Privacy Policy
Privacy Policy Wisory International AB
Last updated: 13 May 2025
1 Who is responsible for the processing?
Wisory International AB
Comfort Hotel Arlanda Airport, Tornvägen 19A
190 60 Stockholm. Arlanda, Sweden
Org.nr 559123-4567
Email: happy@wisory.se
Wisory is the Data Controller for all processing described below, except where we explicitly act as Processor on behalf of an enterprise customer.
2 Categories of data subjects and data we collect
| Data subject | Data category | Examples |
|---|---|---|
| Platform customers | Account & identity data | Name, employer, billing reference, email, role |
| Session artefacts | Pre/post questionnaires, chat, audio/video recordings & AI transcripts, feedback ratings | |
| Technical data | Device, OS, browser, IP address, usage logs, cookies | |
| Advisors | Onboarding data | Résumé, biography, degrees/certifications |
| Session artefacts | Notes, recordings, transcripts created by the advisor | |
| General enquirers & website visitors | Contact data | Name, email, telephone, message content |
| Social-media insights | Anonymous statistics provided by Meta/LinkedIn |
3 Lawful bases and purposes
We process personal data only when we have a lawful basis under the EU General Data Protection Regulation (GDPR):
| Purpose | Lawful basis (Art. 6 GDPR) |
|---|---|
| Provide, secure and bill the platform; match customers with advisors; hold sessions (including recording & transcription where enabled) | Performance of a contract (6.1.b) |
| Improve services, develop AI-based features, internal analytics, fraud prevention, protect/defend legal claims, provide aggregated, anonymised insights to customers | Legitimate interest (6.1.f) |
| Marketing similar services to existing corporate customers | Legitimate interest with right to opt-out |
| Respond to email / phone / social-media enquiries | Legitimate interest or pre-contractual steps |
| Comply with bookkeeping, tax, KYC or other legal duties | Legal obligation (6.1.c) |
| Use of non-essential cookies | Consent (6.1.a) |
4 Recording and transcription
Sessions are not recorded by default. When the organiser enables recording, all participants see an on-screen indicator. Recordings and AI-generated transcripts are stored on secure servers in the EU/EEA and are available only to the session participants and Wisory’s authorised staff for support, quality assurance and training. Wisory may also analyse transcripts to generate aggregated, anonymised insights for the customer (for example usage trends or topic heat-maps). These insights never enable anyone to identify which individual said what.
5 Retention and deletion
- Account & billing data – kept for the lifetime of the account and up to seven (7) years thereafter to comply with Swedish bookkeeping law.
- Session artefacts – including recordings, transcripts, pre‑/post‑session forms and chat are retained for up to ten (10) years after the session to improve services, resolve disputes and defend legal claims. After ten years the data are irreversibly anonymised and may be stored indefinitely for statistical purposes.
- Logs & security data – kept twelve (12) months for forensic and anti?fraud purposes.
- Support / enquiry tickets – deleted twenty?four (24) months after the last interaction.
- Anonymised or aggregated data – may be stored indefinitely because GDPR no longer applies once re?identification is impossible.
6 Recipients and transfers
We share data only with processors (cloud hosting, video infrastructure, analytics, email, marketing) bound by written Data Processing Agreements; with authorities when required by law or to defend legal claims; and with prospective buyers of Wisory or its assets (see Section 11).
All processing takes place inside the EU/EEA. If we must transfer data internationally, we rely on an EU adequacy decision or the Standard Contractual Clauses.
7 Security measures
Wisory applies technical and organisational measures including TLS encryption in transit, AES-256 at rest, multi-factor authentication for staff, role-based access control, data-minimisation by design and regular penetration tests.
8 Cookies and similar technology
We use first-party cookies that are strictly necessary for authentication and security. Analytics and marketing cookies are optional and used only with consent. For full details see our Cookie Policy.
9 Your rights
You have the rights of access, rectification, erasure, restriction, portability, objection to marketing and, where we rely on consent, withdrawal of that consent at any time. We will respond to verified requests within fifteen (15) working days and may require proof of identity for your protection. To exercise any right, email happy@wisory.se.
If you believe we process your personal data unlawfully, you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
10 Social-media pages
Wisory maintains pages on LinkedIn and Facebook. For “insights” statistics we act as joint controllers with the platform operator under the Facebook / LinkedIn Joint Controller Addendum. Aggregated statistics are used to understand audience demographics and are processed under our legitimate interest.
11 Change of ownership
Should Wisory be involved in a merger, acquisition or sale of assets, your personal data may be transferred to the new owner, who will be bound by this Privacy Policy and must notify you of any material changes.
12 Updates to this policy
We will post any changes on this page and notify registered users of material changes at least five (5) business days before they take effect.
13 Contact
Please direct any questions about this Privacy Policy to happy@wisory.se or the postal address above.