We at Trustcruit are committed to protecting and respecting your privacy. This policy therefore describes how we, as a data controller (meaning when we decide how we process personal data) collect and use personal data of:

  • Potential customers
  • Customers (representatives and users of our services)
  • Former customers
  • Suppliers
  • Business partners
  • Visitors on our website
  • Participants of our webinars or other events that we are a part of

What does it not cover?

Data about individuals that have responded to surveys sent out by our users. This is because we only process such personal data on instructions from our customers, and any questions or queries that a survey respondent may have should therefore be directed at the company sending out the survey.

Any questions?

Just email legal@trustcruit.com or contact us at Trustcruit AB, Gjuterigatan 9, 553 18 Jönköping, Stockholm, Sweden.

Your rights.

Under the GDPR you have several rights with regard to your personal data.

Right to object. You have the right to object to processing based on legitimate interest. This means that we may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests. You can always contact us for more information on the balance test that has been made. Upon an objection, we might have to investigate the situation further prior to a decision. You furthermore have an unconditional right to forbid that your personal data will be processed for direct marketing purposes.

Right to access your data. You have the right to request a transcript of personal data processed by us, and additional information on how the data have been collected, processed, shared, etc. The first transcript may be requested free of charge; however, if you make repeated and unreasonable requests for copies, we might charge you an administrative fee.

Right to transfer your data. You have the right to transfer your personal data to another controller under certain conditions.

Right to rectification. You have the right to correct inaccurate or incomplete information about yourself. We might also update the same information if we consider that it contains factual errors or is out of date.

Right to erasure. You have the right to request that we delete personal data about you, for example, if the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if there is no legal basis for processing the data. Please note that we might have to decline your request if we are legally obliged to keep the information or if the information is necessary to defend against or enforce legal claims.

Right to restriction. You are entitled to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you has been handled.

Right to withdraw your consent. You may at any time withdraw any consent you have given us. However, please note that it will not affect any processing that has already taken place.

Right to complain. You have the right to lodge a complaint to the supervisory authority in the country you live or work in if you believe that we have not complied with our obligations regarding your personal data. In Sweden, the Supervisory Authority is Integritetsskyddsmyndigheten, which also is our lead supervisory authority, and you can find more information at their website: https://www.imy.se/

Please note that if you request restriction or erasure, it might affect our abilities to provide Trustcruit and other services etc. that you or your employer have requested. Moreover, legal rights or obligations or a legal claim may prevent us from disclosing or transferring all or part of your information, or from deleting or transferring all or part of your information.

Where we process your personal data.

We always strive to process your personal data strictly within the EU/EEA and otherwise ensure that the service provider is established in a country that the EU Commission has deemed has adequate privacy protection whilst making sure all necessary risk assessments are carried out if necessary additional safety measures are in place. We select our service providers carefully and take all the necessary steps to ensure that your personal data is processed with adequate safeguards in place in accordance with the GDPR.

Please contact us if you want information about the applicable countries and safeguards in specific cases.

The next sections of this privacy policy are divided into one for users of the service and one for all others.

Users

What personal data do we process?

  • Contact details and user account data, i.e. name, email address and phone number.
  • Organizational data, meaning information regarding the company you work for, including company name, job title, workplace, office address, right to represent your company, your hiring team etc.
  • User activity data, meaning information about activity in our services, which covers both the activities as well as metadata surrounding the activities and audit logs.
  • Communications, meaning all communication occurring between us.
  • Meeting recordings and transcripts, meaning when we have recorded and/or transcribed a joint meeting, webinar or similar.
  • Notes, e.g. from meetings and chats.
  • Visual content, for example if we have been allowed to publish a customer review with you.
  • Billing data if you are listed as the reference for an invoice for example.
  • Survey data, this is data collected if you decide to participate in an online survey.
  • Any personal data in free text fields. As we have several features with free text fields (such as notes, task lists etc.), any personal data inserted in those fields will be processed by us.
  • Feedback on the services
  • Support case data, meaning any information connected to you that is needed to solve a support case.
  • Technical and statistical data, we will collect technical and statistical data from your computer (or mobilemobile device) in connection with your use of the service such as IP address, user agent, browser type and version, session behavior, traffic source, screen resolution, preferred language, geographic location, operating system and computer platform.

