Integrity and Security


We at the Examinare care about protecting your privacy and security. GDPR, the new Personal Data Processing Act, places greater demands on transparency and therefore this page is for you to know what we do in the processing of personal data. There are a number of areas that together give you the whole idea of how we look at integrity and security, both regarding Examinare programs and for you as a user and customer of Examinare. These we have divided into a number of sections that may be updated and filled in with more information in the future.

GDPR - The law on the processing of personal data.


GDPR is in charge of the General Data Protection Regulation and is a new data protection regulation from the EU that will become a law in all EU member states from 25 May 2018. GDPR will replace the current law of the Swedish Personal Data Act (PUL). The law is intended to protect the integrity of individuals and to modernize, harmonize and strengthen protection within the EU.

Within each EU member country there is a supervisory authority that will check this. In Sweden, this authority is called the Integrity Protection Authority (Integritetskyddsmyndigheten), former Computer Inspectorate (Datainspektionen). On their website there is more information and help that you can check to find out what you need to do. https://www.datainspektionen.se/dataskyddsreformen/ (Page is in Swedish)
You may also find an English page on GDPR here: https://www.eugdpr.org/

Processing of personal data.

The law describes how to process personal data, which has two important concepts to understand. Personal data can be explained as any information relating to an identified or identifiable individual (also called a registered person), an identifiable physical person being a person identified directly or indirectly, in particular with reference to an identifier such as a name, an identification number, a location or online identifiers, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the physical person. Processing of this data means that you undertake an action or combination of personal data or a set of personal data, regardless of whether they are performed automatically or not. Examples of such treatment are collection, structuring, storage, processing, dispersion or deletion.

Sensitive personal data.

There is a special category of personal data that the law addresses and which you as a personal data controller need to pay extra attention to, it is sensitive personal data. Examples of sensitive personal data are data revealing ethnic origin, political opinions, religious or philosophical beliefs or information on health and sex life. The starting point is that it is forbidden to process this personal data, but there is a number of exceptions. In Sweden, an investigation is being carried out on these tasks and they are looking forward to developing supplementary Swedish legislation. Read more about sensitive personal information here. (It in Swedish, but there is a translation provided by the website).

Personal Data Responsible and Personal Data Counselor.

In the processing of personal data, there are primarily two roles that you should know about and depending on what role you have, there are different areas of responsibility. The personally responsible person (PuA) is the one who, under the law, has ultimate responsibility for the treatment and determines the purpose and means. The person responsible for personal data will ensure that the law is followed, inform the persons, whose personal data is processed and ensure compliance with the privacy data. The Personal Data Adviser (PuB) processes the personal data on behalf of the Data Protection Officer and is responsible for the technical and organizational security measures.

Responsible and assistant for the tasks in Examinare Services.

All processing of personal data in the programs is your sole responsibility. Examinare is a personal information officer and takes technical and organizational security measures to make sure that your collected personal data is processed safely and in accordance with the law. Examinare Technical and Organizational Actions are described under Security.

You can find the Security information here.

Examinare as personally responsible.

All processing of personal data about you as a customer, user or participant in our training is our responsibility for the personal information, when you order Examinare Services, Contact Us or register for any of our programs. What we do or not, with your personal information, we have described in our Privacy Policy.

You can find our Privacy Policy here.

Basic principles of GDPR.

The law is based on 7 basic principles:

  • Legality, Correctness, and Transparency
  • Purpose Limitation
  • Data Minimization
  • Correctness
  • Storage Minimization
  • Integrity and confidentiality
  • Accountability

What the basic principles mean, you can read about here: https://www.datainspektionen.se/dataskyddsreformen/dataskyddsforordningen/principer-for-behandling-av-personuppgifter/ (The link is in Swedish, but English translation is provided by the website).

In compliance with the principle of legality, regularity and transparency, you need support in the Data Protection Regulation to allow the processing of personal data. These legal bases are what you need to have an agreement, legal obligation, basic interests, public interest, authority or balance of interests to process personal data.

