Privacy Policy
Last updated: January 8, 2026
Welcome
This privacy policy explains how HI Assessments AB ("we", "us", "our") processes personal data about you when you use our platform as a business user representing an organization.
We put a lot of effort into keeping your privacy in your control and appreciate you taking the time to read about how we protect your data.
Scope of This Policy
This privacy policy covers your business user account on the HI Platform (login credentials, platform usage, account management), in situations where HI Assessments AB is the data controller (as set out in this privacy policy).
If you take assessments as part of trying our platform or organizational projects, your assessment data is covered by our separate Privacy Policy for Assessment Participants. When taking assessments, you are treated as an assessment participant, and HI Assessments AB is the data controller for your assessment performance data.
Company Details
- Registration Number: 559527-9430
- Address: Astreavägen 14, 18131 Lidingö, Sweden
- For contact information, see the "Questions?" section at the end of this policy.
Please note that your organization is the data controller for personal data we process on their behalf, and we act as the data processor in accordance with our Data Processing Agreement (DPA) with them.
For questions about how your organization handles your personal data, please contact your organization's data protection or HR department. Your organization's privacy policy governs how they process your data.
What Data We Process and Why
1. Managing our relationship and provide support
To manage our relationship with the company that you represent and provide our services in a satisfactory and error free manner, we need to process your personal data. For example, we process your contact information to be able to manage our agreement with the company you represent. We also process personal data that you chose to share in support matters.
Legal basis: We do this based on our (and the company you represent) legitimate interest to fulfil contractual obligations and to provide our platform and services (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have weighed our interests against yours.
Retention: We keep your personal data as long as you represent the company in question. If you delete your account, we will delete your personal data.
2. Marketing
As part of our marketing strategy we may use your contact information to send you messages about our services, current and future. This may include e-mail and SMS.
Legal basis: We do this based on our legitimate interest to market our products and services (GDPR, article 6.1(f)). Contact us if you want to know more about how we have balanced your interests against ours.
Retention: We will use your contact details for marketing purposes as long as we have a business relationship with the company you represent and for twelve months thereafter.
3. HI Community
If you are not a Business User yet, we may contact you to invite you to become part of the HI Community. If you do, we will process your personal data to send you insights, event invites and news about our platform and services. For this purpose we process the email address you enter when joining the community.
Legal basis: We do this based on our legitimate interest to market our products and services (GDPR, article 6.1(f)). Contact us if you want to know more about how we have balanced your interests against ours.
Retention: We will use your contact details as long as you are a member of HI Community.
4. Other Situations Where We Will Process Your Personal Data
| Why? | Personal Data | How Long? | Legal Basis |
|---|---|---|---|
| Investigate incidents, respond to inquiries, and provide information to relevant authorities | The categories of personal data affected by the incident, inquiry, or regulatory supervision | Data is retained during the incident/supervision and up to two years thereafter | Legal obligation (GDPR, Article 6.1(c) and GDPR Articles 31, 33–34, and 58) |
| To protect our interests in the event of a dispute | The categories of personal data necessary in relation to the dispute and the parties involved | Data is retained for the duration of the dispute and for ten years thereafter | Our legitimate interest (GDPR, Article 6.1(f)) in protecting our interests in a dispute. Contact us if you want to know more about how we have balanced your interests against ours |
| To transfer personal data in the event of a merger or business transfer | The categories of personal data affected by the merger or transfer | Not applicable | Our legitimate interest (GDPR, Article 6.1(f)) in facilitating a merger or business transfer. Contact us if you want to know more about how we have balanced your interests against ours |
| To comply with your request to exercise your rights under the GDPR | The categories of personal data necessary to fulfill your request | Data is retained for two years after your request has been handled | Legal obligation (GDPR, Article 6.1(c) and GDPR, Chapter III) |
| To fulfill legal obligations, we need to process certain personal data | The categories of personal data necessary to fulfill each respective legal obligation | Retention periods vary depending on the purpose, context, and applicable legislation, but data is only stored for as long as necessary to fulfill the legal obligation — for accounting purposes, data is stored until the end of the seventh year after the end of the financial year, in accordance with the Swedish Accounting Act (1999:1078) | Legal obligation (GDPR, Article 6.1(c)), such as tax, accounting, bookkeeping, sanctions, health and safety, and consumer legislation |
Data Sharing
We use trusted service providers to deliver our platform:
- Hosting providers: For secure data storage and platform availability
- Email service providers: To send assessment invitations and notifications
- Support tools: To provide customer service if you need assistance
These providers process your data only on our behalf and under strict contractual obligations (Data Processing Agreements).
International Transfers
Your personal data is primarily processed within the EU/EEA. If we transfer data to countries outside the EU/EEA, we ensure it is protected through:
- EU Standard Contractual Clauses (approved by the European Commission)
- Encryption during transit and at rest
- Contractual safeguards with all data recipients
We do not sell your personal data to any third party.
Cookies and Similar Technologies
We use strictly necessary cookies to operate our platform. These cookies are essential for the service to function and do not require your consent under applicable ePrivacy laws. For full details, see our Cookie Policy.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
1. Right of Access
You can request a copy of all personal data we hold about you and information about how we process it.
2. Right to Rectification
If any data we hold is incorrect or incomplete, you can request that we correct or complete it.
3. Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data if:
- It is no longer needed for the purposes we collected it
- You withdraw your consent (where processing is based on consent)
- You object to processing based on legitimate interest, and we have no overriding legitimate grounds
- The data has been processed unlawfully
- Deletion is required by law
Important Limitation: We may continue to store your data if necessary for establishing, exercising, or defending legal claims.
4. Right to Data Portability
You can request to have your assessment result in a structured, commonly used, machine-readable format and transmit it to another controller.
5. Right to Restriction of Processing
You can request that we temporarily restrict processing of your data while we verify accuracy or resolve objections.
6. Right to Object
You can object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
7. Right to Withdraw Consent
If processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
How to Exercise Your Rights
Contact us at privacy@hiassessments.com with your request. We will respond within 1 month (extendable by 2 months for complex requests, with notification).
Your Right to Complain
If you believe we are not processing your personal data in accordance with GDPR or other applicable laws, you have the right to lodge a complaint with a supervisory authority.
Swedish Supervisory Authority:
- Name: Integritetsskyddsmyndigheten (IMY)
- Website: https://www.imy.se/
You can also lodge a complaint in the EU/EEA country where you live or work or where you believe an infringement has taken place.
Security Measures
We protect your personal data with appropriate technical and organizational security measures, including encryption, access controls, multi-factor authentication, and regular security assessments.
Specific security measures and protocols are outlined in our Data Processing Agreement with your organization.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and your organization in accordance with GDPR requirements.
Updates to This Privacy Policy
We may update this privacy policy periodically to reflect changes in our practices or legal requirements.
Material Changes: We will communicate significant changes that affect your rights or how we process your personal data via email or platform notification before they take effect. Material changes include modifications to retention periods, legal bases for processing, data sharing practices, or your rights.
Minor Updates: Non-material changes such as clarifications, contact information updates, or formatting improvements will be published directly to this page without individual notification.
You can always find the latest version at: https://hiassessments.com/privacy
We encourage you to review this policy periodically to stay informed about how we protect your data.
Questions?
If you have any questions about this privacy policy or how we process your personal data, please contact us:
- Email: privacy@hiassessments.com
- Data Protection Officer: dpo@hiassessments.com
- Address: HI Assessments AB, Astreavägen 14, 18131 Lidingö, Sweden
We are committed to transparency and will do our best to answer your questions and address your concerns.