Contents
This is an English translation of our Swedish privacy policy. In case of any discrepancy, the Swedish version (/integritetspolicy/) prevails.
About this page
This policy applies when you visit scribill.se, fill out a form with us, or get in touch in any other way. We keep it short and clear on purpose. If anything is unclear, you are always welcome to ask.
Personal data is any information that can be linked, directly or indirectly, to you as an individual, for example your name, email address, or IP address.
Who is responsible for your data
Scribill AB is the controller for personal data processed through scribill.se. Under the General Data Protection Regulation (GDPR), this means we decide why and how your data is used, and that you come to us with any questions.
If you have questions about how we handle your data, the easiest way to reach us is at [email protected].
What data we process and why
We only collect data when there is a clear reason, and we always explain why. Here are the situations when that happens.
When you contact us
When you fill out a contact form, send an email, or call us, we save what you provide. This typically includes your name, company, email address, phone number, and the content of your message. The form also records which page you submitted from and how you found us, so we understand your question before we reply.
We use this data to answer your question, give you a proposal and a quote, and stay in touch about a possible collaboration. The legal basis is our legitimate interest in responding to and following up on inquiries (Article 6(1)(f) GDPR). If the contact leads to a booking, we process the data to enter into and perform a contract with you (Article 6(1)(b)).
When you are a customer
When you engage us for a training session, a lecture, or any other service, we process the data needed to plan, deliver, and invoice the work. When we run training at your premises, we may also process data about participants, such as names and email addresses, in order to deliver the training and issue any certificates. We typically receive that data from you. The basis is fulfilling the contract with you (Article 6(1)(b)) and, for accounting purposes, complying with legal obligations (Article 6(1)(c)).
When you visit the site
When pages load, our hosting provider logs technical data such as IP address, browser type, and timestamp. This is necessary for the site to work, stay secure, and withstand attacks. The basis is our legitimate interest in a safe and functioning site (Article 6(1)(f)).
Statistics on site usage
If you agree to it, we use Google Analytics to understand which pages are useful and what we can improve. The tool places cookies and collects data about how you navigate the site, your approximate location, and the device you use. We aggregate and anonymize this data as much as possible. The basis is your consent (Article 6(1)(a)), and you can withdraw or change your choice at any time. More on that in the Cookies section.
Search on the reviews page
The reviews page has a search box that understands free text. When you search, your query is sent to OpenAI, which helps us match it against the right reviews. So do not enter any personal data in the search box. The basis is our legitimate interest in offering a useful search function (Article 6(1)(f)).
Who may receive your data
We never sell your data or share it for anyone else's marketing purposes. To run our business, we engage a few carefully chosen vendors who process data on our behalf. All are bound by data processing agreements that restrict them to using your data only on our instructions.
| Vendor | What they help us with | Where data is processed |
|---|---|---|
| Cloudflare | Hosting and running the site, and spam protection for the form (Turnstile) | EU and USA |
| Microsoft (Microsoft 365) | Receiving and responding to email and contact inquiries | EU |
| Resend | Sending confirmation and notification emails when you submit the form | EU |
| Discord | Receiving contact inquiries internally | EU and USA |
| Make (Celonis) | Forwarding contact inquiries to our internal systems | EU and USA |
| Analytics via Google Analytics | EU and USA | |
| OpenAI | The search function on the reviews page | EU and USA |
If we add a CRM system to manage inquiries, it will be covered by the same type of agreement. We may also need to share data to comply with legal requirements, for example with the Swedish Tax Agency or another public authority.
Transfers outside the EU and EEA
Some of our vendors are US companies, so some data may be processed in the United States. This only happens when adequate protection is in place. Transfers are covered by the vendor being certified under the EU-US Data Privacy Framework, the regime that the European Commission has determined provides a level of protection equivalent to that within the EU, and additionally by the European Commission's standard contractual clauses. If you want to know more about the protection for a specific transfer, get in touch and we will explain.
How long we keep your data
We do not keep data longer than necessary.
- Contact inquiries are kept for the duration of the dialogue and for a period after, normally up to 24 months from your last contact, unless it leads to an engagement.
- Data and documentation relating to a completed engagement are kept for as long as the engagement requires. Accounting records are kept for seven years, as required by Swedish accounting law.
- Google Analytics data is kept for a maximum of 14 months.
- Operational and security logs are cleared routinely after a short retention period.
How we protect your data
We protect personal data with technical and organizational measures. The site runs encrypted over HTTPS, access to data is limited to those at Scribill who genuinely need it, and we choose vendors that maintain a good level of security. Should something go wrong and there is a risk to you, we will report it as required and inform you when we must.
Your rights
It is your data, and you are in control of it. Under GDPR you have the right to
- know what data we hold about you and receive a copy
- have inaccurate data corrected
- have data deleted when we no longer have a reason to keep it
- request that we restrict processing while a matter is being investigated
- object to processing we carry out based on legitimate interest
- receive data you have provided in a portable format
- withdraw a consent you have given, without affecting anything we have already done on the basis of that consent
To use any of these rights, email [email protected] or use the form on the contact page. We respond as soon as we can, and within one month at the latest, at no cost to you.
How to file a complaint
If you think we are handling your data incorrectly, we would naturally like to hear from you first so we can put things right. You also always have the right to contact the Swedish Authority for Privacy Protection (IMY), which is the supervisory authority in Sweden.
Changes to this policy
We update this policy when our operations or the rules change. The top of the page shows when it was last updated. If we make significant changes, we will announce them clearly on the site.
How to reach us
If you have a question about your data or this policy, get in touch and we will sort it out together.