privacy and cookie policy
Last update: 2023-03-13
1. We who process your personal data
BoardClic AB, reg. no 559152-7063 (”BoardClic”, “we”, “our” or “us”), is classified as a data controller for the processing of personal data, provided that a license agreement is not entered into, in which case, BoardClic is classified as a data processor of personal data which is submitted to BoardClic Board, Committee and CEO Evaluation tool (the “Service”).
BoardClic’s contact information is as follows:
BoardClic AB
559152-7063
Mosebacke torg 3
116 46 Stockholm
Telephone: +46 70 606 63 64
E-mail: info@boardclic.com
2. To whom this information is applicable for
The information in this document is applicable for you, in certain parts, seen in the light of your engagement with BoardClic. The information is applicable for e.g.:
- Visitors of boardclic.com (the “Website”)
- Users of the Service (in order to understand which personal data we are data controllers of)
- Contact persons at the licensees of the Service
- Persons seeking contact by emailing us at info@boardclic.com
3. Your rights
In accordance to GDPR you have a right to have a control over your personal data och receive information about the processing directly from the party processing such data. Do you wish to receive more information or get in contact with us in order to practice any of your rights? Please contact us at info@boardclic.com. We may ask you to verify yourself in order to make sure that the request to practice any of the below rights has been made by right person.
3.1. Right to have your personal data deleted
You have a right to request that your personal data shall be deleted. In certain situations we do not have a possibility to delete your personal data. The reason for this is that the personal data is still necessary to process for a purpose which the data has been collected for, our interest to process the data is outweighing your interest to get the data deleted, or because we have a legal obligation to process the data.
3.2. Right to be informed
You have a right to be informed on how we process your personal data. We are meeting this right by providing you with the information in this Privacy Policy and by answering your questions. If you are a user of the Service, the controller of your personal data is the licensee which has entered the license agreement with us. You have a right to receive information about the controller’s transfer of your personal data to us, directly from the controller.
3.3. Right to access your personal data
You have a right to receive information whether BoardClic is processing your personal data and to receive an extract from the register (copy of your personal data being processed). By receiving an extract from the register your will understand which personal data we process about you.
3.4. Right to data portability
You have a right to be given, and to use, your personal data elsewhere, for example on another Board, Committee and CEO Evaluation tool and we are obliged to facilitate such transfer of your personal data. This is provided that we process your personal data based on the data subject’s consent or to perform a contract with you and it applies only to such personal data that you have provided us yourself.
3.5. Right to rectification
You have a right to request that inaccurate information about you is being rectified. This also means that you have a right to add such personal data that is missing and that is relevant taking into account the purpose of the personal data processing. If data is rectified at your request, we shall also inform those to whom we have provided data that data has been rectified. This does not however apply if it should prove to be impossible or would involve excessive effort. You also have a right to request to be given information about to whom your personal data has been provided.
3.6. Right to limitation of processing
In certain cases, you have a right to demand that the processing of your personal data is limited. By “limited” is meant that the data is flagged so that it in future may only be processed for certain limited purposes.
The right to limitation applies among other things when you consider that the data is inaccurate and have requested rectification. You can in such cases also request that the processing of your personal data is limited while the accuracy of the data is investigated. When the limitation ceases to apply, you will be informed of this.
3.7. Right to object
You have in certain cases a right to object to your personal data being processed. The right to object applies when personal data is processed in order to carry out a task in the public interest, as part of the exercise of official authority or after a weighing of interests has been made.
If you object to the processing in such cases, we may continue to process your data only if it can be demonstrated that there are compelling legitimate reasons for the data needing to be processed that override your interests, rights and freedoms or if the processing is carried out for the establishment, exercise or defence of legal claims.
You always have a right to object to your personal data being used for direct marketing. Such objections can be made at any time. If an objection to direct marketing is made, your personal data may no longer be processed for such purposes.
3.8. Right to withdraw your consent
Our processing of your personal data collected by cookies is mostly based on a consent from you. You can always withdraw your consent by choosing the action in the menu for cookies on the Website or adjust cookie settings in your web browser. Read more about the cookies we use in Section 7 below.
If you have provided a consent to a licensee of the Service, please contact the licensee to withdraw such consent.
3.9. Right to file complaints
If you have a complaint about our processing of your personal data, you have a right to file such complaint to the Swedish Authority for Privacy Protection. Swedish Authority for Privacy Protection studies all complaints and assesses whether to proceed with the matter and then informs the person who made the complaint.
You can reach the authority on www.imy.se or Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.
