Privacy Policy for CRN Solutions AB

CRN Solutions safeguards your personal integrity

Updated July, 2024

CRN Solutions AB, corp. reg. no. 556855-7275, Bruksgatan 36, 263 39 Höganäs, Sweden, (the ”Company”) respects your privacy and is committed to maintaining a high level of security and integrity regarding your personal data. The Company is also committed to ensuring that processing is carried out in accordance with applicable data protection legislation.

Do not hesitate to contact the Company should you have any questions regarding the Company's privacy protection. The Company’s contact information is set out under the section “Contact Information”.

The definitions of this privacy policy shall have the meaning set forth in the Online-Therapy.com Terms and Conditions, Terms and Conditions for Affiliates and Counselor Agreement.

Data Controller

The Company is the data controller of your personal data and is therefore responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.

Which personal data does the Company process?

Personal data means any information that directly or indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g. your name, your contact information, pictures of you and your IP-address.

Processing means any operation which is performed on personal data, such as collection, storage, use, adaption or disclosure.

Counselors

The Company collects and stores the following information about you that the Company needs to contact you and to fulfil its undertakings towards you as a Counselor.

  • Personal information and contact information, such as name, personal identity number, gender, address, telephone number and email address.

  • Title and initials of your credentials.

  • Information that you provide to the Company by email, via the Company’s social media or by other channels of communication. This also includes communication through means such as text chats, messages and worksheets between you and the User.

  • Payment and purchase history as well as payment information, such as PayPal e-mail address and Stripe account name.

  • Information regarding surveys, complaints and warranty matters.

  • Website and social media links.

  • Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).

  • Your picture.

Users

The Company collects and stores the following information about you that the Company needs to contact you and to fulfil its undertakings toward you as a User.

This also includes you as an employee/member at a company/organization that has registered a business account at the website.

The Company may process special categories of data of you as a User. The legislator has determined that special categories of personal data shall be further protected. As a main principle, special categories of personal data shall not be processed, however, there are a few exemptions. Private health information is one category of such data which as a main principle is prohibited to be processed. However, the Company must process such data in order to provide its services to you as a User. Based on the exemption that special categories of data may be processed in order to provide health care, the Company is entitled to process health care information you have provided the Company.

  • Personal information and contact information, such as name, personal identity number, address, telephone number and email address.

  • Information that you provide to the Company by email, via the Company’s social media or by other channels of communication. This includes communication, such as text chats, messages and worksheets between you and the Counselor.

  • Information regarding surveys, complaints and warranty matters.

  • Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).

  • Private health information

Emergency Contacts

If the User has provided the Company with an Emergency Contact, the Company collects and stores the following information about you as an Emergency Contact, which the Company needs to contact you in case of an emergency.

  • Contact information such as name, telephone number, and relationship with the User.

Suppliers, partners and affiliates

The Company collects and stores the following information about you that the Company needs to contact you and to fulfil its undertakings towards you as a supplier, partner or affiliate (such as but not limited to computer programmers, sales representatives etc.).

This also includes contact persons to companies that have registered a business account with the Company. However, employees/members obtaining Counselor Services through a business account are covered by “Users” above.

  • Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.

  • Payment information.

Company representatives for e.g. suppliers, partners and affiliates

The Company collects and stores the following information about you that the Company needs to contact you in your capacity as a representative for a company or organization.

  • Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.

  • Information that you provide to the Company by email, via the Company’s social media or by other channels of communication.

  • Where applicable, information regarding phone calls with the Company’s customer service.

  • Where applicable, payment information.

Potential Counselors, suppliers, partners and affiliates and company representatives for potential Counselors, suppliers, partners and affiliates

The Company collects and stores the following information about you in your role as a potential Counselor, supplier, partner or affiliate to the Company or in your role as a representative for a company that is a potential supplier or partner to the Company. The Company needs such information to contact you and to fulfil its undertakings toward you as a potential Counselor, supplier, partner or affiliate or in your capacity as a representative for a potential Counselor, supplier, partner or affiliate.

  • Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.

Visitors of the Company’s website

In connection with visits to the Company’s website, the Company collects the following information about you that the Company needs to be able to improve, streamline, simplify and develop our website.

  • Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).

Recruitment (job applicants at the Company)

The Company collects and stores the following information about you that the Company needs to be able to recruit the right persons for positions with the Company.

  • Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.

  • Information in cover letter and CV.

