1. HALDOR AND SERVICES
1.1. About us. Haldor AB, hereinafter referred to as the “Haldor”, is a Swedish EdTech company that develops user-friendly, educational add-ins seamlessly integrated amongst others in Microsoft Teams and Office 365, contributing to fun-filled learning, both inside and outside of the classroom.
1.2. The Service. Haldor is dedicated to developing and supporting a range of digital information management systems (including scheduling and planning tools, apps, software, web/hosting platforms, websites, and other services) integrating various functionalities enabling users (for example, students, teachers, mentors, administrators, and educational professionals) to plan and manage their daily operations in new ways, hereinafter referred to as the “Service”. For further information about the Service, please refer to haldor.se/en/services.
1.3. Privacy Statement. Haldor is committed to users’ privacy. We recognise that when you, as a user, upload and/or provide personal data to us, trust that we will respect your privacy. We do not take that trust lightly and have committed to safeguarding everyone’s privacy and protecting the information entrusted to us. We endeavour to provide services, which do not place the integrity of our users and visitors at risk.
2.2. Data protection principles. All processing of personal data by us is conducted in accordance with the data protection principles as set out in the GDPR and data protection laws and regulations in Sweden, specifically Article 5 of the GDPR, and in particular:
a) Lawfulness – We only process your information when we have identified a lawful basis for the intended personal data processing pursuant to Article 6 of the GDPR. These are often referred to as the “conditions for processing”, for example contractual or legal obligation, legitimate interest or explicit consent.
b) Fairness – We have made reasonable efforts to ensure not to use your data in any unjustified way or in a manner which may have adverse effects on our users, as well as kept to minimum in order to provide users with qualitative services.
c) Transparency – We have made our best efforts to provide you detailed information on our use of your personal information. Our users and visitors are encouraged to contact us whenever they have questions or seek information about our privacy procedures.
Our policies and procedures are to our best efforts designed to ensure compliance and conformity with these principles.
2.4. Scope. This Policy applies to all visitors to and users of Haldor website www.haldor.se and all other Haldor-owned and administered websites, domains, services, applications, and products. The Policy does neither consider nor include any information about privacy or digital security matters attributed to our business partners’ and retailers’. For further information on our business partners’, third party service providers’ and/or retailers’ use of your personal data, please refer to their respective and corresponding privacy and digital security policies and information.
3. HALDOR ROLE IN THE PROCESSINGS
3.1. In the context of this Policy, Haldor AB, company No. 5590237516, Thulegatan 1, SE-852 32 Sundsvall, Sweden, acts as:
- Data Controller in respect to certain account and system related data that you provide us or is generated when setting up, sign-in or otherwise use our Service, or when you visit our website or communicate with us.
- Data Processor in respect to all account-related user and customer contents that you provide, upload, store or otherwise process or share with us through the Service, Haldor websites and/or chose to share with other users, visitors, customers and/or the third parties.
3.2. Data Protection Officer. In light of the nature of the large scale of special categories of personal data categories being processed in the Service pursuant to Article 9 and 37(1)(b) of the GDPR, Haldor has appointed a Data Protection Officer (“DPO”). The contact details to the DPO are set out in section “Contact Information” below.]
4. WHAT PERSONAL DATA DO WE COLLECT FROM YOU?
4.1. We may collect personal data about you in several different ways. Personal data in this context is any and all data relating to a natural person that can be used, directly or indirectly, to identify a natural person, (for example, name, contact details, identification number, location data, images, customer contents, etc.).
Please take care when submitting personal data to us, in particular when completing free text fields, using our Services or other web related contents. Some of the functions integrated into our Service or websites are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
Our processing of your personal data is conditioned predominantly on the basis of explicit consent (in particular concerning student related information), legal obligations under law, contractual obligation to provide our Service, and your legitimate interest of us providing you service information, updates, news and/or other information which may enhance your use or experience with our Service or websites.
4.2. Account details. When you create a user account, we may collect a variety of personal data and information; including your username, e-mail address and password when you register with the Service. You have choices about the information on your profile and the information, such as first and last name, phone number, occupation, employer, and school. You do not have to provide additional information on your profile in the Service beyond what the system requires to provide you the Service and/or information; however, additional information may in some cases help you to get more from our Service.
4.3. Communications with us. When you interact with our support or online services or our websites, we may keep information about the correspondence, including your name, email address, telephone number and the reason why you contacted us and the advice we provided.