We will only process sensitive data about you if you provide us with such information and only to the extent necessary and justified, e.g. if you provide us with information regarding your allergies or other health data for an event we host.

How is the information gathered?

From you. Most of the information we process about you is received from you. You may directly or indirectly give us information about yourself in different ways, for example when you contact us with a support question or use the service. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to provide Trustcruit to you.

Or collected from other sources. As a user we will most probably have gotten information about you from your employer. We will furthermore automatically receive data from the cookies and similar technologies that we set through our Service, in accordance with your consent (or when they are necessary for the functioning of the site/Service).

What do we use your data for?

Providing our services, incl. support. We will process the personal data of our users to provide the service such as creating and maintaining the account, setting up permissions and providing all features including providing customer support. All of this is necessary for our legitimate interest in being able to uphold our obligations according to the contract we have entered into with your company/employer. This includes the processing that we do to provide features and integrations that you or your company have requested.

Maintaining, developing, testing and ensuring the security of the service. In order to ensure that our service runs smoothly, keeps a high quality and is secure we process the personal data as necessary to do so – which is also the legitimate interest that we are basing the processing on. One example of data processed for this purpose is internet or network activity data such as IP-addresses, but also potential personal data embedded in the logs, e.g. if a fault is detected and the data that caused the fault is an email address.

Developing our offerings. In order for us to be able to improve our offerings, we gather input from you and may contact you for e.g. customer surveys. The contact and the gathering and use of input from you is processed based on our legitimate interest in improving our business and services.

Personal data about you, for example support case data, can be used for internal purposes, in order for the team to educate themselves, but also in order for us to measure KPIs, in our legitimate interest in being able to develop and improve the work of our staff.

Nurturing our customer relationships. We will process personal data of our users and customer representatives in order for us to nurture our relationship, create added value and provide this part of our offering.

This purpose includes converting data such as activity for statistical purposes that enables us to form reports on your company’s activities in the service. The purpose of these statistics could be contract development, if the contract with your company is based on certain usage of the service, or it could be in order for us to see how we can develop the relationship between us and our customer.

As part of this purpose, we might record a meeting we have with you and have it transcribed. This is usually in both party’s interest, as your company might want the recording of e.g. a training session, as well as meeting notes.

All of this is either necessary for our legitimate interest in upholding our obligations according to the contract we have entered into with your company, or necessary for us in order to maintain and enhance our customer relationships.

Communication. Your contact details and the contents of the communication will be used to communicate with you. This processing is necessary in our legitimate interest in effective communication with our customers under the contract we have entered into with your employer.

Providing requested content. Your data will be used to provide you with the content (such as for example newsletters, downloadable content offers, and online publications) you have requested, based on our legitimate interest in being able to provide you with the content you have requested.

If you have interacted with our website – analyzing and improving marketing efforts tailored to you. The interaction you have had with us in any shape or form on our public website, and if you have given us your consent for analytical cookies, might be used to analyze how we should further work in our marketing efforts toward you. This processing is based on our legitimate interest in being able to develop and improve our approach.

Direct general marketing. We might also use the information about you for direct marketing purposes such as to tell you about our publications, the service or just keep you up to date with what’s going on with us, our products, services and events. This processing is based on our legitimate interest in being able to develop our relationship and market connected services to you.

If you do not wish to receive any direct marketing from us, you can opt-out at any time by clicking the unsubscribe button in the email you have received or get in touch with your customer success manager/account manager/contact person.

Sharing lead information with our business partners. If you have signed up for an event or similar such as a publication that we host or create together with a partner, we may also share your contact details with that relevant partner. The partner may thereafter also contact you with offers, content and other information that is deemed relevant to your company.

This sharing activity is based on our legitimate interest in being able to deliver requested content, to bring added value to our customers, but also as all parties of co-hosted and/or created content of course wish to have the details of those that might be interested in their services and consequently contact them.

