Privacy policy
About TicTac Learn AB and this Privacy policy
TicTac Learn AB, Reg. No. 556567-7266, Dockplatsen 1, SE-211 19 Malmö ("TicTac", "we" or "us") is one of the leading Nordic supplier in the EdTech sector. We conduct activities in the development of systems for education and communication, production of interactive web and mobile training and related activities. The majority of TicTac's personal data processing is carried out on behalf of companies and organizations that are using our systems and platforms. In regard to such processing, TicTac acts as a data processor, while the company or organization on whose behalf we process the relevant personal data, is the data controller. In these cases, our processing is regulated in a data processor agreement between TicTac and the respective company or organization.
However, within the framework of TicTac’s operations, TicTac processes personal data for which TicTac is the Data Controller, which is described more in detail in this policy. This means that TicTac has an obligation to ensure that the processing of personal data is carried out in accordance with applicable law and the principles set out in this Privacy policy. We are committed to protecting your personal data and comply with all applicable laws and regulations that exist to protect the privacy of individuals.
It is important to us that you feel safe with what personal data we collect and, above all, how we process it. This Privacy policy therefore covers all necessary information about our handling of your personal data as data controller, which is why it is important that you read and understand the Privacy policy before using TicTac’s services. If you have any questions about our processing of your personal data, please contact us via the contact details below.
What kind of processing (which is a generic term in the EU Data Protection Regulation (”GDPR”) for operations which is performed on your personal data) that we carry out regarding your personal data, depends on the context in which you come into contact with us and in which capacity you act. To make it easier for you, we have divided this policy into different category sections based on which services you use with us, where under each category you can read about what kinds of processing are carried out.
After the category sections, follows multiple sections that are common to all types of services. These sections contain information about e.g., who we share your personal data with, where we process your personal data, what rights you have vis-à-vis us and how you get in touch with us. Below, you can click yourself to each section.
1. What personal data do we collect and where do we collect it?
2. Transfer of personal data
3. Your rights
4. Changes to the Privacy policy
5. Contact information
Please note that some pages on our website contain links to websites managed by third parties. These websites have their own privacy policies and TicTac is not responsible for their business or their information practices. Users who send information to or through these third-party websites should therefore review the privacy policies of those websites before sending any personal data to them.
For information on the collection, management and storage of information collected through cookies, please refer to TicTac’s Cookie policy.
1. What personal data do we collect and where do we collect it?
1.1 Request for quotation by company representative
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data and send you a quote based on these.
What personal data we process and where they come from
From you:
- your name;
- your e-mail;
- your phone number;
- your address;
- your employer; and
- your job title.
What is the legal basis for our processing?
Our legitimate interest to be able to perform preparing measures on your request before we enter into an agreement.
For how long do we process your personal data for the specific purpose?
This processing takes place for as long as the quotation is in force.
1.2 Purchase of service or product by company representative or license administrator
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data and use them to manage purchases, complaints and payments for our products and services as well as to give you access to the systems and/or platforms purchased.
What personal data we process and where they come from
From you:
- your name;
- your e-mail;
- your phone number;
- your address;
- your payment details;
- your employer; and
- your working title.
What is the legal basis for our processing?
To be able to perform under the contract with you.
For how long do we process your personal data for the specific purpose?
For as long as it is required for our performance of the agreement with you, and for a period of two years thereafter, in order for us to be able to defend ourselves against any legal claims or until we are informed that you are no longer representing the relevant company. Invoice documentation is stored in accordance with applicable legislation.
1.3 Customer service or other communications
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data, either by you sending us an e-mail or by a telephone conversation with you. The data you provide will be used for the purpose of answering your questions.
What personal data we process and where they come from
From you:
- your name;
- your e-mail;
- your phone number;
- your address;
- your employer;
- your working title; and
- any other personal data that you choose to provide us with in relation to the customer service matter.
What is the legal basis for our processing?
Our legitimate interest in being able to provide you with customer service.
For how long do we process your personal data for the specific purpose?
For as long as the case for which you requested customer service matter is operative, and for a period of three months thereafter.
1.4 Signing up for newsletters/marketing
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data and use them to contact you by e-mail or phone.
