This personal data policy describes how Elerno Utbildning AB, org. no. 559215-5971, VAT. no. SE559215597101 (“Elerno”) processes your personal data. The terms «we», «ours», «ours» and «us» in this policy refer to Elerno.
We protect your privacy and will in all situations ensure that we process your personal data in a legal manner, which i.a. means:
- We process personal data in a correct and transparent manner.
- We collect personal data for the legitimate purposes (purposes) set out in this policy, and do not process the personal data in any way that is incompatible with these purposes.
- The personal data we process is adequate, relevant and necessary for the purposes for which it is collected and used.
- The personal data we process is correct and, if necessary, updated.
Below is further information on how we process your personal data.
1. Who is responsible for the processing of your personal data?
Elerno is responsible for your personal data and is responsible for ensuring that such processing takes place in accordance with current data protection regulations.
2. About whom do we process personal data?
- We process personal data about the following categories of people:
- Course participants, private individuals who participate in our suppliers’ courses
- Customers and other partners’ private individuals who are representatives of our existing or future customers / partners who, via ordering, purchasing or otherwise, show interest in our products or services.
- Visitors, ie. individuals who visit and use our website.
- Marketing recipients, ie. individuals who have signed up to receive our newsletters or join our customer club.
3. What personal data do we process about you?
We may process both information that you provide to us and that we collect from you.
3.1 For you who are a course participant
We may process the following personal information about you as a customer representative, and partner:
- Contact details, such as name, title, business connection, address, e-mail address and telephone number,
- Social security number (when required for course certificate / grade)
- Username (when required for the training)
- Trainings that you have completed
- Results on educations in the event that a course certificate / grade is to be issued
3.2 For you who are a customer and other partners
We may process the following personal information about you as a customer representative, and partner:
Contact details, such as name, title, address, e-mail address and telephone number,
copy of ID / driving license, and payment details.
3.3 For you who are a visitor
We may process the following personal information about you as a visitor:
- IP number and information about your use of Elerno’s website.
3.4 For you who are a marketing recipient
We may process the following personal information about you as a marketing recipient:
Contact information, such as name, address, email address and profile on social media, as well as IP number and information about your use of Elerno’s website.
4. Why and on what legal basis do we process your personal data?
We collect and process personal information for you as a course participant so that you can be provided with ordered training, issue course certificates, certificates, grades, etc. The legal basis for our processing of personal data about you is based on a balance of interests, ie. that the processing is necessary for a purpose relating to our legitimate interest in maintaining and fulfilling our obligations in contractual relations. If you do not provide your personal information, it is not certain that we can fulfill our obligations to the organization that ordered the training for you and that you do not have the opportunity to participate in the training provided by our suppliers.
In the event that you are a representative or contact person for an organization that is a customer or partner of ours, the legal basis for our processing of personal data about you is a balance of interests, ie. that the processing is necessary for a purpose relating to our legitimate interest in maintaining and fulfilling our obligations in contractual relations. If you do not provide your personal information, we may not be able to fulfill our obligations to the organization you represent.
We also collect and process personal information belonging to you as a visitor, marketing recipient and course participant, in order to ensure the quality of our business, to contact you and / or offer and market our services or products to you. We may also send you relevant marketing offers in the form of e.g. newsletters, promotional offers via e-mail, etc. The legal basis is that the processing is necessary for our legitimate interest in being able to develop our business and meet your needs as well as market our products and services that we believe you may be interested in. Our interest in processing your personal data for this purpose takes precedence over your possible interest in protecting your privacy in the light of the potential benefits that marketing brings to you. However, you have the right to object at any time to the processing of personal data for direct marketing.
Some personal data may also be processed due to the fact that Elerno has a legal obligation to complete, for example personal data that is processed as a result of our accounting obligation or other obligations that are incumbent on us by law.
In addition to the above, it should also be added that Elerno may process personal data with the support of consent, which in that case will be obtained separately from this personal data policy.
