TEKNOSELL KB PRIVACY POLICY

I. Introduction.

II. Who is responsible for processing your personal data?

III. What personal data do we collect and why?

1. Website visitors.

2. Contact form.

3. Demo calls.

4. Coaching and training participants.

5. Creation of a global good examples library.

6. Collecting references and testimonials.

7. Collaboration with freelancers and contractual partners.

8. Managing relationships with contractors and service providers.

9. Purchasing.

10. Social media interactions.

IV. Cookies.

V. Who do we share your data with?

VI. Transfers of data outside the European Economic Area (EEA).

VII. Necessity of providing data and source of data.

VIII. Your rights.

IX. Data retention periods.

X. Data security.

XI. Data Protection Impact Assessment (DPIA).

XII. Identity verification.

XIII. Changes to this Privacy Policy.

I. Introduction:


At Teknosell KB, we are committed to protecting the privacy of all individuals we engage with, including training participants, contractors, freelancers, service providers, and users of our websites and social media channels. This Privacy Policy outlines the circumstances under which we collect, process, and share personal data, as well as your rights concerning the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

II. Who is responsible for processing your personal data?


The controller of your personal data is Teknosell KB, located at Vasa Kyrkogata 1, 411 27 Gothenburg, Sweden. If you have any questions regarding the processing of your personal data, please contact our Data Protection Officer (DPO), Marta Megger, at [email protected].


III. What personal data do we collect and why?


1.  Website visitors:

What data we collect: information automatically collected during visits to the website, such as IP address, cookies, browser data, and device data.

Purpose of processing:

• analysing website traffic and user behaviour to improve website functionality;

• personalising content and marketing offers;

• ensuring security and detecting abuse.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) – analysing and optimising the website, ensuring security.

Data source: data is automatically collected when using the website.

2. Contact form:

What data we collect: name, email address, company name, message content.

Purpose of processing: responding to inquiries, providing information, or resolving issues submitted via the contact form.

Legal basis: consent (Art. 6(1)(a) GDPR) – given when submitting the form.

Data source: data is provided directly by the person filling out the form.

3. Demo calls:

What data we collect: name, email address, phone number, company name, message content.

Purpose of processing:

• organising and conducting demo calls, including sending reminders and follow-up inquiries;

• recording the demo call to demonstrate how our training works and for training purposes.

Legal basis:

• consent (Art. 6(1)(a) GDPR) – for processing data and recording the call;

• legitimate interest (Art. 6(1)(f) GDPR) – for improving service quality and maintaining internal records.

Data source: data is provided directly by demo call participants or their employer.

Additional information:

• Participants are informed that the call will be recorded at the start of the demo call. If a participant’s data was provided by their employer, this will be communicated in the confirmation email.

• Participants have the option to withdraw consent for the processing of their personal data and the recording of the call, without affecting the lawfulness of processing that took place before the withdrawal.

4. Coaching and training participants:

Scenario 1: Standard coaching sessions without OpenAI:

What data we collect: name, email address, job title, company name, call records, performance evaluations, coaching notes.

Purpose of processing:

• conducting coaching sessions to develop participants' skills;

• documenting results and session details for archival purposes and compliance with internal standards.

Legal basis:

• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for the delivery of coaching services;

• legitimate interest (Art. 6(1)(f) GDPR) – for evidence preservation and service quality improvement.

Data source: data is provided directly by coaching participants or their employer.

Scenario 2: Coaching sessions using OpenAI:

What data we collect: name, email address, job title, company name, voice recordings, call records, performance evaluations, coaching notes.

Purpose of processing:

• conducting coaching sessions and analysing voice recordings via the OpenAI API to evaluate call outcomes and provide personalised feedback;

• documenting session outcomes for archival purposes and service quality improvement.

Legal basis:

• consent (Art. 6(1)(a) GDPR) – for voice recording and processing data via OpenAI;

• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for the delivery of coaching services;

• legitimate interest (Art. 6(1)(f) GDPR) – for service quality improvement and evidence preservation.

Data source: data is provided directly by coaching participants or their employer.

Scenario 3: Coaching sessions for participants from China:

What data we collect: name, email address, job title, company name, voice recordings, call records, performance evaluations, coaching notes, and other data required by Chinese data protection laws.

Purpose of processing:

• conducting coaching sessions in compliance with Chinese data protection laws;

• processing voice recordings and other personal data in accordance with both Chinese law and GDPR;

• collected data may be transferred to external service providers located outside China, including the European Economic Area (EEA) and the United States, with appropriate safeguards such as standard contractual clauses in place.