What personal data we process and where they come from
From you:
- your name;
- your e-mail;
- your phone number; and
- your address.
What is the legal basis for our processing?
Your consent. You can withdraw this at any time. More information about your right to withdraw your consent can be found in section 3.8.
For how long do we process your personal data for the specific purpose?
This processing takes place for as long as we have your consent (i.e. until you withdraw your consent, more information about the right to withdraw your consent can be found in section 3.8.
1.5 Job application
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data and use them to carry out a recruitment process.
What personal data we process and where they come from
From you:
- your name;
- your e-mail;
- your phone number;
- your resumé; and
- your personal letter.
What is the legal basis for our processing?
To comply with a legal obligation as employer and our legitimate interest in conducting a recruitment process.
For how long do we process your personal data for the specific purpose?
This processing takes place during the recruitment process and for a period of two years thereafter, in order for us to be able to defend ourselves against any legal claims.
1.6 Website users
For what purposes we process your personal data, i.e. what we do and why
We collect your personal data when you visit our website in order to optimise your experience of the website and to be able to handle purchases, orders and other requests via the website.
What personal data we process and where they come from
From other sources:
- Technical information generated through your use of the website;
- information about your internet device, such as IP address, language settings, browser settings, operating system; and
- time and date of the visit of the website.
What is the legal basis for our processing?
Our legitimate interest in being able to provide our website.
For how long do we process your personal data for the specific purpose?
This processing takes place during your visit of the website and is stored for up to two years thereafter. For more information, please see our Cookie policy.
For certain purposes, we process your personal data and rely on our legitimate interest as the legal basis for the processing. In assessing the legal basis, we rely on a balancing of interests test by which we have determined that our legitimate interests of the processing override your interest and your fundamental right not to have your personal data processed. We have stated our legitimate interest in the tables above. Please contact us if you want to read more about how this test has been performed. Our contact details can be found in section 5.
2. Transfer of personal data
TicTac always observes the utmost caution when transferring your personal data and your personal data is never passed on without the support of this Privacy policy and that appropriate security measures are taken. When we share your personal data, we ensure that the recipient processes them in accordance with this privacy notice, by, e.g. entering into Data Transfer Agreements or Personal Data Processing Agreements with the recipients. We would like to emphasize that we do not sell your personal data to any third party. TicTac may transfer your personal data in the following situations:
- Group companies: We cooperate closely with our group companies. Our sharing of your personal data to such group companies may be required for us to provide our services to you. We have a legitimate interest of being able to provide these services. If the sharing of your personal data is necessary to fulfil that interest, and that interest overrides your right not to have your data processed, the sharing may be carried out on the legal basis of legitimate interest.
- Corporate transactions: If all or part of TicTac’s business is sold or integrated with other activities, your personal data may be disclosed to our advisors, potential buyers and their advisors and passed on to the new owners of the business. We have a legitimate interest of being able to sell our business to, or integrate our business with, a third party. Thus, sharing your personal data to such party may be carried out on the legal basis of our legitimate interest.
- Third-party service providers: We have agreements with other companies that perform services on our behalf. These services include CRM systems, support, newsletters, digital signing and analysis of information and the provision of search results and links. These companies have access to your personal data to the extent that they need it to fulfil their mission, but they may not use or share the information for other purposes. We have a legitimate interest of being able to access such services. If the sharing of your personal data is necessary to fulfil that interest, and that interest overrides your right not to have your data processed, sharing may take place on the legal basis of legitimate interest.
- Authorities: Your personal data may also be disclosed in order for TicTac to comply with certain legal obligations and may be handed over to the relevant authorities when permitted and required by law.
The transfers described above may be made to recipients in member states to the EU/EEA as well as to third countries whose legislation may differ from the rules on data protection within the EU and EEA. In the case of transfers to such third countries, TicTac will take all appropriate measures to ensure that your personal data is duly protected and that it is processed only in accordance with applicable data protection legislation and this Privacy policy.
We will ensure that appropriate safeguards are put in place by ensuring that at least one of the following conditions is met in each such transfer.
