At Crisp we handle your personal data responsibly
What data do we collect about you?
The data that we collect from you directly includes your name, email address, postal address, telephone number and payment information.
What are the reasons why we process your personal data?
Processing your personal data with your consent
In order to enable us to send out our newsletters and other communication from Crisp, we need your consent in order to store your email address and include you in mailing lists.
Processing your personal data to fulfil our commitments to you
In order to enable us to carry on communicating with you in connection with courses, customer contacts and newsletters, we need your email address. We also have to collect and store payment information by law.
Processing of data necessary for purposes concerning our legitimate interests
Your data is also stored and used for purposes of information provision and marketing. In order to provide you with personal and relevant offers and information, we may also follow your clicks when you read our newsletter and surf our website.
Of course, you also have the opportunity whenever you like to inform us that you object to our processing of your personal data for marketing purposes. See below under the section entitled “You are entitled to your personal data”.
How do we use your data?
In order to meet the objectives for which the data was collected, your personal data may be registered, held (stored), used and transferred to our partners or to subcontractors of ours in accordance with what is stated below.
This is the case for customer management systems and the processing of mailshots. In addition to this, data about your visit to our website is transferred via Google Analytics to Google in the USA in order to assemble web statistics. For further information on this, see our information on cookies above. Your data is only stored for as long as is necessary to enable us to perform our services (for example to complete an agreement with you or supply a newsletter), or as long as is prescribed by law.
Who do we transfer your data to?
If your data is transferred to a third country (for example the USA), we will ensure that one of the following legal security measures are applied: a decision that a country guarantees an adequate level of protection, a privacy shield between the EU and the USA, standard contractual clauses or your consent. Information is never transferred to a third party without any of these security measures being taken.
In order to maintain a high degree of service, the data will be forwarded to subcontractors whose services we use. This means, for example:
- that your data is stored with our providers of IT services
- that data about your visit to our website is transferred to Google in the USA via Google Analytics. Information on protection measures is available at https://support.google.com,
- that personal data is forwarded to external course instructors if necessary to maintain communication both during and after a particular course
- that your data if necessary can be disclosed to relevant certification organisations
- that personal data may be passed on if necessary to follow current legal requirements or requirements from authorities, in order to protect Crisp’s legal interests or to discover, prevent or reveal fraud and other security-related or technical problems
In addition to what is stated above, we never convey/sell/exchange your data to third parties for purposes of marketing outside Crisp AB.
Prior to the introduction of the GDPR, Crisp has reviewed its security routines and functions in connection with the processing of personal data. At Crisp, we protect your personal data with the assistance of strong authentication and encryption. We also have routines to ensure that only those people that the organization needs should have access to personal data. We also have routines for processing and reporting possible incidents which may affect the security of your personal data.
You are entitled to your personal data
GDPR legislation stipulates that you in your capacity as a user have the right to make demands regarding how your personal data is processed. You have the following rights:
- Correction, addition or deletion – You always have the right to have access to your personal data and to request that we correct or update your personal data, or delete some of your personal data. Deletion is carried out provided that there are no financial or legal activities in progress between you as a customer and Crisp (for example unpaid invoices), that there is no legal obligation for Crisp to process the data or any other legal grounds for processing the data.
- Limitation of processing and data portability – Under certain circumstances you can request us to restrict the use of your personal data. You also have the right to gain access to your personal data in a structured and generally used and machine-readable format, for transfer to another person or body responsible for personal data.
Please contact us if you are dissatisfied with our processing of your personal data; we will do our best to address your complaints. Your privacy is very important to us, and we always strive to protect your personal data in the best possible way. However, should we fail, in your opinion, in our ambition, please note that you also have the right to submit a complaint to the Swedish Data Protection Agency or any other authority that may be established in a similar capacity in future.
Crisp AB is responsible for personal data
Crisp AB is responsible for the personal data submitted to our website and processes your personal data in accordance with current data protection legislation.
To contact one of our officers responsible for personal data, you can send an email to: firstname.lastname@example.org
Letters should be sent to:
SE-111 34 STOCKHOLM