The same applies to sharing your contact details with partners that offer services that you have expressed an interest in. This is based on the legitimate interest of bringing added value to our customers as well as strengthening partnerships.

Analyzing and improving marketing efforts in general. We aggregate data and statistics about our marketing campaigns, about individual’s interactions with us in any shape or form, and if you have given us your consent for analytical cookies the data from that technology, in order for us to review and analyze what works and what does not work in our marketing efforts. This is based on our legitimate interest in being able to develop in our work and improve our marketing efforts.

Publish customer reviews and testimonials. We might contact you asking for a testimonial or review, and the subsequent consent to publish such testimonial/review for the purpose of marketing our services. The contact is made in our legitimate interest in being able to ask you for a review, however, the review is based on your consent.

Billing and bookkeeping. Your personal data may be used for billing purposes, which generally means having you as an invoice reference or being in contact with you for any reason connected to billing. This processing is based on our legitimate interest of being able to bill our customers under the agreement we have entered into with your company.

Administering our agreements. If you are our customer contact person, your personal data may be processed when we enter into and during the agreements with you or your employer. This is necessary for us to be able to enter into and fulfill agreements with your company and for our legitimate interest in being able to enter into and fulfill different types of agreements and to have a contact person in connection with the agreement.

Fulfilling legal obligations. We are obligated to follow Swedish law. This means that your personal data will be processed to the extent necessary for us to fulfill our legal obligations, for example with regard to tax and book-keeping rules or keeping a list of those who have opted out of direct marketing to ensure that we do not contact these individuals for that purpose again.

Protecting our legitimate business interests and legal rights. We will use information about you where we believe it is necessary to protect and enforce our legal rights, interests and the interests of others, for example in connection with legal claims, compliance, regulatory and audit functions.

Processing necessary for a merger or acquisition. In connection with, due to strategic or business-oriented reasons, a potential merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, the personal data we retain about you may be processed, shared or transferred, to parties involved in the process. This processing is based on our legitimate interest in being able to develop our business.

Processing initiated by you or with your consent. Your personal data may be used for other purposes than stated above if you ask us to (and then it might be a legitimate interest we base the processing on) or if you give us your consent for a specific purpose.

With whom do we share your personal data?

Vendors. We use service providers that provide services that we need in order for us to provide our services, to manage the customer relationship and for marketing purposes. In some cases, they may be controllers or they will process personal data based on our instructions (meaning that they, in GDPR terms, are what is called a “data processor”). These include but are not limited to:

  • Data servers, where we store the data in the platform
  • Project management tools
  • Provider of customer service solution
  • CRM-system

External consultants. Your personal data will, when appropriate, be shared with some of our consultants that for example, assist us in our sales and marketing efforts or with legal advice. However, we will restrict access to those of our consultants who need it to perform their work. Our consultants are of course subject to strict confidentiality.

Business partners. If you have signed up for/shown an interest in an event, publication or similar that we host or create together with a business partner, we may share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both us and the partner. Both us and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you. We may also share your details with a business partner providing an offering that you have expressed an interest in – which could be the case for example with an integration that we build together with a third party. That partner will be responsible for their processing of your data, thus we recommend that you read their privacy policy/notice as well.

Our business partners. If you have signed up for/shown an interest in an event, publication or similar that we host or create together with a business partner, we may share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both us and the partner. Both us and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you. We may also share your details with a business partner providing an offering that you have expressed an interest in – which could be the case for example with an integration that we build together with a third party. That partner will be responsible for their processing of your data, thus we recommend that you read their privacy policy/notice as well (most commonly found in the applicable form e.g. for signing up or downloading).

Public authorities and other actors. We may need to provide necessary information to parties who, by law, have the right to receive information about you, e.g. Police, Tax Authorities and courts.

Parties involved in a legal proceeding. Your personal data may be shared if necessary with parties involved in a legal proceeding, such as lawyers.

