privacy and cookie policy

 

Last update: 2022-12-20

1.   We who process your personal data

BoardClic AB, reg. no 559152-7063 (”BoardClic”, “we”, “our” or “us”), is classified as a data controller for the processing of personal data, provided that a license agreement is not entered into, in which case, BoardClic is classified as a data processor of personal data which is submitted to BoardClic Board, Committee and CEO Evaluation tool (the “Service”).

BoardClic’s contact information is as follows:

BoardClic AB

559152-7063

Mosebacke torg 3

116 46 Stockholm

Telephone: +46 70 606 63 64

E-mail: info@boardclic.com

2.   To whom this information is applicable for

The information in this document is applicable for you, in certain parts, seen in the light of your engagement with BoardClic. The information is applicable for e.g.:

  • Visitors of boardclic.com (the “Website”)
  • Users of the Service (in order to understand which personal data we are data controllers of)
  • Contact persons at the licensees of the Service
  • Persons seeking contact by emailing us at info@boardclic.com

3.   Your rights

In accordance to GDPR you have a right to have a control over your personal data och receive information about the processing directly from the party processing such data. Do you wish to receive more information or get in contact with us in order to practice any of your rights? Please contact us at info@boardclic.com. We may ask you to verify yourself in order to make sure that the request to practice any of the below rights has been made by right person.

3.1.        Right to have your personal data deleted

You have a right to request that your personal data shall be deleted. In certain situations we do not have a possibility to delete your personal data. The reason for this is that the personal data is still necessary to process for a purpose which the data has been collected for, our interest to process the data is outweighing your interest to get the data deleted, or because we have a legal obligation to process the data.

3.2.        Right to be informed

You have a right to be informed on how we process your personal data. We are meeting this right by providing you with the information in this Privacy Policy and by answering your questions. If you are a user of the Service, the controller of your personal data is the licensee which has entered the license agreement with us. You have a right to receive information about the controller’s transfer of your personal data to us, directly from the controller.

3.3.        Right to access your personal data

You have a right to receive information whether BoardClic is processing your personal data and to receive an extract from the register (copy of your personal data being processed). By receiving an extract from the register your will understand which personal data we process about you.

3.4.        Right to data portability

You have a right to be given, and to use, your personal data elsewhere, for example on another Board, Committee and CEO Evaluation tool and we are obliged to facilitate such transfer of your personal data. This is provided that we process your personal data based on the data subject’s consent or to perform a contract with you and it applies only to such personal data that you have provided us yourself.

3.5.        Right to rectification

You have a right to request that inaccurate information about you is being rectified. This also means that you have a right to add such personal data that is missing and that is relevant taking into account the purpose of the personal data processing. If data is rectified at your request, we shall also inform those to whom we have provided data that data has been rectified. This does not however apply if it should prove to be impossible or would involve excessive effort. You also have a right to request to be given information about to whom your personal data has been provided.

3.6.        Right to limitation of processing

In certain cases, you have a right to demand that the processing of your personal data is limited. By “limited” is meant that the data is flagged so that it in future may only be processed for certain limited purposes.

The right to limitation applies among other things when you consider that the data is inaccurate and have requested rectification. You can in such cases also request that the processing of your personal data is limited while the accuracy of the data is investigated. When the limitation ceases to apply, you will be informed of this.

3.7.        Right to object

You have in certain cases a right to object to your personal data being processed. The right to object applies when personal data is processed in order to carry out a task in the public interest, as part of the exercise of official authority or after a weighing of interests has been made.

If you object to the processing in such cases, we may continue to process your data only if it can be demonstrated that there are compelling legitimate reasons for the data needing to be processed that override your interests, rights and freedoms or if the processing is carried out for the establishment, exercise or defence of legal claims.

 

You always have a right to object to your personal data being used for direct marketing. Such objections can be made at any time. If an objection to direct marketing is made, your personal data may no longer be processed for such purposes.

3.8.        Right to withdraw your consent

Our processing of your personal data collected by cookies is mostly based on a consent from you. You can always withdraw your consent by choosing the action in the menu for cookies on the Website or adjust cookie settings in your web browser. Read more about the cookies we use in Section 7 below.

If you have provided a consent to a licensee of the Service, please contact the licensee to withdraw such consent.

3.9.        Right to file complaints

If you have a complaint about our processing of your personal data, you have a right to file such complaint to the Swedish Authority for Privacy Protection. Swedish Authority for Privacy Protection studies all complaints and assesses whether to proceed with the matter and then informs the person who made the complaint.

You can reach the authority on www.imy.se or Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.

 

4.   Personal data being processed divided by category of individuals and with statement of purpose, lawful basis and time of processing

 

4.1.        When you visit the Website

Personal data

What we use the data for (purpose)

From where we collected the data

Lawful basis

Time of procesing

Behavioural patterns of your use of the Website

To get to know the visitors’ behavioural patterns when they are using the Website in order to improve the user experience

Optional third-party cookies:

– Google Analytics

– Hubspot

 

Consent

Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7.

IP adress

To get insights on anonymous users on the Website

Optional third-party cookies:

Google Analytics

HubSpot

Lead Forensics

Consent

Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7.

