Privacy Policy – WiseScore
Effective date: 02-02-2026 · Last reviewed: March 2026 · Applies to: WiseScore AB and Wisescore LLC
Introduction
WiseScore is committed to protecting the privacy and personal data of all individuals who interact with us - including clients, prospects, website visitors, job applicants, and business contacts. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it.
WiseScore AB (org. 559349-0278), registered in Sweden, acts as data controller for personal data processed in connection with EU and Nordic client engagements and for all personal data collected through wisescore.com. WiseScore LLC acts as data controller for personal data processed in connection with US and international engagements.
All personal data processing by WiseScore AB is conducted in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable Swedish data protection law. WiseScore LLC applies equivalent standards and additionally complies with applicable US state privacy laws.
Data We Collect
2.1 Information you provide directly
When you contact us, complete a form, request an assessment, or enter into a service agreement, we collect:
Full name and professional title
Work email address and telephone number
Organisation name, size, and industry
Professional background and LinkedIn profile (where provided)
Information about your organisation's AI maturity, systems, and challenges (where provided as part of an assessment or engagement)
Payment and billing information (processed securely through Stripe; WiseScore does not store card details)
Any other information you choose to share in correspondence or forms
2.2 Information collected automatically
When you visit wisescore.com, we automatically collect:
IP address and approximate geographic location
Browser type, version, and operating system
Pages visited, time on site, and navigation paths
Referring URL and search terms
Device type and screen resolution
This data is collected via cookies and similar tracking technologies. See Section 8 for full details on our cookie use.
2.3 Information from third parties
We may receive information about business contacts from publicly available sources including LinkedIn, company websites, and business registers such as Bolagsverket (Sweden) and Companies House equivalents in other jurisdictions. This is used only for legitimate business development purposes.
How We Use Your Data
We process personal data for the following purposes:
Responding to enquiries and requests: to respond to your contact form submission, assessment request, or other inbound communication.
Delivering services: to perform contracted AI consulting services and fulfil our obligations under service agreements.
anaging the business relationship: to issue proposals, agreements, invoices, and correspondence related to ongoing or prospective engagements.
Business development: to identify and reach out to organisations and individuals who may benefit from WiseScore's services, based on professional context.
Marketing communications: to share relevant insights, updates, and information about WiseScore's services where you have opted in or where we have a legitimate interest. You can opt out at any time.
Improving our services: to analyse how our website is used and how our services are experienced, in order to improve quality and relevance.
Legal and compliance obligations: to meet our obligations under applicable law, including tax, accounting, and data protection requirements.
Recruitment: to process job applications and manage candidate pipelines.
Legal Basis for Processing
WiseScore processes personal data on the following legal bases under GDPR:
Contractual necessity (Article 6(1)(b)): processing required to perform a contract with you or to take steps at your request before entering into a contract. This applies to all service delivery and engagement management.
Legitimate interests (Article 6(1)(f)): processing necessary for WiseScore's legitimate business interests, including business development, service improvement, and direct marketing to business contacts, provided these interests are not overridden by your interests or rights. We conduct a balancing test before relying on this basis.
Legal obligation (Article 6(1)(c)): processing required to comply with applicable law, including financial record-keeping and tax obligations.
Consent (Article 6(1)(a)): where we rely on your consent — for example, for certain marketing communications — you may withdraw consent at any time without affecting the lawfulness of prior processing.
Data Sharing
WiseScore does not sell, rent, or trade personal data. We share personal data only in the following circumstances:
Within the WiseScore group: between WiseScore AB and WiseScore LLC where necessary for delivering services or managing the business relationship.
Service providers: with trusted third-party providers who process data on our behalf under written data processing agreements. These include IT infrastructure providers, CRM and email platforms, payment processing (Stripe), and analytics services.
Professional advisors: with lawyers, accountants, and auditors as necessary for legal and financial compliance.
Business transfers: in the event of a merger, acquisition, or sale of WiseScore assets, personal data may be transferred as part of that transaction, subject to equivalent protections.
