Privacy Policy Tuff ledarskapsträning

1. Introduction

Tuff ledarskapsträning are committed to respecting your privacy and protecting your Personal Data. Personal Data meaning any information that may identify you as an individual person (such as name, address, pictures, IP-number etc.) and which is collected from you and/or your employer and/or other future digital contact interfaces which links to this Privacy Policy (hereinafter the “Privacy Policy”).

The purpose of this Privacy Policy is to enable you to be confident that we are processing the information about you in accordance with applicable privacy legislation. The Privacy Policy describes how we handle and protect your Personal Data in our capacity as data Controller. The Privacy Policy also describes your rights and how to proceed in case you wish to exercise them. Customers who subscribe to our services, such as students to our courses or programs, are contractually obligated to comply with the agreement, the terms and conditions and this Privacy Policy. Please see our general terms and conditions for more information about our data processing when you apply to one of our courses.

It is important for us that you feel safe in our processing of your Personal Data (we would for example never sell or release your Personal Data to another party in other ways than as follows from this Privacy Policy) and you are always welcome to contact us for any questions.

You will find information about how to contact us under the heading “Contact Information” below.

2. Personal data which is being processed

  • To be able to administer our courses we collect, store and process name and surname, company, e-mail address, company address, telephone number, a record of our contacts and/or customers history and comments notes related to the trainings, e-mail conversations and notes related to the meeting, billing history, billing address, information about dietary requirements, testimonials and review about the trainings and other information which you freely chose to submit to us. The legal ground for this is performance of the agreement with you. This collection is required in order to fulfill our rights and obligations under the agreement with you and/or your employer. Should the requested information not be provided we are not able to fulfill our obligations under the agreement.
  • For marketing purposes, we process your name and email address to inform you about for example scheduled events and dates for new training and updates on all opportunities for follow-up training and to send our newsletter. The legal ground for this is a balance of interests (our interest to market and inform you about our services if you have attended our courses and follow-up). If you have not attended our courses we either ask for your consent or base our processing on a legitimate interest in the case your employer has provided us with your contact information in connection with a request of our services.
  • For billing and bookkeeping purposes, we keep billing history and billing address.
  • For compliance we keep the necessary information for fulfillment of the company´s legal obligations (e.g. laws and regulations related to bookkeeping and tax payments)

3. Sensitive Personal Data

Sensitive Personal Data includes data which reveals your race or ethnicity, political views, religious or philosophical beliefs, or membership in a trade union, as well as Personal Data regarding your health or sex life (hereinafter referred to as “Sensitive Personal Data”).

You will be able to provide us with your dietary requirements. It is voluntary to provide us with this information, however if this information is not provided we are unable to consider your preferences in connection with the courses. By providing this information about your health to us you consent to us using that information for the purpose of the courses. We will only disclose your Sensitive Personal Data to the third parties as referred to in this Privacy Policy or where we consider it absolutely necessary.

4. Information to other parties

Other than as provided in this Privacy Policy, we will not share the Personal Data which you provide with any third party. In cases where it is necessary for us to carry out our services, may retain external suppliers (Processors). These suppliers may process Personal Data and sometimes require limited access to Personal Data. We use suppliers to help us with the following:

  • Bookkeeping and billing (e.g. service providers for web based bookkeeping and billing).
  • IT services (companies that handle necessary operations, technical support and maintenance of our IT solutions).
  • CRM-systems
  • Events, statistics and surveys (companies that handle evaluations, statistics and surveys of our services).

We will always endeavor to limit such access and only share information that is necessary to enable the suppliers to carry out their work. We always check that our suppliers can meet our high standards and provide sufficient safeguards and require them to (i) protect your Personal Data in accordance with this Privacy Policy, our legal requirement and internal rules through a written agreement and (ii) refrain from using or disclosing your Personal Data for any purpose other than providing us with the agreed product or services (iii)

We will not communicate your Personal Data to any third party for commercial use.

5. Transfers to third countries

We always try to keep your Personal Data within the EEA and most of our own IT systems are located within the EEA. During support and maintenance, we may however have to transfer the information outside of EEA, also when we share data with some of our service providers in order to carry out our services.

Any such data will always be kept to a minimum relevant for the purpose. No matter where your Personal Data is transferred we always take appropriate technical and organizational measures to ensure that the security level is the same as in the EEA and at an adequate security level, for example that the EU Commission have issued an adequacy decision pursuant to article 45 in the GDPR (included Privacy Shield-compliant companies in the US) or by using the EU Commission’s Standard Contractual Clauses.

6. Amendments to the privacy policy

In the event we need to amend our Privacy Policy, we will give notice when you enter our webpage and provide information regarding the content of the new terms and conditions for your approval. You should not supply us with any Personal Data if you do not accept changes which are made to this Privacy Policy.

7. Deletion of data

For the information we hold due to legal obligations the retention period is stated in the applicable law, for example 7 years under the Swedish Bookkeeping Act (Bokföringslag (1999:1078)). Information held for marketing purposes will be kept for as long as we have active contact with you or until you withdraw your consent. When the relationship becomes inactive we will retain your data for up to 3 years.

Information about your dietary requirements will be retained until the course(s) is completed. Other information about you, as described under section 2, will be retained for a period of 3 years after the course(s) is completed.

8. Your rights

You are entitled to request information regarding the Personal Data, if any, about you which we process, where and for what purpose free of charge. You are entitled one copy of that information free of charge. You have the right to have any inaccurate information corrected. Please note that we may request additional details about you in order to ensure a secure and effective handling of your request and to ensure that the information is provided to the correct person.

Should you have reason to believe that any Personal Data that we have about you is inaccurate, please let us know and we will update the information if you tell us to or if we consider that it contains factual errors or is out of date.

You may request us to delete the Personal Data we have about you, for example if the information is no longer necessary to fulfill the purpose they were collected for, they are processed in an illegal way, you opt out from direct marketing etc. Please note that when legally required we may have to decline your request, for example if the data is needed for tax or book keeping purposes, or are necessary to defend legal claims.

You also have the right to request limitations of or object to the processing. In such cases we may need to investigate the situation further prior to a decision. Please know that you always have a right to opt out from direct marketing activities and request limitation of processing based on legitimate interest, including potential profiling for direct marketing purposes.

When you have provided us with either your consent or the processing is based on fulfillment of an agreement with you, you have, during certain circumstances a right to have your data transferred to another Controller. This however requires that the transfer is technical possible and may be carried out automatically.

For the processing based on consent you have the right to withdraw your consent for further processing. A withdrawal of consent does not affect the lawfulness of the processing prior to the withdrawal.

If you would like to know how we process Personal Data about you, you can send a written, signed request to us (see “Contact Information” below).

9. Contact information

If you have any questions regarding our Privacy Policy or any other question regarding our processing, please feel free to contact us by mail at: 
or by telephone at:
+46 (0) 8-446 16 20 
or in writing at:
Tuff ledarskapsträning
Östgötagatan 16
Stockholm, SE-116 25

In case data is not being processed in accordance with this Privacy Policy or with the General Data Protection Regulation (EU) 2016/679, you have the right to file a complaint to the Swedish Data Protection Authority (former Datainspektionen).