IHM Privacy Policy
IHM Privacy Policy in swedish 👉
IHM Business School AB
Organization number: 556297-9764
Address: Fabriksgatan 25, 412 50 Gothenburg
IHM Business School is responsible for the processing of your personal data throughout the entire organization.
INTRODUCTION
We care about the privacy of our customers and users, and it is important to us that everyone feels secure when providing us with personal data. We have well-established routines to ensure that personal data is always well protected and that the processing of data is done in accordance with current laws.
This policy describes why we process personal data in our operations and how we do it. We also explain how you can find out which of your personal data has been collected, the legal basis for the collection, and how to request the deletion of the data in question.
SITUATIONS WHERE THIS POLICY APPLIES
This policy applies to all situations where IHM Business School processes personal data, which includes data we collect when someone:
- Purchases any of our services
- Participates in any of our courses
- Attends any of our information sessions
- Registers for a digital subscription
- Registers on any of our digital platforms
- Signs up for any of our events
- Participates in any of our competitions
- Contacts our customer service
IHM Business School assumes no legal responsibility for third-party websites that you may access via links from www.ihm.se and refers you directly to these entities for questions about their personal data processing.
WHY DO WE COLLECT PERSONAL DATA?
We collect personal data to effectively conduct our operations by providing services based on the preferences and behaviors of our users and customers. This includes, for example, collecting data for:
- Development of personalized services
- Ensuring that services are used in accordance with applicable laws
- Communication with our users and customers
- Administration of our courses and services
- Protecting the security of our customers
- Executing our agreements
- Marketing purposes
HOW DO WE COLLECT PERSONAL DATA?
A significant portion of the personal data we collect is provided to us through digital forms, such as when purchasing a service, registering for our newsletter on our website, or applying via yh-antagning.se. Other personal data is stored through email correspondence. We also collect data through physical forms, for example, during information meetings or customer meetings.
We may also collect personal data from other sources, such as from a course participant who indicates the purchaser of a course, a billing reference, their manager/supervisor, or an external source for record maintenance.
LEGAL BASES FOR THE COLLECTION OF PERSONAL DATA
In order to collect personal data, there must be a legal basis for the collection in question. Below is a description of the legal bases that our operations rely on.
AGREEMENT
An agreement is a formal arrangement that authorizes the collection of personal data between us and a user.
LEGITIMATE INTEREST
Legitimate interest is a legal basis that means we collect personal data based on a legitimate interest from us and the staff whose personal data we collect. For example, we may collect personal data during a purchase to develop our services, as we believe it is in both our and our consumers' interest that our services are developed.
LEGAL OBLIGATION
The legal basis "legal obligation" means that there are laws or regulations that require the data controller to process certain personal data in their operations.
CONSENT
Consent is a legal basis that means you give your permission for your personal data to be processed for one or more specific purposes. You have the right to withdraw your consent at any time.
PERSONAL DATA WE COLLECT FOR ADMINISTRATIVE PURPOSES
- Our customers and users first and last names, email addresses, postal addresses, phone numbers, and other similar contact information. Legal basis: Agreement
- Passwords, personal identification numbers, and other security information for account access to our databases. Legal basis: Legitimate interest, agreement
- Information necessary to process our customers' purchases, which may include references, payment method numbers, security codes, bank account numbers, and personal identification numbers. Legal basis: Legal obligation, agreement
PERSONAL DATA WE COLLECT FOR SERVICE DEVELOPMENT
- Information about our customers and users behavior on our platforms, such as which activities they sign up for or which purchases they make. Legal basis: Legitimate interest
- Reports on errors or improvements, which may include search queries and email correspondence. Legal basis: Legitimate interest
PERSONAL DATA WE COLLECT FOR MARKETING PURPOSES
- Data from individuals participating in our marketing and information campaigns, such as in articles and films. Legal basis: Legitimate interest, agreement, consent
- Information about our customers' and users' purchasing processes, such as what information they download or which events they register for. Legal basis: Legitimate interest, agreement, consent
- Information about formal purchasers among our customers, such as contact details for the person who ordered the course and/or the course participant's supervisor. Legal basis: Legitimate interest
PERSONAL DATA WE COLLECT FOR APPLICATIONS TO IHM YRKESHÖGSKOLA
- Data to both identify the applicant and to ensure that the person meets any educational requirements, such as educational certificates, grades, or documentation related to work experience. Legal basis: Agreement
PERSONAL DATA WE SHARE WITH THIRD PARTIES
Your personal data may be disclosed to and processed by third parties. We remain the data controller for the personal data that is shared, while the third party, depending on the circumstances, may either become an independent data controller, a joint data controller with us, or our data processor. For example, the following events may result in personal data being disclosed to and processed by third parties:
- We share personal data if a Swedish authority legally requests the data in question. We also share data with authorities if we ourselves believe we can identify legal issues. Legal basis: Legal obligation
- When we conduct transactions between us and our customers, we share personal data with banks and other financial entities to ensure the transaction in question; they are legally prohibited from using the personal data for any purpose other than what is stated in this policy. Legal basis: Legal obligation
- When we perform our educational services, we may need to share personal data with providers of educational systems or distance learning systems, such as the course participant's name and email address. Legal basis: Agreement, legitimate interest
- We share personal data when we hire other entities to review and develop our functions and services; this may occur, for example, when we ask a market research company to review how our customers view service. Legal basis: Legitimate interest
- We may also share personal data with group companies, other service providers, legal advisors, auditors, and consultants as necessary. Legal basis: Agreement, legitimate interest, legal obligation
WHERE AND HOW DO WE STORE PERSONAL DATA?
