Terms of Service

Last update - 30th of October
  1. Introduction
    1. This Website is owned, managed and published by Riedia AB with company registration number: 559378-2914 (hereinafter referred to as “Riedia”, “we”, “us”, and “our”).
    2. This Privacy Policy contains information about how we Process Personal Data that we get access to when you for example visit our Website, Mobile Application, and when you read our emails. This Privacy Policy also contains information about your rights according to the GDPR.
    3. We handle all Personal Data in accordance with the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (the “Data Protection Requirements”) (in accordance with the principle of accountability).
    4. We review this Privacy Policy annually and will update it as needed, for example, if we introduce new services, functions or similar. The latest version is always publicly available at riedia.com/gdpr.
    5. If you have any questions regarding this Privacy Policy or our Processing of Personal Data, you are always welcome to contact us. Please send your message to info@riedia.com. We will try our best to answer your message and resolve your concerns without undue delay.
  2. Definitions
    1. All references to “Personal Data“, “Processing“, “Data Subject“, “Personal Data Breach“, “Sub-processor“, “Supervisory Authority” and any other capitalized terms not defined herein shall have the same meaning in this Privacy Policy as stated in article 4 of the GDPR.
    2. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
    3. SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
    4. Website: riedia.com.
    5. Mobile Application: Riedia application in Google Play and Apple Store.
  3. Collection of personal data
    1. The most common ways we receive Personal Data are when you: visit our Website; read our emails, use our Mobile Application, contact us, make a payment, or when we enter into an agreement with you (purchase-, cooperation-, employment agreement etc.).
  4. Why we collect personal data
    1. Main purposes of the Processing of Personal Data: According to the principle of purpose limitation, we may only Process Personal Data for special, explicitly stated and justified purposes. The main purposes of our Processing of Personal Data are to:
      1. be able to provide our services, the Website and Mobile Application.
      2. be able to improve and market our services, Website and Mobile Application.
      3. fulfil our obligations under agreements, and
      4. fulfil our legal obligations under the law.
  5. Processing of personal data
    1. We try to only Process Personal Data that is necessary, adequate and relevant for each purpose, following the principle of purpose limitation and data minimization regarding the storage of Personal Data. This means that we do not process more Personal Data than what is necessary.
    2. All Processing of Personal Data that we perform is supported by a legal basis (according to the principle of legality, correctness and transparency). Below you can read about our Processing of Personal Data and the legal basis for such Processing.
    3. When you visit our Website and/or the Mobile Application:
      1. Our Website and Mobile Application use Google Analytics, which is a third-party application that analyses the user’s activity. We get access to unidentified usage information from Google Analytics about how users use the Website and/or the e-learning Platform and all information that is sent to Google Analytics is anonymized. We use Google Analytics to improve our services.
      2. Categories of Personal Data: Access data and device information: Device identification, operating system, operating version, device ID, access time, configuration settings, time zone, and country. Legal basis: Legitimate interest.
    4. When you register to our Website and/or the Mobile Application:
      1. You provide your name and email which is linked to your preferences, articles you visit, time spent on the platform, articles saved, opened newsletters, links clicked, and language.
      2. Categories of Personal Data: Main data: We get access to your name, e-mail, the content of the comment and other metadata, such as the date and time of publication, including your browser user agent string to help spam detection. Only our team members who have a user account for the Website as an “administrator”, may see the IP address associated with the comment. Administrators can also view user IDs. Any other user roles can only see their own information. We need this information about you in order to publish the comment on the Website and to fulfil the service in accordance with the agreement entered into between us (Terms of use). Legal basis: Contract.
    5. When you make a payment on our Website and/or the Mobile Application:
      1. When you purchase a subscription, we get access to your Personal Data. Payment is made through the payment solutions that are integrated on the Website and Mobile Application.
      2. Categories of Personal Data:
        1. Order information: Order ID, invoices, order history, delivery address (e-mail), cancelled orders, completed orders. This information is processed by us every time you place an order. We also Process the data to improve our services. Legal basis: Legitimate interest.
        2. Payment information: Payment method, pseudonymised credit/debit card information. We need to Process this information in order to be able to track the payments you have made and link them with the orders you have made in order to enable the delivery of the order. Legal basis: Contract.
        3. Payment information: We process and store invoices, receipts and other materials that are subject to accounting, according to the applicable accounting laws, such as Swedish Bookkeeping Act (1999:1078) (sw: Bokföringslagen) for at least seven years or as long as the law requires. Legal basis: Legal obligation.