4.4. Personal data in the uploaded contents. When you use our Service, we may process the content that you choose to upload or otherwise submit or share in our Service, such as chat text, or videos, images, and audio files, or otherwise share with other users based on your privacy setting or the Service functions.
You do not have to actively post, share or upload personal data; however, if you do not, it may limit your ability to use and engage with our Service. It is your choice whether to include sensitive information on your profile and to make that sensitive information available to other users. We encourage you not to post, upload or add any personal data that you would not want to be shared or made publicly available.
4.5. Automated personal data collection. When you use our Service or interact with our website, we may receive or collect information about your use of them, such as:
a) Details of the online content viewed or interacted with, such as your browser software, pages you view and which items you “clicked” on.
b) Services, software or server logs, storing information about your use of our Service or websites, inter alia, your IP address, browser information (including HTTP user agent strings), HTTP client request information and the time and location of your activities, domain, device and application settings, errors and hardware activity.
c) Information about your hardware’s physical location, geo-location service or application.
d) Interests and preferences that you specify when setting up your browser, account, or other internet enabled product or services.
e) Information about your physical location and other information which our support personnel require to maintain, secure and/or operate the Service or websites.
4.6. Future collection of Personal Data. We continuously develop and enhance the Service’s features, which occasionally may entail collection and processing of new personal data. Notwithstanding, prior to activating such new features, we will provide you information about the feature and where required update this Policy and related procedures and instructions.
4.7. Children. We are aware that the Service is used by professionals within the educational systems, which requires and entails collection, storage and/or otherwise person data processing of children under the age of 16. If you have reason to suspect that a child under the age of 16 has directly provided personal data to Haldor by setting up a user account or utilise our Service, please contact us and we will endeavour to either delete that information from our Service, and/or make all reasonable efforts to ensure that consent is given or is authorised by the holder of parental responsibility over the child.
For our customers and users’ processing of personal data of children under the age of 16 within or through our Service and websites, the customer and/or user is under statuary obligation ensure conformity with Article 8 of the GDPR, including explicit consent from the respective child’s’ parents or legal guardians. For further information about processing of children’s personal data, please refer to the concerned educational business using our Service in its daily operations.
NOTICE TO CHILDREN UNDER THE AGE OF 13 AND THEIR PARENTS OR LEGAL GUARDIANS: IF YOU ARE UNDER THE AGE OF 13 AND WOULD LIKE TO CONTACT US PLEASE DO SO THROUGH YOUR PARENTS OR LEGAL GUARDIANS. HALDOR’S SERVICE AND WEBSITE IS ONLY INTENDED FOR ADULTS. HALDOR DOES NOT KNOWINGLY OR DIRECTLY COLLECT PERSONALLY IDENTIFIABLE INFORMATION (“PERSONAL INFORMATION”) FROM CHILDREN UNDER THE AGE OF 13. IF YOU ARE UNDER THE AGE OF 13, DO NOT SEND US ANY PERSONAL INFORMATION INCLUDING WITHOUT LIMITATION YOUR EMAIL ADDRESS, NAME AND/OR CONTACT INFORMATION.
5. HOW WE USE YOUR COLLECTED PERSONAL DATA?
5.1. General. Our processing and use of your personal data are necessary to provide, maintain, develop, and secure the Service, as well as to enable the users and visitors to take full advantage of the functions offered in the Service or the website.
a) To provide the Service to our users. We use account-related information provided by you to us in connection with sign-up, use or support of user accounts (such as usernames and email address) to provide you with access to the Service and/or the site, contact you about your use of the Service (including information on technical service issues, security announcement, changes to our terms, conditions, and policies) and/or the website or to notify you of important changes to the Services and/or the website.
This use is necessary for us; (i) to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, or (ii) to respond to customers legitimate interests prior to signing-up an account pursuant to Article 6(1)(f) of the GDPR. For certain Service and website functions for which Haldor acts as a Data Controller, we seek the individual user’s explicit consent pursuant to Article 6(1)(a) or where relevant Article 8 of the GDPR.
b) To provide support services to our users. When you ask for information about the Service (for example, when you request for assistance for sign-up, technical assistance or troubleshooting services concerned the Service or information processed in the Service, or other support and information requests prior, during and after your use of our Service or website visit), we will use your contact information to respond to your requests or to verify your identity.