Safeguarding measures and descriptions thereof
Adequate level of protection, in accordance with Article 45 GDPR
The European Commission has determined that certain countries outside of the EU/EEA have a sufficiently high level of data protection. This means that personal data can be transferred to such countries without any further action having to be taken with regard to the transfer itself (beyond what applies under the GDPR in general).
A list of which countries are included can be found here (in Swedish: here).
Countries we transfer personal data to on the basis of this safeguard:
Canada (commercial organizations)
EU-U.S. Data Privacy Framework
The European Commission has determined that U.S. actors participating in the EU-U.S. Data Privacy Framework have a sufficiently high level of security, which means that personal data can be transferred to such recipients without the need to take any additional measures with regard to the transfer itself (in addition to what applies under the GDPR in general).
Countries we transfer personal data to on the basis of this safeguard:
USA
Standard contractual clauses, in accordance with Article 46.2 GDPR
Since only a few countries are considered to have an adequate level of protection of personal data, the most common measure to ensure sufficient protection of your personal data if it is transferred outside of the EU/EEA is to attach the European Commission’s so called standard contractual clauses, which follow from implementing decisions 2001/497/EC, 2010/87/EU or 2021/914/EU. If we use the standard contractual clauses as the safeguard, we will not make any changes or amendments in conflict with the clauses.
If you want to read the clauses in their entirety, you can download them via the European Commission's website (the document titled Standard contractual clauses for international transfers (Word)).
Countries we transfer personal data to on the basis of this safeguard:
USA
You have the right to receive a copy of the security measures that we have used when transferring personal data to a country outside the EU/EEA by contacting TicTac.
3. Your rights
According to applicable legislation, you have the right to exercise certain rights against us, when we process your personal data. Below we describe each right, and what it means for you in relation to the personal data we process. If you want to read more about what the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) writes about these rights, there are links under each section to the relevant page on the Swedish Authority for Privacy Protection's website.
If you want to exercise any of these rights, want to know more, or have questions, please feel free to contact us at gdpr@tictaclearn.net or by using the contact details set out in section 5 below.
3.1 Right to information
You have the right to be informed about how we process your personal data. In this privacy policy, we generally describe what personal data are processed by us in different contexts. If you want to know more about whether we process your personal data, and to what extent it is done, you can contact us as described above and request information about what personal data we process.
If you want to read more about the right to information – please see here.
3.2 Right to access your personal data (register extract)
We can also provide you with a copy, a so-called register extract, of the personal data processed by us. In the register extract, we provide information about e.g. which categories of personal data are processed, what the personal data are used for, for how long the data will be stored, with whom the personal data has been shared and where the data come from.
If you want to read more about the right to access – please see here.
3.3 Right to rectification
We strive to always have accurate personal data about you and to update them when necessary. If you discover that we process inaccurate data about you, you have the right to contact us as described above to have these corrected. You also have the right to ask us to complete incomplete data if this is relevant based on the purposes for which your data are processed, by providing us with additional information.
If you want to read more about the right to rectification – please see here.
3.4 Right to erasure (right to be forgotten)
You have the right to request the erasure of your personal data. However, this right is not absolute. Certain conditions must be at hand in order for us to erase your data. For example, you may have the right to have data erased if they are no longer necessary for the purposes for which they were collected, if you withdraw your consent or if you object to us using your data for direct marketing.
The right to erasure is also limited in the event that an exception applies to the data in question. For example, we have the right to retain the data if it is necessary for establishing, exercising or defending legal claims.
If you want to read more about the right to erasure – please see here.
3.5 Right to object
You always have the right to object to our processing if the legal basis for the processing (this is stated in the various processing operations above in section 1) is that it is necessary for purposes relating to our legitimate interest.
If you object, we do not have the right to process the data anymore, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if it is needed for the establishment, exercise or defence of legal claims. If we consider that we have such legitimate grounds, or if the data are needed for the establishment, exercise or defence of legal claims, we will notify you of this, and the reasons for such assessment.
You can also object to your personal data being processed for marketing purposes (including profiling if this is included as part of this). If you do so, we will cease the processing for these purposes.
If you want to read more about the right to object – please see here.
