HI Assessments Privacy Notice
Last updated: October 2025
Stay in control
We believe that transparency and respect is the key to any healthy relationship. We appreciate that you trust us with your information, and we want you to feel safe about how we use it.
In this notice, you will learn about the data we collect, how we use it and your rights. We always make sure that your data is protected in accordance with applicable legislation.
If you have any questions, or feel you need any part of this notice explained, please contact us; legal@hiassessments.com.
How we use your data
HI Community
As part of our marketing strategy we invite you to become part of the HI Community. If you do, we will process your personal data to send you insights, invitations to events and news about our platform and services. For this purpose we process the email address you enter when joining the community.
We do this based on our legitimate interest to market our products and services (GDPR, article 6.1(f)). Contact us if you want to know more about how we have balanced your interests against ours.
We will use your contact details as long as you are a member of the HI Community.
General
| Why? | Personal Data | How Long? | Legal Basis |
|---|---|---|---|
| Investigate incidents, respond to inquiries, and provide information to relevant authorities | The categories of personal data affected by the incident, inquiry, or regulatory supervision | Data is retained for the duration of the incident/supervision and up to two years thereafter | Legal obligation (GDPR, Article 6.1(c) and GDPR Articles 31, 33–34, and 58) |
| To protect our interests in the event of a dispute | The categories of personal data necessary in relation to the dispute and the parties involved | Data is retained for the duration of the dispute and for ten years thereafter | Our legitimate interest (GDPR, Article 6.1(f)) in protecting our interests in a dispute. Contact us if you want to know more about how we have balanced your interests against ours |
| To transfer personal data in the event of a merger or business transfer | The categories of personal data affected by the merger or transfer | Not applicable | Our legitimate interest (GDPR, Article 6.1(f)) in facilitating a merger or business transfer. Contact us if you want to know more about how we have balanced your interests against ours |
| To comply with your request to exercise your rights under the GDPR | The categories of personal data necessary to fulfill your request | Data is retained for two years after your request has been handled | Legal obligation (GDPR, Article 6.1(c) and GDPR, Chapter III) |
| To fulfill legal obligations, we need to process certain personal data | The categories of personal data necessary to fulfill each respective legal obligation | Retention periods vary depending on the purpose, context, and applicable legislation, but data is only stored for as long as necessary to fulfill the legal obligation — for accounting purposes, data is stored until the end of the seventh year after the end of the financial year, in accordance with the Swedish Accounting Act (1999:1078) | Legal obligation (GDPR, Article 6.1(c)), such as tax, accounting, bookkeeping, sanctions, health and safety, and consumer legislation |
How we share your personal data and who we share it with
We share your personal data with service providers that process your data on our behalf. This includes e-mail service providers and hosting services.
We always ensure that your personal data enjoys a high level of protection, even when the personal data is processed outside of the EU/EEA. In most cases, the importing party will reside in a country that has been deemed to offer adequate protection by the EU commission or adheres to the EU-US Data Privacy Framework (GDPR, article 45). If not, we will enter into the EU Standard Contractual Clauses (GDPR, article 46). In addition, we take additional technical and organisational security measures when needed. In addition, your data will generally be encrypted during transit and rest, and pseudonymised – to the greatest extent possible.
Your Rights
You can exercise many of your rights directly on our website. You are always welcome to contact us directly and we will help you with your request; legal@hiassessments.com.
Right to information and access
You have the right to know if we process personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. You also have the right to receive a copy of all personal data we have about you.
If you are interested in specific information, please indicate it in your request. For example, you can specify if you are interested in a certain type of information (e.g., what contact and identification information we have about you) or if you want information from a certain time.
Right to have erroneous data corrected
If the data we hold about you are incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.
Once we have corrected your data, or it has been supplemented, we will inform those we have shared your data with about the update, if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
If you request to have data corrected, you also have the right to request that we limit our processing during the time we investigate the matter.
Right to have data deleted
In some cases, you have the right to have your data deleted. You have the right to have your data deleted if:
- The data is no longer needed for the purposes for which we collected it,
- You withdraw your consent, if applicable,
- The data is used for direct marketing and you unsubscribe from it,
- You oppose use that is based on our legitimate interest and we cannot show compelling grounds that outweigh your interests,
- The personal data has been used illegally, or
- Deletion is required to comply with a legal obligation.
You can delete specific data points, for example a test result or comments posted by yourself, directly in your account.
If we delete data following your request, we will also inform those we have shared your data with, if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
Data portability
You may request to receive your personal data in a machine-readable format (e.g., CSV). Please contact us if you want to exercise your right to data portability.
Objecting to data use
You have the right to object to processing that is based on our legitimate interest. If you object to this, we will, based on your particular situation, evaluate if our interests in using the data outweigh your interests in the data not being used for that purpose. If we are unable to provide compelling legitimate grounds that outweigh yours, we will stop using the data you object to - provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.
You always have the right to object to, and thus unsubscribe from, direct marketing.
Right to withdraw consent
You have the right to withdraw your consent for a specific processing at any time. You can withdraw your consent by contacting us; legal@hiassessments.com.
Your withdrawal will not affect processing that has already been carried out.
Right to request restriction
Restriction means that the data is marked so that it may only be used for certain limited purposes. The right to restriction applies:
- When you believe the data are incorrect and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are correct or not.
- If the use is illegal but you do not want the data to be deleted.
- When we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, assert or defend legal claims.
- If you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.
Even if you have requested that we restrict our use of your data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone's rights. We may also use the information for reasons relating to an important public interest.
We will let you know when the restriction expires.
If we limit our use of your data, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
Our policies for children
We appreciate the importance of taking additional measures to protect children's privacy.
We do not knowingly collect personal data from children under the age of 18. If you have reason to believe that a child under the age of 18 uses our services contact us and we will endeavor to delete that information from our databases: legal@hiassessments.com.
Changes to this privacy notice
We reserve the right to change this Privacy Notice from time to time. We will inform you of any changes by posting the updated notice on our website. If we make any material changes to our notice, we will notify you through our platform and/or by e-mail. We encourage you to contact us if you have any questions about the notice or about how we process your personal data.
You may also submit complaints to a supervisory authority, in particular in the Member State of your habitual residence, place of work or where the alleged infringement of the GDPR took place. In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection.
Contact information
Data controller
| Name: | HI Assessments AB |
| Registration number: | 559527-9430 |
| Postal address: | Astreavägen 14 18131 Lidingö |
| E-mail address: | legal@hiassessments.com |
Versions in other languages than English
The original version of this Privacy Notice is written in English. To the extent a translated version of the Privacy Notice conflicts with the English version, the English version will prevail.