• How it works
  • Subscription & Prices
  • FAQ
  • LOGIN to admin
EditForms for PodioEditForms for Podio
  • How it works
  • Subscription & Prices
  • FAQ
  • LOGIN to admin

Privacy policy

Privacy policy for VivaLean Software AB  

 

The purpose of this privacy policy

This document shall clarify how VivaLean Software AB handles your personal data, why it is stored, what it is used for and for how long. Here it also appears on which grounds a company has the right to handle your personal data and how you can get in touch to exercise any of your rights relating to the handling.

General about the collection of data

Within VivaLean Software AB, your personal data is processed in accordance with the Data Protection Regulation (GDPR).
The personal information collected is information received from people with whom the company has had, has, or wishes to have, a collaboration with, such as customers, investors , or people in the network in general.

Definitions in the document

Personal data controller
The company that performed the registration of personal data and determines the purpose with the processing of personal data and how the processing is to be carried out is according to the regulation Personal data controller. VivaLean Software AB is thus ultimately responsible for the handling of the personal data collected by the company.

Personal data assistant
In order for a business must be able to function well, there are several situations where there may be a need to pass on personal information to a partner or third party. These are then called Personal Data Assistants. Their handling of data is regulated by a separate agreement between VivaLean Software AB and the data controller.

What data is collected and how is it used?

• Customers, business partners, investors and other network: Person-specific information about customers, business partners and other contacts in my network is collected and saved in order to have a functioning consulting business, manage communication, offer and write contracts, invoicing, as well as to further develop the company’s network and for potential future assignments. That type of data is, for example, name, social security number (in cases where this constitutes an organization number), telephone, e-mail, company affiliation, role, address (most often in cases where the home address is a company address).
• To keep statistics on the website and marketing information is stored about IP addresses, location and other things that the surfer has given permission for via personal browser settings.

What type of personal data is not collected?

The regulation is particularly strict when it comes to the processing of sensitive personal data. The following types of data are considered sensitive according to the regulation:

• race or ethnic origin
• political views
• religious or philosophical beliefs
• trade union membership
• health
• a a person’s sex life or sexual orientation
• genetic data and
• biometric data that uniquely identifies a person.

VivaLean Software AB does not collect this type of information as it does not fulfill any function for the business.

How is personal data collected?

Personal data is collected through personal meetings and via networks.
Personal data is also collected when people surf the website or one of the web pages connected to the company, enter their information themselves via web forms on the website, or contact via email, telephone or social media, directly to me or via any of the products offered through VivaLean Software AB.

When may personal data be collected?

According to the legislation, there must be a so-called “legal basis” for companies to handle personal data. This means that at least one of the following conditions must be met for your personal data to be processed:

Agreement
When data is needed to conclude and fulfill an agreement with you, such as when you apply for membership in the condominium association. If more data than is specifically needed to fulfill the contract is saved, you will be asked to give your consent to it.

Legal obligation
Certain data may be saved to fulfill a legal obligation. This applies, for example, to information that is needed to comply with the Accounting Act and the like, which applies as an exception to, and is superior to, the Data Protection Ordinance. In the case of the Accounting Act, there are also provisions on how long the data must be saved by law.

Balance of interests
Personal data can also be saved to enable communicate with you and inform you about interesting services and events. In such a case, the data is saved based on a balancing of interests. Here it is required that the handling of your personal data is considered necessary for a legitimate interest (to be able to communicate with you) and that your interest in protecting that type of personal data is not of major importance. You always have the right to object to this handling.

Consent
You can also give your consent to the handling of your personal data. In order for a consent to be valid, it is required that you take an active action to approve the consent. Examples of such an active action could be that you ask for information via email, that you answer yes to a direct question that information should be sent to you, that you give out your business card or the like. Pre-ticked “I agree” boxes are not accepted as consent. In addition to being active, a consent must also be voluntary, specific, informed and clear. You can always, at any time, withdraw consent.

How long is data saved?

Personal data will be saved because it forms an important part of the business’s network and customer base, until there is no longer a reason to save and a legal basis that supports its storage, unless the person in question asks to have their data deleted .

Who has access to your data?

Personal data that is collected is partly processed by VivaLean Software in the role of Personal Data Controller, but for a functioning operation there are also subcontractors
and collaboration partners. Such a party is called a Personal Data Processor.
The Personal Data Processor is responsible for processing the data in a manner that complies with the agreement established between it and VivaLean Software.

If the company is asked by an authority to release your information, this is an obligation.

If you have given your consent, your data may be passed on to companies, organizations or people outside your own company.

How to protect your data

IT security
All personal data is kept together in the password-protected business system Podio which is operated by Citrix and meets the highest international standards regarding IT security, as well as in a password-protected mailbox. Information that passes through web forms on websites also lands directly in Podio and is not stored elsewhere. All passwords are stored exclusively in a password manager, also because it is impossible to remember them otherwise.