Parties involved in an acquisition, merger, or sale of business. We may, for strategic or commercial reasons, decide to sell or transfer all or parts of the company in the future. As part of a transaction, your personal information may need to be shared with parties involved in the transaction.

Other parties, incl. service providers, upon request. We may also disclose your personal data to other companies, organizations or persons if you or your employer request us to. This can for example be the case if you or your employer request a feature that involves a third party.

How long do we keep your personal data?

We only process personal data for as long as it takes to fulfill the purpose of the processing, after which we stop processing the data for that purpose. For example:

Data connected to user accounts will be kept for as long as you keep your user account active, meaning as long as you keep logging in. If you have not logged in to your user account in 365 days, we will send you an email notifying you that your account will be terminated within 7 days if you do not log in. Upon termination of the account your data might be stored up until one (1) month due to technical reasons.

Audit logs will be kept for up to two (2) years after the event.

Data concerning the customer relationship, meaning e.g. contact details, communications, meeting information will be kept during the relationship and for up to five (5) years after the customer relationship ended, for the purpose of being able to re-connect and having meaningful information about prior contract and customer relationship.

Personal data processed with your consent, will be deleted when your consent is withdrawn or upon expiry of the purpose for which your consent was given.

Customer reviews collected by us are kept as long as deemed accurate and relevant for marketing and sales efforts unless otherwise agreed.

Moreover, we store data to the extent we believe it is necessary to protect our legal rights, legitimate interests and the interests of others. Your data may also be stored for a longer period if required by applicable statutory retention periods (e.g. for tax and/or book-keeping purposes and applicable statutory retention periods).

Others (leads, website visitors, webinar attendees)

What personal data do we process?

  • Contact details, such as name, email address and phone number
  • Organizational data, meaning information regarding the company you work for, including company name, job title, workplace, right to represent your company etc.
  • Visual content, (for example if we promote you as part of a webinar or a publication)
  • Communications, meaning all communication occurring between us
  • Meeting recordings and transcripts, meaning when we have recorded and/or transcribed a meeting (e.g. sales or customer relationship related), a webinar or similar.
  • Notes, e.g. from meetings and chats
  • Billing data, if you are listed as the reference for an invoice for example.
  • Survey data, this is data collected if you decide to participate in an online survey we send out
  • Activity data, meaning data about your engagement and interactions with us. To clarify this can for example be notes about the response we have gotten from you to our sales and/or marketing efforts but it also means data about e.g. time spent on different parts of our website and interactions with content.
  • Technical data, such as, but not limited to, IP address, user agent, browser type and version, session behaviour, traffic source, screen resolution, preferred language, geographic location, operating system and computer platform
  • Statistical data, about e.g. number of visitors and views on sites and content incl. videos, for how long e.g. a video was watched.

We will only process sensitive data about you if you provide us with such information and only to the extent necessary and justified, e.g. if you provide us with information regarding your allergies or other health data for an event we host.

How is the information gathered?

From you or your employer. Most of the information we process about you is received from you or your employer. You may directly or indirectly give us information about yourself in different ways, for example when you attend a webinar we are part of, contact us for a demo or download a publication. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to provide e.g. a demo or publication to you.

From other sources. We might also get information from sources such as LinkedIn or business partners operating within the same field if you are a potential lead. Furthermore, we may get your contact and organizational details from a provider of such details, e.g. a list of contact details of relevant potential new customers. We may also receive your details from a business partner, if you for example have expressed an interest in the type of services we provide. We will also receive data from the cookies and similar technologies that we set on the websites we host, in accordance with the consent you have given through the cookie consent banner, these cookies collect activity data, technical data and statistical data.

Here is a link to our cookie policy for more in-depth information https://www.trustcruit.com/cookie-policy/.

What do we use your data for?

Sourcing potential customers (leads). Your data may initially be collected and used in order for us to analyze potential leads and sourcing the most appropriate contact persons at a company, based on our legitimate interest in being able to evaluate and effectively reach out to companies that we are interested in selling and marketing our services and products toward.

