TEKNOSELL KB PRIVACY POLICY
Last updated: 05.09.2025
I. Introduction.
II. Who is responsible for processing your personal data?
III. What personal data do we collect and why?
1. Website visitors.
2. Contact form.
3. Demo calls.
4. Coaching and training participants.
5. Webinar registrations.
6. Creation of a global good examples library.
7. Collecting references and testimonials.
8. Collaboration with freelancers and contractual partners.
9. Managing relationships with contractors and service providers.
10. Purchasing.
11. Social media interactions.
IV. Cookies.
V. Who do we share your data with?
VI. Transfers of data outside the European Economic Area (EEA).
VII. Necessity of providing data and source of data.
VIII. Your rights.
IX. Data retention periods.
X. Data security.
XI. Data Protection Impact Assessment (DPIA).
XII. Identity verification.
XIII. Changes to this Privacy Policy.
I. Introduction:
At Teknosell KB, we are committed to protecting the privacy of all individuals we engage with, including training participants, contractors, freelancers, service providers, and users of our websites and social media channels. This Privacy Policy outlines the circumstances under which we collect, process, and share personal data, as well as your rights concerning the processing of your personal data in accordance with the General Data Protection Regulation (GDPR), the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), and other applicable laws.
II. Who is responsible for processing your personal data?
The controller of your personal data is Teknosell KB, located at Östra Hamngatan 17, 411 10 Gothenburg, Sweden. If you have any questions regarding the processing of your personal data, please contact our Data Protection Officer (DPO), Marta Megger, at [email protected].
III. What personal data do we collect and why?
1. Website visitors:
What data we collect: information automatically collected during visits to the website, such as IP address, cookies, browser data, and device data.
Purpose of processing:
• analysing website traffic and user behaviour to improve website functionality;
• personalising content and marketing offers;
• ensuring security and detecting abuse.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR) – analysing and optimising the website, ensuring security.
Data source: data is automatically collected when using the website.
2. Contact form:
What data we collect: name, email address, company name, message content.
Purpose of processing: responding to inquiries, providing information, or resolving issues submitted via the contact form.
Legal basis: consent (Art. 6(1)(a) GDPR) – given when submitting the form.
Data source: data is provided directly by the person filling out the form.
4. Coaching and training participants:
Scenario 1: Standard coaching sessions without OpenAI:
What data we collect: name, email address, job title, company name, call records, performance evaluations, coaching notes.
Purpose of processing:
• conducting coaching sessions to develop participants' skills;
• documenting results and session details for archival purposes and compliance with internal standards.
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for the delivery of coaching services;
• legitimate interest (Art. 6(1)(f) GDPR) – for evidence preservation and service quality improvement.
Data source: data is provided directly by coaching participants or their employer.
Scenario 2: Coaching sessions using OpenAI:
What data we collect: name, email address, job title, company name, voice recordings, call records, performance evaluations, coaching notes.
Purpose of processing:
• conducting coaching sessions and analysing voice recordings via the OpenAI API to evaluate call outcomes and provide personalised feedback;
documenting session outcomes for archival purposes and service quality improvement, in line with applicable data protection and AI transparency obligations.
Legal basis:
• consent (Art. 6(1)(a) GDPR) – for voice recording and processing data via OpenAI;
• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for the delivery of coaching services;
• legitimate interest (Art. 6(1)(f) GDPR) – for service quality improvement and evidence preservation.
Data source: data is provided directly by coaching participants or their employer.
Scenario 3: AI-assisted generation of coaching comments:
What data we collect: voice recordings, performance evaluations, and coaching-related interaction history – used to generate AI-assisted draft coaching comments.
Purpose of processing:
• to support trainers in preparing coaching feedback by using AI-generated text suggestions;
• to improve efficiency and consistency in training delivery while maintaining full human oversight.
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR) – delivery of coaching services;
• legitimate interest (Art. 6(1)(f) GDPR) – improving training quality and internal processes;
• transparency requirement under the EU Artificial Intelligence Act (Regulation (EU) 2024/1689, Art. 52(1)).
