"We provide knowledge and information about CGMP and Quality Systems to the Life Science industry"

Privacy policy - Personal information

PDF Download in PDF format

The Key2Compliance AB privacy policy describes how we collect, manage, use, share, store and protect your personal information. This policy describes how we handle your personal information like:

1) Entered on a voluntary basis
2) Collected by us

A brief summary of our policy

  • We are clear and honest in how we handle your personal information
  • You should be able to easily change or delete data if you wish
  • We make sure your information is handled securely
  • It should always be easy to get in contact with us

Below is explained in more detail how we protect your information, your privacy rights and how the law protects you.

Our confidentiality statement

We commit ourselves to:

  • Handle your information safely and confidential
  • Do not sell your information and not forward it without your consent
  • Give you the opportunity to manage and review your data at any time

The new General Data Protection Regulation (GDPR) is in force from May 25, 2018

This policy describes most of your rights under the new laws. We regularly update our policy when changes take effect and when interpretations are available. To the extent that there are guidelines from appropriate industry organizations, we will follow these as far as possible. Privacy/Integrity processing matters are now a permanent item on the agenda during executive group meetings and board meetings.

How the law protects you

In addition to our confidentiality commitment, your privacy is protected by law. This section explains how it works.
According to the General Data Protection Regulation, we may only handle personal data if we have a legal reason to do so. This also includes processing outside of Key2Compliance AB. The law means we must meet one or more of these reasons:

  • Fulfill an agreement or a contract
  • Comply with legal obligations
  • When it is in our legitimate interest (balance of interest)
  • When you give your consent

Balance of interest means that we can process personal data without consent if our interests weigh heavier than the individual’s and whether the processing is necessary for the particular purpose.
Below we have listed the ways we can handle your personal information, and the reasons we rely on, to do so. We also describe our legal basis for processing the information.

What we use your personal information for:

Legal basis:

Our purpose:

• Manage our relationship with our contacts
• Develop new ways to meet customer needs and develop our business
• Develop and implement market activities
• Study how our services and products are used
• Give advice or guidance on our products and services

• Consent
• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Keep our records up to date, determine which of our products and services may interest you and tell you about them
• Develop products and services, and what we charge for them
• Define customer segments for new products or services
• Seek your consent when we need it to contact you
• Be effective in how we meet our legal and contractual obligations

• Develop and manage our brands, products and services
• Test new products and services
• Control how we cooperate with other providers of services

• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Develop our brands, products and services and what we charge for them
• Define customer segments for new products or services
• Be effective in how we meet our legal and contractual obligations

• Supply our products and services
• Invoice and manage customer payments
• Follow up and claim payments
• Manage and provide financial products and services

• Comply with agreement or contract
• Balance of interest
• Legal obligations

• Be effective in how we meet our legal and contractual obligations
• Meet our legal obligations

• Run our business in an efficient and correct manner

• Balance of interest
• Legal obligations

• Meet our legal obligations
• Be effective in how we meet our legal and contractual obligations

• Apply our rights as stipulated in agreements or contracts

• Comply with agreement or contract

• Be effective in how we meet our legal and contractual obligations


Grouping of personal data

We use many different types of personal data and group them as follows.

Type of personal data

Description

Contact

Contact information we save and how we contact you

Payment information

Details of payments

Agreements / Contracts

Details about the products or services we provide to you

Location

Data about where you are located, which may come from email or the address where you have your main employment

Behavior

Details on how you use our products and services

Technology

Details about devices and technologies you use

Communication

What we learn about you from letters, email messages and conversations between us

Open data and public documentation

Information about you that is openly available on the internet

User data

Other information about using our products and services

Consent

All permissions, consents or preferences you provide, including how you would like us to contact you

 

How and where we collect personal data

We may collect personal information about you from these sources:

Personal information we receive from you:
  • When you buy our products and services
  • When you contact us by email, phone or letter
  • When you use our websites, portals or apps and other web services
  • From customer surveys
  • When you participate in competitions, polls or campaigns
Personal information we collect when you are using our services, including amount, frequency, type, location, origin and recipient:
  • Payment and transaction data. We use PayEx and PayPal as online payment and security providers. Card details included in the booking process are entered directly with PayEx or PayPal, and your card information is never entered or stored in any of our systems. Once a payment is approved, PayEx or PayPal sends us a validated payment confirmation, which we store on our system.
  • Profile and user data. This includes the profile you create to identify yourself when you connect to our websites, portals or apps and other web services. It also contains other information about how to use these services. We collect this data from devices you use to connect to these services, such as computers and mobile phones, using cookies and Google Analytics / AdWords.