  • Where applicable, your picture.

  • Other information that you provide the Company in connection with recruitment.

From where do the company collect your personal data?

With respect to Users and Counselors and potential Counselors, your personal data is usually collected directly from you.

Regarding existing or potential suppliers, partners and affiliates or its company representatives, your personal data is usually collected from the company or organization that you represent, but also, in certain cases, directly from you, e.g. by email, our social media or other channels of communication or in connection with events or meetings. This is also the case if you are an employee/member at a company/organization that has registered a business account at the website.

The Company’s processing of your personal data

The purposes for which the Company intends to process your personal data and the legal basis for the respective processing activities are stated in the tables below.

Users, Counselors, suppliers, partners or affiliates (including company representatives)

Purpose Legal basis

To fulfil legal requirements, such as but not limited to health care requirements, security requirements and accounting requirements.

The processing is necessary for compliance with the Company’s legal obligations.

To provide and maintain the Platform, including to monitor the usage of the Platform.

The processing is necessary for the performance of the agreement with the User or the Counselor.

To manage your account as well as to manage your registration as a User or Counselor.

The processing is necessary for the performance of the agreement with the User or Counselor.

To be able to contact you regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

The processing is necessary for the performance of the agreement with the User or Counselor.

To enable marketing and communication about the Company's brand and the Company's products (e.g. mailing of newsletters and other marketing materials, invitations to the Company's events, meetings and other gatherings etc.).

The processing is necessary for the Company’s legitimate interest to market its brand, its products and other similar products to you as a customer or to the company that you represent (legitimate interest).

To carry out surveys regarding the Platform.

The processing is necessary for the Company’s legitimate interest to evaluate, develop and improve its brand, its service and its marketing (legitimate interest).

To ensure payment and analyze purchase history in order to offer Users and Counselors the right services and marketing.

The processing is necessary for the performance of the agreement with the User or Counselor.

The processing is also necessary for the Company’s legitimate interest to offer Users or Counselors relevant marketing with regard to the customers previous purchases (legitimate interest).

To ensure payments to the Counselor in connection with providing the Counselor Services.

The processing is necessary for the performance of the agreement with the Counselor.

To receive payments from Users in connection with purchases of the Company’s products, services and service.

The processing is necessary for the performance of the agreement with the User.

To be able to respond to and compensate Users and Counselors in connection with complaints and warranty matters.

The processing is necessary for the performance of the agreement with the User or Counselor.

To be able to keep in touch with a representative of the supplier or partner.

The processing is necessary for the Company’s legitimate interest to keep in touch with you in order to fulfil its obligations under the agreement with its supplier or partner, i.e. the company that you represent (legitimate interest).

Potential future Counselors, suppliers or partners

Purpose Legal basis

To enable marketing and communication about the Company's brand and the Platform (e.g. mailing of newsletters and other marketing materials, invitations to the Company's events, meetings and other gatherings etc.).

The processing is necessary for the Company’s legitimate interest to market its brand, its service and other similar products to you or to the company that you represent (legitimate interest).

Emergency Contacts

Purpose Legal basis

To be able to contact you in case of an emergency.

The processing is necessary for the Company's legitimate interest in being able to initiate appropriate action in case of emergency (legitimate interest).

Visitors of the Company’s website

Purpose Legal basis

To ensure the operation of the Company's website and application.

To be able to develop the Company's website and to better adapt the website based on how it is used.

The processing is necessary for the Company’s legitimate interest to improve, streamline, simplify and develop its website and to attract more Users/Counselors/partners and to increase the number of recurring Users/Counselors/partners (legitimate interest).

Recruitment (job applicants at the Company)

Purpose Legal basis

To, in connection with recruitment, be able to decide who is best suited for a position with the Company and to ensure that the relevant person has the necessary skills.

The processing is necessary for the Company’s legitimate interest to recruit the right employees and ensure that skilled people work for the Company (legitimate interest).

How long does the Company store your personal data?

Your personal data is stored as long as there is a need to preserve them in order to fulfil the purposes for which the data was collected in accordance with this Privacy Policy. Thereafter, your personal data will be deleted.

We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Some personal data will, for the purpose of complying with applicable accounting legislation, be stored for seven years, counting from the end of the calendar year during which the financial year, to which the information pertained, was terminated.

Contact information regarding company representatives is stored during such time the Company considers that the information is necessary to maintain the relationship with the company/organization. Deletion shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or at the request of the contact person.

