Privacy policy

Data protection

The protection of your personal data is very important to us. We process your data exclusively in accordance with the legal regulations, in particular the EU General Data Protection Regulation (GDPR). With the following information in accordance with Art 13 GDPR, we give you an overview of the processing of your personal data by us and your rights.

 
 

Index

1. Background
2. Data Controllers
3. Description of Processing
4. Social Media Platforms
5. Data Analytic Tools
6. Transfer of Personal Data
7. Your Rights
8. Supervision and Compliance
9. How Do You Contact Us?
10. Changes to the Privacy Policy

 


1. Background

1.1 The purpose of the Privacy Policy is to inform you how the IST Group (“IST”, “we”, “us”) process your personal data. With this policy, we wish to make you aware of the information we collect and process about you, for how long we store it, who we share it with and what your rights are in this connection.

1.2 The Privacy Policy regulates the processing of personal data by IST when you purchase or use any of our services, visit our websites or otherwise come into contact with us.

1.3 The Privacy Policy applies to all companies in the IST Group listed below (collectively referred to as “IST”, “we”, “us”):

  • IST Group AB, reg. no. 556254-0806, Ingelstadsvägen 9, SE-352 34 Växjö, Sweden
  • IST Sverige AB, reg. no. 556265-4755, Ingelstadsvägen 9, SE-352 34 Växjö, Sweden
  • IST ApS, reg. no. 25545079, Gammel Marbjergvej 9, DK-4000 Roskilde, Denmark
  • IST International Software Technology AS, reg. no 970 944 443, Elveveien 81, 1366 Lysaker, Norway
  • IST Deutschland GmbH, reg. no. HRB 1408, Bergstraße 23, DE-23843 Neritz, Germany
  • IST GmbH, reg. no. HRB 197284, Bergstraße 23, DE-23843 Neritz, Germany
  • IST Schmalkalden GmbH, reg. no HRB 300185, An der Asbacher Straße 5, DE-98574 Schmalkalden, German

1.4 IST Group has appointed a Data Protection Officer (DPO) for the companies listed in section 1.3.  If you have questions pertaining to this Privacy Policy or our processing of your personal data, if you wish to file a request in accordance with the Privacy Policy or if you wish to report a violation of this Privacy Policy, you are welcome to contact us or our DPO at privacy@ist.com

Back to top


2. Data Controllers

2.1 The companies within IST included in this Privacy Policy work towards the same goal; to create the best administrative tools for day cares and schools and to improve the overall welfare of the surrounding communities. The companies within IST may, however, target different markets depending on their services and functions. In this regard, the companies sometimes act collectively as joint data controllers but can also individually act as data controllers for the processing of personal data in accordance with the terms for the service or function in question, or in connection with certain marketing activities. In case we are jointly processing your personal data with multiple companies within IST, we will provide an overview of the contractual agreements and how we process your data in this regard.

Back to top


3. Description of Processing

3.1 We process your personal data for one or more specific purpose and in accordance with the data protection regulations. We process your information if you are a customer with us, if you participate at our courses and seminars or if you sign up for our newsletter, among other things. The information will generally come directly from you, and we will only process your information for as long as it is necessary for the purpose for which it was collected.

3.2 In addition to the personal data you provide us, or which we collect when providing our services, we may also collect personal data from third parties. These third parties can differ but include inter alia suppliers of address information from public records in order to ensure we have the correct address information and credit rating agencies (CRA’s) or banks from where we obtain information regarding creditworthiness or information in order to conduct anti-money laundering controls.

3.3 Below you can read more about the types of processing we do.

3.3.1 Website Activity

In connection with the regular operation of our website, we collect personal data about you via cookies to improve the website’s appearance and user experience, as well as to compile statistics. We only collect your personal data if you have given your consent hereto. You can withdraw your consent at any time via the cookie banner on the website. You can read more about our processing via cookies in our Cookie Policy.

Our website also includes integrated plugins from social media platforms that may also collect data from you if you have given your consent hereto. In this connection, we have a joint data responsibility with every media platform. Read more about their processing of your personal data here:

3.3.2 App Activity

When you use one of our apps, we will process personal data about you. We do this to be able to deliver the service the app provides, and we base this processing on us fulfilling an agreement with you (GDPR Article 6(1)(b)). The personal data includes name, e-mail address, postal address, phone number, photographs, device and user behaviour and user-generated content.

We process your personal data for as long as you use the application actively. You can, at any time, delete your account and delete its content. If your account has been inactive for a year, we will contact you via e-mail with a request to delete the account. In the cases where the request is not answered the account will be automatically deleted after two years of inactivity.

NB! Any personal data that is processed through an application that your municipality or school is data controller of, is not regulated through this privacy policy.