This use is necessary for us either (i) to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, or (ii) to respond to your legitimate interests prior to signing-up an account pursuant to Article 6(1)(f) of the GDPR.
c) To store, process or uploaded digital material and customer content. We use account-related information and digital contents that users upload in order to store, process, share and to maintain in the Service.
This use is necessary for us either (i) to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, or (ii) to respond to your legitimate interests prior to signing-up an account pursuant to Article 6(1)(f) of the GDPR.
d) To share your information with other users and third-party service providers. To the extent permitted by law, the specific Service functions, and user’s privacy settings, Haldor only shares and transfers your personal data to consented and customer approved users and/or third-party service providers. Haldor will at all time ensure and respect users chosen privacy account settings, which is given at the time you uploaded your personal data, and customers prior approval of transfer or disclosure of personal information to third-party service providers. If you choose a privacy setting that prevents us to share your personal data, we will respect that choice. In respect of transfer of personal data to third-party service providers, we ensure conformity with the terms of data processor agreement between Haldor and concerned customer.
The legal basis for this use is either users’ explicit consent pursuant to Article 6(1)(a) or where relevant Article 8 of the GDPR, or instructions provided to us when choosing your account’s privacy level settings pursuant to Article 28(3)(a) of the GDPR.
This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, and to ensure compliance with a statuary obligation to which we are subject to pursuant to Article 6(1)(c) of the GDPR.
f) To generate Service-related statistics and system data. Occasionally, the Service and ancillary support services (including websites) process personal data to generate aggregated data sets, which give statistical insights into how the users interact with the Service. We use those insights to improve and to enhance the performance of the Service and review the need for improvements or additional features, as well as achieve the overall purposes of the Service and websites.
This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, and also necessary for the purposes of our legitimate interests to improve, upgrade and enhance the security of the Service or websites according to Article 6(1)(f) of the GDPR.
5.2. Specific. We may process personal data for the following specific purposes:
a) to communicate and to send important product and service-related notices, such as information about subscriptions, participations in events, surveys, purchases, information on technical service issues, support, security announcements and changes to our terms, policies, guidelines or standards;
b) to engage in transactions with customers, suppliers, users and business partners and to process purchases of our products, service, tools, and other contents, including confirming payments or receipt of the procured items;
c) to administer, promote and facilitate our surveys, research activities, competitions, prize draws, awards, gifts, vouchers, testimonials or events organised by us or jointly by our business partners;
d) to operate, analyse, develop, improve, optimise the use, function and performance of our services, websites, surveys, competitions, webinars, newsletters and their contents, as well as to manage and monitor the security of our sites, networks and systems;
e) to provide user-care, warranty, returns and other after-sales services;
f) to enhance, update or upgrade our product and service quality and to improve Haldor’s overall level of quality, compliance and social responsibility;
g) to seek your input and opinion about our products and services, and to conduct surveys and to collect user-input about our products and services;
h) to communicate new products, services, tools, digital applications, software updates, upcoming events, surveys and competitions, as well as to provide other sales and marketing communications;
i) to monitor and enforce our terms and conditions, policies, guidelines or standards related to our products, services, tools or contents, as well as to prevent and to mitigate the risk of fraudulent use of such material;
j) to create anonymous, aggregated statistics about the use of our website, products, services, tools and other programmes (including surveys, competitions, awards etc.), which we may share with third parties and/or make available in pseudonymised/anonymised format;
k) to link, publish or publicise materials and contents that you have commented on, reviewed, shared or uploaded in social networks or forums with our websites or use in marketing materials or advertisements (including pictures, audio/video material or other testimonials); and
l) to comply with laws and regulations and to operate our business.
5.3. For more specific information on performed interest balance assessments and risk and consequence analyses concerning our processing of your personal data, please contact us at the address indicated in section “Contact Information” below.
6. WHO HAS ACCESS TO YOUR PERSONAL DATA?
6.1. Employees and consultants. Haldor’s employees and consultants are authorised to access your personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.
6.2. Sharing your information. In general, we do not sell, rent, share or otherwise disclose your personal information with other users or the public, unless you have consented and/or instructed us to share your information by choosing a privacy setting that allows for such disclosure, or otherwise agreed to share your information with third parties on a case-by-case basis. Nevertheless, you should always exercise caution or discretion when using the Service and/or websites, in particular when using social network applications that are integrated into our Service and/or websites.
