Privacy Notice

Version 2.2
May 2018

As a company promoting privacy, we at Privasee have created a Privacy Notice that aims to help you understand what personal data we collect, what we use it for and how you can exercise your rights. 

When this notice applies to you

This Privacy Notice applies to the use of the Privasee website in all available languages, as well as Privasee’s services towards its customers. 

Our website contains links to other websites. Once redirected to another website, this notice is no longer applicable. 

Information Collection & Tracking

This section describes what personal data we collect and process on different occasions,

such as: when you use this website, when you apply for a job, when you contact us, etc.

You can visit our website without giving away a lot of your personal data. You can read our Cookie Policy which provides a description of which cookies we use and why. You can also switch on/off cookies under Cookie Settings.

Legal basis: Legitimate interest.

If you get in touch with us via email, phone, post or other form of communication, we may keep records of those correspondences and their content in order to be able to respond to you or document your complaint. If you wish for your
information to be deleted from our systems, you can contact us directly through this website (Chat).

Legal basis: Legitimate interest.

If you apply for a job with Privasee, we will collect, process and store the information you have sent us for recruitment-related purposes, such as contacting you and performing screening and interviews.

Legal basis: Legitimate interest.

If you sign up to take a course or training with Privasee, we will collect, process and store the information necessary for us to deliver the requested service.

Legal basis: Contract.

If you are a client of Privasee, please consult the contract you’ve signed with us because it may contain a more detailed set of information on personal data processing. If you have questions, please get in touch with your point of contact at Privasee. Furthermore, when data is processed for the purposes of delivering a training/course, the processing is done on the basis of a performance of a contract.

Legal basis: Contract.

International transfers

Privasee aim to limit the international transfers of personal data to which it is a custodian. Therefore, international transfers are limited to a minimum necessary to obtain analytics of our website usage and our customer relationship management. We only transfer personal data when there is a basis for such transfers and having due consideration of the risks to the individual that may be connected to such transfers.

United States of America (USA)

Privasee use: 
1. Microsoft Office 365 suite for external communication and internal use; 
2. Zendesk for Breach and DSARs services;
3. Curatr for the online CPP training.
This entails a transfer of some personal data to the United States of America. Microsoft is a certified EU – U.S. Privacy Shield organization, meaning that the transfers are performed under this legal mechanism for international transfers. 


Tresorit Privasee use Tresorit as an end-to-end encrypted file sharing service between Privasee and its partners and/or customers. Tresorit is a company based in Switzerland, therefore, data may be transferred outside the EU/EEA to Switzerland. This is done on the basis of the EU Adequacy Decision where the EU has recognized Switzerland as providing adequate protection of personal data.

Security measures

Privasee follows industry best practices in information security. We implement security measures appropriate to the size and nature of our business, all with the aim of keeping your personal data safe and secure.

Physical Security

Privasee uses cloud services for their operations. The physical facilities where Privasee is located requires an RFID chip to gain access.


Employees have only access to data contained in business applications on a 'need-to-know' basis. Privileged users are granted on a 'need-to-access' basis.

Endpoint Security

Privasee uses Sophos for end-point security and protection against viruses and ransomware. All devices are encrypted with a remote swipe enabled should the device be lost or stolen.

Disclosure to third parties

Personal data shared with us is treated confidentiality. As a general rule, we do not disclose personal data to third parties, save from circumstances in which we share data with our partners and suppliers. 

We only share your personal data with third parties when necessary and always according to the principles stated in this Privacy Notice.

Fortnox (Sweden)

Created with Sketch.

Personal data processed is: contact details and financial data
Purpose: Used for finances and sales lifecycle management.
Place: EU

Jimdo (Germany)

Created with Sketch.

Personal data processed is: What is collected in Cookies and when you send us a message via the Contact Form or Chat.
Purpose: This platform is used for our website.
Place: EU

RKO (Sweden)

Created with Sketch.

Personal data processed is: contact details and financial data

Purpose: Book-keeping.
Place: EU

Tresorit (Switzerland)

Created with Sketch.

Personal data processed is: contact details and correspondence
Purpose: End-to-end encrypted file sharing
Place: EU

HT2Labs (United Kingdom)

Created with Sketch.

Personal data processed is: firstname, lastname, email address, location, tagline, function, additional data as shared in summary, comments, ratings, contributions, eLearning progress metrics, 
Purpose: This is the platform through which we provide our eLearning courses
Place: EU and US

Your rights

In the EU you have a set of rights when it comes to your personal data and its processing by personal data controllers such as Privasee.

If you wish to exercise your rights please contact us at via the Live Chat on this website or send us a message through our contact form.

You have the right to know what we process on you and receive a copy. 

If you would like to obtain a confirmation of whether Privasee process your personal data?

You have the right to access the personal data we process on you to the extent that the access request is done in reasonable intervals and that fulfilling this request would not adversely infringe on other persons’ rights and freedoms. 

You are also entitled to obtain a copy of the personal data we process on you. This could mean that we will charge you an administrative fee to be able to meet your request. 

Please note that we will always go through a verification process to check your identity before you can exercise your rights.

You have the right to information rectification, deletion, and objection to processing

If you believe the information we have on you is incorrect or incomplete, you may request for a correction and completion of that information.

When certain conditions are met, you also have the right to erasure (“right to be forgotten”). 

You may also object to processing done with the purpose of direct marketing.

Please note that we will always go through a verification process to check your identity before you can exercise your rights. 

Retention periods

As a general rule, we store personal data of our customers for the duration of our contract with them. We may retain information such as billing or financial information for longer than that in order to comply with applicable laws as well as for the establishment, exercise or defence of legal claims. 

Refer to the cookie policy when it comes to personal data generated by the cookie on our website.

Changes to this privacy notice

Privasee reserve the right to make changes and amendments to this Privacy Notice at any time and for any reason. We will always make sure to have our Notice be freely available and easily accessible so that you may be informed of the content of this Privacy Notice by reading it on our website.

Contact in case of questions or complaints

You are always welcome to contact us:

Hammarby Kaj 10D, 2nd floor (GOTO 10), 120 30 Stockholm, Sweden

Email: privacyoffice(a)

In the event of a complaint, you have the right to contact the Swedish Supervisory Authority: Datainspektionen.

To sum up

We only collect a limited amount of information about you that is necessary for improving our services and website. We do not use profiling, we do not sell or in any other way spread your data to third parties save from our partners and suppliers, we do not use your data for purposes other than what we specified. 

We also make sure that your data is stored securely. We delete all information deemed no longer necessary.

What is Legitimate Interest?

Created with Sketch.

Legitimate interest is one of the six legal bases for processing according to the General Data Protection Regulation (GDPR). Legitimate interest may be used for processing as long as that interest is not detrimental to you as an individual in the sense that it would infringe on your rights and freedoms. 

Why is contract listed as a legal basis?

Created with Sketch.

Contractual obligation is one of the six legal bases for processing according to the General Data Protection Regulation (GDPR). When we use this basis for processing, it means that the processing is necessary for a contract you have signed with us or as a preparatory step towards signing the