Privacy Policy

Information about personal data processing at Predli Consulting AB

Last updated: April 2026 | Replaces all prior versions

‍

1. Introduction

‍

Predli Consulting AB ("Predli", "we", "us", "our") is a digital service company specialising in AI solutions and advisory. In order to offer our services, Predli may in some projects collect, analyse, and process personal or organisational data. This Privacy Policy explains how we collect, use, store, protect, and share personal data in connection with our services, and describes your rights under applicable law, including the EU General Data Protection Regulation (GDPR).

Predli's services are voluntary to use. By choosing to work with Predli Consulting AB, you voluntarily elect to disclose personal or organisational information to us in accordance with this document.

‍

2. Data Controller

‍

Organisation name: Predli Consulting AB

‍Organisational number: 559463-8271

‍Postal address: Box 190, 101 23 Stockholm, Sweden

‍Email: contact@predli.com

‍

3. Personal Data We Process

‍

When you or your employer use a Predli Consulting AB service, we may request and process the following categories of personal data:

Identification data (name, job title, employee ID)
Contact information (email address, phone number)
Organisational and professional data used to generate insights, predictive models, or similar outputs
Usage data related to Predli Studio or other Predli platforms

All data is processed in an aggregated manner utilising statistical models to generate insights on cohorts and groups, where technically feasible.

‍

4. Legal Basis for Processing

‍

Predli Consulting AB processes personal data on the following legal bases under GDPR:

Legitimate interest: Processing necessary to deliver our services and to satisfy the legitimate interests of clients (e.g. an individual's employer).
Contract: Processing necessary to fulfil a contractual obligation with a client or user.
Legal obligation: Processing required to comply with applicable laws and regulations.

Participation in any Predli project is entirely voluntary. You are free to decline or withdraw at any time without penalty.

‍

5. Privacy, Confidentiality and Information Security

‍

Predli Consulting AB maintains an Information Security Management System (ISMS) aligned with ISO/IEC 27001 principles and SOC 2 requirements. Our security practices include:

Access control: Personal data is accessible only to authorised personnel on a need-to-know basis, enforced through role-based access controls.
Encryption: Data is stored in encrypted, secure storage systems. Data in transit is protected using TLS encryption.
Incident management: Predli Consulting AB maintains a formal incident response process. In the event of a personal data breach, affected individuals and relevant authorities will be notified in accordance with GDPR requirements (within 72 hours where applicable).
Availability and resilience: Systems are designed and maintained to ensure appropriate availability and resilience of processing services.
Employee obligations: All Predli Consulting AB employees are subject to confidentiality obligations and receive security awareness training.

Please note that email communication is neither private nor secure. We recommend using our secure channels for any sensitive exchanges.

‍

6. Retention Period

‍

Predli Consulting AB will process and store personal data for as long as you and your employer use a Predli service, and for a period of three (3) months after the entity ceases to use Predli services, or three (3) months after you terminate your employment with your employer, whichever occurs first. Data may be retained for longer periods where required by applicable law or regulation.

‍

7. Third-Party Processors and International Transfers

‍

We disclose personal data to service providers who process data on our behalf under formal data processing agreements that require them to handle your data in accordance with this policy and our instructions. Examples include IT infrastructure and cloud service providers.

As a general rule, Predli Consulting AB and its service providers process personal data only within the EU and EEA. Where data is processed outside the EU/EEA, Predli takes appropriate measures to ensure equivalent protection, including by entering into Standard Contractual Clauses (SCCs) approved by the European Commission.

‍

8. Automated Decision-Making and Profiling

‍

Predli Consulting AB does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects individuals within the meaning of Article 22 of the GDPR.

‍

9. Anonymised Data

‍

De-identified or anonymised data, from which all personal identifiers have been removed, may be used for research, product development, and service improvement purposes. Such data falls outside the scope of GDPR and this Privacy Policy. Identifiers may be removed from personal data and the resulting anonymised information may be used for future research or shared with third parties without additional consent.

‍

10. Your Rights

‍

Under applicable data protection law, you have the following rights regarding your personal data held by Predli Consulting AB:

Right of access: Request information about what personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data ("right to be forgotten").
Right to restriction: Request that we limit processing of your data.
Right to object: Object to processing based on legitimate interests.
Right to data portability: Request transfer of your data to you or another controller.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, submit a written request to contact@predli.com. We will respond within 30 days in accordance with GDPR requirements.

‍

11. Changes to This Policy

‍

Predli Consulting AB may update this Privacy Policy from time to time. Material changes will be communicated via our website or directly to affected parties.