3.4 Customer Relationship Management

In connection with the sale and delivery of services, we process personal data about you in order to enter into and fulfil an agreement with you (GDPR Article 6(1)(b)). The personal data includes name, email, telephone number, position, payment information, username and password upon registering, customer reference, photos of you and correspondence with you.

When you act as a representative or contact person for a company, municipality or organisation which is a costumer of IST, we process your personal data regarding name, email, telephone number, position, payment information, username and password upon registering, customer reference, photos of you and correspondence with you. The data is processed either to enter into an agreement with the company, municipality or organisation (GDPR Article 6(1)(b)) or if we as a part of the agreement have a legitimate interest in processing the specific contact person’s data (GDPR Article 6(1)(f)).

We store relevant contact information as part of our customer relationship and collaboration and delete the information on an ongoing basis. Written correspondence is deleted continuously and at latest 5 years after the end of the customer relationship. Information required to comply with the bookkeeping legislation is stored for the current accounting year plus 5 years.

3.4.1 IST Customer Centre

When you sign up at our IST Customer centre, we process personal data about you to enter into and fulfil an agreement with you (GDPR Article 6(1)(b)). This data includes contact information such as name, email, telephone number and information about your municipality, school, and position as well as your username and password for the login.

We delete the information on an ongoing basis however at the latest 5 years after the end of the customer relationship.

3.4.2 Customer Service and Contact

When you contact us via email, telephone, or our contact form on our website, we process information about name, email address, place of work, job title and the information your inquiry also contains. We use the information to answer your inquiry, to provide good customer service and to investigate any complaints.

We process your information based on our legitimate interest in processing the specific information for handling customer service matters in an efficient and customer friendly manner (GDPR Article 6(1)(f)).

We keep your personal data regarding your inquiry for the duration of the customer case. Personal data relating to the case will be deleted automatically 90 days after having concluded your inquiry. Some data may be anonymized to retain statistical data to improve our services.

3.4.3 Newsletters and Status Notifications

If you have signed up for our newsletter, we need to process your personal data when we send you newsletters and other marketing initiatives. We only process information about your name, telephone number, email, job title and, if necessary, your place of work. If you have signed up for our status notifications, we process information about telephone number and/or email, when sending you notifications related to planned service maintenance and unplanned service outages.

We process your information based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw your consent by writing to our DPO via mail privacy@ist.com or by unsubscribing via the link that appears in each newsletter.

We keep documentation of your consent for up to 2 years after you have unsubscribed from our newsletter, as any criminal liability expires after this period.

3.4.4 Courses, Workshops, Seminars, and Events

When you sign up for one of our online or physical courses, workshops, seminars, or events, we process personal data about your name, telephone number, email address, billing address, profession, place of work, and payment information. We process your information to fulfil an agreement with you on your participation in the event in question (GDPR Article 6(1)(b)).

We store the information collected for the purpose of your participation in said event for the current accounting year plus 5 years in order to comply with the bookkeeping legislation.

3.4.5 Publishing of Photos and Customers’ References

When we publish photos of you or references that you have made about us as our customer on our websites, we process your personal data. This can include information regarding name, position, place of work and your photo.

We process your information based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw you consent by writing to our DPO via email privacy@ist.com.

We keep documentation of your consent for 2 years after you have withdrawn your consent, as any criminal liability expires after this period.

3.4.6 In Case of Emergency Contacts

IST collects In Case of Emergency (ICE) information from all employees. We do this to be able to upkeep communication if an emergency should arise with one of our employees.

We process your personal data based on our legitimate interest (GDPR Article 6(1)(f)).

We store the ICE information for the duration of the employment. The information is deleted when the employment ends. You can always contact IST for deletion of your data through hr@ist.com   

3.4.7 Job Applicants

If you apply for a job at IST, we process your personal data to assess if you are qualified for an existing or future position with us. We process the information that you provide, including name, contact information, birthdate, work related and educational background information and references, and, possibly, personality or proficiency tests.

We process your personal data based on our legitimate interest in finding a suitable candidate for our job positions (GDPR Article 6(1)(f)). We process your data if we assess that our interests in processing your personal data outweigh your interests in them not being processed, e.g. information collected from social media platforms published by you or information acquired from concluding a personality or proficiency test.

We will generally store your application and related personal data for up to 3 years in case we are met with any objections or accusations regarding the requirement process, following applicable legislation. If we wish to store your information beyond the recruitment process for any future job openings, we will collect your consent hereto (GDPR Article 6(1)(a)).

Back to top


4. Social Media Platforms

4.1 We use Facebook, LinkedIn, Instagram and YouTube as channels in order to come into contact with our customers and other business partners, as well as to market and inform about our business and services.