User ID

To present messaging services to the Website’s users

Optional third-party cookies: Hubspot

Consent

Your consent to our use of cookies is valid for six (6) months whereupon you are asked to give us a new consent. We are deleting the history every 6 months if we have not received a new consent from you. You have always a right to withdraw your consent and also to shut down all cookies by stating so in the settings of your web browser. Read more in Section 7.

 

4.2.        When you represent a (current or potential) licensee of the Service

Personal data

What we use the data for (purpose)

From where we collected the data

Lawful basis

Time of procesing

E-mail address

Name

Username

Mobile phone number

Business role

Name of the (current, previous or potential) licensee

To identify the representative for a (current or potential) licensee of the Service and maintain the contractual relationship

From the representative him-/herself

Contractual necessity

As long as we have an ongoing license agreement with the licensee you represent. After the termination of the license agreement the personal data shall be anonymized within sixty (60) days and therefore shall no longer constitute personal data.

E-mail

Name

Business role

To send marketing material after the license agreement is terminated

From the representative him-/herself

Our interest to market our Service

We will save your personal data for 365 days for this purpose and contact you with marketing material within this period of time. You have a possibility to stop receiving our marketing material by click on such choice button in every of our marketing sending.

 

4.3.        Persons seeking contact by emailing us at info@boardclic.com   

Personal data

What we use the data for (purpose)

From where we collected the data

Lawful basis

Time of procesing

E-mail address

Name

Username

Mobile phone number

Business role

Name of the (current, previous or potential) licensee

To identify the representative for a (current or potential) licensee of the Service and maintain the contractual relationship

From the representative him-/herself

Contractual necessity

As long as we have an ongoing license agreement with the licensee you represent. After the termination of the license agreement the personal data shall be anonymized within sixty (60) days and therefore shall no longer constitute personal data.

E-mail

Name

Business role

To send marketing material after the license agreement is terminated

From the representative him-/herself

Our legitimate interest to market our Service

We will save your personal data for 365 days for this purpose and contact you with marketing material within this period of time. You have a possibility to stop receiving our marketing material by click on such choice button.

E-mail

Name

Business

role

To send marketing material and newsletters to representatives of a potential licensee

From the representative him-/herself

Our legitimate interest to market our Service

We will save your personal data for 365 days for this purpose and contact you with marketing material within this period of time. You have a possibility to stop receiving our marketing material by click on such choice button.

 

4.4. About our balance of interests

For certain purposes, BoardClic processes your personal data and relies on our legitimate interest as a legal basis for the processing. When assessing the legal basis, we rely on a balance of interests test through which we have determined that our legitimate interests in the processing outweigh your interest and your fundamental right not to have your personal data processed. We have indicated our legitimate interest in the tables above. Please contact us if you would like to read more about how we have done this test. Our contact details are listed above in this policy.

5.   Whom we share your personal data with

 

In specific cases it is necessary for us to share some of your personal data with entities which are helping us to operate our business.

We do not sell, or otherwise make public, any of the personal data to third parties. This do not include transfers to trusted third parties, such as e.g. a subcontractor, business partner or a subprocessor which is helping us to operate our business and is obliged through agreement to keep high confidentiality and to process the personal data in accordance to GDPR.

Below is a statement on the categories of receivers of personal data we process.

Personal data

Receiver

Purpose of the transfer the personal data

Lawful basis

Whether the receiver is a processor or independent controller alt. joint controller

Personal data

Name

User name

E-mail address

Roles

Competencies

Company affiliation

Responses stated on the form or survey by the registered subject

Heroku Inc.

Hosting of the application

Our interest to maintain and develop our business

Processor

E-mail address

OhMySMTP Ltd

Transactional email service

Our interest to maintain and develop our business

Processor

IP-address

Internet operator

Operating system

Device type

Location

Mixpanel, S.L.

To receive user analytics

Our interest to maintain and develop our business

Processor

Name

E-mail address

Business role

Name of the (current, previous or potential) licensee

 Custify SRL

To enable use of a CRM-system

Our interest to maintain and develop our business

Processor

Name

E-mail address

Business role

Licensee (current, previous or potential) affiliation

HubSpot Germany GmbH Ltd

To enable use of CRM and sales system

Our interest to maintain and develop our business

Processor

Ip adresses, User id

Google Analytics

Analyze user behaviour on the website

Our interest to maintain and develop our business

Processor

IP adresses

Lead Forensics Ltd

Analyze visitors on website

Our interest to maintain and develop our business

Processor

 

6.   Where we process your personal data and protective measures in place

 

The personal data we process as controllers is stored only within EU/EES.

 

All processing of personal data occurs with respect of the personal integrity and in accordance with provisions of GDPR and other relevant legislation. To achieve a complete integrity protection, we have made sure that personal data is protected by modern and effective technique.

Only authorised employees/consultants have access to our infrastructure. All the key authentication information is protected by two-factor authentication. BoardClic has further resolved on internal routines and policies regarding the officers’ access to personal data and continuous review (every quarter) of the processing of personal data to minimize the data no longer serving its purpose or lawful basis.

