Omniway
Trust Center/Data protection & GDPR

Data protection and GDPR at Omniway

Omniway is used in operations where handling personal data is a central part of daily work. We therefore work systematically on data protection and comply with the EU's General Data Protection Regulation (GDPR).

Clear division of roles

In every customer relationship the customer is the data controller and Omniway acts as data processor. That means the customer retains full control over which personal data is processed and for which purposes.

This split ensures:

  • The customer decides what data is collected and how it is used
  • Omniway processes data only on the customer's instructions
  • Responsibility is clearly defined and documented

Data location and jurisdiction

All primary data is stored at Advania in Umeå, Sweden. In the standard configuration there is no third-country transfer, which means data is handled entirely within Swedish and European law.

  • Storage takes place within Swedish borders
  • Swedish and European data protection law applies in full
  • No transfer to third countries in the standard configuration

What we process — and why

Omniway processes personal data solely to deliver the service to the customer. Data handled in the platform includes:

  • Student and user information (name, email, identifiers)
  • Study results and grades
  • Attendance and activity data
  • Communication inside the platform
  • Administrative data tied to course management

All processing is supported by the customer's instructions and the data processing agreement that governs the relationship.

Support for data subject rights

Omniway helps customers meet data subject rights under the GDPR. The platform supports:

  • Right to erasure — ability to remove personal data on request
  • Right to rectification — ability to correct inaccurate information
  • Right to data portability — ability to export data in a structured format

We continuously work to simplify these processes and ensure they can be carried out efficiently.

Data processing agreement (DPA)

Omniway provides a data processing agreement signed with every customer. It's based on the AcadeMedia model and adapted to the SKR guidelines for the public sector.

The DPA covers:

  • Which personal data is processed and for which purposes
  • Security measures and technical safeguards
  • Sub-processor management
  • Procedures for personal data incidents

Sub-processors and third-party services

In the standard configuration Omniway uses a limited set of sub-processors. The only external service in the standard real-time communication setup is BBBserver.de for video, operated within the EU.

Some features are optional add-ons that may involve additional data processing:

  • Add-ons are never activated without the customer's consent
  • The customer has full control over which integrations are used
  • All sub-processors are openly disclosed
See our sub-processor list

Optional data processing

Omniway clearly separates core-platform data processing from processing that occurs via add-ons and integrations.

  • The core platform involves no third-country transfer
  • Add-ons that may involve third-country transfer require an active choice by the customer
  • Separation between core and add-ons gives the customer full control over their data protection level
Back to Trust Center

Subscribe to our newsletter

Don't worry — we'll never spam you. We only send relevant news and updates that are worth your time.