Unstructured material.

In PUL we have had an exception in Sweden, where we did not have to think about how personal data is processed. This exception is called "Code of abuse"(Missbruksreglen). It meant that we have been able to have personal data in so-called unstructured material, which is running text and free text such as document, e-mail, web pages or notepad in a system. The abuse rule now disappears through GDPR and means that you need to chart which personal data is contained in all unstructured materials and need to begin handling it in the same way as structured material.

Read More

This is what you need to keep in mind, when use Examinare Services.


You as a customer have a number of things that you need to consider regarding the processing of personal data in Examinare programs, where you are personally responsible and only you determine the purpose and the means.

Overview of personal data in Examinare programs.

Examinare is a program provider and personal data counsel for the processing of personal data in the Examinare programs. As our user, you are responsible for the data and need to know what information you collect, why and how long you will retain information in the program. What personal data will be processed by you in the Examinare programs is known only by you. If it is personal or private company's data, then it is considered personal data or a company's data. Only you know what data you save and process in the Examinare programs. We did our own investigation on where and which personal data may be processed in our programs and found that the following information may be personal data.

 

Part of program/serviceType of dataFieldsExtra information
Recipients databasePersonal dataName
Surname
Email
Cellphone number
Phone number
Gender
Year of birth
Month of birth
Day of birth
Attention address (C/o)
Street address
Zip-code
City
State
Country
 
Recipients databaseCompany/Personal dataCompany name
Department
Company title
 
Survey DataPersonal dataNameName is saved together with Contact ID to preserve statistic reliance.

Examinare has also the ability to create custom fields and data saved in these fields is not added to the above list.

Handling between Examinare programs through Examinare API and External services.

Since the majority of Examinare's services use the Examinare API to function, we also need to inform you about how they are used. The integrations you use in your account are up to you and only you know what personal information is used in these systems.

As a rule, Examinare Survey Tool is always used as the main storage and "temporarily lent" to external systems through the Examinare API. All processes in Examinare external programs use API keys. We have made sure that no information about your recipients is saved outside Examinare Survey Tool. 

All the information is retrieved via an encrypted connection. Data retention policy for both Examinare Survey Tool and Examinare external services can be found by clicking here.

Below is a summary of the integrations that are developed and maintained by Examinare, showing what kind of information is being managed and if something is temporarily stored on these servers or for the system to work.

Program/ServiceType of connectionSaved informationExtra information
DropboxOne-way outgoing directionReports that you decide to sync.[O]No reading of information
eBox SyncOne-way outgoing directionReports that you decide to sync.[O]
Uploaded files.[O]
Structured data for controlling surveys.[O]
eBox is hosted by Examinare according to Examinare external services.
Fortnox IntegrationOne-way outgoing directionCustomer data:[E]
- Email
- Name
- Surname
- Phone number
- Mobile Phone
 
MailChimpOne-way outgoing directionRecipient data:[E]
- Email
- Name
- Surname
 
PrestashopOne-way outgoing directionCustomer data:[E]
- Email
- Name
- Surname
- Phone number
- Mobile Phone
- Order ID in Prestashop
 
ShopifyOne-way outgoing directionCustomer data:[E]
- Email
- Name
- Surname
- Phone number
- Mobile Phone
- Order ID in Shopify
 
TwilioOne-way outgoing directionPersonal data:[E]
- Phone number
- Mobile Phone
- Call ID in Twilio
 
Woo CommerceOne-way outgoing directionCustomer data:[E]
- Email
- Name
- Surname
- Phone number
- Mobile Phone
- Order ID in Woo Commerce
 
Zendesk (ALL)One-way outgoing directionTicket Data:[E]
- Email
- Name
- Surname
- Ticket ID in Zendesk
 
Clinic EvaluatorOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Serial number of Recipients [O]
Configuration settings[O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.
Delivery Feedback SurveyOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Serial number of Recipients [O]
Configuration settings[O]
Order ID [O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.
Food EvaluatorOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Serial number of Recipients [O]
Configuration settings[O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.
KursEvalOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Class Profile[O]
Serial number of Recipients [O]
Configuration settings[O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.

