Privacy Policy

Cooach AB (publ) (corporate identity number 559005-6783), “Cooach”, protects your personal privacy and always strives for a high level of data protection. This privacy policy explains how we collect and use your personal data. The privacy policy also describes your rights and how you can enforce them. It is important that you read and understand the privacy policy. You are always welcome to contact us with any questions.

Who is responsible for the personal data we process?

Cooach AB (publ) (company registration number 559005-6783), with the address Drottninggatan 86A, 111 36 Stockholm, is the controller for the processing of personal data.

How long do we store your personal data?

We store your personal data for as long as it is necessary for the purpose for which it was collected. Depending on the legal basis on which we base the processing, this may a) follow from an agreement, b) be dependent on a valid consent, (c) be governed by legislation or d) follow from an internal assessment based on a balance of interest. In the tables below, we indicate (to the extent possible) the period during which the personal data will be stored, or the criteria used to determine the period.

What personal data do we process, for what purpose (why) and on what legal basis?

Purpose Processing that is madeCategories of personal data
To be able to administer your visit on the site and to send relevant market information.Maintaining accurate and up-to-date information. Send relevant information and offersCompany name Contact information (e.g. name, address, e-mail and telephone number).
Legal basis: Legitimate interests
Storage period: As long as we believe that you benefit from our communication, and you have not chosen to actively say no.
Purpose Processing that is madeCategories of personal data
To be able to administer seminars, educations and events etc. Maintaining accurate and up-to-date information. Send relevant information and offers. Company name, contact information (e.g. name, address, e-mail and telephone number).
Legal basis: Legitimate interests
Processing period: As long as we believe that you benefit from our communication, and you have not chosen to actively say no.
Purpose Processing that is madeCategories of personal data
To contact customers, potential customers, partners and stakeholders with relevant information. Maintaining accurate and up-to-date information. Send relevant information and offers. Company name, contact information (e.g. name, address, e-mail and telephone number).
Legal basis: Legitimate interests
Storage period: As long as we believe that you benefit from our communication and you have not chosen to actively say no.

Note: According to recital 14 in the preamble to the General data protection regulation, GDPR, it does not cover the processing of personal data concerning legal persons, for example information about the name and type of legal person and contact details. The processing of personal data concerning member registers, including contact information for the member (company), may therefore fall outside the scope of the Data Protection Regulation.

Who can we share your personal data with?

Processor: In cases where it is necessary for us to be able to offer our services,  we share your personal data with companies that are so-called processors for us. A processor is a company that processes the information on our behalf and according to  our instructions e.g. cloud service providers or similar.

Partners: In a few cases, e.g. in order to be able to organize events, we share certain personal data with partners for that event.

Where do we process your personal data?

We always strive for your personal data to be processed within the EU/EEA and all our own IT systems are located within the EU/EEA. We have entered into a data processing agreement with all ourprocessors.  The data processing agreement regulates how the processor mayprocess personal data and what security measures are required for  the processing of personal data.

What are your rights as a data subject?

You are the one who decides over your personal data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible. You can send an email to info @ c ooach.se and we will help you take advantage of your rights.

Right of access (so-called register extract):You always have the right to receive information about the  personal data processing that concerns you. We are always open and transparent about how we process your personal data. If you wanta deeper insight into which personal data we process about you, you can request access to the data (the information is provided in the form of a register extract stating purpose, categories of personal data, categories of recipients, storage periods, information about where the informationcollected came from and the existenceof automated decision-making).

We only disclose information if we have been able to ensure that it is you who is requesting the information. Therefore, keep in mindthat if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.

Right to rectification: You can request that your personal information be corrected if the information is incorrect. You also have the right to request a supplement to any incomplete personal data.

Right to erasure: You can request deletion of personal data we process about you if:

  • The personal data is no longer necessary for the purposes for which it was collected or processed.
  • You object to a balance of interests we have made based on legitimate interest and your reason for objection outweighs our legitimate interest.
  • You object to processing for direct marketing purposes.
  • Personal data is processed illegally.
  • Personal data must be deleted in order to fulfill a legal obligation to which we are subject.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from, for  example, accounting legislation and tax legislation or banking and money laundering legislation. Processing may  also be necessary for us to be able to establish, assert or defend legal claims. Should we be prevented from complying with a request for deletion , we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.

Right to restriction: You have the right to request that our processing of your personal data be restricted. If you believe that the personal data we process is incorrect, you can request a limited processing for the time we need to check whether the personal data is correct. If we no longer need the personal data for the  stated purposes, but you do need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us.   This means that you can request that we do not delete your information.

If you have objected to a legitimate interest assessment that we have made as a legal basis for a purpose, you can request limited processing for the time we need to verify whether our legitimate interests outweigh your interests in having the data deleted.