7.   About cookies

A cookie is a small text file which the website you visit ask your permission to place on your device. Cookies are used at a majority of websites to give the users access to various functions. The text file is used e.g. to make user experience more effective and to enable to save certain of your choices/preferences made on the website. There are several types of cookies:

Permanent cookies – saved in the visitor’s device during a certain time or until you delete them manually.

Session cookies – saved temporarily in the device’s memory during

 the period the visitor is using the website.

First-party cookies – are set up by our Website and are used mostly to enable functionality on the Website and to make the Website more effective.

Third-party cookies – are set up by a third party, e.g. a contractor to us.

Necessary cookies – cookies we have a right to use without asking for your permission. These cookies are only making your stay on our Website more effective and enabling you to use the Website’s all functions.

Optional cookies – cookies we need to ask your permission to use. These cookies can both be cookies that are improving functionalities on the Website and cookies enabling our marketing.

 

Some of our cookies are collecting personal data and GDPR is applicable for this processing. See more about the personal data collected by cookies in Section 3 above. 

 

Below we are stating all the cookies that are used by the Website and the functions of the cookies.

 

7.1.        Compiling of cookies

The Website uses the cookies specified in the below list.  In accordance with the law on electronic communication (2022:482), BoardClic is allowed to store cookies on your device if such cookies are necessary for the use of the Website. Your consent is needed for all other purposes and the consent is collected when you visit the Website.

You can change or withdraw your consent to the cookie commitment on the Website or by adjusting the setting in your web browser. We will not transfer the information collected by cookies to a third party other than our contractors helping us with the Website.

 

Necessary cookies

These cookies are necessary for the Website to work properly and are not possible to shut down. You can adjust your web browser to block these cookies or warn you about them, but this may result in a partly failure of the Website. No personal information is stored in these cookies.

Cookie key

Area of use

Domain

Type

Storage

__cf_bm

Determining whether the visitor is a human or a bot

boardclic.com

Third-party cookie (CloudFare)

Twentyfour (24) hours

_board_clic_session

Authentication during the use of the Service

app.boardclic.com

First party cookie

Session

_boardclic_key

Authentication during the use of the Service

next.boardclic.com

First party cookie

Session

_heroku-session-affinity

A platform feature that associates all HTTP requests coming from an end-user with a single application instance (web dyno), applicable during the use of the Service

app.boardclic.com

Third party cookie (Heroku)

Session

__hs_initial_opt_in

This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode

boardclic.com

Third-party-cookie (HubSpot)

Seven (7) days

__hs_opt_out

This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again

boardclic.com

Third-party-cookie (HubSpot)

Six (6) months

hs-messages-is-open

This cookie is used to determine and save whether the chat widget is open for future visits

boardclic.com

Third-party-cookie (HubSpot)

Thirty (30) minutes

hs-messages-hide-welcome-message

This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed

boardclic.com

Third-party-cookie (HubSpot)

One (1) day

 

Optional cookies

These cookies are enabling us to understand how a visitor interacts with the Website by collecting and reporting information to us.

Cookie key

Area of use

Domain

Type

Storage

_ga

Used to distinguish users

boardclic.com

Third-party cookie (Google Analytics)

Two (2) years

_gid

Used to distinguish users

boardclic.com

Third-party cookie (Google Analytics)

Twentyfour (24) hours

_gat

Used to throttle request rate

boardclic.com

Third-party cookie (Google Analytics)

One (1) minute

Mp_*_mixpanel

 

User statistics, applicable during the use of the Service

app.boardclic.com

Third-party cookie (Mixpanel)

One (1) year

_hstc

Tracking visitors

boardclic.com

Third-party cookie (Hubspot)

Six (6) months

messagesUtk

Used to recognize visitors who chat with you via the chatflows tool

boardclic.com

Third-party cookie (HubSpot)

Six (6) months

hubspotutk

This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts

boardclic.com

Third-party cookie (HubSpot)

Six (6) months

__hssrc

Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser

boardclic.com

Third-party-cookie (HubSpot)

Session

 

7.2.        How to shut down cookies

You can manage our usage of cookies on the Website or by adjusting the setting of your web browser.

Website – We are asking for your consent for our usage of cookies every 30th day. This means that if we do not receive a new consent from you every 30th day, we will not use the cookies that are need your approval. You can at any time withdraw your consent. You can withdraw your consent by clicking on decline on the Website.

Web browser – Web browsers are giving opportunity to shut down all or categories of cookies applied to the websites you have visited in the web browser or to delete cookies when you close the web browser. You can also adjust the settings ad receive a request every time the website is trying to place a cookie on your device and you can also delete all placed cookies. Every type of web browser has its own settings for the managing of cookies, see the help pages of the web browser you use for more information.

8.   Automated decision-making, including profiling

 The personal data we process as controllers is not subject to automated decision-making or profiling. 

9.   Updates of this Privacy and Cookie Policy

We will update this document when we find it necessary, e.g. when we add new processing. When this document is changed the date of the last update will be stated in the upper left corner of the document.