Privacy Notice

Privacy Notice

Denna bild har ett alt-attribut som är tomt. Dess filnamn är iso_cert_cinode_1.png
Cinode is certified according to ISO/IEC 27001:2013

Last revised: 1 April, 2023

Introduction and summary

To whom does this privacy notice apply?

This privacy notice explains how Cinode processes personal data regarding customers and previous customers, company representatives, sales prospects, participants at events and educational events, job applicants seeking employment at Cinode, and end users of our websites and apps that contact us via email, chat or by phone.

Data Controller and contact

Cinode AB (“Cinode”, “us”, “we”) is a Nordic SaaS supplier of a powerful platform that helps companies identify, visualize and match skills, further enabling them to optimize the use of their resources. You can find our contact information under “Contact us” in this Privacy Notice.

Summary of our purposes

We use personal data for the following main purposes:

  • Providing services and products that you have ordered, trial service, arranging events, networks and courses that you have signed up for and to send you newsletters that you subscribe to. This also includes processing your payments, send invoices, verify your identify as needed, and to communicate with you about our terms, updates and providing user accounts. 
  • Customer service
  • Customer and market surveys
  • Analytics and product improvement/development
  • Direct marketing, including profiling.
  • Security, dispute settlements and enforcement of our agreements and terms.

Please read more about our purposes under section “How we use personal data”. 

Our website can be accessed without creating a Company or User account. We do, however, generate cookies which can later come to be used for marketing purposes. You can read more about our cookies in our Cookie Policy.

To ensure that that privacy policy correctly reflects what is stated in national and international data policy regulations, this privacy notice can come under examination and be subject to change. Furthermore, we highly regard input and feedback from our customers with regards to this privacy notice. Any feedback received from our customers can come to affect the down below stated points. If you have any questions or concerns, please contact us at privacy@cinode.com

1. Data Controller

1.1. This privacy notice regards the privacy practices of Cinode AB, reg. no 556825-8668. If you have any questions regarding our processing of your personal data, you can contact us at:

Cinode AB, reg. no 556825-8668
Address: Torsgatan 21, 11327, Stockholm, Sweden
https://cinode.com

 

2. The personal data we compile

2.1. The data we collect about you will vary depending on which services you use, whether you visit our social media or our website. The data we compile may include the following: Name and contact details such as company email and mobile number

  • Authentication details such as username and password
  • Settings, any information added to your account
  • Work related information such as title, role, company, organization
  • Payment information may include means of payment
  • Purchase history many include your previous subscriptions to our services, amounts, time of purchase, any offer that you have accepted.
  • Unit data, such as information about your device if it is a laptop, phone or other device, browser type, language settings, IP-number and software configurations.
  • User data on how you use our digital services, trial offers and webpage, such as data indicating your level of activity in your account and the features you use, time and date of log in, and how you interact with us through social media such as our company page on LinkedIn, Facebook and company channel on Youtube.
  • Public professional information such as your professional profile on your company homepage, LinkedIn profile from LinkedIn/Microsoft, Vainu
  • Public professional information from other professional network relevant for your position
  • Communication with us, whether it is our customer success team, HR department or a general enquiry including content in your messages in chat, by email or via phone, feedback, questions you submit for review etc.
  • Food preferences or allergies in case we arrange for an in person event.
  • Log data such as information about the product you logged in to, date, time, IP-address and any error messages.
  • Recruitment information such as qualifications, education, references from former employers, etc. if you apply for a position with us.

2.2. You can always contact us and request information about how we process your personal data and request erasure of your personal data.  If you ask us not to contact you through email, we will keep your email on a “do-not-send” list, to be able to fulfill your request.

3. How we process your personal information

3.1. The data we collect about you will vary depending on which services you use, the settings on your device and which functions you use.

3.2. Here we will describe the purposes for which we use personal data and which legal basis we use. Primarily we will process your data on the legal basis that our processing of the data is necessary for the performance of a contract with you, or taking steps to enter into a contract with you (“Contract”), or necessary for the purpose of our legitimate interest (“Legitimate Interest”). In some cases we will base our processing on your consent (“Consent”) or on a legal obligation that we are subject to (“Legal Obligation”).

3.3. We process your data for the following purposes:

Providing services and products to you and administer our customer relation to you or the company that you represent

  • When you sign up for our service and a trial of our service, we will store your personal data to provide our services to you or to the company you represent.
  • Create and manage user accounts in our services
  • Customize content and give a more personalized experience of our services and customer success chat
  • We may contact you by email, telephone, chat, push-function in our services or otherwise to provide you with information relevant to the use of our services, such as renewals, offers, or abandoned sign-up process.
  • Participation in company events
  • If you are a customer, displaying your Company profile and users  to other customers as relevant to your preferences and use of our Network and Partner module

Legal basis: our processing of your personal data for this purpose is based on performance of our Contract with you. Any food allergies or preferences are processed with your Consent. Any photographs or videos of events will be processed based on our Legitimate Interest.