If the processing has been restricted according to any of the above situations, we may only, in addition to the storage itself, process the data to establish, assert or defend legal  claims, to protect someone else’s rights or if you have given your consent.

The right to object to a certain type of treatment: You always have the right to avoid direct marketing and to object to any processing of personal data based on a balance of interests.

Legitimate interest: Where we use a balance of interests as a legal basis for a purpose, you have the right to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling   justified reason for the processing in question that outweighs your interests, rights  or freedoms. Otherwise, we may only process the data to establish, exercise or  defend legal claims.

Direct marketing (including analyzes carried out for direct marketing purposes): You  have the right to object to your personal data being processed for direct marketing.  The objection also includes the analysis of personal data (so-called profiling) carried out for  direct marketing purposes. Direct marketing refers to all types of outreach  marketing measures (e.g. via mail, e-mail and SMS). Marketing measures where you  as a customer have actively chosen to use one of our services or otherwise contacted us to find out   more about our services do not count as direct marketing.

If you object to direct marketing, we will stop processing  your personal data for that purpose as well as stop all types of  direct marketing measures.

Remember that you always have the right to decide which channels we will use for direct mail  and personal offers. For example, you can choose to only receive offers from us via e-mail,  but not SMS. In that case, you should not object to the processing of personal data as such, but  instead limit our communication channels.

You can also object specifically to the analyzes we do (profiling).

Right to data portability: In certain cases, you have the right to request that personal data about you  and personal data you have provided to us, be transferred to another controller (so-called  data portability). A prerequisite for data portability is that the transfer is technically possible  and can be automated. What is written about the rights above only applies to  the processing of personal data covered by the GDPR.

Security

Cooach has taken technical and organizational measures to ensure that your  personal data is processed securely and that it is protected from loss, misuse and  unauthorized access. Only people who need to process your  personal data in order for us to fulfill our stated purposes have access to them.

Organizational security measures are measures that are implemented in working methods and routines  within the organization. Our organizational security measures from time to time are, but are not  limited to:

– Internal governing documents (policies / instructions)
– Information security policy
– Physical security (premises, etc.)

Technical safety measures are measures that are implemented through technical solutions. Our  technical safety measures from time to time are, but are not limited to:
– Encryption
– Access list
– Access log
– Secure network
– Regular check of the security level
– Two-step verification
– Password management software for all passwords

Cookies

When you visit our website, we may send “cookies” to your computer. A cookie is a small text file or piece of data that a website you visit can place or save onto your computer.

Cookies do not themselves contain any personally identifiable information. However, if you provide such personally identifiable information to us (such as by registering for an Internet related service or password provided by us), such information may be linked to the data stored in the cookie. 

There are two types of cookies. The  first type saves a file for a longer period of time onto your computer and it can remain on your  computer after you shut it off. Such a cookie could, for example, be used to  tell a visitor what information on the website has been updated since his  or her most recent visit to that website. The second type of cookie is called  “session cookie”. While you are visiting a website, session cookies are temporarily stored in your computer’s memory This could be done, for example, to keep track of what language you have chosen  at the website. Session cookies are not stored for a long period of time on your computer since they  disappear when you close your web browser. We may use third parties to assist us  in collecting or processing information obtained through cookies. We may use cookies for several  reasons, such as:

– to compile anonymous statistics related to patterns and trends of browsing;
– to analyze sales data;
– to conduct marketing research;
– to user adapt website content or functions;
– to aid or track site visits of users, of certain
internet-based services;
– to enable users with passwords to re-enter certain web pages  without having to re-type previously typed information.

Contact the Swedish Authority for Privacy Protection

The Swedish Authority for Privacy Protection is the supervisory authority, i.e. responsible for monitoring the application of the legislation. If you believe that a company is processing personal data incorrectly, you can submit a complaint to the Swedish Authority for Privacy Protection.

How do you contact us most easily with questions about data protection?

You can always contact us at info@cooach.se. You can reach our Data Protection Officer at the same address – then write “FAO Data Protection Officer” in the subject line.

We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website.

Med Cooach Toolbox får ditt företag smarta verktyg för att skapa, ladda ner och distribuera kontrakt och juridiska dokument. Allt digitaliserat, allt som självbetjäning och ja, riktigt enkelt.

Vi kan serva ditt bolag med affärsrådgivare i  ekonomi, HR, bolagsstyrning, användarupplevelse och ägarfrågor. 

Cooach tjänster för det digitala kontoret är uppdelade på abonnemang som passar olika verksamheters behov och  kan kompletteras med tilläggstjänster inom våra 4 affärsstödsområden.

Cooach tjänster för det digitala kontoret är uppdelade på abonnemang som passar olika verksamheters behov och  kan kompletteras med tilläggstjänster inom våra 4 affärsstödsområden.