Data we collect
We only collect the data required to deliver our services efficiently and securely.
| Category | Example |
|---|---|
| Contact information | Name, email address, phone number |
| Company information | Company name, org. number, contact person |
| Booking data | Course registrations, participant names, requests |
| Payment data | Billing information (we do not store card numbers) |
| Training data | Progress, completions, assessment results |
Purpose of processing
Why we collect and use your data.
We process your personal data to:
- Deliver booked courses, training and certificates
- Manage payments and invoicing
- Communicate about bookings and account activity
- Issue and verify digital certificates
- Provide AI-assisted learning support
- Improve our services and user experience
- Comply with legal requirements (e.g., accounting rules)
Legal basis
On what legal grounds we process your data.
We process personal data based on the following legal grounds:
- Contractual necessity: To fulfill our obligations regarding your course bookings and account management
- Consent: For marketing communications (you can withdraw consent at any time)
- Legal obligation: To comply with applicable laws and regulations
- Legitimate interest: To improve our services, ensure security, and communicate with users
AI assistant (ELSA)
How we handle data when you use our AI assistant.
ELSA is our AI assistant for learning. When you interact with ELSA, the following applies:
You control your data. Conversations with ELSA are not stored by default. You can choose to save conversations to share with colleagues or generate reports. We do not use your interactions to train AI models.
- ELSA processes your questions and course context to provide relevant answers
- Saved conversations: You can save conversations to your account for future reference, share them with colleagues, or export them as reports
- Saved conversations are only accessible to you and those you explicitly share them with
- You can delete saved conversations at any time
- No personal data from ELSA conversations is shared with third parties
- ELSA is always clearly identified as an AI assistant
- You can request human support at any time
Our AI systems comply with the EU AI Act. See our AI philosophy for more information.
LMS data
What training data we collect and how it is used.
When you use our LMS, we collect training data to track your progress and offer relevant content:
- Progress data: Which modules you completed, time spent, quiz results
- Completion records: Certificates and completion dates
- Settings: Language preferences, accessibility options
This data is used to customize your learning experience and generate completion reports for your organization (if applicable). You can request deletion of your training history at any time.
Pulse surveys
How we handle survey data.
Pulse is our survey and feedback tool. Survey administrators choose whether responses are anonymous or named:
- Anonymous surveys: Your responses cannot be linked to your identity. We only collect aggregated data.
- Named surveys: Your name is linked to your responses for feedback purposes. You are informed before participating.
Survey data is used to measure learning impact, engagement, and organizational development. Results are only shared with authorized administrators in your organization.
Certificate
What data is included in your digital certificates.
When you receive a digital credential (Open Badge 3.0), the following data is embedded in the badge:
- Your name and email (as recipient of the certificate)
- Achievement title and description
- Issue date and issuing organization
- Verification URL
Certificates are designed to be portable and shareable. When you share a badge, recipients can verify its authenticity via our verification service. You control where and how you share your certificates.
Data sharing
Who we share your data with.
We may share data with:
- Course providers: To deliver booked training
- Your organization: Learning progress and completion reports (if you belong to an organizational account)
- Service providers: IT operations, payment processing (all EU-based or with adequate safeguards)
- Authorities: When required by law
We never sell personal data. We never share data for advertising purposes. All third parties must comply with GDPR requirements.
Storage and security
How we protect your data.
- Data is stored only as long as required for each purpose, or as required by law
- All servers are located within the EU
- Data is encrypted at rest and in transit (TLS 1.3)
- The infrastructure is powered by 100% renewable energy
- Regular security audits and penetration testing
- Access controls and audit logging for all personal data
Your rights
Your rights under GDPR and how to exercise them.
Under GDPR, you have the right to:
- Access your data
- Correct inaccurate data
- Delete your data
- Export your data
For questions or requests regarding your personal data, contact our data protection officer at kontakt@erigo.se. We respond within 30 days.
If you believe we have processed your data incorrectly, you can file a complaint with the Swedish Authority for Privacy Protection (IMY), the Swedish data protection authority.
Cookies
How we use cookies on our website.
We only use necessary cookies required for the website to function. We do not use third-party cookies, marketing cookies or tracking cookies.
Contact
How to reach us for privacy questions.
If you have questions about this privacy policy or our data handling, contact us at kontakt@erigo.se.
Stay updated
Get news, articles and inspiration straight to your inbox.