Customer service

We may process your personal data when you communicate with us, so we can respond to your requests, queries, feedback and complaints.

Legal basis: we process your personal data to be able to fulfill the Contract with you if you are a customer. For non-customers, we have a Legitimate Interest to process your personal data to respond to your question and handle complaints and requests.

To better understand our business (Business analytics)

We use personal data to analyze and improve our existing services and products, by e.g. updating features and improving user experience. Error reports are used to improve security, search questions etc. We use a number of tools to better understand how our websites are used such as Google Analytics in order to develop analyses based on that data. We use customer attribute data, website page view data, click data and social media information to understand how users of our services are using the different functionalities. Such analyses will show most popular pages and functions, way of navigation of users,  most popular content on webpage.

Legal basis: we motivate our processing of your personal data with our legitimate interest to improve and develop our services and website. We also ask for your consent for analytics cookies, for more information see our cookie policy.

Marketing 

We use various channels for marketing, email, our website and other digital channels. The personal data we have compiled about you, your company, name, title, e-mail, telephone number, title, collected from website visitors and signups for our service or service trial can come to be used to send direct advertising regarding our services and offers.

You always have the right to object to our direct marketing, by contacting customer service. If you object to marketing, we will keep your information on a “do not send list” to ensure compliance with your request.

Legal basis: when applicable, we use the personal data as necessary for our legitimate interest to give you personalized and relevant content and to advertise our services to our existing customers. We also ask for your Consent for cookies, for more information see our cookie policy.

Custom audience advertising on other platforms

We may use targeted marketing, so called custom audience advertising, on platforms including LinkedIn, Facebook, Google and Twitter. If you are or have been a customer to us we may use your email address in order to be able to show you ads of our services on the other platform, or if you have objected, to exclude you from such ads.

We use the Facebook pixel if you have consented to this in your cookie settings. The pixel is used to show you more relevant ads on the Facebook platform, including Instagram, and means that some data is shared with Meta. Facebook acts as a joint controller in this regard. You can read more about this under section “How we share your data”. You can read Meta’s data policy for users here.

You always have the right to object to our direct marketing, by contacting customer service. If you object to marketing, we will keep your information on a “do not send list” to ensure compliance with your request.

Legal basis: when applicable, we use the personal data as necessary for our legitimate interest to give you personalized and relevant content and to advertise our services to our existing customers. We also ask for your Consent for cookies and the Facebook pixel to serve ads, for more information see our cookie policy.

Recruitment and Career opportunities

If you apply for a job position, we will process your data including name, e-mail, phone number, LinkedIn username, CV, academic records, work history, employment history and references for our recruitment process. We may collect further information from additional sources, such as Recruitment agencies, Publicly available sources or from referenced. Your personal data is used to match your skills with open job positions. If you are invited to an interview, we will collect more personal data from you. We may share your personal data with HR partners involved in the recruitment process.

Legal basis: our processing of your personal data for recruitment purposes is motivated by our legitimate interest, legal obligations and your consent to process personal data necessary for the recruitment process.

Newsletters 

If you sign up to receive our newsletter to receive news about our services and other offers through email.

Legal basis: we will process your email to send you our newsletter based on the legal basis consent. You can, at any time, withdraw your consent to stop receiving the newsletter.

Security and enforcement of our agreements

We use information about our web visitors to protect our services from fraudulent behavior,  to protect our customers and for legal purposes such as dispute resolution and to maintain our agreements.

Legal basis: the processing is necessary for our legitimate interest to protect our systems and services.

Compliance

We use information in order to comply with applicable legislation such as Swedish Accounting Act, Cookie law and the GDPR, as well a court orders or authority decisions.

Legal basis: Legal Obligation.

New Purpose

We will inform you beforehand we intend to use personal data for any new purpose than those listed in this version of the Privacy Notice. If we are legally required, we will ask for your consent.

4. Recruitment

4.1. We collect personal data when you apply to job positions at Cinode. We may collect personal data such as contact details, CV, identification documents, academic records, work history, employment and references.

4.2. We may also collect personal data from other parties with connection to the recruitment process, e.g. Recruitment agencies, Publicly available sources online or from References or recommendations.

