The trust that our users has given us to store data and privacy is one of Boardeaser’s most important assets. In our Data Protection Policy we explain how we handle our customer’s personal data and why our customers can feel safe to store personal data in Boardeaser.
Data Protection Policy
Boardeaser’s top priority is to safeguard personal data as well as other data. This is being done on multiple levels, from the technichal implementation of the service to internal regulations.
Boardeaser’s Data Protection Policy includes Boardeaser’s routines and policies to meet both internal and legal requirements for managing personal data both when we do it and when our customers do it in our service.
All policies are rooted in the board, management and employees. Boardeaser has allocated an internal responsibility for implementing and ensuring compliance with this and other policies. This and other policies are updated on an ongoing basis in compliance with applicable legislation or industry standards.
Contact email@example.com if you have any questions about this document.
- Data Controller: The entity that manages personal data, in Boardeaser’s case the organisations that use our service.
- Data Processor: The entity that processes personal data on behalf of the Data Controller, in Boardeaser’s case Boardeaser together with our service providers.
Why does this policy exist?
This Data Protection Policy ensures that Boardeaser:
- Complies with current legislation and industy standards
- Ensures the rights of our customers, individuals, employees and partners
- Is transparent with how we handle personal data protection
- Have clear routines for the protection of personal data
The General Data Protection Regulation, GDPR is a law that comes into effect on the 25th of May 2018.
The responsibilities of the Data Processor according to GDPR are:
- Only process personal data on instruction from the Data Controller
- Register the different kinds of processes of personal data
- Ensure that the technichal security level is adequate
- Sign a Data Processor Agreement with the Data Controller
- Establish routines for handling personal data incidents
- Assist the Data Controller in it’s obligations
Boardeaser meet these obligations partly through the terms with our users and customers, partly through internal regulations.
More information can be found on datainspektionen.se
- Data Protection Policy (this document)
- Routine for assisting personal data requests
- Routine for personal data requests
- Routine for reporting personal data incidents
- Routine for updating policies and agreements
- Information Security Policy*
- IT-Security Policy*
- Non-Disclosure Agreement*
Routine for assisting personal data requests
In the case of individuals requesting a record of personal data stored by users, Boardeaser has an obligation to assist our customers (the Data Controllers) in these matters.
Primarily we refer to the search functionality in the service, together with a template for answering such requests that Boardeaser can provide on demand.
Routine for personal data requests
In the case of individuals requesting a record of personal data stored by Boardeaser, Boardeaser will handle this request urgently.
Routine for reporting personal data incidents
Boardeaser continuously monitors its own service as well as other assistant services in case of possible incidents. In addition, any suspected incidents shall be reported by users to firstname.lastname@example.org as stated in the Terms of Service.
If a personal data incident can be found with Boardeaser as Data Processor, this will be communicated to Data Controllers immediately. Data Controllers shall report this to Datainspektionen within 72 hours, provided that it is likely that the incident may lead to the violation of individuals’ privacy rights.
If an incident can be found where Boardeaser is Data Processor, Boardeaser will report this to Datainspektionen within 72 hours.
Routine for updating policies and agreements
This and other documents listed above will be reviwed every other January starting 2020, or if any apparent reason urges a revision.
This policy contains information about our website, how information on the site and in our service may be used as well as how we handle personal data in the role of Data Controller.
Through your visit and use of the services provided through our site, you agree to the contents of this policy and to letting Boardeaser treat your personal information in accordance with the General Data Protection Regulation (GDPR). Boardeaser provides its services using the terms that are approved in connection with the registration of user and organization accounts.
When do we collect personal data?
Boardeaser asks you to give us certain personal data in connection with registering for the service or for receiving newsletters. Other occurances can be when individuals want to get in touch voluntarily. This information can be used for marketing purposes.
When Boardeaser receives personal data we can sometime use this to find out more about you. The reason for this is to develop better services and inform visitors about new services and offers.
Which personal data do we process?
When a user from an organisations register an account the names of this user and others are registered in the service, along with telephone number, e-mail address and address if this information is provided.
In other cases the personal data that any individual chooses to provide is stored for future reference. Boardeaser never collects any sensitive personal data, however if you choose to provide us with any such information we assume that you agree that Boardeaser stores this information.
Why do we process your personal data?
When registering for Boardeaser’s service or newsletter through the website, e-mail or other mean of communication you become customer to Boardeaser. The personal data that you provide us with is stored and may be used both to administrate the customer relationship and to provide the services ordered, including support matters.
The information can also be used for marketing purposes and follow-up and development of Boardeaser’s services. When applying for job offers, being part of surveys or other interests Boardeaser use the personal data for the purpose for which you provided them.
If you object to any processing of your personal data please use link in any sent e-mail or contact us via email@example.com or +46 (0)8 446 808 65.
With whom do we share your personal data?
When registering for Boardeaser’s services the information provided can be shared with our service providers in order to fulfill the order. This is done with great care and only to the extent that is necessary for providing the service.
For marketing purposes, follow-up and development of Boardeaser’s services the information can be shared with partners to Boardeaser. For other purposes no personal data will be shared unless stated when the data was collected. However, personal data may always be shared if required by law or regulations.
How long is personal data stored?
Boardeaser will keep personal data as long as it is required to fulfill our commitments, such as providing the service, support, invoicing et cetera.
To be able to communicate Boardeaser keep the information up until 2 years after the customer relationship has ended. Certain information may however be stored longer if required by law. With consent personal data may also be stored for a longer period of time. Any personal data will be deleted on request unless storage is required by law.
What are the rights of registered?
Registered individuals have the right to receive information of what personal data is being processed by Boardeaser. Please contact Boardeaser with any such request in writing via the Contact Information below. If any personal data is faulty or you wish that the data is deleted please contact Boardeaser in the same manner.
Furthermore, Boardeaser’s cookies are being used when you as visitor actively provide us with information such as commenting for which name, e-mail and other personal data is stored so that you don’t have to re-enter this information next time. This information is automatically deleted after 12 months since your last visit.
Boardeaser has taken all necessary measures possible to ensure the security of personal data including encryption. This protects your personal data against illicit access, editing and deletion. However, to provide personal data always include a certain amout of risk taking, no technology is completely protected for intrusion.
If you have any questions about our Data Protection Policy any request we welcome you to contact us via firstname.lastname@example.org or +46 (0)8 446 808 65.