Privacy policy

Last updated: 2026-05-20

1 Data Controller

New Core Business AB

Organization number: 556857-1862

Address: Birger Jarlsgatan 57C, 113 56 Stockholm, Sweden

Email: hello@newcore.se

We are responsible for the processing of your personal data as described in this Privacy Policy.

2 Personal Data We Collect

a)    When you complete an assessment form

  • Full name

  • Work email address

  • Company name

  • Role / job title

  • Mobile number (optional)

  • Assessment responses and results

b)    When you book a meeting via our scheduling tool

  • Full name

  • Email address

  • Mobile number (optional)

  • Date and time of the scheduled meeting

c)     When you register for a webinar

  • First name

  • Last name

  • Email address

  • Subscription preference (if you choose to sign up for news and updates)

3 Purpose of Processing and Legal Basis

We process your personal data for the following purposes:

a)    To generate and deliver your assessment result

Legal basis: Performance of a service requested by you

b)    To store a record of your assessment

Legal basis: Legitimate interest (to maintain records and provide follow-up context)

c)     To contact you regarding your assessment, booking, webinar participation, or relevant services (optional)

Legal basis: Consent

You can choose whether to allow this contact by opting in when submitting a form.

d)    To manage and conduct scheduled meetings

Legal basis: Performance of a service requested by you

e)    To follow up on your request or interaction

Legal basis: Legitimate interest

f)      To register you for and provide access to webinars

Legal basis: Performance of a service requested by you

Where you offer the option to sign up for news and updates, this is based on your consent and can be withdrawn at any time.

4 How Your Data is Collected

Your personal data is collected when you:

  • submit an assessment form via our website

  • book a meeting using our scheduling tool

  • register for a webinar

5 How Your Data is Stored and Processed

Your data is processed using secure systems and service providers selected based on their ability to protect personal data appropriately.

Depending on the service used, your data may be:

  • Stored and processed via our third party software provider (Lovable)

  • Accessed and, where necessary, transferred to New Core Business AB’s internal systems (Microsoft 365)

  • Processed via our scheduling provider (Acuity Scheduling)

Personal data is handled with appropriate security measures, including access control and restricted availability.

6 Processors and Third-Party Services

We use trusted service providers to process personal data on our behalf:

  • Lovable – hosting and processing of assessment data

  • Resend (via Lovable) – email delivery infrastructure

  • Microsoft 365 (Microsoft Ireland Operations Ltd.) – email and internal storage

  • Acuity Scheduling (Squarespace Inc.) – meeting booking and scheduling

These providers process personal data under contractual agreements and appropriate safeguards in accordance with GDPR, and may in certain cases act as independent data controllers for specific processing activities. For further details, please refer to the respective provider’s privacy information.

7 International Data Transfers

For certain services, personal data may be transferred to and processed in countries outside the EU/EEA, including the United States.

This may occur, for example, when emails are delivered through service providers used by our platform providers, where personal data such as email content and recipient address is processed for delivery purposes.

Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards may include the EU–US Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

Where possible, we prioritize service providers that store and process data within the EU/EEA.

8 Data Retention

We retain your personal data for:

Up to 12 months from the date of submission

Data may be retained longer if required to fulfil a specific request or ongoing engagement.

After this period, personal data is securely deleted.

9 Your Rights

Under GDPR, you have the right to:

  • Request access to and receive a copy of your personal data that we process

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time (where applicable)

  • Request data portability

To exercise your rights, contact us at hello@newcore.se.

10 Complaints

If you have concerns about how we process your personal data, please contact us first so we can address the issue. You also have the right to lodge a complaint with the Swedish supervisory authority (Integritetsskyddsmyndigheten, IMY).

11 Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.