4.3. We use your personal data to match your previous experience and education with our open job opportunities. We share this information with relevant parties involved in the recruitment process.. We will collect additional information from you if you are invited to the interview or subsequent stages of the recruitment process.

4.4. If we have a legal obligation to provide a candidate with suitable working environment and equipment, we may collect personal data regarding health status, which is considered a special category of personal data. For example, we may need to collect information about a candidate’s certain health status to provide a suitable working environment for that candidate if they are successful in their application.

5. Your rights

5.1. Generally, we believe you have the right to have your data processed only in accordance with your expectations. But you also have rights laid down by applicable law, below you can read more about them, first the ones we believe might be most relevant for you.

  • You have the right to be informed about certain details on the processing of your data. You can also contact us if you want information regarding the processing of your own personal data. Further, you are entitled to request full access to this information.
  • Upon request, you have the right to receive a copy of the personal data we process about you. You can receive this data by reaching out to us.
  • You have the right to correct the personal data we process about you if you see that it is inaccurate.
  • You have the right to withdraw your consent that allows us to use cookies and similar technologies by changing your browser settings.
  • You have the right to erase your personal data if:
    • the personal data is no longer necessary for the purposes it was collected for;
    • your particular situation gives you the right to object to processing on grounds of legitimate interest (see more below);
    • processing the personal data has been unlawful; or
    • there is a legal obligation under EU or Swedish law for us to erase the data.
  • You have the right to request us to restrict the processing of your data if:
    • the personal data we have about you is inaccurate;
    • the processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it;
    • we no longer need the personal data for the purposes of the processing, but if we still need it for the establishment, exercise or defense of legal claims; or
    • you have objected to the processing claiming that the legal basis of legitimate interest is invalid and are waiting for the verification of this claim.
  • You have the right to object to the processing of your data at any time. We will no longer process your personal data unless we have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.  You also have the right to object to our processing of your personal data for direct marketing including profiling.
  • You have the right to data portability during certain circumstances. If our processing is based on consent or the fulfillment of an agreement with you, you have the right to have your data transferred to another data controller. This requires that the transfer is technically possible and may be carried out automatically.

5.2. In case your personal data is not being processed in accordance with this Privacy Notice or with the General Data Protection Regulation (EU) 2016/679, you have the right to file a complaint with Integritetsskyddsmyndigheten (former Datainspektionen) in Sweden or any other European Supervisory Authority.

6. Security

6.1. Cinode takes information security seriously and we are committed to the safe processing of your personal data. We take appropriate security measures to handle information in accordance with established security standards and practices to protect it from unauthorized access, modification, spread and destruction.

6.2. The access to personal data is limited to our employees that need to handle the information to offer you our service and contact you for marketing. We continuously train our employees regarding data protection and the importance of personal integrity.

 

7. How we share your information

7.1. We share personal data with other companies and organizations to provide you with our website and services, such as our partners for hosting, support, customer insights, event partners, social media, advertising and marketing services. Whenever we share data we have taken appropriate measures to ensure that our partners comply with our data protection requirements, and that they are not allowed to use personal data they receive for any other purpose than agreed.

7.2. We may also disclose personal information we collect to:

  • Our business partners, as well as our service providers that perform services on our behalf, such as web-hosting service providers, mailing vendors, our blogs, analytics providers, event hosting services and information technology providers;
  • Competent law enforcement, regulator, government authority, court or third parties: (i) as may be permitted or required by applicable law or regulation; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other person;
  • A potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; and
  • A person or an organisation you have provided your consent to disclose to.

7.3. In some cases, personal data will be transferred to companies outside the EU/EEA. Any such data transfer will be kept to a minimum relevant for the purpose. When your data is transferred to a third country, Cinode will take appropriate measures to make sure the security level is the same as in EU/EEA and at an adequate security level. Those safeguards can for example be using the EU Commission’s Standard Contractual Clauses, binding corporate rules or other supplementary measures.

7.4. Cinode strives to follow legal developments in the EU and the US following the ruling of the European Court of Justice in the Schrems II case. We will take appropriate measures to implement the security measures recommended. When personal data is transferred outside of the EU/EEA as mentioned above, we rely on article 46 GDPR and the EU Commission Standard Contractual Clauses, which are available here.Commission Standard Contractual Clauses, which are available here.

7.5. In the sections below you will find information on some of our services we review with extra care. We encourage you to read through the sections below, where you will find details about what information we collect, why and in what way it is used.

7.6. The following services involve processing in a country outside of the EU, which may offer lesser protection for your data. However, we have taken due consideration of how to protect youryou data and we have added supplementary safeguards that makes us confident that the data is protected on an equivalent level than that of the GDPR in the EU.

