When you visit our website or use any of our services, we may come to handle your personal data. The handling of personal data within the EU is regulated in the general data protection regulation (2016/679). In this privacy policy we will describe how we process your personal data and what rights you have as a registered user.

DATA CONTROLLER

BoardClic AB ( “BoardClic”) is classed as data controller for the processing of your personal data.

BoardClic AB
559152-7063
Grev Turegatan 18
114 46 Stockholm
Telephone: +46 70 606 63 64
E-mail: info@boardclic.com

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

Personal data is all data that relates to an identified or identifiable physical person. This includes, for example, name, age, address, telephone numbers, IP-address and user behaviour. Data that cannot be related to you as a person does not constitute personal data.

 

The processing of personal data must always be based on a specific purpose and have legal support – a so called legal basis. A legal basis may, for example, be the treatment to fulfil an agreement, consent or legitimate interests pursued by the data controller. Personal data should only be processed during the time it is necessary to fulfil the purpose of the treatment.

OUR PROCESSING OF PERSONAL DATA

Visiting the website

When you visit our website, data is automatically collected from the call-off computer system. Temporary storage of this information is necessary for us to provide our website to you, and the legal basis of the processing is our legitimate interest in this. The data is deleted when the purpose of the treatment has been achieved. Information processed to make our website available to you is only stored during the time you visit the website.

 

Information that is being collected is: IP-address, internet operator, operating system, device type, date and time for access, location.

Registration as a licensee

Licensees may register and, in connection with the registration, submit personal data to us. The purpose of the processing is to be able to provide our services and enable the licensee to utilise our services. This information is processed based on the agreement we have with you made in connection with the registration. The information is processed during the time the licensee is registered and for a period of five years after de-registration takes place.

 

The information that is processed is: name, username, e-mail and company affiliation.

Usage of our services

By the usage of our services, we process personal data about board members or other executives of the company to which the service relates, as personal data assistants. Information and consent from board members or other executives is obtained by the user. Companies that are users of our services are data controllers for the processing of this data. We only process the information based on the instructions of the person who is data controller for personal data and in accordance with a personal data processing agreement.

 

Data that is being processed is: name, user name, e-mail address, roles, competencies, company affiliation and the responses stated on the form or survey by the registered subject.

 

Collected data may be supplemented by data that can be obtained through publicly available sources, for example via a search engine. When using our services, we do not request so-called special categories of personal data, however, please note that users may enter this personal data to us by choice as replies in a form.

 

Processing of personal data is the same for users to customers who only try our services, as for users to customers who are licensees.

DATA SECURITY AND BACK-UP

BoardClic has taken technical and organisational security measures to ensure that your personal data is processed safely and in accordance with this Privacy Policy.

  1. Infrastructure.

    We use Heroku EU as the infrastructure for the product. It’s a secure cloud services platform. Heroku’s physical infrastructure has been accredited under ISO 27001, 27017, 27018, SOC 2, PCI Level 1, HIPAA. On top of Heroku’s infrastructure, we have built extra layers to ensure the applications and data are protected and always accessible. Apart from security controls, we have also built data redundancy by running daily backups (retained up to 8 weeks).

  2. The application.

    We apply secure coding practices and ensure the app is at least being covered against the OWASP Top 10 (Most Critical Web Application Security Risks). The code undergoes frequent third-party security assessment tools to catch security bugs.

  3. Internal process.

    Only authorised employees/consultants have access to our production infrastructure. All the key authentication information is protected by two-factor authentication.

PROCESSING OF DATA OUTSIDE THE EU / EEA

If your personal data is processed outside of the EU / EEA, we ensure, for example through contract terms, that the processing meets a sufficient level of protection or to obtain your consent for the processing. Your personal data will be processed within the EU / EEA. Your data may come to be processed in the US, unless specifically requested by you.

AUTOMATED DECISIONS INCLUDING PROFILING

For the usage of our services, we may use automated decisions and profiling. In the case of automated decisions and profiling, we will obtain consent in connection with the collection of your personal data.