For more information about how long the Company stores specific personal data, please contact the Company. Contact information is provided under section "Contact Information" below.

With whom does the Company share your personal data?

The Company does not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the Company's obligations to you and/or partners. Situations when your personal data must be disclosed to third parties are listed in the table below.

Your personal data will not be sold to third parties for marketing purposes.

Third party Reason for third-party disclosure

Suppliers of cloud solutions

Personal data may be transferred to suppliers of cloud solutions since the Company stores certain information in cloud solutions.

Service providers

The Company may share personal data with service providers to monitor and analyze the use of the Platform, to show advertisements to you, to help support and maintain the Platform, to contact you, to advertise on third party websites to you after you visited our Platform or to be able to process payments.

Suppliers and partners

The Company may disclose personal data to suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward the Company.

Authorities

Personal data may be disclosed to authorities when necessary for compliance with the Company’s legal obligations.

Sale

If the Company intends to transfer all or part of its business, personal data may be disclosed to a potential buyer.

Regarding payments

The Company may provide you with paid products and/or services. In that case, the Company may use third-party services for payment processing (e.g. payment providers).

The Company will not store or collect your payment card details. That information is provided directly to our third-party payment providers whose use of your personal information is governed by their privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The Company uses the following payment providers:

  • Stripe: Their Privacy Policy can be viewed here »

  • PayPal: Their Privacy Policy can be viewed here »

Transfer of personal data to third countries

The Company may transfer your personal data to countries outside the EU/EEA.

If personal data is transferred to a country outside the EU/EEA, the Company will take measures to ensure that the personal data continues to be protected and will also take the necessary measures to ensure a legal transfer of the personal data to countries outside the EU/EEA.

Such necessary measures consist of ensuring that the third country to which the personal data is transferred, is subject to a decision from the European Commission that it ensures an adequate level of protection or taking appropriate protection measures, for example Binding Corporate Rules (BCR) or Standard Contractual Clauses (SCC).

All communication between clients and counselors is end-to-end encrypted. All databases are encrypted at rest with industry-leading encryption. Further, all private health information is hosted behind a 3-tiered web application, with multiple checks and controls to keep your data safe.

Social media

Regarding personal data that occurs and is processed on social media, such as Facebook, Instagram, Youtube and LinkedIn, we refer users to the policy provided by the respective service providers for information on how each service provider processes personal data. In the Company’s view, the purpose of the processing is that you shall be able to interact and maintain contact with the Company via social media, in order to contribute to good relationships with Users, Counselors, customers and partners and to make the Company's customer service and product widely accessible through several different channels. The processing is necessary for the purposes of the Company’s legitimate interest to market its brand and its products to existing and potential customers and to partners (legitimate interest).

Your rights

As the data controller, the Company is responsible for ensuring that your personal data is processed in accordance with applicable legislation.

The Company will, at your request or on its own initiative, rectify, erase or complete any information found to be inaccurate, incomplete or misleading.

You have the right to request access to and rectification or erasure of your personal data (e.g., if such erasure is required by applicable law), request restriction of the processing of your personal data and object to the processing, as permitted by applicable personal data legislation (e.g. if you contest the accuracy of the personal data or if the processing is unlawful but you oppose the erasure of the personal data and request restriction of its use instead). The Company will notify each recipient to whom the personal data has been disclosed in accordance with what is set out above under “With whom does the company share your personal data?” regarding any rectifications or erasures of personal data as well as of restriction of processing of data according to this section “Your Rights”.

Under certain conditions, you have the right to data portability, i.e., a right to receive your personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller.

If you do not want the Company to process your personal data for direct marketing purposes, you have the right to object to such processing at any time. When the Company has received your objection, the Company will cease the processing of your personal data for such marketing purposes.

You have the right, through a written and signed application, to obtain free of charge a register extract from the Company regarding which personal data are stored about you, the purposes of the processing and to which recipients the data has been or shall be transferred. You also have the right to obtain information about the envisaged period for which the personal data will be stored or the criteria used to determine this period. You also have the right to receive information about your other rights as specified in this paragraph “Your Rights”.

We look forward to hearing from you if you have any complaints regarding the Company’s processing of your personal data, in order to correct our processing if necessary. You also have the right to file complaints regarding the Company's processing of your personal data with the Swedish Authority for Privacy Protection.