Legal basis:

• consent (Art. 6(1)(a) GDPR and Art. 13 PIPL) – for data processing and transfer to China.

• performance of a contract (Art. 6(1)(b) GDPR and Art. 13 PIPL) – data processing is necessary for the delivery of coaching services.

• compliance with Chinese data protection laws, which may include additional requirements for data storage and processing.

Data source: data is provided directly by coaching participants, their employer, or as required by Chinese legal regulations.

Additional information:

• We fully comply with all relevant Chinese data protection laws (PIPL), including providing appropriate safeguards when transferring personal data outside China.

• Personal data is retained only for as long as necessary to fulfil the processing purposes, after which it is securely deleted or anonymised.

5. Creation of a Global Good Examples Library:

What data we collect: recordings of training sessions, which may include participants' personal data.

Purpose of processing: creating a global "Good Examples Library", available exclusively to the company ordering the training and its related entities.

Legal basis:

• consent (Art. 6(1)(a) GDPR) – for processing recordings in the global library;

• performance of a contract (Art. 6(1)(b) GDPR) – in cases where data is processed as part of the training sessions.

Data source: data is provided directly by training participants who have consented to its inclusion in the global examples library.

Additional information: personal data included in this library will not be shared with third parties that are not related entities of the company ordering the training.

6. Collecting references and testimonials:

What data we collect: name, job title, company name, country, content of the reference or testimonial.

Purpose of processing:

• publishing references on our website, social media (LinkedIn, Facebook), and in marketing materials (newsletters, brochures, presentations).

• promoting our services by sharing positive feedback from our clients.

Legal basis: consent (Art. 6(1)(a) GDPR) – for publishing testimonials with personal data.

Data source: data is provided directly by individuals giving references or testimonials.

7. Collaboration with freelancers and contractual partners:

What data we collect: name, address, email address, phone number, contract details, payment information (e.g., bank account number), project details, contracts, invoices.

Purpose of processing:

• managing collaboration with freelancers and contractual partners, including project management, communication, payment processing, archiving contract and payment documentation;

• legal protection, including documentation for potential claims and disputes.

Legal basis:

• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for contract fulfilment;

• legitimate interest (Art. 6(1)(f) GDPR) – for securing legal claims and maintaining archival documentation.

Data source: data is provided directly by freelancers, contractual partners, or their clients.

8. Managing relationships with contractors and service providers:

What data we collect: name, email address, phone number, contract details, payment information (e.g., bank account number), details regarding contracts and cooperation.

Purpose of processing:

• managing business relationships with contractors and service providers, including payment processing, communication regarding contract performance and settlements;

• legal protection, including documentation for potential claims and disputes.

Legal basis:

• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for contract fulfilment;

• legitimate interest (Art. 6(1)(f) GDPR) – for securing legal claims and maintaining archival documentation.

Data source: data is provided directly by contractors and service providers or their representatives.

9. Purchasing:

What data we collect: name, email address, phone number, company name, billing address (excluding payment card details).

Purpose of processing:

• processing orders for training packages and related payments.

• sending confirmations, receipts, and communications related to purchases.

• providing customer support in connection with purchases.

Legal basis:

• performance of a contract (Art. 6(1)(b) GDPR) – data processing is necessary for order and payment fulfilment;

• legitimate interest (Art. 6(1)(f) GDPR) – for providing customer support and effective service.

Data source: data is provided directly by purchasers or their representatives.

Additional information:

• All payment transactions are processed by external payment service providers, such as Stripe, which comply with relevant security standards. Teknosell KB does not store payment card details directly.

• For more information on our payment service providers' privacy policies, please visit the following links:

https://stripe.com/en-hu/privacy

10. Social media interactions:

What data we collect: username, content posted on our profiles, interactions with our posts (comments, reactions), messages sent via social media platforms.

Purpose of processing:

• managing our presence on platforms such as LinkedIn, Facebook, YouTube;

• communicating with users, responding to comments and messages, engaging the community in our activities;

• promoting our services and products, and building relationships with clients.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) – in conducting marketing activities, promoting services, and building client relationships.

Data source: data is provided directly by users of social media platforms.


IV. Cookies:

1. Our website uses cookies for various purposes:

• Functional cookies: these cookies are necessary for the website to function correctly, such as for logging in, remembering language settings, or shopping cart functionality.

• Analytical cookies: these cookies help us analyse website traffic and understand how users interact with our site. Examples include collecting data on the most visited pages and average time spent on the site.

