Introduction
At ButtoBiz, we are committed to protecting your personal data. We respect your right to privacy and are committed to being transparent about how and why we collect, use and store information. This policy explains what data we collect, how we use it, who we may share it with, and what rights you have under the EU General Data Protection Regulation (GDPR).
What data we collect
We only collect data that we actually need to provide our services to you. This may be when you fill in a form on the website, subscribe to a newsletter, take part in surveys or when you visit the website in the normal course of business.
Data categories:
- Contact details: first name, last name, email address, phone number;
- Educational interests: chosen course, level of training;
- Technical information: IP address, browser type, language, data on site visits (via cookies and analytics);
- Financial data (when paying for courses): only those processed through payment systems – we do not save bank details ourselves.
How we use the collected data
Your personal data may only be used for the following purposes:
- Course registration. To process applications, book a place, send confirmations and reminders.
- Communication. We may contact you to clarify details, provide information about the course, send updates or offers (if you have given consent).
- Improving the site and services. Analytics data (via cookies) helps us understand what pages users are interested in and improve the user experience.
- Legal obligations. Where necessary to comply with legal or accounting requirements.
Legal basis for data processing
Under the GDPR, we process your personal data based on one or more of the following grounds:
- Your consent (e.g. when subscribing to a newsletter);
- Performance of a contract (e.g. registering for a course);
- Legitimate interests (e.g. analytics and website security);
- Legal obligation (e.g. storing payment details for tax reporting).
Who we may share your data with
We never sell your data to third parties.
But we may share it with trusted partners if it is necessary for the provision of services:
- Payment systems (e.g. Stripe, Klarna);
- Email platforms (e.g. Mailchimp for sending newsletters and reminders);
- Analytics services (e.g. Google Analytics).
We only select services that meet security and privacy requirements (including GDPR compliance).
How long we keep your data
We only keep personal data for as long as is necessary to fulfill the purpose for which it was collected:
- Course participant data – up to 2 years after completion of the course;
- Financial documents – 7 years (according to Swedish tax law);
- Email subscribers – until unsubscribed.
After the end of the retention period, the data is deleted or anonymized.
Cookies and analytics
We use cookies – small files that are stored in your browser. They allow us to:
- analyze your behavior on the site (which pages are visited, how much time you spend);
- remember your language or settings;
- improve your interface and user experience.
You can disable cookies at any time in your browser settings.
Your rights as a user
Under GDPR, you have the following rights:
- Right of access – to find out what data we hold about you;
- The right to rectification – to change incorrect information;
- The right to erasure – to request that your data be deleted (“right to be forgotten”);
- Right to restriction of processing;
- Right to data portability – to receive your data in a machine-readable format;
- Right to withdraw consent – at any time;
- The right to lodge a complaint – with the Swedish data protection supervisory authority (Integritetsskyddsmyndigheten).
To exercise any of these rights, you can contact us by email at [email protected].
Personal data security
We at ButtoBiz understand how important the security of your personal data is. Therefore, we take comprehensive technical, administrative and organizational measures to protect your information from unauthorized access, loss, alteration or destruction.
What we do for your security:
- Data transmission through secure channels: all traffic on our website is via HTTPS protocol (SSL certificate). This means that the data you enter on the site (e.g. in forms) is encrypted and cannot be intercepted by third parties.
- Access restriction: only authorized employees and partners (e.g. teachers, course administrators) who actually need such data for their work have access to personal data. All of them have signed confidentiality commitments.
- Encryption and server protection: we use modern encryption methods and reliable cloud hosting with intrusion protection, regular backups and security updates.
- Account protection: if you create a personal account on the platform (e.g. for course participants), we encourage you to use strong passwords. We do not store passwords in the public domain.
- Verification and auditing: we periodically review our data storage and processing systems for vulnerabilities and GDPR compliance.
- Important: Despite all measures taken, no method of data transmission over the Internet or method of electronic storage can be 100% secure. We do our best to protect your data, but we urge you to also be careful when entering information on public or unsecured networks.
Privacy Policy Updates
This privacy policy may change over time – especially in the event of legislative updates, technology developments, new site features, or expansion of our operations.
How we make changes:
- Updating on the website: whenever there is a change, we update the text of the policy on this page. The date of the last update is indicated at the top of the document.
- Notifying users: if changes affect how we use your personal data, we may notify you by email (if you are registered), or post a special notice on the home page of the site.
- Your consent: in the event of changes that require your consent (e.g. a new way of processing data), we will ask for it again – via a checkbox, form or other clear action on your part.
Recommendation:
We advise you to review this section regularly to keep up to date with how your data is being protected. Your continued use of the site after changes have been posted is considered consent to the new version of the policy.