Selling. If you are a prospective, former or current customer we may use your personal data in order to contact you for the purposes of seeing if our services (for current customers this means services not already in use) would be relevant to your company and uphold that communication throughout our sales process, in our legitimate interest in being able to contact and communicate with potential customers to sell our products and services.

Providing requested content. Your data will be used to provide you with the content (such as for example newsletters, downloadable content offers, and online publications) you have requested, based on our legitimate interest in being able to provide you with the content you have requested.

Inviting to and administering events. We will, for our legitimate interest in being able to host events and webinars for different purposes, invite you to an event and subsequently process the personal data necessary to plan and administer that event. Generally, the categories of personal data involved are your contact details, organizational data and – if we serve food – food preferences and/or allergies. If you provide us with any health data such data will be processed based on your consent.

Direct general marketing. We might also use the information about you for direct marketing purposes such as to tell you about our publications, the service or just keep you up to date with what’s going on with us, our products, services and events. This processing is based on our legitimate interest in being able to market us and our services.

If you do not wish to receive any direct marketing from us, you can opt-out at any time by clicking the unsubscribe button in the email you have received.

Analyzing and improving marketing efforts tailored to you. The interaction you have had with us in any shape or form, and if you have given us your consent for collection information from cookies and similar technologies, will be used to see how we should further work in our marketing efforts toward you, for example through targeted marketing. This processing is based on our legitimate interest in being able to market our services, develop and improve our approach.

Analyzing and improving marketing efforts and our website in general. We aggregate data and statistics about our marketing campaigns, about individual interactions with us in any shape or form, and if you have given us your consent for cookies the data from that technology as well, in order for us to review and analyze what works and what does not work in our marketing efforts and on our site. This is based on our legitimate interest in being able to develop our work, site and improve our marketing efforts.

This includes using your details to contact you and ask you to participate in surveys, e.g. about what you are looking for in a service like ours. We will contact you based on our legitimate interest in improving our business and services. Participation is however voluntary and in case personal data is included in your answers, we process such personal data based on your consent.

Recording webinars and similar and using those recordings for marketing purposes. When we organize events such as webinars, we record them in order for us to use the recordings at a later stage for marketing purposes, e.g. to publish the recording on LinkedIn. This we do in our legitimate interest in being able to market our services. We always record any webinar that we hold, however your personal information (name) during any live webinar and in any recording is only visible to others if you choose to engage in the chat or Q&A, and you usually do have the option to be anonymous for these actions as well. Information that always will be kept is information about who signed up and who joined in. As a speaker at an event, your video and voice recording will be kept and used by us, however we can always discuss beforehand if you have any specific preferences here.

Data enrichment. We aggregate additional data from external sources about the company you work for such as for example the company description, employee size, office addresses or used web technologies. This helps us to get a more comprehensive picture of your company’s potential needs, based on our legitimate interest in being able to better understand if your company is a good fit for us and to tailor our marketing and sales efforts.

Communication as part of our business relationship. Your contact details and the contents of the communication will be used to communicate with you, including through the chatbot we have on our website. This processing is based on our legitimate interest in effective communication as part of our business relationships, whether that is with a supplier, partner or potential customer.

Maintaining, developing, testing and ensuring the security of the website. In order to ensure that our websites run smoothly, keep a high quality and are secure we process the personal data as necessary – which is also the legitimate interests that we are basing the processing on.

Evaluating and negotiating business relationships with partners. We will also process the personal data necessary, such as contact details, organizational data and communication data in order for us to evaluate and negotiate potential partnerships with e.g. your company, which is the legitimate interest we base this processing on.

Sharing lead information with our business partners. If you have signed up for an event or similar such as a publication that we host or create together with a partner, we may also share your contact details with that relevant partner. The partner may thereafter also contact you with offers, content and other information that is deemed relevant to your company.

This sharing activity is based on our legitimate interest in being able to deliver requested content, to bring added value to e.g. current customers, but also as all parties of co-hosted and/or created content of course wish to have the details of those that might be interested in their services and consequently contact them.

The same applies to sharing your contact details with partners that offer services that you have expressed an interest in. This is based on the legitimate interest of bringing added value to our customers as well as strengthening partnerships.