Legal requirements: where required by law, court order, or regulatory authority, we may disclose personal data. Where possible, we will notify you before doing so.
All third-party service providers are vetted for GDPR compliance. Where data is transferred outside the European Economic Area (EEA), we rely on approved transfer mechanisms including Standard Contractual Clauses (SCCs) or adequacy decisions.
Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy or as required by law. Our standard retention periods are:
Client engagement records (contracts, invoices, correspondence): seven (7) years from the end of the engagement, in accordance with Swedish and US accounting obligations.
Prospect and business contact records: up to two (2) years from last meaningful interaction, unless the relationship becomes active.
Website analytics data: up to twenty-six (26) months.
Job application data: up to twelve (12) months from the date of application, or longer if the candidate consents to being kept in a talent pipeline.
Marketing consent records: retained for as long as the consent remains active, plus three (3) years for legal compliance purposes.
When data is no longer required, it is securely deleted or anonymised.
Your Rights
Under GDPR and applicable data protection law, you have the following rights in relation to your personal data:
Right of access: to obtain confirmation of whether we process your personal data and to receive a copy of that data.
Right to rectification: to have inaccurate or incomplete personal data corrected.
Right to erasure ('right to be forgotten'): to request deletion of your personal data where there is no legitimate reason for us to continue processing it.
Right to restriction: to request that we limit processing of your data in certain circumstances, such as while a dispute is resolved.
Right to data portability: to receive your personal data in a structured, machine-readable format and to request that it be transmitted to another controller.
Right to object: to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
Rights related to automated decision-making: to not be subject to decisions made solely by automated means that produce legal or similarly significant effects, without human review.
Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time.
To exercise any of these rights, contact us at privacy@wisescore.com. We will respond within thirty (30) days. In complex cases, we may extend this by a further sixty (60) days with notice. We do not charge for rights requests unless they are manifestly unfounded or excessive.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se, or with your local data protection authority.
Cookies and Tracking Technologies
8.1 What are cookies
Cookies are small text files placed on your device when you visit a website. We also use similar technologies including pixels and local storage. Cookies allow us to recognise your device, remember your preferences, and understand how our site is used.
8.2 Types of cookies we use
Strictly necessary cookies: required for the website to function. These cannot be disabled. They include session management and security cookies.
Analytics cookies: used to understand how visitors interact with our site, including pages visited, time spent, and navigation paths. We use this data in aggregate to improve our site. We use privacy-respecting analytics tools configured to anonymise IP addresses.
Functional cookies: used to remember preferences such as language selection.
Marketing cookies: used only where you have given explicit consent. These may be used to measure the effectiveness of our communications.
8.3 Managing cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and set preferences for specific websites. Disabling certain cookies may affect the functionality of our website.
Data Security
WiseScore implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include:
Encrypted data transmission (TLS/HTTPS) for all website and communication channels.
Access controls and authentication requirements for internal systems.
Regular security reviews and vendor assessments.
Staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, WiseScore will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware, and will notify affected individuals without undue delay where the risk is high.
Children's Data
WiseScore's services are directed exclusively at business organisations and professional individuals. We do not knowingly collect personal data from individuals under the age of sixteen (16). If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we have collected data about a minor, please contact privacy@wisescore.com
11. External Links
Our website may contain links to third-party websites, including client sites, partner organisations, and reference sources. WiseScore is not responsible for the privacy practices or content of those websites. We recommend reviewing the privacy policy of any site you visit.
12. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify active contacts by email at least thirty (30) days before the changes take effect. The current version of this policy is always available at wisescore.com/privacy-policy. The 'Last reviewed' date at the top of this page indicates when the policy was most recently updated.
13. Contact and Data Protection Enquiries
For all privacy and data protection enquiries, including rights requests and complaints:
Email: privacy@wisescore.com
WiseScore AB (Data Controller for EU/EEA processing)
Luntmakargatan 26, 111 37 Stockholm, Sweden
Org. no. 559349-0278
WiseScore LLC (Data Controller for US/international processing)
United States
For general enquiries: contact@wisescore.com