4. Personal data being processed divided by category of individuals and with statement of purpose, lawful basis and time of processing
4.1. When you visit the Website
| Personal data | What we use the data for (purpose) | From where we collected the data | Lawful basis | Time of procesing |
| Behavioural patterns of your use of the Website | To get to know the visitors’ behavioural patterns when they are using the Website in order to improve the user experience | Optional third-party cookies: – Google Analytics – Hubspot
| Consent | Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7. |
| IP adress | To get insights on anonymous users on the Website | Optional third-party cookies: Google Analytics HubSpot Lead Forensics | Consent | Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7. |
| User ID | To present messaging services to the Website’s users | Optional third-party cookies: Hubspot | Consent | Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7. |
4.2. When you represent a (current or potential) licensee of the Service
| Personal data | What we use the data for (purpose) | From where we collected the data | Lawful basis | Time of procesing |
E-mail address Name Username Mobile phone number Business role Name of the (current, previous or potential) licensee | To identify the representative for a (current or potential) licensee of the Service and maintain the contractual relationship | From the representative him-/herself | Contractual necessity | As long as we have an ongoing license agreement with the licensee you represent. After the termination of the license agreement the personal data shall be anonymized within sixty (60) days and therefore shall no longer constitute personal data. |
Name Business role | To send marketing material after the license agreement is terminated | From the representative him-/herself | Our legitimate interest to market our Service | We will save your personal data for 365 days for this purpose and contact you with marketing material within this period of time. You have a possibility to stop receiving our marketing material by click on such choice button. |
Name Business role | To send marketing material and newsletters to representatives of a potential licensee | From the representative him-/herself or from a publicly accessible reliable website | Our legitimate interest to market our Service | We will save your personal data for 365 days for this purpose and contact you with marketing material within this period of time. You have a possibility to stop receiving our marketing material by click on such choice button. |
4.3. Persons seeking contact by emailing us at info@boardclic.com
| Personal data | What we use the data for (purpose) | From where we collected the data | Lawful basis | Time of processsing |
Name E-mail address Business role Name of the (current, previous or potential) licensee
| To identify a registered person and find all of the person’s personal data, if the person makes a request to use any of the rights stated in Section 3 | From the person making a request to use any of the rights stated in Section 3 | Fulfillment of legal obligation (consideration clause 64 GDPR)
| Personal data is deleted the same day we identify the registered person and such person’s personal data. The identification shall be made within five (5) business days. |
Name (if you submit such data) E-mail address | To manage the contact with person reaching out to us per e-mail
| From the person reaching out to us per e-mail | Our interest to reply the person reaching out to us per e-mail and manage the person’s case (if submitted) | Personal data is deleted the day we have ensured us that the person’s case is closed. |
4.4. About our balance of interests
For certain purposes, BoardClic processes your personal data and relies on our legitimate interest as a legal basis for the processing. When assessing the legal basis, we rely on a balance of interests test through which we have determined that our legitimate interests in the processing outweigh your interest and your fundamental right not to have your personal data processed. We have indicated our legitimate interest in the tables above. Please contact us if you would like to read more about how we have done this test. Our contact details are listed above in this policy.
5. Whom we share your personal data with
In specific cases it is necessary for us to share some of your personal data with entities which are helping us to operate our business.
We do not sell, or otherwise make public, any of the personal data to third parties. This do not include transfers to trusted third parties, such as e.g. a subcontractor, business partner or a subprocessor which is helping us to operate our business and is obliged through agreement to keep high confidentiality and to process the personal data in accordance to GDPR.
Below is a statement on the categories of receivers of personal data we process.
Personal data | Receiver | Purpose of the transfer the personal data | Lawful basis | Whether the receiver is a processor or independent controller alt. joint controller |
Name User name E-mail address Roles Competencies Company affiliation Responses stated on the form or survey by the registered subject | Heroku Inc. | Hosting of the application | Our interest to maintain and develop our business | Processor |
E-mail address | OhMySMTP Ltd | Transactional email service | Our interest to maintain and develop our business | Processor |
IP-address Internet operator Operating system Device type Location | Mixpanel, S.L. | To receive user analytics | Our interest to maintain and develop our business | Processor |
Name E-mail address Business role Company affiliation Name of the (current, previous or potential) licensee | Custify SRL | To enable use of a CRM-system | Our interest to maintain and develop our business | Processor |
Name E-mail address Business role Competencies Company affiliation Name of the (current, previous or potential) licensee | Intercom Inc. | To support and guide users of our platform | Our interest to maintain and develop our business | Processor |
Name E-mail address Business role Licensee (current, previous or potential) affiliation | HubSpot Inc. | To enable use of CRM and sales system | Our interest to maintain and develop our business | Processor |
Ip adresses, User id | Google Analytics | Analyze user behaviour on the website | Our interest to maintain and develop our business | Processor |
IP adresses | Lead Forensics Ltd | Analyze visitors on website | Our interest to maintain and develop our business | Processor |
6. Where we process your personal data and protective measures in place
All processing of personal data occurs with respect of the personal integrity and in accordance with provisions of GDPR and other relevant legislation. To achieve a complete integrity protection, we have made sure that personal data is protected by modern and effective technique.
Only authorised employees/consultants have access to our infrastructure. All the key authentication information is protected by two-factor authentication. BoardClic has further resolved on internal routines and policies regarding the officers’ access to personal data and continuous review (every quarter) of the processing of personal data to minimize the data no longer serving its purpose or lawful basis.