Class Profile includes only serial numbers of recipients and no personal information.
Stay EvaluatorOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Serial number of Recipients [O]
Configuration settings[O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.

Why CancelOne-way incoming direction[K] API Key
Recipient Full Profile [E]
Serial number of Recipients [O]
Configuration settings[O]
Configuration settings involve Email message configuration. 

Recipient Full Profile = All the information you decide to save into the system.

[O] = Information saved inside external service. [E] = Information from the external program is saved into Examinare survey tool account. [A] = Information that is accessed, when you or your co-workers are using the external service, but is not stored inside the system. [K] = API Key information that is saved inside the external service, but protected with encrypted storage and only accessed on-behalf of you during using the program.

One-way incoming direction means that the program will use your saved API-information to access information on your behalf only through authorized logins.

One-way outgoing direction means that Examinare Survey Tool is contacting an external service and in some cases, it entitles a temporary API connection from Proxy to Examinare Survey Tool to be established. After the individual request has been completed, this temporary API connection is removed and never reused.

Read More

Cookies on our websites


All Examinare's websites and owned external services sites contain so-called Cookies. Cookies allow the website to remember important information that makes your visit to the website more comfortable. Some functions rely on Cookies to function and it is important that you note what cookies to allow and what cookies you can block.

Read More

Privacy Policy


Read more about our Privacy Policy here.

Read More

Security and Server Environments


Examinare is responsible for the technical and organizational security measures in and around Examinare programs. This means that in Examinare programs we will ensure that there is the required security, such as privilege management, ability to make registry entries and delete personal data. When there are no features in the Personal Data Management program, we have internal procedures for this. The actions taken by Examinare are described in more detail below.

Authentication and Encryption.

All data communication takes place with Secure Sockets Layer (SSL). To access the Services, login is required with username and password.

  • Examinare uses encrypted communications in the form of 256-bit SSL encryption and 2048-bit public keys from RSA. All data communications to and from the user's computers are encrypted with SSL, the most widely used Internet standard for encrypted communication. 
  • Examinare uses password protection in the form that the login process is fully encrypted, which means that no information is sent as unencrypted text. The user password is stored in one-way encrypted format and if lost needs to be recovered by email.
  • There is continuous user authentication. Each call to Examinare's servers involves checking the login credentials.
  • Passwords are never stored in Sessions or Cookies.
Storage and backups.

The Examinare server environments are split up into 2 zones. One zone is Examinare Survey Tool, where all survey data is stored within Sweden and the second zone for External services, such as Examinare Customer Zone and other external services that use Examinare API to connect to the survey data in Examinare Survey Tool with API information.

The examples of Examinare external services (below mentioned as Examinare external) are, but not limited to: Store Evaluator, Leveranskontroll, Delivery Control Survey, Stay Evaluator, Why Cancel, Examinare websites and Examinare Customer Zone. etc.

Examinare Survey Tool.

Examinare Survey Tool Infrastructure is run on servers in 24-hour data halls. Examinare Survey Tool infrastructure is hosted in South of Sweden on redundant Internet Connections.

  • The data halls are equipped with fire protection and climate systems. There are several automatic smoke detecting systems. Climate control system ensures that the temperature is always low and that the humidity is optimal.
  • The data halls are equipped with a secondary power supply system and a diesel generator that ensures the power supply to the servers.
  • High Capacity Connections Ensure Users' Access to the Services.
  • Only authorized personnel have access to the data hall.
  • Examinare server environment and network are protected by firewalls. In addition, Examinare is proactive through monitoring and analysis of firewalls and system logs.
  • Examinare infrastructure is monitored every minute for access problems. If any problems occur, the appropriate support personnel is contacted.
  • Backups are taken daily, hourly (snapshots) and nightly (full backup) and stored on encrypted storage.
  • Full Backups are also stored in a geographically separated location in Sweden.