When concluding a customer agreement, the parties may need to agree on additional personal data processing in special projects. Separate information about the processing of personal data for special projects will be given and designed individually for each project.
5. How long do we store your personal information?
We never store data longer than necessary with regard to the purposes of the processing. We therefore carry out regular thinning out of stored personal data and delete the data that is no longer needed.
As a general rule, we save information about you as a course participant for six months after completing the training. However, the information can be saved longer in the case of such training that is to be repeated so that we have the opportunity to offer you supplementary training. We may also need to store the personal data according to the mentioned main rule, e.g. to administer any guarantees, insurances or complaint deadlines, to comply with legal requirements, to handle other legal claims that may be directed against Elerno or to market services and send offers that we believe may be of interest to you.
We store information about you as a representative of our customers and partners or suppliers as long as there is an active agreement. After the contractual relationship has ended, we save the personal data as long as a legal claim is made or can be asserted in connection with the agreement. However, we may need to store the personal data even after this time period, e.g. to administer any guarantees, insurance or complaint deadlines, to comply with legal requirements, to handle other legal claims that may be directed against Elerno but which do not derive from any agreement, or to market services and send offers that we believe may be of interest to you.
We store information about you as a marketing recipient until you object to the processing of your personal data. If you object to the processing, we will delete your personal data as soon as possible.
We store information about you as a visitor until you have objected to the processing of your personal data or for a maximum of 24 months after you last visited our website. If you object to the processing, we will delete your personal data as soon as possible.
6. Who has access to your information?
As an intermediary for training for our suppliers’ training, we will disclose the necessary personal information to current suppliers in order to be able to provide selected training. Elerno remains responsible for personal data for the personal data submitted. The supplier party becomes, depending on the circumstances, either an independent personal data controller, with Elerno joint personal data controller or Elerno’s personal data assistant.
We may also disclose course participants’ personal information to the organization that ordered and / or paid for the training. Elerno remains responsible for personal data for the personal data submitted. However, the organization will also be independently responsible for personal data.
Your personal information may also be disclosed to and processed by another third party. These may be group companies, service providers, legal advisers, auditors, business consultants, authorities, other authorities that provide student aid, etc. Examples of situations where your personal data may be transferred to third parties are when such action is required due to law, dispute, government request or decision, at your own request or when required to fulfill an interest justified to us. Elerno remains responsible for personal data for the personal data submitted. Depending on the circumstances, the third party will be either an independent personal data controller, with Elerno jointly responsible for personal data or Elerno’s personal data assistant.
7. How and where do we store your personal information?
Elerno takes appropriate technical and organizational measures to prevent unauthorized or illegal processing and access, loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.
Elerno may process your personal data both within and outside the EU / EEA. We will take the necessary measures to ensure that the transfer takes place in a lawful manner and that the personal data remains protected by the receiving parties outside the EU / EEA as well.
We also use third-party cookies that perform tracking across multiple domains so that we can provide marketing on other websites or media channels to you.
We do not store your personal information regarding cookies. You can block cookies and still have access to most of our content on the website. However, if you choose to block cookies, this may impair the functionality of the website. To block cookies, you must change the security settings in your browser.
Elerno may process your personal data through profiling, such as analysis of how you use our website, what services and offers you have been interested in, information about your purchases, etc. to provide you with offers that we believe suit you. You can object to the processing of personal data by profiling at any time. However, if such processing is necessary for the conclusion or performance of an agreement with you or if such processing is permitted under applicable law, we may still continue to process your personal data.
10. What rights do you have as a registrant?
10.1 Right of access
You have the right to contact us and request access to the personal data we process about you, as well as request information about e.g. the purposes of the processing and who received the personal data. Elerno will provide you with a free copy of the personal data processed. In the event of any extra copies, we may charge an administration fee.