Notwithstanding, in our endeavour to provide you with quality services, we may need to make certain exemptions to this general non-disclosure principle (for example, when information about you cannot be transferred in anonymous and/or in pseudonymised form). If so, we may:
a) use third-party service providers to process information on our behalf for the purposes outlined above, for example, to provide technical and support assistance, to providing IT and cyber security services, to providing fraud checking services and other user services etc.
b) to share personal data when required under applicable statutory laws, court proceedings or other legal proceedings or if we reasonably conclude that it is necessary to disclose the information in order to; (i) investigate, prevent or take measures upon suspicion or actual detection of illegal activities or in order to aid public authorities; (ii) fulfil our agreements with users; (iii) protect the security and/or the integrity of the Service and websites. Prior to any disclosure, we endeavour to notify such disclosure with the concerned user(s), to the extent that we are not legally or technically prohibited from doing so.
6.3. Research and statics. For research and statistical purposes, to the extent possible, we prepare anonymous, aggregate, or generic data (including “generic” statistics) for a number of purposes outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with any third party (such as our partners). However, also in this we apply a restrictive approach in order to ensure a high level of security, safety and integrity.
6.5. Transfer of personal data outside the EU/EES. Haldor may engage external partners and suppliers to perform services on behalf of Haldor and customers, such as to provide system services, hosting services, software or applications solutions or other services aimed to enhance the Service performance or user experience. The performance of these services may entail service providers’, both within and outside of the EU/EEA, obtaining access to customer contents and personal data. We use a variety of legal and technical mechanisms, including contracts, to help ensure your rights and protections travel with your data. Service providers processing personal data on behalf of Haldor and/or its customers (as sub-processors) are contractually obliged to enter into agreement with Haldor in order to ensure a high level of protection for your personal data.
For service providers located outside the EU/EEA, additional protective measures and legal mechanisms are undertaken, including entering into an agreement which includes the European Commission’s latest adopted model clauses for data transfers, which can be found on the European Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
When you, as a user, choose a privacy setting that allows third parties to access your personal data, you consent explicitly that your information may be transferred to third parties outside of the EU/EES pursuant to Article 49(1)(a) of the GDPR. For further information about the possible risks of data transfer for data subjects and appropriate safeguards adopted by our service providers, please refer for example to section 6.6.
6.6. Service providers
Haldor Education Suite
Support och service
Contract management and marketing (OPTIONAL)
YOU SHOULD ALWAYS EXERCISE CAUTION OR DISCRETION WHEN CHOOSING A PRIVACY LEVEL THAT ALLOWS FOR THIRD PARTY DISCLOSURE OF YOUR INFORMATION DUE TO THE POSSIBLE RISKS ASSOCIATED WITH THE SAFEGUARDING OF YOUR PERSONAL DATA THAT IS TRANSFERRED TO COUNTRIES WITHOUT ADEQUATE LEVEL OF PROTECTION AFFORDED TO THE PROTECTION OF PERSONAL DATA.
7. FOR HOW LONG AND WHERE DO WE RETAIN YOUR PERSONAL DATA?
7.1. We generally retain your personal data as long as you keep your account open or as needed to provide you the Services. This includes data you or others provided to us and data generated or inferred from your use of our Services or visiting our website. However, we will not retain your personal data for a longer period than is necessary, taken into account the purpose for which they were initially retained and our legal obligations. In some cases, we choose to retain certain information (for example, visits to our website or other automated logs) in a depersonalised or aggregated form.
7.2. If you choose to close your account, your personal data will generally stop being visible to others on our Services within 48 hours. We generally delete closed account information within 30 days of account closure, except as noted below.
We may retain certain personal data about you for an extended time after you have chosen to close your user account, if it is necessary for us to fulfil our legal obligations (including requests from authorities), comply with laws and regulations, establish, invoke, or defend legal claims, maintain security, prevent fraud and abuse, fulfil our legal, regulatory or social responsibilities.
For more specific information on Haldor’s specific retention policies and principles of your personal data, please contact us at the address indicated in section “Contact Information” below.
7.3. We take reasonable steps to ensure that the data we collect or retain under this Policy is processed according to the provisions of this Policy and the requirements of applicable law wherever the data is located.
7.4. Information you have shared with others (for example, through the Service) will remain visible after you close your account or delete the information from your own account, and we do not control data that other users have copied out of our Services.
