Omniway

Privacy policy

2025-10-27

This privacy policy applies to you as a customer and/or user of the products and services provided by Omniway AB (Reg. no. 556442-1328, Vasagatan 17, 903 29 Umeå, Sweden), and to you as a visitor to our website. Each section explains which personal data we process, why, the legal basis for the processing, how long the data is retained, and which rights you have.

Contact

If you have questions or feedback about how we process your personal data, you are always welcome to contact us at info@omniway.se.

If you still have concerns or want to file a complaint about how we process personal data, you can contact our data protection officer at: dataskydd@academedia.se

Your rights

Under the GDPR, you as a data subject — for example a student, customer or website visitor — have the following rights regarding the processing we carry out of your personal data:

  • Right of access — you have the right to know which data we process about you, and you can request a copy via a data subject access request
  • Right to rectification — you can ask us to correct your data if it is incorrect
  • Right to erasure — you can ask us to delete your personal data
  • Right to restriction — you can ask us to restrict our processing of your personal data
  • Right to object — you have the right to object to our processing of your personal data
  • Right to data portability — under certain conditions you have the right to move your personal data

To exercise any of your rights, contact info@omniway.se.

You also have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY, www.imy.se) if you believe we are not following the GDPR.

Automated decision-making and profiling

There is no automated decision-making or profiling for which Omniway AB is the data controller.

When we act as a data processor

When we provide our learning platform to education providers (for example private education companies or municipalities), we process personal data on behalf of the customer. In these cases, the customer is the data controller and we act as the data processor.

This means that:

  • The customer decides which personal data is processed, for which purposes, and on which legal basis.
  • We process personal data only according to the customer's instructions and in line with our data processing agreement.
  • It is the customer's responsibility to inform data subjects about the processing.

Examples of processing we perform as a processor:

  • Management of user accounts in the learning platform
  • Storage of course materials and user data
  • Support and troubleshooting related to platform use

Third-country transfers

Since different services are used by different customers, you can contact your school, municipality or company to learn specifically which countries the services you have access to expose or transfer personal data to. For other questions about third-country transfers, contact info@omniway.se or dataskydd@academedia.se.

When we act as a data controller

In some situations we process personal data as a data controller — that is, when we ourselves determine the purposes and means of the processing. This applies, among other things, when we are in contact with employees of our customers or suppliers, when we run our website, and when we conduct marketing activities.

Examples of processing where we are the controller:

  • Communication with you as an employee of our customers, with the purpose of maintaining and developing business relationships.
  • Processing of data that takes place when you visit our website, including the use of cookies and similar technologies.
  • Marketing activities such as newsletters, event invitations or informational emails.

The legal basis for the processing is generally legitimate interest, consent, or performance of a contract under the GDPR.

Quote requests and demo bookings

When you request a quote or want to book a demo, we collect the information you provide — typically name, email address and phone number. We use this data to follow up with you, prepare a quote, or schedule a demo as requested.

Legal basis: We process your data in order to prepare an offer or contract that you have requested. The legal basis is contract.

Retention period: The data is kept for as long as needed to handle your request. If it leads to a contract, the data is kept for as long as necessary to perform the contract. If your request does not lead to a contract, your data is deleted after 6 months.

Contract administration

When we enter into and perform contracts with customers or suppliers, we process personal data in order to administer the business relationship and meet our contractual obligations.

The data we process may include:

  • Identity data: name, role
  • Contact details: address, email, phone number
  • Case-specific data linked to the relevant customer relationship

Retention period: Personal data is kept for as long as necessary to perform the contract and meet applicable legal requirements. In addition, data may be retained for up to ten (10) years to handle any legal claims.

Website visitors and marketing

Omniway AB is the data controller for processing that takes place in connection with your visit to our website and for marketing purposes.

Newsletter

We send newsletters to you if you have signed up, or if you are already a customer. Our mailings include tracking pixels to see whether messages are opened by recipients.

Personal data processed: Email

Legal basis: Consent that you provide when you sign up. You can withdraw your consent at any time by following the instructions in the email or contacting us at info@omniway.se.

Retention period: Your personal data is processed until you withdraw your consent / unsubscribe. Inactive contacts are automatically deleted after at most twelve (12) months.

Transfers of personal data to third countries

We and our suppliers, as a rule, only process your personal data within the EU/EEA. Some of our suppliers are headquartered in the US. Even if all data storage takes place within the EU/EEA, we only work with suppliers that meet EU data protection requirements and are part of the EU–U.S. Data Privacy Framework (DPF).

Information security

We take appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss or unlawful disclosure. Only authorised personnel have access to your data, and we ensure that our systems and processes are regularly updated and improved to maintain a high level of protection.

Subscribe to our newsletter

Don't worry — we'll never spam you. We only send relevant news and updates that are worth your time.