Risk action plan
Measures taken are review of systems, password management, website, plugins, etc.

Your rights

The Data Regulation wants you to be clearly informed about how your data is handled, and that it should be easily accessible to you. You as a person have the following rights:

Right of access
You can free of charge (once a year ) request a register extract that shows what type of data is registered about you. The information must be provided in written form and if requested electronically, the copy of the information must also be sent to the data subject in electronic format, unless otherwise specifically requested. The information provided must be in clear and simple language.

If personal data came to us via a third party or otherwise, you have the right to all available information about where the data comes from.

If the personal data is released to a country outside the EU or an international organization, you have the right to information about which protective measures were used when the data was transferred.

You must receive an answer to your requests without undue delay (normally within a month) and if these cannot be fulfilled, a justification must be provided explaining why. To ensure that the information is not disclosed to unauthorized persons, information is disclosed only after identification.

Right to correction and completion
You have the right to have your data corrected and supplemented with relevant information if you consider it to be incorrect or insufficient. Any personal data assistants will then also be informed. (Exceptions are made if it proves impossible or involves an overly burdensome effort.) You always have the right to request information about to whom the data has been disclosed.

Right to be forgotten
You have the right to have the data deleted without undue delay. Exceptions are made for data that must be saved in accordance with the Accounting Act or another law. You can request that data about you be deleted if any of the following conditions apply:

If the data is no longer needed for the purposes for which it was collected or processed.
If the processing is based solely on your consent and you revoke this
If the processing takes place for direct marketing and you object to the data being processed in accordance with Article 21.2
If you object to the data processing that takes place after a balance of interests and there are no legitimate reasons that outweigh your interest
If the personal data has not been processed according to law
If deletion is required to comply with a legal obligation

Personal data has been collected in connection with the offer of information society services, in the cases referred to in Article 8.1, i.e. services aimed at children, for example their accounts in social media.
If you wish to delete the data and it has disclosed it to personal data assistants, these are also informed after the data has been deleted. (Exceptions are made if it should prove impossible or involve an overly onerous effort.)

Right to restriction
You have the right to request a temporary restriction of processing your data. Restriction means that the data is marked in such a way that it may only be processed for certain limited purposes in the future. Processing may be limited in the following situations:

If the data is incorrect and you requested correction. You can then request a limited processing of your data during the time they are corrected
If the data processing is illegal but you object to your data being deleted and instead request a restriction of use
If your data is no longer needed for the purposes on which they are processed but you need your data to be able to establish, assert or defend legal claims
If you have objected to the processing of your data, you can request that the use be restricted during the time that the investigation is ongoing

If restriction has been requested and your data has been disclosed to a personal data controller, they will be informed of the requested restriction. (Exceptions are made if it proves impossible or involves an overly burdensome effort.) You always have the right to request information about to whom the data has been disclosed.

Right to get your data out (data portability)
You have right to get your data out so that it can be used elsewhere. According to the regulation, such a transfer must be facilitated and the data submitted must be transferred in a structured, commonly used and machine-readable format, for example a text file or similar format that is generally valid.

You can request data portability in cases where the processing of your data takes place after consent or because there is an agreement with you. However, the right to data portability does not apply if they are processed due to a balancing of interests or legal obligation.

Right to object
If your data is processed through a balance of interests has you always have the right to object to the processing. You then need to specify which treatment you object to and treatment must then be terminated, if it cannot be shown that there are justified reasons for continued treatment.

If your data is used for direct marketing, you always have the right to object to the processing at any time. If such an objection is made to direct marketing, the data may no longer be processed for that purpose.

You also have the right to object to use if it is based on public practice or official interest if it cannot be proven how the purpose of keeping the data outweighs it.

Complaint

If you believe that the processing of your data is in violation of current regulations, please contact us so that it can be corrected. You can also submit a complaint to the Data Inspectorate, which will then assess whether an inspection should be carried out.

Indemnity

If you have suffered damage as a result of the processing of your data being in conflict with the data protection regulation, you may be entitled to compensation from the personal data controller or from the personal data assistant who participated in the processing.

A personal data processor may become liable for damages if he has violated the provisions specifically aimed at processors or has processed your data in violation of the personal data processor’s instructions in the written agreement. You can also file a claim for damages in court.

Contact details

If you want to delete data, change data, supplement data, make an objection to how your data is handled or just have questions or concerns about the processing, it is always good to get in touch:

Name: Support EditForms
Mail: support@editforms.com

 

Contact Us

Questions about EditForms? Just send us an email and we'll get back to you.

Send Message

© 2023 EditForms

  • Help
  • Privacy
  •  
  •  
  •