Introduction
Voyado AB and Voyado Lund AB (“Voyado”, “we”, “our”, “us”) have robust processes in place for protecting your personal data. We are transparent on how we process your personal data and have for these purposes drafted this privacy policy.
This policy is applicable to visitors of our websites, individuals who contact us through our websites and individuals who are registered to receive marketing from us. The privacy policies for users of our services are accessible within the services.
In this policy you will find information on what kind of personal data we process, why we do it, what we use it for, how we may share it and further how you may make settings to change your preferences and your legal rights. The policy has been designed to fulfil the requirements under the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (the “GDPR”) and words not defined in this privacy policy shall have the meaning ascribed to such words in the GDPR.
The data processing described in this policy is carried out by Voyado AB, reg. no. 556787‑0208, and Voyado Lund AB, reg, no. 556588-5240, as joint data controllers.
What data we collect and when we collect it
When you visit Voyado’s websites and if you agree to the use of website cookies, we track and gather certain information on this website that helps us to better understand our visitor’s needs related to our website and our services.
When you as a customer use Google Customer Match Service in the Online Ads addon
When using Google as provider in the Voyado Online Ads module in Voyado for external audiences Voyado will provide a granted Google Ads account with one or many customer lists.
The Voyado user needs to login to a Google account via a so-called OAuth screen with access granted to one or several Google Ads accounts. In order to link these Google Ads account to a Voyado user, Voyado requests to store encrypted authentication tokens and the email address for the Google account for each Google Ads account association. This is to add multiple customer lists, audiences, to the Google Ads account without the need of authenticate to Google ads every time.
It is at any time possible to remove or update the Google Ads account association.
The synchronization towards Google will use targeted groups of contacts, which have been profiled based on the end-customer data that Voyado collects on behalf of the Customer, or the Customer provides Voyado with.
The external audiences will be created and shared in the Google Ads account, in the form of a list of hashed contact identifiers, currently including e-mail addresses, mobile phone numbers, first name and surname, in order for Google to search for matches among their own user profiles. Google can only identify user profiles for which this data already exists. If this data does not exist (i.e. the e-mail address or mobile phone number have not been given for a profile), it cannot be uncovered.
The recognized user profiles are then collected into a custom audience in the Google Ads. As a data controller you need to ensure that end-customer has been informed, and if deemed necessary as a legal base, that end-customer has agreed to such processing.
The status for the synchronization for each external audience is stored and displayed in Voyado. Please review the privacy policies, data processing addendums and other documentation made available by Google for full information on the processing of personal data within Google and that Voyado accepts no responsibility for such processing.
If you sign-up for e-mail marketing, e.g., for our newsletters, events or webinars or use the form to “book a demo”, we will use the personal data you provide (normally e-mail address, but in some cases also telephone number, company and title), to send personalized offers, marketing, product news etc. The legal base for this is consent. You can withdraw your consent and unsubscribe from such marketing by using the unsubscribe link in the e-mail or by contacting us via the contact details below. We analyse your behaviour in connection with the newsletter through the use of so-called tracking pixels or web beacons, which are one-pixel image files stored on our website. For analysis purpose we link your personal data and the web beacons to your e-mail address and an individual ID. Links received in the newsletter also include this ID. The data generated is used to create a user profile in order to personalise the newsletter to your personal interest based on when you read our newsletters and which links you click in them. This processing is based on our legitimate interests (Art 6 (1) f GDPR) to provide you with more relevant offers and a better user experience.
If you sign-up for Voyado Academy (via Learnster) we will process your name, e-mail address and company to manage your account and send you information regarding the courses you attend. When you perform a course we will also process the answers and result from your performance. Our legal basis for this is the agreement between us or your employer (as applicable). We share this data with Learnster. You may request that your account and data is deleted by contacting us via the contact details below.
Scoring, profiling and making telephone calls. Our website uses a system to identify which visitors that may be of specific interest. With the assistance of a cookie, each visitor collects points by making its way between the pages. The scoring is based on which pages you visit, for how long you stay there, your interaction with the webpage etc. This cookie will not enable us to identify you. However, if you allow direct marketing, we will send customized marketing send-outs to you based on your behaviour on the website. When you exceed a given threshold of points, we may call you to discuss if you are interested in Voyado’s offerings. The scoring system starts functioning once you visit Voyado’s website, however anonymously. You may prevent this by changing your cookie settings or not allowing us to conduct direct marketing. The processing is necessary for our legitimate interests to promote our services and maintain business relations. The cookies used for the scoring system are stored in accordance with our cookie information below. You may opt-out from our direct marketing at any time and refuse the use of cookies.
Direct marketing to existing customers. We process personal data for the purpose of targeted e-mail marketing to existing customers. The personal data processed for such purpose may include e-mail address, information about visits including the URL, search terms, information about what you viewed or searched on our website and activities of users. The legal basis for processing of this personal data is our legitimate interest (Art 6 (1) f GDPR). You have the right to object to such processing and in every e-mail you have the opportunity to unsubscribe from marketing communication from us.
Marketing Funnel. We use the service Dreamdata to import data from our marketing and sales tools Hubspot and Salesforce for the purpose of analyzing “customer journeys”. For this purpose we process your e-mail address, job title, which visits you have done on site (if you have agreed to cookies), clicks on ads, opening of e-mails, which event and webinars you have attended, which marketing offers we have contacted you about, which e-mails we have sent to you and when we have called you. We use this information to analyze which features you could be interested in and provide you with information on such. The profiling is solely based on your professional capacity and we do not process any personal data related to the private sphere. Our legal basis for this processing is our legitimate interest (Art 6 (1) f GDPR) of providing you with relevant marketing material and a balance of interest where we have assessed that our interest of providing you with relevant marketing material is greater than the inconvenience this may cause you. We have then specifically assessed that the profiling is solely based on data related to your professional sphere.