Examinare external services and Customer Zone.

Examinare external services (not storing survey data) are hosted within EU mainly in data centers in France. 

  • The data halls are equipped with fire protection and climate systems. There are several automatic smoke detecting systems. Climate control system ensures that the temperature is always low and that the humidity is optimal.
  • The data halls are equipped with a secondary power supply system and a diesel generator that ensures the power supply to the servers.
  • High Capacity Connections Ensure Users' Access to the Services.
  • Only authorized personnel have access to the data hall.
  • Examinare external environment and network are protected by firewalls. In addition, Examinare is proactive through monitoring and analysis of firewalls and system logs.
  • Examinare external is monitored every minute for access problems. If any problems occur, the appropriate support personnel is contacted.
  • Backups are taken daily and stored on encrypted storage.
  • Full Backups are also stored in a geographically separated location within EU.

Specific Database storage on order.

Customer specific database storage exists in Canada, Singapore and Russia. Only Clients that order specific database storage have active data connections to abroad areas. If the individual customer has not ordered specific database storage, the data will be kept in Sweden and France.

 Knowledge and information protection.
  • Only a few key people know how the security system is built.
  • All personnel is bound by a confidentiality agreement that prevents the dissemination of data, information and the person or customer's personal data. Only authorized personnel have access to the data and the privileges are governed by Examinare AB.
Read More

Incident Management


In GDPR there is a new requirement for personal data incidents, which means that incidents need to be reported to the Security Authority within 72 hours. In order to meet the new obligations under the Regulation, it is important to have adequate procedures in place to detect, report and investigate personal data incidents.

Incident
Incident Process

Examinare has an incident team that manages the necessary coordination, communication, and responsibility to assess, respond to and learns from incidents to reduce the risk of recurrence. Depending on the nature and impact of the incident, the persons needed to manage the incident are involved. The process of handling is the basis for the flow, which, with complementary procedures, clarifies who does what and how the situation is to be addressed. The process is divided into sub-processes identification of incident, impact assessment, action process, communication and Root Cause Analysis (RCA).

When identifying an incident, an identification of the type of incident is needed. In the subprocess Impact assessment is an analysis of the extent to which customers and users are affected by the incident and what the consequences are. The Action Process takes place in assessing and prioritizing the problem in order to safeguard the action plan as well as the implementation of the action. In a personal data incident, the compilation of report which describes that we should include information about:

  • What kind of incident is it?
  • What categories of people may be affected?
  • How many people does it concern?
  • What consequences may the incident have?
  • What measures have been taken to counteract any negative consequences?

Incidents and actions are communicated to affected persons. In case of personal data incidents, notification to the Integration Protection Agency is an activity in this subprocess. After actions have been taken and the affected person have been informed, a Root Cause Analysis is conducted to prevent the problem from occurring again.

Read More

Examinare Personal Data Assistants Agreement


Personal Data Responsible: "Customer" and
Personal Data Adviser: Examinare AB
Organization number: 556773-2598 Establishing country: Sweden.

The "Personal Data Counsel" refers to Examinare AB for the services listed in the Examinare AB Agreements signed on order. Personal Data Responsible refers to the Customer. This agreement also includes services signed on branded sites owned by Examinare AB, but trading under a branded name/trademark owned by Examinare AB.

Examinare's contact for general questions about the agreement and Examinare's processing of personal data can be found at https://www.examinare.com/integrity-security/

1. Introduction

1.1 Both Parties confirm that the signatories have the power of attorney to enter into this Privacy Disclaimer ("Agreement"), which is an integral part of the Service Agreement signed between the Parties ("Service Agreement"). This Agreement governs the Processing of Personal Data in connection with any Service Agreement in force.