• Marketing cookies: these cookies allow us to deliver content tailored to users' interests, including remarketing ads in networks such as Google Ads or Facebook Ads.

2. Types of cookies we use and retention periods:

• Vimeo cookies: store video player preferences, e.g., vuid, player, flags. Retention period: from one session to 2 years. Used for generating analytical information for the video owner and managing player settings.

• GoHighLevel cookies: manage interactions with forms and calendar, e.g., hl-calendar, hl-form, pixel_id. Retention period: from one session to 1 year. Used for auto-filling forms and tracking user interactions with features on the site.

• Cloudflare cookies: prevent bots, e.g., cf_clearance, cfuvid. Retention period: from 30 minutes to 1 year. Used for managing website security and enforcing traffic limitations.

3. Managing cookies:

You can manage your cookie preferences through your browser settings. Below are links to instructions for the most popular browsers:

Google Chrome,

Mozilla Firefox,

Safari,

Microsoft Edge.

V. Who do we share your data with?

Your personal data may be shared with the following categories of recipients:

• IT service providers: companies responsible for maintaining our IT infrastructure, including e-learning platforms and CRM systems.

• Payment service providers: companies processing online payment transactions.

• Marketing companies: entities supporting our marketing activities, e.g., managing advertising campaigns.

• Public authorities: if required by law, e.g., in connection with legal proceedings.

VI. Transfers of data outside the European Economic Area (EEA):

Your personal data may be transferred to countries outside the European Economic Area (EEA), such as the United States or China, in connection with the provision of our services, e.g., through platforms such as Zoom, Microsoft Teams, or tools provided by our technology partners. In such cases, we apply appropriate safeguards to ensure that your personal data is protected in accordance with GDPR requirements.

When transferring data outside the EEA, we implement the following safeguards:

• Standard contractual clauses approved by the European Commission, which oblige the data recipient to protect your data in accordance with European data protection standards.

• Additional technical and organisational safeguards, such as data encryption during transmission and restricting access to data to authorised personnel only.

• A risk assessment to ensure that the level of data protection in the recipient country is adequate and compliant with GDPR requirements.

VII. Necessity of providing data and source of data:

Providing your personal data is generally voluntary, but it may be necessary for specific purposes, such as fulfilling a contract or responding to your inquiries. Failure to provide required data may result in our inability to offer certain services or respond to your requests effectively.

In cases where we do not obtain your personal data directly from you, it may have been provided to us by your employer or an authorised representative (e.g., your manager) for purposes such as organising training sessions, scheduling demo calls, or managing contractual relationships. If your data was provided by another party, we will inform you of this when we first contact you regarding the specific purpose for which your data is being processed.

VIII. Your rights:

Regarding the processing of personal data, you have the following rights:

• Right of access: you can request information about what data we process.

• Right to rectification: you can request corrections to inaccuracies in your data.

• Right to erasure: you have the right to request the deletion of your data if it is no longer needed for the purposes for which it was collected.

• Right to restrict processing: you can request the restriction of data processing in certain situations.

• Right to data portability: you can request the transfer of your data to another entity.

• Right to object: you can object to the processing of your data based on our legitimate interest.

• Right to withdraw consent: you can withdraw your consent to data processing at any time.

o To withdraw your consent, please contact our Data Protection Officer (DPO) at [email protected]. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY), which can be contacted at Box 8114, 104 20 Stockholm, Sweden, or via email: [email protected]. If you are located in another EU country, you can lodge a complaint with the relevant supervisory authority in your country.

IX. Data security:

We implement advanced technical and organisational measures, such as SSL encryption, physical security measures, and access control, to ensure the security of your personal data.

X. Data Protection Impact Assessment (DPIA):

At Teknosell KB, we regularly conduct Data Protection Impact Assessments (DPIA) for data processing activities that may pose a high risk to the rights and freedoms of individuals. These assessments allow us to identify potential risks and take appropriate actions to mitigate them, which is crucial for ensuring compliance with GDPR and other data protection regulations.

XI. Identity verification:

To ensure the security of personal data, Teknosell KB requires identity verification from individuals requesting access to data, correction, deletion, or restriction of processing. Identity verification may involve requiring the presentation of identification or other forms of verification to ensure that the request is made by the authorised individual.

XI. Identity verification:

To ensure the security of personal data, Teknosell KB requires identity verification from individuals requesting access to data, correction, deletion, or restriction of processing. Identity verification may involve requiring the presentation of identification or other forms of verification to ensure that the request is made by the authorised individual.

XIII. Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our data processing practices or legal requirements. We will notify you of any significant changes via our website.