3.6 Right to restriction
You can request that the processing of your personal data should be restricted, for example if you do not think that the information we have about you is correct or if you believe that the processing is unlawful. Such request can also be made during the time we investigate whether our legitimate interests override your interest of privacy when you object to the processing (see more about this under section 3.5 above).
If you want to read more about the right to restriction – please see here.
3.7 Right to transmit personal data (data portability)
You have the right to receive your personal data, that you have provided to us (in case the legal basis for our processing is consent or performance of a contract), in a structured, commonly used and machine-readable format. However, this presupposes that the processing takes place by automated means (i.e. not in physical form on paper). If technically possible, and you wish to do so, we may also transmit such personal data to another data controller.
If you want to read more about the right to transmit personal data (data portability) – please see here.
3.8 Right to withdraw your consent
You can withdraw the whole or part of the consent you have given at any time, with effect as from the withdrawal (i.e. the processing of personal data that we have carried out before the withdrawal will not be affected). This can be done by contacting us via the contact details in section 5. In the case of direct marketing via e-mail, a withdrawal can be carried out through a link attached in each such e-mail.
3.9 Right to lodge a complaint with the competent supervisory authority
You can lodge a complaint to the Swedish Authority for Privacy Protection (or with another supervisory authority) if you believe that our processing of your personal data is not in accordance with applicable legislation.
If you want to read more about the right to lodge a complaint – please see here.
3.10 Requirements for exercising your rights
To protect your privacy, we may (if necessary) require you to prove your identity when you contact us to exercise your rights.
We handle your request to exercise your rights promptly. Your request will normally be answered within one month from the date the request was received by us. Only in the case of an unusually complicated request, or if we have received a large number of requests, the response time may be extended by up to two months. If an extension of the response time is decided upon, you will be notified of that.
4. Changes to the Privacy policy
Please note that the content of the Privacy policy is subject to change. In such cases, the new version will be published on TicTac’s website. You should therefore review the Privacy policy at regular intervals to ensure that you are satisfied with the changes. However, in the event of changes in material importance, we will, provided that you have notified us of your email address, alert you by email those changes have been made.
If the changes relate to personal data processing that we perform on the basis of your consent, we will allow you to again give your consent.
5. Contact information
IIf you have any questions regarding our Privacy policy, or if you suspect that there may have been a violation thereof, or if you wish to contact us for any reason stated in this Privacy policy, please contact our Customer service at the contact details stated below.
TicTac Learn AB
Dockplatsen 1
SE-211 19 Malmö
Sweden
If you are applying for a job at TicTac Learn AB's German affiliate TicTac Learn GmbH or if you represent a German entity purchasing TicTac services or products, TicTac Learn GmbH will act as data controller for the processing of your personal data, in accordance with section 1.1-1.3, 1.5 and 2-5 of this Privacy policy. In such case, any reference to "TicTac", "we" or "us" shall be a reference to TicTac Learn GmbH, Reg. No. HRB 252252, Unter den Linden 40, D-10117 Berlin, Germany and Berliner Beauftragte für Datenschutz und Informationsfreiheit is the relevant data protection authority for processing carried out by TicTac Learn GmbH pursuant to section 3. The contact information to TicTac Learn GmbH is:
TicTac Learn GmbH
Unter den Linden 40
D-10117 Berlin
Germany
If you are applying for a job at TicTac Learn AB's Danish affiliate TicTac Learn Denmark A/S or if you represent a Danish entity purchasing TicTac services or products, TicTac Learn Denmark A/S will act as data controller for the processing of your personal data, in accordance with section 1.1-1.3, 1.5 and 2-5 of this Privacy policy. In such case, any reference to "TicTac", "we" or "us" shall be a reference to TicTac Learn Denmark A/S, Reg. No. 27057640, Dampfærgevej 9, 2100 Copenhagen, Denmark and Datatilsynet is the relevant data protection authority for processing carried out by TicTac Learn Denmark A/S pursuant to section 3. The contact information to TicTac Learn Denmark A/S is:
TicTac Learn Denmark A/S
Dampfærgevej 9
2100 Copenhagen
Denmark