What data we collect and when we collect it
When you visit Voyado’s websites and if you agree to the use of such cookies, we track and gather certain information on this website that helps us to better understand our visitor’s needs related to our website and our services.
When you as a customer use Google Customer Match Service in the Online Ads addon
When using Google as provider in the Voyado Online Ads module in Voyado for external audiences Voyado will provide a granted Google Ads account with one or many customer lists.
The Voyado user needs to login to a Google account via a so called OAuth screen with access granted to one or several Google Ads accounts. In order to link these Google Ads account to a Voyado user, Voyado requests to store encrypted authentication tokens and the email address for the Google account for each Google Ads account association. This is to add multiple customer lists, audiences, to the Google Ads account without the need of authenticate to Google ads every time.
It is at any time possible to remove or update the Google Ads account association.
The synchronization towards Google will use targeted groups of contacts, which have been profiled based on the end-customer data Voyado either collects on behalf of the Customer, or data the Customer provides Voyado with.
The external audiences will be created and shared in the Google Ads account, in the form of a list of hashed contact identifiers, currently including e-mail addresses, mobile phone numbers, first name and surname, in order for Google to search for matches among their own user profiles. Google can only identify user profiles for which this data already exists. If this data does not exist (i.e. the e-mail address or mobile phone number have not been given for a profile), it cannot be uncovered.
The recognized user profiles are then collected into a custom audience in the Google Ads. As a data controller you need to ensure that end-customer has been informed, and if deemed necessary as a legal base, that end-customer has agreed to such processing.
The status for the synchronization for each external audience is stored and displayed in Voyado. Please review the privacy policies, data processing addendums and other documentation made available by Google for full information on the processing of personal data within Google and that Voyado accepts no responsibility for such processing.
If you sign-up for e-mail marketing, e.g., for our newsletters, events or webinars or use the form to “book a demo”, we will use the personal data you provide (normally e-mail address, but in some cases also telephone number, company and title), to send personalized offers, marketing, product news etc. The legal base for this is consent. You can withdraw your consent and unsubscribe from such marketing by using the unsubscribe link in the e-mail or by contacting us via the contact details below. We analyse your behaviour in connection with the newsletter through the use of so-called tracking pixels or web beacons, which are one-pixel image files stored on our website. For analysis purpose we link your personal data and the web beacons to your e-mail address and an individual ID. Links received in the newsletter also include this ID. The data generated is used to create a user profile in order to personalise the newsletter to your personal interest based on when you read our newsletters and which links you click in them. This processing is based on our legitimate interests (Art 6 (1) f GDPR) to provide you with more relevant offers and a better usage experience.
If you sign-up for Voyado Academy (via Learnster) we will process your name, e-mail address and company to manage your account and send you information regarding the courses you attend. When you perform a course we will also process the answers and result from your performance. Our legal base for this is the agreement between us or your employer (as applicable). We share this data with Learnster. You may request that your account and data is deleted by contacting us.
Direct marketing to existing customers. We process personal data for the purpose of targeted e-mail marketing to existing customers. The personal data processed for such purpose may include e-mail address, information about visits including the URL, search terms, information about what you viewed or searched on our website and activities of users. The legal base for processing of this personal data is our legitimate interest (Art 6 (1) f GDPR). You have the right to object to such processing and in every e-mail we provide you with you have the opportunity to unsubscribe from marketing communication from us.
For how long do we process the data?
We will only use your personal data as long as necessary in relation to the purpose of the processing. Information retained in our marketing system for the purpose of sending marketing information to you will be retained for two years or as long as you are an active customer which communicates with us, participates in events etc. If you however object to the processing of your personal data for marketing purposes, we will promptly and permanently delete your personal data. The information collected by cookies will be stored during the retention period stated for each cookie in our cookie declaration below. You can also clear your browser from cookies and the information will be deleted. The information collected in Voyado Academy via Learnster is stored for as long as your account is active. If you are inactive in Voyado Academy, your account will automatically be soft deleted after one (1) year, or – if you have never logged into your account – after 180 days. You will be notified before the account is deleted and you can prevent the deletion by logging into your account. After your account has been soft deleted, the information will be kept on the server in case you wish to restore your account by contacting us. If your account is not restored, the data will be permanently deleted after one (1) year following the soft deletion. If you wish to immediately delete your account, you can contact us via the contact details below or by e-mail at email@example.com. The data will then be permanently deleted without delay. Please note that the storage periods may not apply if Voyado is required to retain your personal data (partly or in full) under applicable mandatory law (e.g., accounting laws).
Who we share your personal data with
Only the people who need to process personal data for the purposes mentioned above have access to your personal data within our organisation. In order to provide the services to you we need to allow our suppliers access to your personal data when they perform services on our behalf as data processors, mainly to provide support and maintenance of IT systems, storage services and marketing. We use Microsoft Ireland Operations Limited for hosting of personal data and the third party providers stated in this policy and specifically the cookie declaration for other services.
The transfers may entail transfer of your personal data outside the EU/EEA. Any transfer of data outside the EU/EEA is made in line with data protection laws. Our international transfers of personal data (including transfers to group companies and suppliers outside the EU/EEA) are normally based on the EU Commission’s standard contractual clauses unless the company resides in a country considered by the EU Commission to ensure an adequate level of protection. The standard contractual clauses may be found here. In addition to the standard contractual clauses, we use suitable additional technical and organisational security measures.
Rights under the GDPR
In case you have any questions regarding Voyado’s processing of your personal data, please contact Voyado at firstname.lastname@example.org or use the contact details provided below. You can also use these contact details if you would like to exercise any of your rights as a data subject under the GDPR. Please note that the rights under the GDPR are not unconditional. Therefore, an attempt to invoke any of the rights might not lead to an action. Your rights under the GDPR include the following:
Right to access – According to article 15 GDPR, you are entitled to access your personal data and receive certain information about the processing. That information is provided in this document.
Right to rectification – According to article 16 GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to erasure – Under certain circumstances, you are according to article 17 GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.
Right to restriction of processing – Under certain circumstances, you are according to article 18 GDPR entitled to restrict the processing of the personal data that Voyado carries out.
Right to data portability – You are according to article 20 GDPR entitled to receive the personal data (or have the personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from Voyado.
Right to object – According to article 21 GDPR, you are entitled to object to certain processing activities conducted by Voyado on the personal data, such as all Voyado’s processing of the personal data based on Voyado’s legitimate interest.
Finally, you also have the right to submit a complaint with the supervisory authority, which in Sweden (the seat of Voyado) is the Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten)
How we protect your data
We employ appropriate technical and organizational security measures to help protect your personal data against loss and to guard against access by unauthorized persons. Appropriate security measures we have taken include implementation of security standards, implementing secure private connections, traceability, disaster recovery, access limitations, regular and independent vulnerability and penetration testing, physical access control, organizational measures such as risk management and change control, data breach management and business continuity management. We regularly review our security policies and procedures to ensure our systems are secure and protected.
Changes to this website privacy notice
Last updated: 2023-01-27