4.2 In connection with this, IST is joint data controllers with Facebook (Facebook and Instagram), Google (YouTube) and LinkedIn respectively for publications and information on the social media platforms that contain personal data and are provided by you as a user in the form of e.g. comments, photos and video. You can read more about their processing of data under section 3.3.

Back to top


5. Data Analytic Tools

5.1 IST utilises various tools in the category of diagnostic and usage analytics for collecting statistical data. The purpose for collecting analytics data is to monitor how the services are performing and learn how users interact with the services in order for IST to meet service level agreements and improve our services.

5.2 The information we collect is anonymised so that an individual person cannot be identified via the data sets. We make sure that it is not possible to reverse the anonymisation. The categories of data we collect is technical data related to the users device (hardware type, OS and browser type), usage of the service (session information and how users interact with the service), and monitoring (page load times, query’s timeouts and bugs).

5.3 Since the information is anonymised, the collected data sets do not involve personal data. As such, we do not process any personal data in relation with these analytic tools. 

Back to top


6. Transfer of Personal Data

6.1 We process your personal data with confidentiality and we generally do not disclose your information with third parties. However, we may disclose your personal data if you have given your consent hereto, if we have to fulfil an agreement with you, if we have a legitimate interest in the disclosure or when we are required to do so by law.

6.2 We disclose your personal data to IST Group’s companies and other business partners, including our data processors, which provide services for IST. In connection with such transfer of your personal data, IST takes organisational and technical measures in order to ensure that your personal data is handled in as safe and secure a manner as possible. These select third parties will only process your personal data in manners which follow from this Privacy Policy. IST is responsible towards you for ensuring that the processing of your personal data carried out by these third parties is done correctly and in a legal manner.

6.3 We will disclose your personal data if it is required by law or if we, as a company, reasonably deem it to be necessary in order to protect our company’s rights and/or in order to comply with a court ruling or abide by the verdict of a legal negotiation or legal process. We will, however, do everything we can to ensure that your personal data will remain protected in the future.

6.4 Some of our data processors and the social media platforms that we have a joint data responsibility with may be located outside the EU/EEA in which a transfer to a third country occurs. In this case, we have made sure that a legal transfer basis has been prepared, including by using EU Commission Standard Contractual Clauses (SCC). If you wish to know more about this or get a copy of the legal transfer basis we use, please contact us at privacy@ist.com.

Back to top


7. Your Rights

7.1 When we collect information about you, you have a number of fundamental rights in the personal data regulations that you can use. Your rights include the right to request access to and rectification or erasure of your personal data, restriction and objection to our processing, and the right to receive your data in a structured, commonly used and machine-readable format (data portability).

7.2 If you have consented to our processing of your data, you have the right to revoke this consent at any time.

7.3 Please note that the above-mentioned rights may be associated with conditions and restrictions. Whether you as a data subject can request, for example, getting your personal data deleted will in any case depend on a specific assessment.

7.4 You also have the right to file a complaint with the relevant supervisory authority if you are unsatisfied with our processing of your personal data. Please find the contact information for your relevant supervisory authority below in section 8.2.

Back to top


8. Supervision and Compliance

8.1 If you are dissatisfied with how your personal data has been processed or believe that your personal data has been processed contrary to the data protection legislation, you are welcome to contact our DPO via the contact information at the bottom of the page. You also have the right to contact the supervisory authority in the EU/EEA Member State where you have your place of residence or where a possible data breach has occurred.

8.2 The supervisory authorities where IST is located may be contacted at the following web addresses:

· Sweden: Integritetsskyddsmyndigheten (IMY), www.imy.se
· Norway: Datatilsynet, www.datatilsynet.no
· Denmark: Datatilsynet, www.datatilsynet.dk
· Germany: The German federal states each have a supervisory authority which is responsible for the execution of the data protection legislation and which functions as the competent authority for data controllers established in the federal state in question. You may find your local German supervisory authority via the following link: www.datenschutzkonferenz-online.de.

Back to top


9. How Do You Contact Us?

9.1 If you have questions pertaining to this Privacy Policy or our processing of your personal data, if you wish to file a request in accordance with the Privacy Policy or if you wish to report a violation of this Privacy Policy, you are welcome to contact us or our DPO via the contact information at the bottom of the page.

Back to top


10. Changes to the Privacy Policy

10.1 We reserve the right to revise and modify this Privacy Policy on the processing of personal data whenever we find it necessary. In case of significant changes, we will contact you prior to the changes via email or via a visible notification on our website.

10.2 This Privacy Policy was last revised on October 6th, 2022.


jesper-loeffler-nielsen-focus-advokater-1
Jesper Løffler Nielsen
Data Protection Officer
+45 6314 4511
privacy@ist.com