Data source: data is provided directly by the coaching participant or their employer as part of the training programme.
Additional information:
• the final version of the comment is always reviewed, edited, and approved by a human trainer;
• AI-generated content is not used for automated decision-making and does not produce binding results for participants;
• data processed in this scenario is not used for large-scale model training or shared with external providers beyond Teknosell’s contracted AI service providers;
• users are also informed about the involvement of AI directly within the Teknosell Coaching Platform (TCP), for example in the “About the Programme” or “Help Page” or FAQ section, ensuring transparency in line with Art. 52(1) AI Act.
Scenario 4: Coaching sessions for participants from China:
What data we collect: name, email address, job title, company name, voice recordings, call records, performance evaluations, coaching notes, and other data required by Chinese data protection laws.
Purpose of processing:
• conducting coaching sessions in compliance with Chinese data protection laws;
• processing voice recordings and other personal data in accordance with both Chinese law and GDPR;
• collected data may be transferred to external service providers located outside China, including the European Economic Area (EEA) and the United States, with appropriate safeguards such as standard contractual clauses in place.
Legal basis:
• consent (Art. 6(1)(a) GDPR and Art. 13 PIPL) – for data processing and transfer to China;
• performance of a contract (Art. 6(1)(b) GDPR and Art. 13 PIPL) – data processing is necessary for the delivery of coaching services;
• compliance with Chinese data protection laws, which may include additional requirements for data storage and processing.
Data source: data is provided directly by coaching participants, their employer, or as required by Chinese legal regulations.
Additional information:
• We fully comply with all relevant Chinese data protection laws (PIPL), including providing appropriate safeguards when transferring personal data outside China.
• Personal data is retained only for as long as necessary to fulfil the processing purposes, after which it is securely deleted or anonymised.
3. Demo calls:
What data we collect: name, email address, phone number, company name, message content.
Purpose of processing:
• organising and conducting demo calls, including sending reminders and follow-up inquiries;
• recording the demo call to demonstrate how our training works and for training purposes.
Legal basis:
• consent (Art. 6(1)(a) GDPR) – for processing data and recording the call;
• legitimate interest (Art. 6(1)(f) GDPR) – for improving service quality and maintaining internal records.
Data source: data is provided directly by demo call participants or their employer.
Additional information:
• Participants are informed that the call will be recorded at the start of the demo call. If a participant’s data was provided by their employer, this will be communicated in the confirmation email.
• Participants have the option to withdraw consent for the processing of their personal data and the recording of the call, without affecting the lawfulness of processing that took place before the withdrawal.
5. Programme surveys:
What data we collect: responses provided in post-training evaluation surveys, which may include satisfaction ratings, qualitative feedback, improvement suggestions, and – where applicable – identification details (e.g. name, e-mail address). In some surveys, providing identification details may be required to ensure consistency of results (e.g. before/after comparisons) and to enable follow-up with participants who have not responded.
Purpose of processing:
• to evaluate the quality and effectiveness of our training programmes;
• to gather feedback for the continuous improvement of services;
• to provide clients with aggregated reports on programme outcomes (without disclosing individual identities unless explicitly agreed).
Legal basis:
• legitimate interest (Art. 6(1)(f) GDPR) – improving training quality, evaluating service effectiveness, ensuring comparability of survey results, and enabling follow-up with participants who have not responded;
• performance of a contract (Art. 6(1)(b) GDPR) – where survey participation forms part of the training programme agreed with the client.
Data source: the data is provided directly by training participants when completing the survey.
Additional information:
• survey results are primarily reported in an aggregated and anonymised format;
• where individual responses are disclosed to the client, this will only occur if necessary for the training programme and in line with contractual arrangements;
• survey data is not used for automated decision-making or for training large-scale AI models.
6. Creation of a Global Good Examples Library:
What data we collect: recordings of training sessions, which may include participants' personal data.
Purpose of processing: creating a global "Good Examples Library", available exclusively to the company ordering the training and its related entities.
Legal basis:
• consent (Art. 6(1)(a) GDPR) – for processing recordings in the global library;
• performance of a contract (Art. 6(1)(b) GDPR) – in cases where data is processed as part of the training sessions.