Marketing and analytics cookies. We use Google Analytics 4 (“GA4”) to collect information about your use of the website for the purpose of analyzing and improving the use of our website. GA4 is a web analytics tool provided by Google Ireland Limited (“Google”), which collects first-party cookies and other information, such as device type, browser type, the pages you visit on our website, and your IP address. For EU-based traffic, IP addresses are however not logged or stored by GA4 but only used for deriving coarse geo-location data and thereafter immediately deleted. GA4 collects all data from EU-based devices via domains and on servers based in the EU. Google may however store and process the data in data centers located in the US and other countries and transfer the data to third parties where required by law or where such third parties process the data on Google’s behalf. The US-based parent company of Google, Google LLC, is certified under the EU-U.S. Data Privacy Framework, ensuring the protection of any personal data transferred from the EU to the US. Further information on data protection when using GA4 can be found here.
We also use advertising systems (Google Marketing Platform, Google Ads, LinkedIn Ads, Facebook Pixel, GA Audiences and Hubspot) that collect third-party cookies for the purpose of targeted advertising, subject to user preferences and privacy settings.
You may refuse the use of cookies by selecting the appropriate setting on your browser, or by clicking on the cookie icon at the bottom right corner of our website to update your cookie preferences at any time, ensuring you have ongoing control over your data and privacy.
For how long do we process the data?
We will only use your personal data as long as necessary in relation to the purpose of the processing.
Information retained in our marketing system for the purpose of sending marketing information to you will be retained for two years or as long as you are an active customer which communicates with us, participates in events etc. If you however object to the processing of your personal data for marketing purposes, we will promptly and permanently delete your personal data.
The information collected by cookies will be stored during the retention period stated for each cookie in our cookie declaration below. You can also clear your browser from cookies and the information will be deleted.
The information collected in Voyado Academy via Learnster is stored for as long as your account is active. If you are inactive in Voyado Academy, your account will automatically be soft deleted after one (1) year, or – if you have never logged into your account – after 180 days. You will be notified before the account is deleted and you can prevent the deletion by logging into your account. After your account has been soft deleted, the information will be kept on the server in case you wish to restore your account by contacting us. If your account is not restored, the data will be permanently deleted after one (1) year following the soft deletion. If you wish to immediately delete your account, you can contact us via the contact details below or by e-mail at legal@voyado.com. The data will then be permanently deleted without delay.
Please note that the storage periods may not apply if Voyado is required to retain your personal data (partly or in full) under applicable mandatory law (e.g., accounting laws).
Who we share your personal data with
Only the people who need to process personal data for the purposes mentioned above have access to your personal data within our organisation. In order to provide the services to you we need to allow our suppliers access to your personal data when they perform services on our behalf as data processors, mainly to provide support and maintenance of IT systems, storage services and marketing. We use Microsoft Ireland Operations Limited for hosting of personal data and the third party providers stated in this policy and specifically the cookie declaration for other services.
Third country transfers
The transfers of personal data may entail transfer of your personal data outside the EU/EEA. Any transfer of data outside the EU/EEA is made in line with data protection laws. Our third country transfers of personal data (including transfers to group companies and suppliers established outside the EU/EEA) are based on the EU-U.S. Data Protection Framework if applicable for transfers to the US, and otherwise on the EU Commission’s standard contractual clauses with suitable supplementary technical and organizational security measures, unless the company in question resides in a country considered by the EU Commission to ensure an adequate level of data protection. The standard contractual clauses are found here.
Rights under the GDPR
In case you have any questions regarding Voyado’s processing of your personal data, please contact Voyado at legal@voyado.com or use the contact details provided below. You can also use these contact details if you would like to exercise any of your rights as a data subject under the GDPR. Please note that the rights under the GDPR are not unconditional. Therefore, an attempt to invoke any of the rights might not lead to an action. Your rights under the GDPR include the following:
Right to access – According to article 15 GDPR, you are entitled to access your personal data and receive certain information about the processing. That information is provided in this document.
Right to rectification – According to article 16 GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to erasure – Under certain circumstances, you are according to article 17 GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.
Right to restriction of processing – Under certain circumstances, you are according to article 18 GDPR entitled to restrict the processing of the personal data that Voyado carries out.
Right to data portability – You are according to article 20 GDPR entitled to receive the personal data (or have the personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from Voyado.
Right to object – According to article 21 GDPR, you are entitled to object to certain processing activities conducted by Voyado on the personal data, such as all Voyado’s processing of the personal data based on Voyado’s legitimate interest.
Finally, you also have the right to submit a complaint with the supervisory authority, which in Sweden (the seat of Voyado) is the Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten)
https://www.imy.se/kontakta-oss/.
How we protect your data
We employ appropriate technical and organizational security measures to help protect your personal data against loss and to guard against access by unauthorized persons. Appropriate security measures we have taken include implementation of security standards, implementing secure private connections, traceability, disaster recovery, access limitations, regular and independent vulnerability and penetration testing, physical access control, organizational measures such as risk management and change control, data breach management and business continuity management. We regularly review our security policies and procedures to ensure our systems are secure and protected.
Changes to this privacy policy
If we change how we handle your personal data or how we use cookies, we will promptly update this privacy policy and publish it on this website.
Last updated: 2024–06-25