Background

The EU's General Data Protection Regulations (GDPR) requires companies that handle personal information to restrict the way this information is handled.

Åskvigg AB is the creator of the Åskvigg platform that handled personal information, company information and access rights to Åskvigg modules for various applications built on top of the Åskvigg platform.

The Åskvigg platform is built with security in mind and the purpose of this Integrity Policy is to inform you of how we process and protect your personal information.

Data

Personal Information

The Åskvigg platform stores a small set of personal information about you as a user to identify you when you log in and make you distinguishable from other users.

An email address and a salted bcrypt hashed password is stored and used to identify users when loggin in to the Åskvigg platform.

The email address is also currently needed for you to be able to reset your password. This email address is never shared outside of the module that sends emails.

You can also add your own name and an image with your likeness to your profile but you are currently allowed to use a nickname and avatar that does not represent you as an individual.

Your profile can also include a job title, your mobile phone number, a land line phone number and the organisation number of your company. This information is not required and should only be used for business use.

Adding an organisation number to your profile will link your profile to that company if the company has been registered with the Åskvigg platform.

Storage of Personal Information

The Åskvigg platform is currently storing all personal information in a database cluster called Yggdrasil hosted on an Amazon Web Service cloud server located in North Virginia.

Access to the Yggdrasil database is restricted to the Åskvigg platform and only technicians at Åskvigg AB has access to the cloud server.

Privacy Policy

Users of the Åskvigg platform agrees to have their personal information accessable to other users of the Åskvigg platform.

Users email addresses however are never shown to other users and is only used to send messages directly to the owner of the account.

Services that send email messages are used to reset passwords, confirm account destruction and remind users of calendar events that they themselves have created.

Data Management

Access

Our Data Protection Officer is Tor Viktorsson the CEO of Åskvigg AB (556910-2139) who can be reached via dpo2018@askvigg.se if you have any questions about our Integrity Policy or how we handle your personal information.

The Data Protection Officer is the only technician at Åskvigg who has access to the Yggdrasil database cluster where personal information is stored.

Your personal information is presented within the Åskvigg platform to show who created certain data. If you add data to the Åskvigg platform the personal information that you have added to the Åskvigg platform will be linked to the data you added.

Security

Traffic from and to the Åskvigg platform is secured with HTTPS which means that information sent over the Internet is always encrypted.

All information linked to your personal information uses a unique 12 byte ObjectId that can not be traced back to your personal information if you delete your Åskvigg platform account.

Service Hosts

The Åskvigg platform is hosted on a Heroku cloud server and access to the cloud server configuration is restricted to the Data Protection Officer for configuration and maintenance only.

The Åskvigg platfrom used the Sendgrid Heroku add-on to send emails to users and access to the email server configuration is restricted to the Data Protection Officer for configuration and maintenance only.

The Åskvigg platform uses the Coralogix Heroku add-on to store runtime logs and access to the log service is restricted to the Data Protection Officer for incident management and maintenance only.

The Åskvigg platform uses the Librato Heroku add-on to monitor the cloud server and access to the monitor service is restricted to the Data Protection Officer for incident management and maintenance only.

Breaches

Information about security breaches is published on the front page of every Åskvigg powerd application.

Information about security breaches is sent to all Åskvigg platform users.

Rights

Personal Information

As a user of the Åskvigg platform you have access to your personal information via your Åskvigg platform profile.

Other users can send you invitations to the Åskvigg platform but only your email address and a unique invitation key is stored until you accept the invitation.

You are the only one who can update your own personal information.

At any time you can request for your personal information to be deleted. When doing so a confirmation email is sent to your registered email address with instructions on how to permanently destroy your personal information.

If you destroy your personal information your old account will be empty and only contain an encrypted reference to your email address and your password. This means that you can recover your account if you remember your email address and your password but there is no way to reset your password since your email address no longer will be stored wihin the Åskvigg platform so there is no way for us to send you a recovery instruction to validate you as the owner of the email address.

Information Linked to Your Profile

You can join open groups and get invitations to closed groups and you can exit any of these groups at any time. Being part of a group can give you access to information and data only published to the given group.

All information and data that you add to the Åskvigg platform will be stored until you yourself delete it from within the Åskvigg platform. Information that is part of a transaction between two Åskviss platform users is stored until both users has chosen to delete the information.

Groups connected

Users can download a copy of their personal information in JSON format from their profile via the Åskvigg platform.

How Information is Gathered

All information accessable via the Åskvigg platform has been added by a user of the Åskvigg platform. A reference to the user that added the information is stored so that the system knows which user has the rights to update or delete the data. Some data types can also be shared within the Åskvigg platform effectivly giving other users access to update or delete the data.

Local Storage

Cookies

When you log in to the Åskvigg platform a token is stored in a cookie within your web browser. This token includes information (a unique 12 byte ObjectId) that grants you access to the Åskvigg platform for 12 hours. No personal information is stored within the cookie. No session data is stored server side.

The Åskvigg platform client is loaded in your browser. Any information that you access on the Åskvigg platform is cached in your browser while our browser is open.

Contact

Contact dpo2018@askvigg.se if you have questions about our Integrity Policy or how we handle your personal information.

Contact info@askvigg.se if you have questions about the Åskvigg platform.


© Åskvigg AB