PERSONAL DATA ASSISTANTS

BoardClic may come to use processors for the processing of your personal data. When using processors, we will ensure that the processors are required to process your personal data in accordance with our instructions and in accordance with this Privacy Policy. We are currently using the following the processors:

Mailchimp

We use Mailchimp for the handling of newsletters to our customers.

You can read more about Mailchimp and their processes for handling personal data through the following link: https://mailchimp.com/about/security/.

Heroku

We use Heroku as the production environment for hosting the Boardclic application.

You can read more about Heroku and their processes for handling personal data through the following link: https://www.heroku.com/policy/security

Amazon Web Services

We use Amazon Web Services EU for data storage and transactional email service.

You can read more about Amazon Web Services and their processes for handling personal data through the following link: https://aws.amazon.com/privacy/

Google Analytics

We use Google Analytics for tracking and analyzing user behaviour.

You can read more about Google Analytics and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/us.html

Google ReCaptcha

We use Google ReCaptcha for filtering spam and abuse on our web solution.

You can read more about Google ReCaptcha and their processes for handling personal data through the following link: https://policies.google.com/privacy?hl=en

Hotjar

We use Hotjar for tracking and analyzing user behaviour on our web application.

You can read more about Hotjar and their processes for handling personal data through the following link: https://www.hotjar.com/legal/policies/privacy

Mixpanel

We use Mixpanel to track and analyze user behaviour on our web application.

You can read more about Mixpanel and their processes for handling personal data through the following link: https://mixpanel.com/legal/terms-of-use/

YOUR RIGHTS

As a registered person you have following rights regarding the processing of your personal data.

  • You have the right to request information about the processing of your personal data. The information may include the purposes of the processing, categories of personal data and anticipated period of time for which the data will be stored.
  • You have the right to have incorrect information deleted or corrected.
  • Under certain conditions you have the right to have your information deleted.
  • Under certain conditions you have the right to limit the processing of your personal data.
  • You have the right to obtain the personal data you have provided to BoardClic in a structured, generally used and machine-readable format.
  • You have the right to have your personal data transferred to another data controller.
  • You have the right to object to processing based on a legitimate interest.

COMPLAINTS

If you are displeased with how we process your personal data, you are welcome to contact us at the following address:

BoardClic AB
559152-7063
Grev Turegatan 18
114 46 Stockholm
Telephone: +46 70 781 78 28
E-mail: info@boardclic.com

You also have the right to lodge complaints to a supervisory authority. The responsible supervisory authority in Sweden is:

Datainspektionen
Box 8114
104 20 Stockholm
Telephone: 08-657 61 00
Fax: 08-652 86 52
E-mail: datainspektionen@datainspektionen.se
Website: www.datainspektionen.se

USE OF COOKIES

Cookies are small text files that are sent to your computer from a website. The text files store information about your use of the site. According to the Electronic Communications Act (2003:389), data can be retrieved from or stored in a user’s terminal only if the user gives consent to the processing and is given information about the purpose of the processing.

PURPOSE OF USE

BoardClic uses cookies to make the website more efficient and user-friendly for visitors by, for example, storing settings that they set on the website. Data that we store may include language and login information.

Cookies are also used to collect statistics on how our visitors use the website. The statistics are used to improve the website and to develop our services.

FOR HOW LONG ARE COOKIES STORED

There are permanent cookies and session cookies. Session cookies are storied during the time that you have your browser open and disappear when you close said browser. Permanent cookies are stored on your computer and can be saved for a long time and allow the website to recognise you as a user.

BoardClic uses web-analytics cookies and so-called monitoring cookies.

THIRD-PARTY COOKIES

Third-party cookies mean that the cookie comes from another party other than the one responsible for the website. Third-party cookies are normally used for statistics and advertising. BoardClic uses the following third-party cookies:

  • Google Analytics
  • Hotjar
  • Mixpanel

DENY THE USE OF COOKIES

Your browser can be set to automatically deny the use of cookies. Through your browser, previously stored cookies can also be deleted. If you refuse to use cookies, your website experience may deteriorate and this may mean that you do not have access to all pages and functions.

PERSONAL DATA PROCESSING

For information on how we process personal data, see our privacy policy above.