Privacy Policy

Privacy Policy Wisory International AB

Last updated: 13 May 2025

1 Who is responsible for the processing?

Wisory International AB
Comfort Hotel Arlanda Airport, Tornvägen 19A
190 60 Stockholm. Arlanda, Sweden
Org.nr 559123-4567
Email: happy@wisory.se

Wisory is the Data Controller for all processing described below, except where we explicitly act as Processor on behalf of an enterprise customer.

2 Categories of data subjects and data we collect

Data subjectData categoryExamples
Platform customersAccount & identity dataName, employer, billing reference, email, role
Session artefactsPre/post questionnaires, chat, audio/video recordings & AI transcripts, feedback ratings
Technical dataDevice, OS, browser, IP address, usage logs, cookies
AdvisorsOnboarding dataRésumé, biography, degrees/certifications
Session artefactsNotes, recordings, transcripts created by the advisor
General enquirers & website visitorsContact dataName, email, telephone, message content
Social-media insightsAnonymous statistics provided by Meta/LinkedIn

3 Lawful bases and purposes

We process personal data only when we have a lawful basis under the EU General Data Protection Regulation (GDPR):

PurposeLawful basis (Art. 6 GDPR)
Provide, secure and bill the platform; match customers with advisors; hold sessions (including recording & transcription where enabled)Performance of a contract (6.1.b)
Improve services, develop AI-based features, internal analytics, fraud prevention, protect/defend legal claims, provide aggregated, anonymised insights to customersLegitimate interest (6.1.f)
Marketing similar services to existing corporate customersLegitimate interest with right to opt-out
Respond to email / phone / social-media enquiriesLegitimate interest or pre-contractual steps
Comply with bookkeeping, tax, KYC or other legal dutiesLegal obligation (6.1.c)
Use of non-essential cookiesConsent (6.1.a)

4 Recording and transcription

Sessions are not recorded by default. When the organiser enables recording, all participants see an on-screen indicator. Recordings and AI-generated transcripts are stored on secure servers in the EU/EEA and are available only to the session participants and Wisory’s authorised staff for support, quality assurance and training. Wisory may also analyse transcripts to generate aggregated, anonymised insights for the customer (for example usage trends or topic heat-maps). These insights never enable anyone to identify which individual said what.

5 Retention and deletion

  • Account & billing data – kept for the lifetime of the account and up to seven (7) years thereafter to comply with Swedish bookkeeping law.
  • Session artefacts – including recordings, transcripts, pre‑/post‑session forms and chat are retained for up to ten (10) years after the session to improve services, resolve disputes and defend legal claims. After ten years the data are irreversibly anonymised and may be stored indefinitely for statistical purposes.
  • Logs & security data – kept twelve (12) months for forensic and anti?fraud purposes.
  • Support / enquiry tickets – deleted twenty?four (24) months after the last interaction.
  • Anonymised or aggregated data – may be stored indefinitely because GDPR no longer applies once re?identification is impossible.

6 Recipients and transfers

We share data only with processors (cloud hosting, video infrastructure, analytics, email, marketing) bound by written Data Processing Agreements; with authorities when required by law or to defend legal claims; and with prospective buyers of Wisory or its assets (see Section 11).

All processing takes place inside the EU/EEA. If we must transfer data internationally, we rely on an EU adequacy decision or the Standard Contractual Clauses.

7 Security measures

Wisory applies technical and organisational measures including TLS encryption in transit, AES-256 at rest, multi-factor authentication for staff, role-based access control, data-minimisation by design and regular penetration tests.

8 Cookies and similar technology

We use first-party cookies that are strictly necessary for authentication and security. Analytics and marketing cookies are optional and used only with consent. For full details see our Cookie Policy.

9 Your rights

You have the rights of access, rectification, erasure, restriction, portability, objection to marketing and, where we rely on consent, withdrawal of that consent at any time. We will respond to verified requests within fifteen (15) working days and may require proof of identity for your protection. To exercise any right, email happy@wisory.se.

If you believe we process your personal data unlawfully, you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

10 Social-media pages

Wisory maintains pages on LinkedIn and Facebook. For “insights” statistics we act as joint controllers with the platform operator under the Facebook / LinkedIn Joint Controller Addendum. Aggregated statistics are used to understand audience demographics and are processed under our legitimate interest.

11 Change of ownership

Should Wisory be involved in a merger, acquisition or sale of assets, your personal data may be transferred to the new owner, who will be bound by this Privacy Policy and must notify you of any material changes.

12 Updates to this policy

We will post any changes on this page and notify registered users of material changes at least five (5) business days before they take effect.

13 Contact

Please direct any questions about this Privacy Policy to happy@wisory.se or the postal address above.