How does Webperf Cloud handle personal data?
The organisation in question is Webperf AB (559582-5018). The intention is to follow privacy by default, not to handle personal data at all if it isn't needed, and always keep personal data within the EU's legal sphere. Webperf does not use sub-processors in third countries and does not rely on the adequacy decisions the EU Commission may issue (read: we fully expect a third Schrems ruling).
The purpose of Webperf's processing of personal data through Webperf Cloud — unless otherwise stated — is to fulfil a contract, alternatively legitimate interest (GDPR article 6.1 b and f), or to comply with other legislation, for example accounting. An exception to this is contact information that may occur in email or CRM systems. These are, however, pruned on an ongoing basis.
You can of course exercise your rights under the GDPR. Please send such requests to support@webperf.se
Webperf does not offer passwords as a login mechanism.
Definitions:
- Super administrator — has access to everything. This is currently only Marcus Österberg, owner of Webperf AB.
- Web agency admin — representative of an organisation that has paid in advance for its own and its clients' websites in Webperf Cloud. Either hidden or open. Is often local administrator for their client websites.
- Local administrator — the person who owns the Webperf Cloud account in relation to Webperf AB, both regarding use of the service and the customer dialogue. Sometimes this is the web agency for those who actually own the website.
- Local user — a person invited by a local admin.
- Sub-processor — those who, beyond Webperf AB's internal circumstances, come into contact with data arising through Webperf's operations.
- Testing & Webperf Cloud tests — the collection and processing of information provided by a website or intranet that is offered openly via the internet, or only for the Webperf service.
Examples of personal data processing
Webperf Cloud includes names and contact information for customers and users of the service. Except in the case of fulfilling a contract and in the customer relationship, it is not necessary to provide a real name. For example, a pseudonym and a relay version of an email address for login work fine if you want to avoid having personally identifiable information in these contexts.
The person Webperf needs identifiable information about somewhere is the individual who is local administrator for the website. Depending on the service, that person can add colleagues, consultants and others as local users of their Webperf Cloud subscription. It is up to them and their privacy policy whether real names or pseudonyms are used, and whether the email addresses used can identify a person or not.
A user who has not logged in to their account for a long time will receive an email where they need to confirm they want to keep their account. If no affirmative response arrives, the user account is pruned.
A user who no longer has permission to at least one active Webperf Cloud website is pruned automatically.
Sub-processors
Webperf uses only actors within the EU when personal data is involved. The sub-processors that have — or may come into contact with — personal data are:
- Oderland Webbhotell AB (556680-8746) — Swedish web host in Gothenburg where everything from website, web analytics, CRM, email etc. is operated.
- Glesys AB (556647-9241) — Swedish data centre in Falkenberg where Webperf Cloud testing is partly run.
- Hetzner Online GmbH — German company. Does some testing of non-paying sites, but may also run Webperf Cloud sites when needed. No personal data will be processed here unless it happens to be exposed via the content of the tested public website or open intranet.
Excluded from this list are those that offer network services over the internet. Traffic is typically handled via encrypted channels and should not leak more information than necessary.
Last changed: 2024-03-13