Here we're gathering frequently asked questions from clients and members (users). The FAQs will continuously be updated and new questions added over time. The FAQ is split into questions related to "Clients and Prospects" and questions related to "Members and Users".
Is your question not included in the FAQ?
If you have any questions you would like to add in our FAQ, please send an email to Fredrik Högemark and he will get back to you.
Q: How is the data controller (personuppgiftsansvarig) and who is the data processor (personuppgiftsbiträde)?
A: EMG is the data controller and our clients are data processors. A DPA, data processor agreement, is included in our client terms and conditions, which was updated in GetAccept March 28th 2018.
May 15th 2018 we started doing send outs to all clients informing them about the updated terms and conditions. The clients does not need to sign the updated terms and conditions, they agree to them by default.
Q: Does EMG name organizations and any third-party controllers who will be relying on the consent?
A: In EMG’s terms and conditions it’s clearly stated how we will used the data and also which third party controllers will use the data e.g the training provider/School. We never send the personal data to any other third-party controllers.
Q: Who is the data owner (data controller)?
A: EMG is the data controller since the users fill in their personal data on our website and approve our Terms and conditions and Privacy policy.
All the schools and training providers working with us becomes data processors
Q: Can both EMG and we (client) be data controllers?
A: We believe that we (EMG) are data controllers for personal data aggregated on our webpages, but it might also be that you consider yourself data controller for data you save and then we can both sign DPA’s with each other to ensure we are both processing the data according to GDPR.
However, we will process the data in the same way for all 4000 schools and will not make client specific adaptations in how we use and process the data as this is not manageable for us as an entity.
Q: I’ve read that you need to have opt in check boxes for GDPR compliance. Why does EMG have opt out check boxes on your sites?
A: You only need to have opt in if you’re asking for consent. On all EMG sites we’re enforcing contract over consent This is in line with Article 6.1b and provision 44 in GDPR. For us to fulfil our contract and send the personal data to third party (the School) the users must accept our T&C and Privacy policy. Hence we use opt out check boxes.
Q: Do we ask people to opt in?
A: No, we have opt out on all our in data sources. On all EMG sites we’re enforcing contract over consent This is in line with Article 6.1b and provision 44 in GDPR. For us to fulfil our contract and send the personal data to third party (the School) the users must accept our T&C and Privacy policy.
Q: We don’t use pre-ticked boxes or any other type of default consent?
A: We use a pre checked boxes. On all EMG sites we’re enforcing contract over consent This is in line with Article 6.1b and provision 44 in GDPR. For us to fulfil our contract and send the personal data to third party (the School) the users must accept our T&C and Privacy policy.
Q: I want to ensure that the leads we are receiving are opted in to receiving marketing and sales communications from us. Is this the case?
A: Yes. EMG uses a pre checked boxes. On all EMG sites we’re enforcing contract over consent This is in line with Article 6.1b and provision 44 in GDPR. For us to fullfil our contract and send the personal data to third party (the School) the users must accept our T&C and Privacy policy.
Q: What is your GDPR Privacy Policy?
A: Here is our privacy policy towards user: [link to privacy policy page]. Here is also our newly updated terms and conditions users agree to when using our services: [link to terms and conditions page].
Q: Did you (EMG) seek permission from the potential delegates to share their details with us?
A: Yes. We have an opt out box which users always accept when sending personal data via us. When approving this they agree to our terms and conditions and privacy policy.
Q: Can we (client) use the personal data or do we need permission in our own right?
A: Yes. You can now use their data. In our terms and conditions, which the user have accepted, we clearly state what you can do with the data:
1.2 Information requests and enquiries
All requests are made through the Website by selecting one or more Courses and enquiring for more information. Once you have completed a request, we will send your request to the training provider and they will contact you with more information. The training provider will save your information to help you in your education selection process. This may include marketing services, direct communications in the form of newsletters and other targeted communications, as well as data collection and analysis.
Q: What kind of permission do we have to contact each lead? For instance, currently we opt people into a series of 5 emails when we get an enquiry from you guys.
A: This is okay. You can save and use their data for marketing. In our terms and conditions, which the user have accepted, we clearly state what you can do with the data:
1.2 Information requests and enquiries
All requests are made through the Website by selecting one or more Courses and enquiring for more information. Once you have completed a request, we will send your request to the training provider and they will contact you with more information. The training provider will save your information to help you in your education selection process. This may include marketing services, direct communications in the form of newsletters and other targeted communications, as well as data collection and analysis.
Q: Can I source contact names against certain job roles within a company on LinkedIn and then cold call that company using that information?
A: Yes you can. EMG views this type of information, i.e. personal data which can be collected from a public source (such as LinkedIn) as data which can be used for prospecting.
Q: Excel import of reviews - what’s our responsibility and what’s on the client?
A: For review/scoring import through excel it is our client’s responsibility that the data we import is GDPR compliant. If possible all imported data should be anonymized from our side to be compliant.
In the case that the review/scoring contains personal data (i.e. name or email) then preferably the client should provide us with a DPA, data processing agreement (personuppgiftsbiträdesavtal), or at least be aware that they’re the data controller for the data we import.
This is because the aggregation of data is on their side and we only provide them with a service to display this data, hence we become the data processor (personuppgiftsbiträde) in this specific use case.
Therefore the clients who use the review excel import should make sure to provide us with a DPA, data processor agreement (personuppgiftsbiträdesavtal).
Here is a DPA template which our clients may use, if they don’t have their own template.
Q: Who is processing my (visitor/member) personal data?
A: First hand only EMG employees will process your personal data. The data you provide us with is sent to the education provider you’ve chosen to interact with via our services (as stated in the terms and conditions).
For our external sites (AllaStudier and HappyStudents) our developers have access to the data for development and error purposes.
EMG has signed DPA’s with all our data processors, including education providers.
Q: What data do you (SITE) process about me (visitor/member)?
A: Due to privacy reasons I can’t provide you with the exact data we process about you via mail. To see the data connected to you we process please go to our member login. There you can also request a full transcript/data export.
You can reach the member login here: SITE.com/member/login
Q: Which categories of personal data do you process about me?
A: The categories of personal data we process are the following:
Name
Contact information (e.g. email, phone, home municipality)
Age
Geographic information (e.g. city, country, time zone, etc.)
Only for skill provider sites:
Education (e.g. graduation year, education level, etc.)
Work (e.g. position, previous experience, years of working, etc.)
Q: Can you send me a transcript of all the data you have on me?
A: You can use our member login to request a data transcript (data export). This is done on the page “Privacy” which you find in the right side menu.
The transcript/data export can take up to five days. You’ll be notified by email when it is done. Please note that the data export file is only active for three days after the export is complete and you can only reach it when being logged in on our member pages. This is a security measure so that no one but you can reach the file.
All core sites have a member login, most of you just don’t have it linked from the public site. The link to your member login is SITE.com/member/login.
Q: How do I delete my membership and remove all the data you store on me?
A: You can use our member login to remove your membership and with that all your personal data.
You can remove you membership/account in the member login which you can reach here: SITE.com/member/login.