Third party personal information we use:
  • When companies and colleagues present you or recommend you to us
  • Social networks such as industry organization meetings and networking meetings
  • Social media such as Facebook, Instagram, Twitter, LinkedIn and YouTube
  • Marketing Research

Who do we share your personal information with?

We may need to share your personal information with other organizations to provide the product or service you have chosen or to:

  • Respond to government agencies, accountants, and insurance companies
  • Answer requests from your employer
  • Present you to other companies and individuals, such as course leaders and conference facilities
  • Answer mandatory market surveys and surveys
  • Manage payment services such as card transactions

How we use your personal information for automated decision making

We sometimes use systems to make automatic decisions based on personal information we have - or may collect from others - about you. It helps us to ensure that our decisions are quick, fair, effective and accurate, based on what we know. These automated decisions may affect the products, services or features we can offer you now or in the future, or the price we charge you for them.

See below for the types of automated decisions that we can make:

Pricing
  • We can decide what to charge for certain products and services based on the overall information (eg quantity discounts when multiple people from the same company sign up for a course)
Customize products and services
  • We can place you in groups with similar customer needs, so-called customer segments. We use these to study and learn about our customers' needs and make decisions based on what we learn. It helps us to design products and services for different customer segments and manage our relationships with them.

Sending personal information outside the EEA area

We only send your personal data outside the EEA area to:
  • Follow your instructions
  • Meet legal obligations
  • Work with our partners, agents or employees

Om If we transfer information outside the EEA, we will ensure that it is protected in the same way as if used in the EEA.

We use one of the following security measures:

  • Transmission of data to third countries outside the EEA with the same personal data protection as in the EEA
  • Establishes an agreement with the recipient which means that they commit to comply with the EEA standard
  • Transfer data to organizations included in Privacy Shield. This is a framework that sets out privacy standards for data sent between US and EU countries. This ensures that these standards are similar to those used in the EEA

Read more about the above on https://ec.europa.eu/info/law/law-topic/data-protection_sv

If you choose not to share your personal information

We may need to collect personal data by law or under the terms of an agreement we have with your employer or you.

If you choose not to give us access to your personal information, it may delay or prevent us from fulfilling our commitments and obligations. It may also mean that we cannot perform our services. This may mean that we cancel or terminate a delivery of product or service you have with us.

It will be clear which data is mandatory and which is voluntary at the time of data collection.

Marketing

We may use your personal information to tell you about relevant products, services and offers. This is what we mean when talking about "marketing."

The personal information we have about you consists of what you tell us, the data we collect when you use our products and services, or from any third party we cooperate with.

We assess your information to understand what you may want or need, or what may be of interest to you. This is how we find out what products, services and offers may be relevant to you.

We can only use your personal data for marketing purposes if we have your consent or if our interest weighs heavier, so-called Balance of interest. In this way, we have a business or commercial reason to use your information, but it should not lead to unfair processing of your information and in no way infringe your rights.

You may at any time ask us to stop sending you promotional messages by contacting us.

We may ask you to confirm or update your information if you purchase products or services from us in the future. We will also ask you the same if there are changes in the law, regulations or structure of our business.

If you change your mind, you can at any time update your information by contacting us.

How long do we keep your personal information

The time span for how long your personal data is stored is depending on usage, system and purpose, see below:

  • The basis for orders and invoicing are stored for 7 years according to the Swedish Accounting Act
  • Communication that forms the basis for agreements/contracts and complaints is stored as long as the case is still open and current
  • Inquiries and order documents that do not need to be archived as described above are deleted after 24 months
  • Customer database information is saved as follows:
    • Suspects, i.e. possible customers according to Balance of interest - until cancellation
    • Prospects, i.e. received inquiries - until cancellation
    • Customers, i.e. product and services orders - until cancellation
    • Data on unsubscribed or relocated individuals is stored separately if the information is the basis for course certification, however, max 5 years after last contact
    • Data on unsubscribed individuals is stored separately and blocked to avoid re-introduction
    • Other data that cannot be updated is deleted immediately
  • Signature lists and information for course administration are saved for 5 years and then deleted
  • Information in other portals for information and consent subscriptions as above
  • Information saved by suppliers with access to personal information as above and in accordance with a data processor agreement

We may handle your personal information for an indefinite period and if we do, we will ensure that your privacy is protected and secure and we commit to using the information for its specified purposes only.