1.2 Examinare acts in accordance with Examinare's Privacy Statement, which is available at https://www.examinare.com/privacy-policy/

2 Definitions

2.1 Definition of Personal Data, Specific Categories of Personal Data (Sensitive Personal Data),
Processing of Personal Data, Registered, Data Responsible and Personal Data Counselor is the same as used in applicable data protection legislation, including the General Data Protection Regulation (GDPR), as per this Agreement, and in Europe from 25 May 2018 and at any time applicable national supplementary legislation, together hereafter referred to as "Applicable Data Protection Act".

2.2 In this Annex, Personal Data Responsibility is referred to as the "Customer" or "Party", the Personal Data Assistant as "Examinare" or "Party" and collectively as the "Parties".

3 Coverage

3.1 The agreement governs Examinare's Processing of Personal Data on behalf of the Customer and describes how Examinare will ensure data protection through technical and organizational measures under applicable data protection legislation.

3.2 The purpose of Examinare's Processing of Personal Data on behalf of the Customer is to fulfil obligations under the applicable Service Agreement for Services provided.

3.3 This Agreement takes precedence over any conflicting provisions regarding the Processing of Personal Data in Service Contracts or in any other agreement entered into between the Parties.

4 Examinare's duties

4.1 Examinare may only process Personal Data on behalf of and in accordance with Customer's documented instructions. By entering into this Agreement, the Customer Instructor instructs Examinare to process Personal Data as follows:
(i) only in accordance with applicable law; (ii) to fulfil all obligations under Service Agreements applicable to services provided; (iii) as further specified by Customer's normal use of Examinare's Services; and (iv) as specified in this Agreement.

4.2 Examinare has no reason to believe that there is legislation that prevents Examinare from following the instructions given above. Examinare will, after being aware of it, inform the Customer in the event, that the Customer's instructions or treatment, according to Examinare, violate applicable data protection legislation.

4.3 The categories of Registered and Personal Data covered by Treatment in this Agreement are set out in this document.

4.4 Examinare will ensure the confidentiality, integrity, and availability of Personal Data in accordance with Applicable Data Protection Act. Examinare will implement systematic, organizational and technical measures to ensure an appropriate level of security, taking into account the latest technology and implementation costs in relation to the risk involved in the Treatment, and the type of Personal Data to be protected.

4.5 Examinare will assist the Customer with appropriate technical and organizational measures as far as possible taking into consideration the Type of Treatment and the information available to Examinare in order to fulfil the Customer's obligations under applicable data protection legislation regarding requests from Registered and General Data Protection under the Data Protection Ordinance Articles 32-36.

4.6 If the Customer needs information about security measures, documentation or other information about how Examinare Handles Personal Data, and such requests involve more information than the standard information provided by Examinare in order to comply with data protection legislation as Personal Data Board, and this means more work for Examinare, Examinare may charge Customer for such additional services.

4.7 Examinare and their staff/partners/external consultants will ensure the confidentiality of Personal Data Processed under this Agreement. This condition also applies after the Agreement has expired.

4.8 Examinare will, by promptly and unnecessarily informing the Customer, enable the Customer to comply with the legal requirements that apply to information to relevant data protection authorities and Registered Personal Data Incidents.

4.9 Further, as far as practicable and legally, Examinare will inform Customer about;
(i) requests for disclosure of personal data obtained from a Registered (ii) inquiries from authorities, such as the Police, on the disclosure of personal data.

4.10 Examinare may not respond directly to requests from Registered without permission from the Customer. Examinare may not divulge content relating to the Agreement to authorities such as the Police, including Personal Data, with the exception of statutory provisions, such as court decisions or similar decisions.

4.11 Examinare do not have control over whether and how the Customer chooses to make use of any third-party integration through Examinare's API, through direct data connection or the like. Responsibility for such integrations with third parties is exclusively the sole responsibility of the Customer. Examinare is not responsible for any processing of Personal Data through such third party integration.

