GDPR – General Data Protection Regulation
Ledarstudion’s policy for processing personal data
Policy for processing personal data
Ledarstudion AB is a personal data controller, implying that we are responsible for how your personal data is processed and ensuring protection of your rights in accordance with the new General Data Protection Regulation (GDPR). As a result, Ledarstudion has compiled the following policy.
It is essential for us to ensure that our customers, contacts and participants experience their relationship with Ledarstudion as confidential and that all persons at Ledarstudion truly respect your privacy by processing your personal data with a level of accountability that is appropriate for you and the regulations we must fulfil.
The purpose of this policy is to inform you how we process your personal data, how we make use of this data, who we share it with and the conditions for sharing and how you can protect your own rights.
In principle, we primarily process your personal data to fulfil our obligation to you. The only data we process is your contact information and your role in the company or organisation. We work on the premise that we do not process more personal data than is necessary for our purpose, and we always strive to make use of personal data that has the lowest level of privacy. We also require your personal data to provide you with a proper service, for example in relation to marketing, follow-up and information. We may also require your personal data to comply with legislation and to carry out customer and market analyses.
Our policy is never to store more information than that reasonably necessary to understand what we can do for you as our customer. We never register personal data such as personal identification number, ethnicity etc. We never share information about you with other organisations for marketing purposes or similar. We store contact information such as name, company, position, email address, address, mobile phone number and information on participation in training and other documents in the form of comments and mails describing your training requirement.
From the date when we first discuss your training, during the time you attend training and up to one year after training has been completed, we store more detailed personal data, i.e. descriptions of your situation and your need for training, based on your interviews. This information is only stored to allow our coaches to ensure the best possible results from training. Our legal basis for storing this information is the agreement with you for provision of training.
After this period of time, we will only store contact information – name, company, position, email address, address and information on the training you have taken and supporting information for such. This data will be stored for a further two years, based on a justified interest to offer you further training. If we plan to store this personal data for a longer period of time, we will request your consent to do so. There are exceptions for documentation that we are governed by law to archive, e.g. the Swedish Accounting Act.
Ledarstudion gains access to your personal data as follows:
– Data provided directly by you as the customer.
– Data registered when you visit our website.
– Data we receive from public registers or other open sources such as your company’s website.
– Data we receive when you contact one of our employees.
– Data we receive when you register for training with us.
– Data we receive when you register for our mailings.
– Data we receive when you respond to questionnaires and evaluations.
– Data we receive when you contact or visit us.
In order to inform potential customers of what we can offer, we process contact information such as name, email address and telephone number, and the name of the company and the person’s role in that company. We are legally entitled and justified to do this as it is in our interest to sell our services to you. In our judgement, the contact information we have about you does not invade on your privacy. If you do not become our customer, we store this data for maximum two years. If we plan to store your contact information for a longer period of time, we will request your consent to do so.
We compile routines and working methods to ensure your personal data is safely and securely processed. In principle, only employees and other persons in the organisation who require access to the personal data to carry out their tasks at work shall have access to such data. Our security system has been developed with a focus on your privacy. We have a policy for IT security to ensure secure processing of your personal data.
Ledarstudion has a so-called personal data assistance agreement with parties that process personal data on assignment for us. You are therefore guaranteed that your personal data is processed according to GDPR.
You are entitled at all times to request access to the personal data we have on you. Contact firstname.lastname@example.org for such access. You can also always require that the data we have on you is accurate.
You are entitled at all times to request that we do not process your personal data. The exception to this rule is if we are required to process personal data in order to conclude an agreement between you and Ledarstudion. When we no longer require the personal data to execute that which has been agreed, we delete all your personal data that is not required according to Swedish law, such as the Swedish Accounting Act, if you request us to do so.
If you do not want to receive marketing information from Ledarstudion, you can make such a request by sending an email to email@example.com or by unchecking this option in our marketing mailings.
If you feel that we do not act in a manner that is appropriate according to this policy or the GDPR, please contact us. You are entitled at all times to make any complaints to the Swedish Data Protection Authority.