Data source: data is provided directly by training participants who have consented to its inclusion in the global examples library.
Additional information: personal data included in this library will not be shared with third parties that are not related entities of the company ordering the training.
7. Collecting references and testimonials:
What data we collect: name, job title, company name, country, content of the reference or testimonial.
Purpose of processing:
• publishing references on our website, social media (LinkedIn, Facebook), and in marketing materials (newsletters, brochures, presentations).
• promoting our services by sharing positive feedback from our clients.
Legal basis: consent (Art. 6(1)(a) GDPR) – for publishing testimonials with personal data.
Data source: data is provided directly by individuals giving references or testimonials.
8. Collaboration with freelancers and contractual partners:
What data we collect: name, address, email address, phone number, contract details, payment information (e.g., bank account number), project details, contracts, invoices.
Purpose of processing:
• managing collaboration with freelancers and contractual partners, including project management, communication, payment processing, archiving contract and payment documentation;
• legal protection, including documentation for potential claims and disputes.
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for contract fulfilment;
• legitimate interest (Art. 6(1)(f) GDPR) – for securing legal claims and maintaining archival documentation.
Data source: data is provided directly by freelancers, contractual partners, or their clients.
9. Managing relationships with contractors and service providers:
What data we collect: name, email address, phone number, contract details, payment information (e.g., bank account number), details regarding contracts and cooperation.
Purpose of processing:
• managing business relationships with contractors and service providers, including payment processing, communication regarding contract performance and settlements;
• legal protection, including documentation for potential claims and disputes.
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for contract fulfilment;
• legitimate interest (Art. 6(1)(f) GDPR) – for securing legal claims and maintaining archival documentation.
Data source: data is provided directly by contractors and service providers or their representatives.
10. Purchasing:
What data we collect: name, email address, phone number, company name, billing address (excluding payment card details).
Purpose of processing:
• processing orders for training packages and related payments.
• sending confirmations, receipts, and communications related to purchases.
• providing customer support in connection with purchases.
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for order and payment fulfilment;
• legitimate interest (Art. 6(1)(f) GDPR) – for providing customer support and effective service.
Data source: data is provided directly by purchasers or their representatives.
Additional information:
• All payment transactions are processed by external payment service providers, such as Stripe, which comply with relevant security standards. Teknosell KB does not store payment card details directly.
• For more information on our payment service providers' privacy policies, please visit the following links:
11. Social media interactions:
What data we collect: username, content posted on our profiles, interactions with our posts (comments, reactions), messages sent via social media platforms.
Purpose of processing:
• managing our presence on platforms such as LinkedIn, Facebook, YouTube;
• communicating with users, responding to comments and messages, engaging the community in our activities;
• promoting our services and products, and building relationships with clients.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR) – in conducting marketing activities, promoting services, and building client relationships.
Data source: data is provided directly by users of social media platforms.
IV. Cookies:
1. Our website uses cookies for various purposes:
• Functional cookies: these cookies are necessary for the website to function correctly, such as for logging in, remembering language settings, or shopping cart functionality.
• Analytical cookies: these cookies help us analyse website traffic and understand how users interact with our site. Examples include collecting data on the most visited pages and average time spent on the site.
• Marketing cookies: these cookies allow us to deliver content tailored to users' interests, including remarketing ads in networks such as Google Ads or Facebook Ads.
2. Types of cookies we use and retention periods:
• Vimeo cookies: store video player preferences, e.g., vuid, player, flags. Retention period: from one session to 2 years. Used for generating analytical information for the video owner and managing player settings.
• GoHighLevel cookies: manage interactions with forms and calendar, e.g., hl-calendar, hl-form, pixel_id. Retention period: from one session to 1 year. Used for auto-filling forms and tracking user interactions with features on the site.
• Cloudflare cookies: prevent bots, e.g., cf_clearance, cfuvid. Retention period: from 30 minutes to 1 year. Used for managing website security and enforcing traffic limitations.