Security of your personal data

You should always be able to feel safe when you provide us with your personal data. Therefore, the Company has implemented the security measures that are necessary to protect your personal data against unauthorized access, alteration and destruction. The Company will not disclose your personal data, other than as expressly provided by this Privacy Policy.

The Company encrypts your data in transit and at rest on its servers, and all private communication with your counselor is end-to-end encrypted. The Company stores all private health information on servers with full HIPAA compliance.

Cookies

The Company uses cookie-like techniques in order to provide certain functions on the Company’s website www.online-therapy.com and to improve the website and to deliver a better and more personal service. The information is stored in the form of a file comprising encrypted login data.

The Company may gather and analyze information regarding usage of our website, including domain name, the number of hits, the pages visited, previous/subsequent sites visited and length of user session. This information may be gathered by using cookies. The Company uses cookies and similar technologies to track usage of the website and to address security issues. Further, the Company may also use cookies to store your preferences relating to use of our website. A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet, phablet, cell phone or other electronic device (a "Device") browser from a website's computer and is stored on your Device's hard drive. Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Many sites do this whenever a user visits their website in order to track traffic flows.

Cookies record information about your preferences and allow the Company to modify the Platform to your interests. During the course or any visit to the Platform, the pages you see, along with a cookie, are downloaded to your Device. Many websites do this, because cookies enable website publishers to do useful things such as finding out whether the Device (and probably its user) has visited the website before. This is done on a repeat visit by checking for the cookie left there on the previous visit. Information supplied by cookies can help the Company to analyze the profile of our visitors in order to provide you with a better user experience.

reCAPTCHA

The Company uses reCAPTCHA which is a service provided by Google Inc. reCAPTCHA is used by the Company to protect its website from for example automated spam or other attacks. Google’s Privacy Policy and Terms of Service apply to reCAPTCHA.

If you do not share your personal data with the company

If you do not share your personal data with the Company, the Company will not be able to fulfil its legal or contractual obligations towards you.

California Consumer Privacy Act (CCPA)

The Company recognizes California’s specific privacy rights of the Company’s Users in that State. California Users should be aware that the Company does not sell User data to third parties. Further, the Company is a medical records retention company. As such, almost all personal data is kept in encrypted storage as a medical record, including all User created transcripts. Under State Law, the Company shall retain such records for at least seven years. The CCPA is not generally applicable to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.

According to Section 1798.83 of the California Civil Code (also known as the “Shine the Light Law”), residents of California are entitled to request, once a year, if the Company have shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. To request a copy of the information disclosure provided by the Company, please contact us on Online-Therapy.com at the “contact us”-link on the website. Please allow reasonable time for a response.

If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted on our site. The Company does not have User below the age of 13 and does not typically allow Users to publicly post information. However, if you feel you publicly posted information on the Platform and you are between the ages of 13 and 17, please contact us on Online-Therapy.com at the “contact us”-link on the website. Please allow reasonable time for a response. Please be aware that such a request does not ensure complete or comprehensive removal of the data/content you have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested.

California Right to Know. You may request access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal data we have collected about you, the sources of such collection, the categories of personal data we share for a business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on Online-Therapy.com at the “contact us”-link on the website. Please allow reasonable time for a response.

California Designated Agent. You may designate an agent to make a request on your behalf. That agent must have access to your account in order for us to verify the request.

California Non-Discrimination. The Company will never discriminate against you, including by denying or providing a different level of service should you choose to exercise your rights under the CCPA.

CalOPPA

Our Service does not respond to Do Not Track (DNT) signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

Changes

The Company reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, the Company will publish the amended Privacy Policy on www.online-therapy.com with information on when the changes will come into effect and may also notify customers and partners in an appropriate manner.

Links

The Platform may contain links to other websites that are not operated by the Company. If you click on a third party link, you will be directed to that third party's site. The Company strongly advise you to review the privacy policy of every site you visit. The Company has no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Contact information

Do not hesitate to contact the Company if you have any questions about this Privacy Policy, the processing of your personal data or if you wish to exercise your rights under this Privacy Policy or applicable legislation.

CRN Solutions AB
Corporate registration number: 556855-7275
Postal address: Bruksgatan 36, 26339 Höganäs, Sweden
Email address: info@online-therapy.com

Your Settings

If you would like to update your cookie settings, please click here »

Do not sell or share my personal information »