7.7.

  • We specifically wish to inform you that we use the analytics tool Google Analytics (read more under section “How we use personal data” and in our Cookie Policy). Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the browsing on our website. You can opt-out of having made your activity available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

 

  • Google Analytics processesprocess and storesstore data on our behalf in several countries, including the U.S. You can find information about Google Analytics locations here and information about their sub processorssubprocessors here. Here are the standard terms and contractual clauses applicable on Google’s services here. Google has stated publicly that it has never received access requestsrequest to its Google Analytics data from U.S governments, you can read about that here.

 

  • We also wish to inform you that we use the services of Intercom R&D Unlimited Company (“Intercom”) to provide customer support and a knowledge base and FAQ. Cinode acts as a dataas data controller. Intercom helps us to gauge customer activity, provide a knowledge base and release updates on new features. Personal data that may be shared with Intercom to provide these features are email, name and corporate IP-address. Intercom uses AWS in the US for hosting. We rely on article 46 GDPR and  the European Standard Contractual Clauses in place and have contractual guarantees from Intercom in addition to our data processing agreement. We have in addition, applied data minimization techniques and apply a strict retention period. Hence, we are confident that an essentially equivalent level of protection can be ensured.the services of Intercom R&D Unlimited Company, a tool that is used when you are in contact with support, has some processing and storing of data on our behalf in the USA. We use standard contractual clauses applicable to safeguard the data.

7.8. If you have any questions or concerns, please reach out to your Cinode representative or email our privacy team at privacy@cinode.com

8. Retention period

8.1. We keep your personal data until it is no longer needed to fulfil the purpose it is used for. Your personal data is stored with us as long as we have a need for it based on the purpose. We may need to store some data longer for one purpose than we need to store it for another purpose. If so we will only use it for the purposes where the storage time has not expired.

8.2. In addition to that, we could be required to keep your data for longer to fulfil legal obligations, but in such cases we won’t use the data for anything else.

8.3. Typically we store your contact information for sales purposes for three years.

8.4. We use the following criteria to determine the retention period of the personal data we process:

  • How long is the personal data needed for the purpose they are collected? It includes improving our website, protecting our system, sending marketing and managing the relationship with our customers.
  • Is the data considered to be sensitive? Sensitive personal data is usually stored for a shorter period.
  • If we have your approval to store your personal data for a longer retention period? In that case, we store your data in accordance with your approval.
  • If Cinode is, by agreement or in other ways, obligated to store the data. We will then store your personal data in accordance with regulations, for example if needed by the Swedish Bookkeeping Act, or if personal data is needed for a legal claim.

9. Exclusions

9.1. Aggregated data

We collect and process aggregated data to monitor and evaluate user trends on the website. The information we collect about your actions on our website is anonymized. Anonymization means that personal data is processed in such a way that it cannot be used to identify a person e.g. through generalization or aggregation of the personal data. The anonymization is irrevocable, and data may therefore be stored a longer time than your personal information.

We use this anonymous information about how our users use our website and services for statistics and service improvement.

9.2. Third party links

Our website may include links to websites belonging to third party companies, which do not belong to Cinode. This Privacy not only applies to Cinode’s website and not for personal data you provide third party websites you may access when you follow a link from our website.  This Privacy notice only applies to our website. We encourage you to review the privacy notices of third party websites you may access.

9.3. Children

Our website is not directed to, and our services are not intended for children under the age of thirteen. Cinode never knowingly or intentionally collects information about children under thirteen. Please notify us at privacy@cinode.com and request erasure of personal data if you believe we may process information about a child.

10. Amendments and changes

10.1. Cinode reserves the right to make changes to this Privacy Notice. If changes to the terms of the Privacy Notice are made, the date for the latest update at the end of this Privacy Notice will be changed. If major changes to the terms of the Privacy Notice are made, you will be notified on cinode.com or by email before the changes enter into force and if mandatory by law. When the policy is updated, the date for the latest update will be changed. You will find the date for the latest update at the first page of this Privacy Notice.

11. How can you contact us?

If you want to know more about our data processing activities, what we do to keep your data safe or to exercise one of your above described rights, feel free to send us an email at privacy@cinode.com.

Change History

5 May 2022 Clarifications due to changes in our privacy practices. This Privacy Notice has also been revised to be concise, clear, comprehensible, and easier to understand taking into consideration the “layered approach” to present information. This updated Privacy Notice will automatically enter into force for all existing candidates and users on its date of publication. Your continued use of our website and participation in the recruitment process from that date will be subject to this new Privacy Notice.