Fulfilling legal obligations. We are obligated to follow Swedish law. This means that your personal data will be processed to the extent necessary for us to fulfill our legal obligations, for example with regard to tax and book-keeping rules or keeping a list of those who have opted out of direct marketing to ensure that we do not contact these individuals for that purpose again.

Protecting our legitimate business interests and legal rights. We will use information about you where we believe it is necessary to protect and enforce our legal rights, interests and the interests of others, for example in connection with legal claims, compliance, regulatory and audit functions.

Processing necessary for a merger or acquisition. In connection with, due to strategic or business-oriented reasons, a potential merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, the personal data we retain about you may be processed, shared or transferred, to parties involved in the process. This processing is based on our legitimate interest in being able to develop our business.

Processing initiated by you or with your consent. Your personal data may be used for other purposes than stated above if you ask us to (and then it might be a legitimate interest we base the processing on) or if you give us your consent for a specific purpose.

Billing, paying invoices and bookkeeping. Your personal data may be used for billing purposes, which generally means when you are an invoice reference or being in contact with you for any reason connected to billing and paying invoices. This processing is based on our legitimate interest of being able to bill or pay invoices.

With whom do we share your personal data?

Vendors. We use service providers that provide services that we need in order for us to carry out our marketing activities, manage our sales processes, communicate with you etc. In some cases, they may be controllers or they will process personal data based on our instructions (meaning that they, in GDPR terms, are what is called a “data processor”). These include but are not limited to:

  • Our CRM-system
  • Tools for event management
  • Lead sharing platforms

External consultants. Your personal data will, when appropriate, be shared with some of our consultants that, for example, assist us in our sales and marketing efforts or with legal advice. However, we will restrict access to those of our consultants who need it to perform their work. Our consultants are of course subject to strict confidentiality.

Business partners. If you have signed up for/shown an interest in an event, publication or similar that we host or create together with a business partner, we may share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both us and the partner. Both us and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you. We may also share your details with a business partner providing an offering that you have expressed an interest in – which could be the case for example with an integration that we build together with a third party. That partner will be responsible for their processing of your data, thus we recommend that you read their privacy policy/notice as well.

Public authorities and other actors. We may need to provide necessary information to parties who, by law, have the right to receive information about you, e.g. Police, Tax Authorities and courts.

Parties involved in a legal proceeding. Your personal data may be shared if necessary with parties involved in a legal proceeding, such as lawyers.

Parties involved in an acquisition, merger, or sale of business. We may, for strategic or commercial reasons, decide to sell or transfer all or parts of the company in the future. As part of a transaction, your personal information may need to be shared with parties involved in the transaction.

Other parties, upon request. We may also disclose your personal data to other companies, organizations or persons if you ask us to.

How long do we keep your personal data?

We only process personal data for as long as it takes to fulfill the purpose of the processing, after which we stop processing the data for that purpose. For example:

If you have only engaged with us through e.g. downloading a publication or attending an event we store contact details, organizational data and activity data (if applicable) for marketing purposes for up to two (2) years after your latest action.

If we have communicated with you, for example, if you have had contact with someone in our sales team, we store contact details, organization details, meeting information and the communications content for up to five (5) years after our latest interaction – in order for us to contact you again in a couple of years to see if it is time to start using our awesome service.

If we have gathered your information through a supplier that provides lists of contact details, as explained above, we will only keep that data for up to one (1) month unless we contact you. If we contact you and we start engaging in a conversation, the previous section applies. If we contact you and you do not engage with us, we keep your details to try and reach you again during 1 year after the first initial contact.

Personal data processed on the basis of your consent (e.g. sensitive data), will be deleted when your consent is withdrawn or upon expiry of the purpose for which your consent was given.

Moreover, we store data to the extent we believe it is necessary to protect our legal rights, legitimate interests and the interests of others. Your data may also be stored for a longer period if required by applicable statutory retention periods (e.g. for tax and/or book-keeping purposes and applicable statutory retention periods).