    6. When you register for any newsletter from us
      1. You may consent to receive any newsletters from us, through voluntary active approval to the Processing. You can cancel your subscription at any time by clicking on the unsubscribe link in the newsletter or emailing us at info@riedia.com. Those who revoke their consent are removed from the mailing list and their information removed.
      2. Categories of Personal Data: Identification information: e-mail, personal preferences: categories of interest and language. Legal basis: Consent.
    7. When you contact us
      1. We Process your Personal Data when you contact us so that we can know who we are talking to and to be able to help you in the matter. This also applies if you contact us via social media.
      2. Categories of Personal Data: Identification information: name, e-mail, ID from social media (if applicable), message content.
      3. Legal basis: Legitimate interest.
    8. Other reasons for the Processing of Personal Data
      1. Legal obligation: We have the right to Process Personal Data if we have a legal obligation to do so, for example, according to the Swedish Bookkeeping Act (1999:1078). In such cases, only necessary Personal Data will be processed. Personal Data that is part of any necessary accounting documentation is stored for as long as the law requires.
      2. Fulfilment of contract: We have the right to Process Personal Data on the legal basis of “Contract”, to fulfil our obligations under a contract with the Data Subject.
      3. Legitimate interests: We have the right to Process Personal Data, based on the legal basis of “Legitimate interests”, to for example market our services, provide good support, and improve our services, the Website or the Mobile Application. However, we never process sensitive Personal Data on this legal basis. The Data Subjects always have the right to object in writing if the Data Subject does not want us to use their Personal Data for direct marketing. We have the right to Process Personal Data on this legal basis to comply with applicable law, demand payment for a past due claim, report a debt or protect our rights/property and to prevent crimes.
  6. Storage of personal data
    1. Storage location: We strive to store and Process all Personal Data within the EU/EEA and follow the principle of integrity and confidentiality. If we store Personal Data in a country outside of the EU/EEA, the storage location must comply with the provisions of the GDPR. We shall in such cases also enter into a data processing agreement that is compliant with the regulations stated in the GDPR and/or SCC.
    2. Storage duration: We store Personal Data as long as it’s needed and necessary to fulfil the purposes for which the Personal Data was collected. If it is necessary for us to comply with applicable legislation, we may store Personal Data for a longer period for that purpose.
    3. Deletion of Personal Data: Personal Data that is no longer needed, will be erased (deleted) (according to the principle of storage limitation). Personal Data connected to a user account on either the Website or the Mobile Application, will be stored as long as the user account is active. Any deleted content / Personal Data may be stored in the system's backup files for up to three (3) months.
  7. Transfer of personal data
    1. Authorities: We may share Personal Data with relevant authorities to prevent crime, protect and safeguard our interests and rights. We may also share Personal Data if we are obliged by law or authority to disclose the Personal Data that we Process.
  8. Your rights according to the GDPR
    1. You have the right to:
      1. information about what Personal Data we process and to whom it is shared.
      2. access Personal Data that is being processed.
      3. rectification and to ask for modifications of your Personal Data.
      4. object to the processing of Personal Data.
      5. object to automated processing of the Personal Data and to a decision based on automated processing.
      6. withdraw a given consent for the processing of Personal Data for a specific purpose.
      7. be forgotten and to ask for the deletion of Personal Data.
      8. transfer or obtain your Personal Data.
    2. You are always welcomed to contact us if you request any of the above-mentioned rights regarding your Personal Data. However, some of the rights apply only in certain situations and only if it is legally possible for us to implement your request.
  9. Security measures
    1. Data protection principles: We work according to the data protection principles (Article 5 GDPR) and ensure that our team members are aware of the principles. All our activities and security measures are conducted in a manner that ensures compliance with the provisions and requirements of the GDPR regarding adequate protection of Personal Data Processing (according to the principle of integrity and confidentiality).
    2. Other security measures: We have granted access to the Personal Data only to authorised team members with a direct need for access to the Personal Data in order to perform their tasks. All our internal registers and systems that contain Personal Data are password protected. We have also developed internal routines for our team members with access to Personal Data, in order to protect the Personal Data from unauthorised use.
  10. Personal data breach
    1. All Personal Data Breaches will be documented internally and reported to the Swedish Authority for Privacy Protection within 72 hours after having become aware of it unless the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, we shall communicate the Personal Data Breach to the Data Subject without undue delay.