8. YOUR RIGHTS
8.1. With respect to personal data for which we, Haldor, is Data Controller, the users are hereby advised of the following rights:
a) Right of Access. If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details such as purpose of the processing etc.).
b) Right of Data Portability. In certain cases, you have the right to obtain your personal data from us in a structured, commonly used, and machine-readable format. You may reuse it elsewhere.
c) Right to Rectification. If your personal data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your personal data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.
d) Right to Erasure. You may ask us to delete or remove your personal data and we will do so in some circumstances, such as where we no longer need it. Notwithstanding, we retain the right not to delete personal data pursuant to this Policy. If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
e) Right to Restrict Processing. We provide your choices about the collection, use and sharing of your personal data and updated digital contents, from deleting or correcting data you include in your profile and controlling the visibility of your account information. We offer you settings to control and manage the personal data we have about you. Notwithstanding, you may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that personal data or object to us processing it. If we have shared your personal data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
f) Right to object. You may ask us at any time to stop processing your personal data, and we will do so: (i) if we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing; or (ii) if we are processing your personal data for direct marketing.
g) Rights in relation to automated decision-making and profiling. You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless such profiling is necessary for entering into, or the performance of, an agreement between you.
h) Right to Withdraw Consent. We provide your choices about the collection, use and sharing of your personal data and updated digital contents, from deleting or correcting data you include in your profile and controlling the visibility of your account information. We offer you settings to control and manage the personal data we have about you. Notwithstanding, you have always the right to inform us that you wish to withdraw that consent. This will not affect the lawfulness of processing based on your prior consent.
i) Right to lodge a complaint with the data protection authority. If you have a concern about this Policy, including the way we have handled your personal data, you may report it to the competent data protection authority that is authorised to address those concerns. The Swedish Data Protection Authority (Sw.: Integritetsskyddsmyndigheten, IMY) is the competent data protection authority in Sweden charged to protect the individuals’ privacy in the information society.
8.2. You may exercise your rights by contacting us as indicated under the section “Contact Information” below.
9. SECURITY INFORMATION
9.1. We maintain reasonable and appropriate technical and administrative security measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction in light of the risks inherent in processing this information, including where appropriate the following:
a) Using Secure Socket Layer (SSL) encryption in transit (transferring data) and state-of-the-art encryption when data is at-rest;
b) Limiting access rights to the information we collect about you according to your chosen privacy setting (for example, only those of our personnel who need your information to carry out our business activities are allowed access to process your information);
c) Implementing physical, digital, and procedural safeguards in line with relevant business standards and guidelines.
For more information regarding our security, please contact us at the address indicated under section “Contact Information” below.
9.2. We regularly monitor our systems to identify possible vulnerability and potential attacks. However, we cannot guarantee the security for information which users make available to other users within the Service. Please consider that there is no guarantee for the protection from unauthorised access or disclosure, change or destruction of personal data despite our physical, technical and administrative security measures. The same applies to all information that has been made publicly available on the internet.
10. MARKETING AND ADVERTISEMENT
10.1. Advertising allows us to provide, support, and improve some of our products and services. Haldor does not use customer contents in the Service to target ads to you. We use other data and sources for marketing and advertising our products and services. For example;
a) Each time you create or reply to a survey, post, or thread on a Haldor blog or website forum, blog, RSS, or other information sharing sources (including specific forms on our websites for signing up for marketing materials, advertisements, event invitations or any other information about our services and products etc.), we may record the forum, blog, RSS or information sharing source name and the time and date of your post or thread with your (account) details. We do this to better understand our users, to provide user tools and guidance and to select or tailor our products, services, marketing communications to reflect your use activity. We do not use the content of such posts or threads for any other additional purposes.
b) We may link or combine the information that we collect from the different sources outlined above (including information received from our business partners and third-party developers). Information may be linked via a unique identifier, such as a cookie, plugin, or other account identifiers. Alternatively, we may decide to combine two or more databases into a single database of user information. We may do this for your and/or our convenience (for example, to allow you to register for a new product or service more easily), to allow us to provide a more seamless user support whenever you contact us and to provide you with qualitative, personalised services, content, marketing, and adverts.
10.2. Haldor also adheres to the self-regulatory advertising/marketing program European Interactive Digital Advertising Alliance (EDAA).
11. DISPUTES AND COMPLAINTS
If you have any complaints concerning Haldor’s compliance with this Policy or related policies and statements, please contact us first. We will investigate and attempt to resolve complaints and disputes on use and disclosure of personal information in accordance with this Policy and in accordance with applicable laws.
12. CONTACT INFORMATION – HALDOR
Telephone: +46 60 615 555
Data protection officer: Daniel Wahlgren, firstname.lastname@example.org