How can I access my personal information

You can access your personal information by contacting us:
Key2Compliance AB
Tjädervägen 10
SE-18156 Lidingö
Sweden
Phone: +46-8 544 811 60
Email: info@key2compliance.com
Website contact form: https://www.key2compliance.com/int-contact.php

When you want to share your personal information with other companies or organizations

You also have the right to receive personal information from us as a digital file, where technically possible, so that you can retain and use them yourself and give them to other organizations if you choose. Please note that we will only disclose the information personally or at your personal request, not to agents or colleagues without your own consent.

If you wish, we can provide the information in an electronic format that can be reused or you can ask us to forward it to other companies or organizations for you. If you wish to do so, please contact us by email or write to us (see address above).

Let us know if your personal information is incorrect

You are entitled at any time to question all information we have about you and which you think is incorrect or incomplete. Please contact us if that is the case and we will correct your information immediately.

What happens if you want us to stop using your personal information

You may at any time object to our use of your personal information or ask us to remove the information or stop using your personal information if there is no need for us to retain the information. This is called the "right to object", "the right to be deleted" or "the right to be forgotten".

There may be legal obligations or other official reasons why we need to keep or use your information, but please tell us if you think we should not use them.

We may sometimes restrict the use of your data. This means that the data can only be used for certain occasions, such as legal obligations. In such a situation, we shall not use or share your information in other ways while it is limited.

You may ask us to restrict the use of your personal information if:

  • The information is incorrect
  • The information has been used illegally, but you do not want us to delete it
  • The information is no longer relevant, but you want us to keep it for legal reasons
  • You have already asked us to stop using your information, but you are awaiting our answer regarding if we can continue to use it for legitimate reasons

If you want to object to how we use your information or ask us to delete it or restrict how we use it, contact us as above.

How to withdraw your consent

You can withdraw your consent at any time. Please contact us as above if you wish to do so.

How to complain

If you revoke your consent, we may not be able to provide specific products or services to you. If so, we will inform you.

Please let us know if you are dissatisfied with how we have used your personal information. You can contact us as above.

You are also entitled to complain at the Swedish Data Inspectorate. On their website you can find instructions on how to make a complaint:
https://www.datainspektionen.se/dataskyddsreformen/dataskyddsforordningen/dataskyddsmyndighetens-roll/klagomal/

Cookies

We are committed to protect your personal information (anonymously or otherwise) that we collect about you online. The following describes how we use cookies and why and how this will help us improve our service. It also describes how you can handle which cookies are stored on your device.

By using our websites (via a device) you agree that this Cookie Policy applies to that use in addition to any other terms that may apply.

We reserve the right to change our Cookie Policy. Any changes will be described here and come into effect immediately. Your ongoing and continued use of our websites means you agree to these changes.

Cookies are files that contain small amounts of information downloaded to the device you use when you visit a website. Cookies are then sent back to the original website at each subsequent visit or to another website that recognizes that cookie. Cookies make many different and useful jobs, such as managing information in forms, remembering your preferences and improving your online experience. There are different types of cookies, but they all work the same way, with marginal differences.

Our site uses session cookies that are stored temporarily in the computer's memory while a visitor is on a web page. Session cookies disappear when you close your browser. The Google Analytics and Google AdWords services use different types of cookies to measure user interaction on the site. These are saved for different time periods, but no longer than 2 years.

If you wish to restrict or block cookies set on a site - including our sites - you should do so through the browser settings in all browsers you use, on any device you use to access the Internet. Please note that some of our services will not work if your browser does not accept cookies. However, you can allow cookies from specific websites by making them "trusted sites" in your browser.
Alternatively, visit www.allaboutcookies.org which contains comprehensive information on how to do it on a larger number of browsers.

Data security

Local storage, protection and backup

The information stored on our local server is protected by firewall and virus protection. Backup copies are saved on a daily basis both locally on hard disk and externally via cloud-based storage. Backup copies are saved for 6 months and then deleted automatically. The local LAN and Wi-Fi network is protected by firewall and virus protection.

Email

We use a hosted email service. Information stored on client computers and mobile phones must be password protected (login) and protected with Antispam and Antivirus.

External storage

For data security on external storage of information, we refer to our data processor agreements.

23 May 2018
Key2Compliance AB