Background
The EU's General Data Protection Regulations (GDPR) requires companies that handle personal information to restrict the way this information is handled.
Åskvigg AB is the creator of the Åskvigg platform that handled personal information, company information and access rights to Åskvigg modules for various applications built on top of the Åskvigg platform.
The Åskvigg platform is built with security in mind and the purpose of this Integrity Policy is to inform you of how we process and protect your personal information.
Data
Personal Information
The Åskvigg platform stores a small set of personal information about you as a user to identify you when you log in and make you distinguishable from other users.
An email address and a salted bcrypt hashed password is stored and used to identify users when logging in to the Åskvigg platform.
The email address is also currently needed for you to be able to reset your password.
This email address is shared with administrators so they can contact you if you need help with onboarding but after onboarding it is never shared outside of the module that sends emails unless you choose to show your email address in your profile.You can also add your own name and an image with your likeness to your profile but you are currently allowed to use a nickname and avatar that does not represent you as an individual.
Your profile can also include information about your company. This information is not required and should only be used for business use.
Adding an organisation number to your profile will link your profile to that company if the company has been registered with the Åskvigg platform.
Storage of Personal Information
This instance of the Åskvigg platform is storing all personal information in a database cluster hosted on an Amazon Web Service cloud server located in Sweden.
Access to the database is restricted to the Åskvigg platform and only technicians at Åskvigg AB has access to the cloud server.
Privacy Policy
Users of the Åskvigg platform agrees to have their personal information accessable to other users of the Åskvigg platform.
Users email addresses however are never shown to regular users, unless you choose to show your email adress in your profile, and is only used to send messages directly to the owner of the account.
Services that send email messages are used to reset passwords, confirm account destruction, remind users of calendar events that they themselves have created and send information about new messages sent within the Åskvigg platform.
Data Management
Access
Our Data Protection Officer is Tor Viktorsson the CEO of Åskvigg AB (556910-2139) who can be reached via dpo2023@askvigg.se if you have any questions about our Integrity Policy or how we handle your personal information.
The Data Protection Officer is the only technician at Åskvigg who has access to the database cluster where personal information is stored.
Your personal information is presented within the Åskvigg platform to show who created certain data. If you add data to the Åskvigg platform the personal information that you have added to the Åskvigg platform will be linked to the data you added.
Security
Traffic from and to the Åskvigg platform is secured with HTTPS which means that information sent over the Internet is always encrypted.
All information linked to your personal information uses a unique 12 byte ObjectId that can not be traced back to your personal information if you delete your Åskvigg platform account.
Service Hosts
The Åskvigg platform is hosted on a Heroku cloud server and access to the cloud server configuration is restricted to the Data Protection Officer for configuration and maintenance only.
The Åskvigg platfrom used the Sendgrid Heroku add-on to send emails to users and access to the email server configuration is restricted to the Data Protection Officer for configuration and maintenance only.
The Åskvigg platform uses the Coralogix Heroku add-on to store runtime logs and access to the log service is restricted to the Data Protection Officer for incident management and maintenance only.
The Åskvigg platform uses the Librato Heroku add-on to monitor the cloud server and access to the monitor service is restricted to the Data Protection Officer for incident management and maintenance only.
Breaches
Information about security breaches is published on the front pages of every Åskvigg powered application on this server instance.
Information about security breaches is sent to all Åskvigg platform users on this server instance.
Rights
Personal Information
As a user of an Åskvigg platform you have access to your personal information via an Åskvigg platform profile.
Other users can send you invitations to the Åskvigg platform but only your email address and a unique invitation key is stored until you accept the invitation.
You are the only one who can update your own personal information.
At any time you can request for your personal information to be deleted. When doing so a confirmation email is sent to your registered email address with instructions on how to permanently destroy your personal information.
If you destroy your personal information your old account will be empty and only contain an encrypted reference to your email address and your password. This means that you can recover your account if you remember your email address and your password but there is no way to reset your password since your email address no longer will be stored wihin the Åskvigg platform so there is no way for us to send you a recovery instruction to validate you as the owner of the email address.
Information Linked to Your Profile
You can join open groups and get invitations to closed groups and you can exit any of these groups at any time. Being part of a group can give you access to information and data only published to the given group.
All information and data that you add to the Åskvigg platform will be stored until you yourself delete it from within the Åskvigg platform. Information that is part of a transaction between two Åskviss platform users is stored until both users has chosen to delete the information.
Users can download a copy of their personal information in JSON format from their profile. This copy will only include personal profile information and not other information and data that you may have added to the Åskvigg platform.
How Information is Gathered
All information accessable via the Åskvigg platform has been added by a user of the Åskvigg platform. A reference to the user that added the information is stored so that the system knows which user has the rights to update or delete the data. Some data types can also be shared within the Åskvigg platform effectivly giving other users access to update or delete the data.
Local Storage
Cookies
When you log in to an Åskvigg platform a token is stored in a cookie within your web browser. This token includes information (a unique 12 byte ObjectId) that grants you access to the Åskvigg platform for 7 days. No personal information is stored within the cookie. No session data is stored server side.
The Åskvigg platform client is loaded in your browser. Any information that you access on the Åskvigg platform is cached in your browser while your browser is open.
Contact
Contact dpo2023@askvigg.se if you have questions about our Integrity Policy or how we handle your personal information.
Contact info@askvigg.se if you have questions about the Åskvigg platform.
© Åskvigg AB