5 Customer Obligations

5.1 By signing this Agreement, Customer acknowledges that the Customer:

  • when using the services provided by Examinare in accordance with the applicable Service Agreement for the Services provided, will Process Personal Data in accordance with the requirements of current data protection legislation.
  • have a legal basis to process and disclose the relevant personal data to Examinare (including any sub-assistants used by Examinare)
  • is solely responsible for the accuracy, integrity, content, reliability, and legality of the Personal Data submitted to Examinare.
  • has fulfilled any mandatory requirements and obligations to notify or obtain permission from the relevant Personal Data Processing Authorities.
  • has fulfilled its obligations to provide relevant information to the Registrar for the Processing of Personal Data in accordance with applicable Personal Data Law.
  • agrees that Examinare has provided warranties regarding the implementation of technical and organizational security measures, that are sufficient to protect the integrity and personal data of the Registrar.
  • when using the services provided by Examinare under the Service Agreement, will not transmit any Sensitive Personal Data, or data relating to convictions in criminal proceedings and infringements to Examinare. In the event of such transfer, Examinare may not be held liable for improper handling of these sensitive personal data.
  • will maintain an updated record of the types and categories of Personal Data that are Treated.
6 Use of sub-boards and data transfer.

6.1 As part of the delivery of services to the Customer in accordance with the applicable Service Agreement for the services provided and this Agreement, Examinare may use subcontractors in the subcontracting role. Such subordinates may be sister companies of Examinare AB or external subcontractors (third parties) within or outside the EU. Examinare will ensure that contractual contractors agree to assume the responsibility that complies with the obligations stated in this Agreement.

6.2 Major subcontractors with access to Personal Data are published on Examinare's Privacy Page https://www.examinare.com/integrity-security/, which have been accepted by the Customer as subcontractors. Examinare preserves the right to keep subcontractors that work as external "employees" hidden online because of personal integrity.

6.3 The Customer may at any time request a full overview and more detailed information about the subcontractors involved in the delivery of the Service under the Service Agreement.

6.4 If subcontractors are outside of the EU, Examinare will ensure that the transfer takes place in accordance with applicable personal data law. The Customer hereby grants Examinare the competence and authority to ensure the appropriate legal bases for the transfer of personal data outside the EU on behalf of the Client, for example by signing the EU Standard Contract Clauses or transferring Personal Data in accordance with the EU / US Privacy Shield.

6.5 The Customer will be notified prior to changes to subcontractors, who process Personal Data except for subcontractors that are working solely self-employed. If a new subcontractor apparently fails to comply with data protection legislation and the subcontractor still fails to comply with data protection legislation after Examinare has had the reasonable time to ensure that the subcontractor complies with the regulations, the Customer may terminate the Agreement. Such termination may include the right to terminate Service Agreement, in whole or in part, in accordance with the termination clauses contained in the respective Service Agreement. An important part of such assessments should be to what extent the Subcontractor's Processing of Personal Data is an essential part of the services provided under the Service Agreement. A change of subcontractor will not in itself be regarded as a breach of the Service Agreement.

 6.6 By signing this Agreement, Customer agrees that Examinare uses subcontractors as described above.

7. Security

7.1 Examinare is committed to providing a high level of security in its products and services. Examinare provides the level of security through organizational, technical and physical security measures, in accordance with the information security requirements described in Article 32 of the Data Protection Ordinance.

Furthermore, the internal data protection framework, Examinare AB, aims to protect the confidentiality, integrity, correctness, and access to Personal Data. The following measures are of particular importance in this regard:

  • Classification of Personal Data to ensure the implementation of safety measures that correspond to risk assessment.
  • Evaluation of the use of encryption and pseudonymization as risk-reducing factors.
  • Limitation of access to Personal Data to those, who need access to fulfil the obligations of this Agreement or Service Agreement applicable to the Services provided.
  • Use of systems that detect, restore, prevent and report personal data incidents.
  • Implementation of safety analyses to assess the quality of current technical and organizational measures to protect Personal Data, taking into account the requirements of current data protection legislation.
8 Audit Rights

8.1 The Customer is entitled to carry out an annual audit of Examinare compliance with the terms of the Agreement. If the law requires, Customer may request revisions more often. As Examinare AB's services are multi-user environments, the Customer authorizes Examinare's empowers and self-employed subcontractors, for safety reasons, to decide that auditing should be performed by a neutral third party auditor chosen by Examinare. Audits may result in a cost to the Customer and will, in that case, be invoiced to the customer.