7. About cookies
A cookie is a small text file which the website you visit ask your permission to place on your device. Cookies are used at a majority of websites to give the users access to various functions. The text file is used e.g. to make user experience more effective and to enable to save certain of your choices/preferences made on the website. There are several types of cookies:
Permanent cookies – saved in the visitor’s device during a certain time or until you delete them manually.
Session cookies – saved temporarily in the device’s memory during
the period the visitor is using the website.
First-party cookies – are set up by our Website and are used mostly to enable functionality on the Website and to make the Website more effective.
Third-party cookies – are set up by a third party, e.g. a contractor to us.
Necessary cookies – cookies we have a right to use without asking for your permission. These cookies are only making your stay on our Website more effective and enabling you to use the Website’s all functions.
Optional cookies – cookies we need to ask your permission to use. These cookies can both be cookies that are improving functionalities on the Website and cookies enabling our marketing.
Some of our cookies are collecting personal data and GDPR is applicable for this processing. See more about the personal data collected by cookies in Section 3 above.
Below we are stating all the cookies that are used by the Website and the functions of the cookies.
7.1. Compiling of cookies
The Website uses the cookies specified in the below list. In accordance with the law on electronic communication (2022:482), BoardClic is allowed to store cookies on your device if such cookies are necessary for the use of the Website. Your consent is needed for all other purposes and the consent is collected when you visit the Website.
You can change or withdraw your consent to the cookie commitment on the Website or by adjusting the setting in your web browser. We will not transfer the information collected by cookies to a third party other than our contractors helping us with the Website.
Necessary cookies These cookies are necessary for the Website to work properly and are not possible to shut down. You can adjust your web browser to block these cookies or warn you about them, but this may result in a partly failure of the Website. No personal information is stored in these cookies. | ||||
| Cookie key | Area of use | Domain | Type | Storage |
| __cf_bm | Determining whether the visitor is a human or a bot | boardclic.com | Third-party cookie (CloudFare) | Twentyfour (24) hours |
| _board_clic_session | Authentication during the use of the Service | app.boardclic.com | First party cookie | Session |
| _boardclic_key | Authentication during the use of the Service | next.boardclic.com | First party cookie | Session |
| _heroku-session-affinity | A platform feature that associates all HTTP requests coming from an end-user with a single application instance (web dyno), applicable during the use of the Service | app.boardclic.com | Third party cookie (Heroku) | Session |
| __hs_initial_opt_in | This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode | boardclic.com | Third-party-cookie (HubSpot) | Seven (7) days |
| __hs_opt_out | This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again | boardclic.com | Third-party-cookie (HubSpot) | Six (6) months |
| hs-messages-is-open | This cookie is used to determine and save whether the chat widget is open for future visits | boardclic.com | Third-party-cookie (HubSpot) | Thirty (30) minutes |
| hs-messages-hide-welcome-message | This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed | boardclic.com | Third-party-cookie (HubSpot) | One (1) day |
Optional cookies These cookies are enabling us to understand how a visitor interacts with the Website by collecting and reporting information to us. | |||||
| Cookie key | Area of use | Domain | Type | Storage | |
| _ga | Used to distinguish users | boardclic.com | Third-party cookie (Google Analytics) | Two (2) years | |
| _gid | Used to distinguish users | boardclic.com | Third-party cookie (Google Analytics) | Twentyfour (24) hours | |
| Used to throttle request rate | boardclic.com | Third-party cookie (Google Analytics) | One (1) minute | |
Mp_*_mixpanel
| User statistics, applicable during the use of the Service | app.boardclic.com | Third-party cookie (Mixpanel) | One (1) year | |
| _hstc | Tracking visitors | boardclic.com | Third-party cookie (Hubspot) | Six (6) months | |
| messagesUtk | Used to recognize visitors who chat with you via the chatflows tool | boardclic.com | Third-party cookie (HubSpot) | Six (6) months | |
| hubspotutk | This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts | boardclic.com | Third-party cookie (HubSpot) | Six (6) months | |
| __hssrc | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser | boardclic.com | Third-party-cookie (HubSpot) | Session | |
7.2. How to shut down cookies
You can manage our usage of cookies on the Website or by adjusting the setting of your web browser.
Website – We are asking for your consent for our usage of cookies every 30th day. This means that if we do not receive a new consent from you every 30th day, we will not use the cookies that are need your approval. You can at any time withdraw your consent. You can withdraw your consent by clicking on decline on the Website.
Web browser – Web browsers are giving opportunity to shut down all or categories of cookies applied to the websites you have visited in the web browser or to delete cookies when you close the web browser. You can also adjust the settings ad receive a request every time the website is trying to place a cookie on your device and you can also delete all placed cookies. Every type of web browser has its own settings for the managing of cookies, see the help pages of the web browser you use for more information.
8. Automated decision-making, including profiling
The personal data we process as controllers is not subject to automated decision-making or profiling.
9. Updates of this Privacy and Cookie Policy
We will update this document when we find it necessary, e.g. when we add new processing. When this document is changed the date of the last update will be stated in the upper left corner of the document.