.

  3. Internal process.

    Only authorised employees/consultants have access to our production infrastructure. All the key authentication information is protected by two-factor authentication.

 

PROCESSING OF DATA OUTSIDE THE EU / EEA

If your personal data is processed outside of the EU/EEA, we ensure, for example through contract terms, that the processing meets a sufficient level of protection or that we obtain your consent for the processing. Your personal data will be processed within the EU/EEA. Your data may come to be processed in the US, unless specifically requested by you.

 

AUTOMATED DECISIONS INCLUDING PROFILING

For the usage of our services, we may use automated decisions and profiling. In the case of automated decisions and profiling, we will obtain consent in connection with the collection of your personal data.

 

SUB-PROCESSORS

BoardClic may come to use sub-processors for the processing of your personal data. When using sub-processors, we will ensure that the sub-processors are required to process your personal data in accordance with our instructions and in accordance with this policy. We are currently using the following sub-processors:

 

Heroku

We use Heroku as the production environment for hosting the Boardclic application. You can read more about Heroku and their processes for handling personal data through the following link: https://www.heroku.com/policy/security

Amazon Web Services

We use Amazon Web Services EU for transactional email service. You can read more about Amazon Web Services and their processes for handling personal data through the following link: https://aws.amazon.com/privacy/

Google Analytics

We use Google Analytics for tracking and analyzing user behaviour. You can read more about Google Analytics and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/us.html

Google Tag Manager

We use Google Tag Manager for managing and deploying marketing tags. You can read more about Google Tag Manager and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/tag-manager/

Hotjar

We use Hotjar for tracking and analyzing user behaviour on our web application. You can read more about Hotjar and their processes for handling personal data through the following link: https://www.hotjar.com/legal/policies/privacy

Mixpanel

We use Mixpanel to track and analyze user behaviour on our web application. You can read more about Mixpanel and their processes for handling personal data through the following link: https://mixpanel.com/legal/terms-of-use/

 

YOUR RIGHTS

As a registered person you have following rights regarding the processing of your personal data.

  • You have the right to request information about the processing of your personal data. The information may include the purposes of the processing, categories of personal data and anticipated period of time for which the data will be stored.
  • You have the right to have incorrect information deleted or corrected.
  • Under certain conditions you have the right to have your information deleted.
  • Under certain conditions you have the right to limit the processing of your personal data.
  • You have the right to obtain the personal data you have provided to BoardClic in a structured, generally used and machine-readable format.
  • You have the right to have your personal data transferred to another data controller.
  • You have the right to object to processing based on a legitimate interest.

     

    COMPLAINTS

    If you are displeased with how we process your personal data, you are welcome to contact us at the following address

    BoardClic AB
    559152-7063
    Birger Jarlsgatan 18
    SE-114 34 Stockholm
    Telephone: +46 70 781 78 28
    E-mail: info@boardclic.com

    You also have the right to lodge complaints to a supervisory authority. The responsible supervisory authority in Sweden is:

    Datainspektionen
    Box 8114
    104 20 Stockholm
    Telephone: 08-657 61 00
    Fax: 08-652 86 52
    E-mail: datainspektionen@datainspektionen.se
    Website: www.datainspektionen.se

     

    USE OF COOKIES

    Cookies are small text files that are sent to your computer from a website. The text files store information about your use of the site. According to the Electronic Communications Act (2003:389), data can be retrieved from or stored in a user’s terminal only if the user gives consent to the processing and is given information about the purpose of the processing.

     

    PURPOSE OF USE

    BoardClic uses cookies to make the website more efficient and user-friendly for visitors by, for example, storing settings that they set on the website. Data that we store may include language and login information.

    Cookies are also used to collect statistics on how our visitors use the website. The statistics are used to improve the website and to develop our services.

     

    FOR HOW LONG ARE COOKIES STORED

    There are permanent cookies and session cookies. Session cookies are stored during the time you have your browser open and disappear when you close said browser. Permanent cookies are stored on your computer and can be saved for a long time and allow the website to recognise you as a user.

    BoardClic uses web-analytics cookies and so-called monitoring cookies.

     

    THIRD-PARTY COOKIES

    Third-party cookies mean that the cookie comes from another party other than the one responsible for the website. Third-party cookies are normally used for statistics and advertising. BoardClic uses the following third-party cookies:

    • Google Analytics
    • Google Tag Manager
    • Hotjar
    • Mixpanel

    DENY THE USE OF COOKIES

    Your browser can be set to automatically deny the use of cookies. Through your browser, previously stored cookies can also be deleted. If you refuse to use cookies, your website experience may deteriorate and this may mean that you do not have access to all pages and functions.

     

    PERSONAL DATA PROCESSING

    For information on how we process personal data, see our privacy policy above.