We will only process your personal data within the EU/EEA. We take appropriate technical and organizational measures to prevent unauthorized or unlawful processing and access, loss, destruction, or damage to personal data, thereby ensuring an appropriate level of security.
We engage data processors who process all personal data through both data storage and operation of our systems. The data processor may, in some cases, read personal data if our IT systems require maintenance or other technical support. Our data processor is subject to strict contractual confidentiality.
HOW LONG ARE PERSONAL DATA STORED?
We retain personal data as long as we believe it is used for the purposes for which it was originally and explicitly collected. When a piece of personal data is no longer relevant to its original purpose, it is deleted, and we have established procedures to identify these cases. As a rule, we retain personal data for no longer than 24 months after collection, unless the person in question continues to interact with IHM, there are legal requirements for continued storage, or as long as there is an active assignment or agreement.
If you no longer wish to receive invitations, newsletters, or marketing, including direct marketing, from us via email or SMS, you can opt out at any time—either by replying to the message or by clicking on the link at the bottom of each email. Upon such a request, we will immediately cease processing your data for marketing purposes.
COOKIES
Cookies are text files containing information stored on your device (e.g., your computer, mobile phone, or tablet) when you visit a website. Cookies may, in some cases, contain personal data. We use cookies on our website.
PROFILING
We may collaborate with advertising networks and other advertising service providers that we and other unrelated companies engage to produce advertising on the internet. Advertising is tailored to your interests based on the information collected on our website, through your use of other digital services, or social media, so-called profiling. We analyze your behavior to provide you with targeted and relevant marketing offers, benefits, and discounts, product information, and invitations to events.
You always have the option to object to the processing of your personal data for direct marketing purposes. This objection also applies to the analysis of personal data (i.e., profiling) carried out for direct marketing purposes. Direct marketing refers to all types of proactive marketing actions, such as via mail, email, and SMS.
HOW TO FIND OUT WHAT PERSONAL DATA WE HAVE COLLECTED?
Anyone whose personal data is stored at IHM Business School always has the right to request a register extract of the collected data, which is done free of charge and within one month. The requested documents should indicate how the personal data was collected and for what specific purpose it is now being used, including the legal basis for the collection. For us to approve such a request, the person requesting the data must clearly identify themselves to avoid someone requesting another person's personal data.
Requests should be sent to: dataskydd@ihm.se
HOW CAN YOU CORRECT THE COLLECTED PERSONAL DATA?
If you want the personal data that we have stored to be corrected or updated, you always have the right to request this. You can also request that the processing of your collected personal data be restricted. Additionally, you always have the right to data portability, which means that under certain conditions, you can transfer your personal data to another entity, see below. The same procedures apply here as for requesting a register of personal data, and therefore clear identification from the applicant is required.
HOW CAN YOU HAVE YOUR PERSONAL DATA DELETED?
If you want to have the personal data we have collected deleted, you need to contact us and formally request the termination of the agreement or consent for the collection of personal data. Once the request is approved, the personal data will be deleted without delay. We always strive to be accommodating in requests for deletion of personal data, but we must always oppose deletion if there are legal requirements for us to retain the data in question.
Requests should be sent to: dataskydd@ihm.se
HOW CAN YOU OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA?
As a data subject, you have the right to object to the processing of your personal data at any time if the legal basis for the processing is a legitimate interest. As a data subject, you also have the right to object to the processing of your personal data at any time if it is processed for direct marketing purposes, including profiling.
RIGHT TO DATA PORTABILITY
As a data subject, you have the right to obtain the personal data that you have provided to us as the data controller and have the right to transfer this data to another data controller (data portability). However, this applies provided it is technically possible and that the processing has been necessary for the performance of a contract.
AUTHORITY FOR SUPERVISION OF PERSONAL DATA COLLECTION
If you object to IHM Business School's collection or processing of personal data, we ask that you contact us. You also have the right to file a complaint about our processing of personal data with the Swedish Authority for Privacy Protection. They review all complaints and determine whether supervision should be initiated. You can contact the Swedish Authority for Privacy Protection at Box 8114, 104 20 Stockholm, or imy@imy.se.
FOR MORE INFORMATION
If you have more questions or concerns regarding our processing of personal data, you are always welcome to contact us at dataskydd@ihm.se.
CHANGES TO OUR PRIVACY POLICY
We may make changes to this privacy policy. The latest updated version can always be found on this page. Therefore, we recommend that you regularly visit our website to always have updated information about our personal data processing.