1. Introduction

Capacio AB (“Capacio”, “we”, “us”) provides digital tools and services for assessment, profiling, development and decision support based on psychological and cognitive data. This Privacy Policy explains how personal data is processed in connection with our services.

This policy applies to business customers, organizational users, candidates, test participants and visitors to our websites.

2. Roles and responsibility

Depending on the nature of the service, Capacio acts either as:

• Data Controller, or
• Data Processor on behalf of a customer.

In most B2B services (e.g. recruitment, sports organizations, education, talent development), the customer is the Data Controller, and Capacio processes personal data solely in accordance with the customer’s documented instructions and an applicable Data Processing Agreement (DPA).

3. Categories of personal data

We may process the following categories of personal data:

• Identification and contact data
• Account and user information
• Assessment and test data (e.g. cognitive, psychological results)
• Technical and usage data (logs, device data)
• Contractual and financial data

4. Purposes and legal basis

Personal data is processed for purposes including:

• Delivery of agreed services
• Administration of accounts and contracts
• Assessment, profiling and reporting
• Customer support and service improvement
• Compliance with legal obligations

Processing is based on:

• Performance of a contract (Art. 6(1)(b) GDPR)
• Legal obligations (Art. 6(1)(c))
• Legitimate interests (Art. 6(1)(f))
• Consent where applicable (Art. 6(1)(a))

5. Assessment and test data

Assessment and test data is processed exclusively for agreed professional purposes such as recruitment support, development, coaching, education and research-based insights.

Capacio does not use test data for automated decision-making or profiling with legal or similarly significant effects.

6. Data retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and in accordance with applicable law.

• Assessment and test data: retained for the duration of the customer relationship or as agreed
• Account data: retained until account closure or deletion request
• Contractual and financial data: retained according to statutory requirements (e.g. bookkeeping legislation)

Data is deleted or anonymised when no longer required.

7. Data sharing and processors

Personal data may be shared with trusted subprocessors providing hosting, analytics, communication or support services. All subprocessors are subject to contractual data protection obligations.

8. International transfers

Where personal data is transferred outside the EU/EEA, such transfers are safeguarded through Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

9. Data subject rights

Data subjects have the right to access, rectify, erase, restrict or object to processing, and to data portability, in accordance with GDPR.

Requests may be directed to: support@capacio.com

10. Contact

Capacio AB Byängsgränd 12, 120 40 Årsta 556897-7283 info@capacio.com