10.2 Right to rectification and limitation
You have the right to have your personal data corrected or, under certain conditions, restricted without undue delay. If you believe that Elerno processes personal data about you that is incorrect or incomplete, you can demand that these be corrected or supplemented.
10.3 Right to delete
You also have the right to have your information deleted, e.g. if they are no longer necessary for the purpose or if their treatment is based on consent withdrawn. However, there may be legal requirements or contractual relationships that prevent us from deleting your personal data.
10.4 Right to object
You have the right to object at any time to the processing of your personal data if the legal basis for the processing consists of a balance of interests. You also have the right to object to the processing of your personal data at any time if these are processed for direct marketing.
10.5 Right to data portability
You have the right to retrieve the personal data you have provided to Elerno and store the data or transfer it to another personal data controller (data portability). However, this applies provided that it is technically possible and that the processing has been necessary for the fulfillment of an agreement.
10.6 Right to lodge a complaint
If you are dissatisfied with how we have processed your personal data, please contact us, see our contact details in section 12. You also have the right to submit a complaint about our personal data processing to:
Datainspektionen, Box 8114, 104 20 Stockholm, email@example.com
11. Changes to the policy
Elerno reserves the right to change and update this policy. In the event of material changes to the policy or if existing information is to be processed in a manner other than that specified in the policy, Elerno will inform about this in an appropriate manner.
12. Contact Elerno
For questions or other requests regarding personal data, please contact Elerno’s contact person regarding personal data management:
Elerno Utbildning AB, org.nr 559215-5971
Box 165, 281 22 Hässleholm
Email address: firstname.lastname@example.org
1. What personal information does Palms collect?
Palms only collects basic data such as your name and email address. It is possible to set up the system so that it collects more data – it is up to the system owner (your organization).
2. What other user data does Palms collect?
Palms collects learning data from educations and courses. Palms also collects data from coaching activities. The confidentiality of coaching activities is usually higher than learning data. On your profile under Privacy, you can see who has access to your coaching data.
3. Other information collected?
Our servers also collect web statistics, including IP addresses and user agents (operating systems, browsers, etc.). This is to be able to analyze system use, bottlenecks and potential security threats.
4. Why does Palms collect data?
Palms is about your learning and improving it. To be able to do that, we need to analyze information from previous courses, activities and coaching that you have participated in.
5. Who can see and access my information?
This is up to your employer to regulate. The default setting is that superusers in Palms can see all users’ data and users with statistics access to your profile can also see them. Your profile under confidentiality lists the users who can see your information. Often there is a superuser user called «Palm Administrator», it is used by Intermezzon Support to provide you with support and maintain the system. Intermezzon Support will always ask for your consent before we share your information.
In order to give you a good user experience, your login in Palms needs to be kept active when you use the system. To be able to do that and for Palms to remember who you are – we need to use a cookie. It cannot be read by anyone but Palms.
7. Can I or you delete my information?
Users with the right permissions can delete a user in Palms, including all of its related information. If your Palms user data is synchronized with another of your systems, that user may need to be deleted from that system first, otherwise the user will be recreated in Palms.
Keeping your information secure is very important to us. Here are the techniques we use to secure your information.
- HTTPS – All data traffic to and from our servers is encrypted via HTTPS.
- Single Sign On – Is the best way to log in when using an existing system that you already know and trust today. You can use Azure AD (Office 365) or ADFS to log in to Palms.
- User synchronization is only done with encrypted transmissions (SSH, SFTP, etc).
Elerno.se uses «Google reCAPTCHA» in the contact form. This allows users to be verified if it is a real person or an automated program. Recaptcha analyzes the behavior based on various characteristics directly a visitor uses the website. For example, IP numbers, length of visits, mouse movements, and more are analyzed. All data is sent to Google in the background without the visitor visual detection.
According to Art. 6 (1) (f) GDPR, the owner of the website has the right to protect his website from automated spam and attacks.