8.2 If the Customer does not accept the neutral third party auditor selected by Examinare AB, the Customer may, together with Examinare AB, elect another neutral third party auditor at own expense. 

8.3 The Customer is responsible for any costs incurred in connection with the requested revisions. Examinare's assistance that exceeds the standard service provided by Examinare AB and/or Examinare's subcontractors to comply with applicable data protection laws will be charged.

9 Duration and termination

9.1 This Agreement is valid as long as Examinare Handles Personal Data on behalf of the Customer in accordance with the applicable Service Agreement.

9.2 The agreement terminates automatically, when the Service Agreement expires. Upon termination of the Agreement, Examinare will delete Personal Data Processed on behalf of the Customer, in accordance with the applicable clauses in the respective Service Agreement. Unless otherwise agreed in writing, the cost of such actions will be based on;
i) timetable for Examinare's time and ii) the complexity of the requested process.

9.3 Examinare may retain Personal Data after termination of the Agreement, to the extent required by law, with the same type of technical and organizational security measures as described in this Agreement.

10 Liability

10.1 Liability for breach of the terms of this agreement will be governed by liability clauses in the respective Service Agreement between the Parties. This also applies to possible violations committed by Examinare's subcontractors.

11 Applicable law and jurisdiction

11.1 This Agreement is subject to applicable law and the jurisdiction specified in the respective Service Agreement between the Parties.

12 Categories of Personal Data and Registered

12.1 As Examinare's services allow the Customer to treat arbitrary data within the services, it is not possible to generally report the categories of Registered and Personal Data covered by Treatment. This information is the responsibility of the Customer to register.

12.2 The Customer may not transfer any Sensitive Personal Data to Examinare. In the event of such transfer, Examinare may not be held liable for improper handling of these sensitive personal data. Sensitive Personal Data is defined in applicable Personal Data Law, i.e.:

  • Race or ethnic origin, political opinions, religious or philosophical beliefs,
  • information on health,
  • information about a person's sexual life or sexual orientation,
  • membership of a trade union,
  • Genetic data or biometric data to uniquely identify a natural person

12.3 Nor may the Customer transfer personal data relating to convictions in criminal proceedings and offenses.

13 Overview of current subcontractors

13.1 Current subcontractors (excluding self-employed subcontractors working as consultants) of Examinare, who has access to the Customer's Personal Data can be found at:

https://www.examinare.com/integrity-security/

14. Signature of Agreement

14.1 The Personal Data Assistants Agreement is included in all our contracts and terms of service and do not need to be signed. However, if the customer needs a signed copy of the approval to be saved according to their own internal regulations this agreement can be signed online at no cost by requesting it inside your customer zone login. Make sure your information is updated inside the Customer Zone before asking for the signature process. Only 1 request will be made per customer zone without cost.

14.2 The customer signs the agreement first and then the document is sent to our GDPR responsible part will sign (Within 4 working days). After signature the document will be sent as a pdf-version as a proof of acceptance to both parties.

14.3 The Customer approves for Examinare to store the signature digitally inside their systems and/or making it accessible to the Customer in Examinare Customer Zone or branded Customer Zone of Branded Services in Examinare's control and may share the signed document within the organization and external subcontractors upon request.

15. DISPUTES 

15.1 Disputes between Examinare and the Customer arising from this agreement shall in the first instance be solved directly between the parties. Has no resolution been reached within three (3) months from when a party gave notice to the matter in question the dispute shall be determined by Swedish court. The Kristianstad district court has exclusive jurisdiction.

The decision of the Kristianstad district court cannot be appealed.

Read More