3. Managing cookies:
You can manage your cookie preferences through your browser settings. Below are links to instructions for the most popular browsers:
• Safari,
V. Who do we share your data with?
Your personal data may be shared with the following categories of recipients:
• IT service providers: companies responsible for maintaining our IT infrastructure, including e-learning platforms and CRM systems.
• Payment service providers: companies processing online payment transactions.
• Marketing companies: entities supporting our marketing activities, e.g., managing advertising campaigns.
• Public authorities: if required by law, e.g., in connection with legal proceedings.
VI. Transfers of data outside the European Economic Area (EEA):
Your personal data may be transferred to countries outside the European Economic Area (EEA), such as the United States or China, in connection with the provision of our services, e.g., through platforms such as Zoom, Microsoft Teams, or tools provided by our technology partners. In such cases, we apply appropriate safeguards to ensure that your personal data is protected in accordance with GDPR requirements.
When transferring data outside the EEA, we implement the following safeguards:
• Standard contractual clauses approved by the European Commission, which oblige the data recipient to protect your data in accordance with European data protection standards.
• Additional technical and organisational safeguards, such as data encryption during transmission and restricting access to data to authorised personnel only.
• A risk assessment to ensure that the level of data protection in the recipient country is adequate and compliant with GDPR requirements.
VII. Necessity of providing data and source of data:
Providing your personal data is generally voluntary, but it may be necessary for specific purposes, such as fulfilling a contract or responding to your inquiries. Failure to provide required data may result in our inability to offer certain services or respond to your requests effectively.
In cases where we do not obtain your personal data directly from you, it may have been provided to us by your employer or an authorised representative (e.g., your manager) for purposes such as organising training sessions, scheduling demo calls, or managing contractual relationships. If your data was provided by your employer or another authorised party (e.g. for training registration or scheduling), we will inform you via our publicly accessible Privacy Policy, in accordance with Article 14 GDPR. The link to this policy is available on our website and training platform before login.
In the case of AI-assisted coaching comments (Scenario 3), personal data such as performance evaluations or interaction history are provided directly by the participant or their employer solely for the purpose of the training programme. These data are not used outside the scope of training and are not utilised for large-scale model training or fine-tuning of AI systems.
VIII. Your rights:
Regarding the processing of personal data, you have the following rights:
• Right of access: you can request information about what data we process.
• Right to rectification: you can request corrections to inaccuracies in your data.
• Right to erasure: you have the right to request the deletion of your data if it is no longer needed for the purposes for which it was collected.
• Right to restrict processing: you can request the restriction of data processing in certain situations.
• Right to data portability: you can request the transfer of your data to another entity.
• Right to object: you can object to the processing of your data based on our legitimate interest.
• Right to withdraw consent: you can withdraw your consent to data processing at any time.
o To withdraw your consent, please contact our Data Protection Officer (DPO) at [email protected]. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY), which can be contacted at Box 8114, 104 20 Stockholm, Sweden, or via email: [email protected]. If you are located in another EU country, you can lodge a complaint with the relevant supervisory authority in your country.
IX. Data security:
We implement advanced technical and organisational measures, such as SSL encryption, physical security measures, and access control, to ensure the security of your personal data.
X. Data Protection Impact Assessment (DPIA):
At Teknosell KB, we regularly conduct Data Protection Impact Assessments (DPIA) for data processing activities that may pose a high risk to the rights and freedoms of individuals. These assessments allow us to identify potential risks and take appropriate actions to mitigate them, which is crucial for ensuring compliance with GDPR and other data protection regulations.
XI. Identity verification:
To ensure the security of personal data, Teknosell KB requires identity verification from individuals requesting access to data, correction, deletion, or restriction of processing. Identity verification may involve requiring the presentation of identification or other forms of verification to ensure that the request is made by the authorised individual.
XI. Identity verification:
To ensure the security of personal data, Teknosell KB requires identity verification from individuals requesting access to data, correction, deletion, or restriction of processing. Identity verification may involve requiring the presentation of identification or other forms of verification to ensure that the request is made by the authorised individual.
XIII. Changes to this Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in our data processing practices or legal requirements. We will notify you of any significant changes via our website.
