Go back to previous page

List of active policies

Name Type User consent
GDPR Privacy policy All users

GDPR

Summary

About this document

This document describes how personal data is processed in POZ Ai’s learning platform for users belonging to our client companies.

Document ID: POZAI-PP-LMS • Version: V2025.1 • Effective as of: 2025-09-16

Full policy

POZ Ai – Privacy Policy for the Learning Platform

Version V2025.1 • Effective as of 2025-09-16 • Document ID: POZAI-PP-LMS

This is a privacy policy/information notice in accordance with Articles 13–14 GDPR. It is supplemented by the client company’s own privacy policy as well as the applicable data processing agreement (DPA) between the client company (data controller) and POZ Ai (data processor).

Roles and responsibilities

Data Controller: Your employer/contracting client company using the platform. They determine the purposes and legal basis for the processing and respond to your rights requests.

Data Processor: POZ Ai processes personal data on behalf of the client company in accordance with written instructions in the DPA (Article 28 GDPR).

Categories of personal data

  • Account and identity data (e.g., name, email address, user ID, role/organization).

  • Course and activity data (e.g., registrations, progress, results, completion dates, time spent in course, interactions).

  • Technical/log data (e.g., IP address, time zone, language, device/client, session and login logs, and necessary cookie IDs for operation/security).

  • Special categories (sensitive data): must not be processed in the platform. Do not enter such information in free text fields.

Purposes and legal basis (Article 6 GDPR)

  • Platform operation and account administration (login, course access, progress, results): Processing takes place under the legal basis determined by the data controller. Common bases are legitimate interest (Art. 6.1 f) and/or legal obligation (Art. 6.1 c). For external course participants, contract (Art. 6.1 b) may also apply.

  • Support, troubleshooting, security, and abuse prevention: legitimate interest (Art. 6.1 f), according to the data controller’s balancing test.

  • Compliance with legal requirements (e.g., documentation of training certificates where required by law/contract): legal obligation (Art. 6.1 c) or legitimate interest.

  • Non-essential cookies and optional features/analytics: only with consent (Art. 6.1 a), according to a separate cookie policy.

Recipients and sharing

  • Client company (data controller): has access to relevant course and results data for its users.

  • Sub-processors (e.g., hosting/operations, email, monitoring, IT security) are engaged only under the DPA. POZ Ai maintains a list of sub-processors, made available to the data controller.

  • Authorities: data may be disclosed if required by law or government decision.

International transfers

The main rule is storage within the EU/EEA. If transfer to a third country occurs, appropriate safeguards are used (e.g., EU Standard Contractual Clauses – SCCs) and, where necessary, supplementary technical and organizational measures. Information is provided via the sub-processor list and/or the client company’s privacy policy.

Retention periods

POZ Ai stores personal data only as long as instructed by the data controller. When the data is no longer needed, it is deleted or anonymized in accordance with the DPA.

Guidelines (may be adapted in the DPA):

  • User account: during contract term + up to 12 months for traceability/support.

  • Course results/completions: during contract term or as instructed by the client company; deletion within 30–90 days after termination unless otherwise required.

  • Security logs: 12 months unless a longer period is needed for incident investigation.

Security (Article 32 GDPR)

POZ Ai implements appropriate technical and organizational measures based on risk, such as access controls, encryption in transit and at rest (where applicable), role-based authorization, logging, backup, and secure development processes. Only authorized personnel have access, and only according to instructions from the data controller.

Automated decision-making

POZ Ai does not use automated decision-making with legal effects under Article 22. Analytics/reporting relates only to training progress.

Your rights

You have the right to request access, rectification, erasure, restriction, data portability, and to object to processing. Rights requests are handled by the data controller (your client company). POZ Ai assists in accordance with the DPA.

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY). See contact details below.

Cookies

Necessary cookies are used for operation, security, and login. Non-essential cookies are only set after your consent via cookie banner. More information is available in a separate cookie policy.

Changes to this policy

We update the policy as needed. The latest version is published in the platform and at www.poz.se.

Contact

POZ Ai AB, Garvaren, Floor 2, 341 60 Ljungby, Sweden

Web: www.poz.se • Email: info@poz.se 

Supervisory authority (Sweden):
Integritetsskyddsmyndigheten (IMY),
Box 8114, 104 20 Stockholm,
Email: imy@imy.se

Back to top