WiseAthena · Public Summary

Data Protection Executive Summary

Data Handling & Privacy Practices — Version 1.0 · 2026

DocumentData Protection Executive Summary
AudienceClients, prospects and partners
OwnerChief Operations Officer / ISO
Review frequencyAt least annually
Contact

1. Overview

WiseAthena is a B2B technology company providing data analytics and processing services to business clients. This document summarises how WiseAthena handles data — both the client data processed as part of service delivery, and the limited personal data the organisation holds about its own workforce.

Data protection is an integral part of WiseAthena's Information Security programme, which is aligned to the SOC 2 Security Trust Services Criteria.

2. Types of Data We Handle

CategoryDescriptionHow it is treated
Client business data Data provided by B2B clients for analytics and processing services Treated as commercial information. Processed solely to deliver contracted services. Subject to strict confidentiality controls.
Commercial information Prospect and client contact details held for business relationship management Managed as commercial data in our CRM. Not used for purposes other than business relationship management.
Workforce personal data Personal data of employees and contractors (HR, payroll, access management) Processed for employment and contractor management purposes only, under applicable labour and data protection law.

3. Core Data Protection Principles

WiseAthena applies the following principles to all data it holds and processes:

  • Purpose limitation — data is collected and used only for the specific, documented purpose for which it was received
  • Data minimisation — we collect only the data necessary to deliver our services
  • Confidentiality — access to data is restricted to authorised personnel on a need-to-know basis
  • Integrity — controls are in place to prevent unauthorised modification or destruction of data
  • Security — technical and organisational measures protect data against unauthorised access, loss or disclosure
  • Retention — data is retained only for as long as necessary for its purpose or as required by applicable law

4. Security Controls Protecting Data

Data is protected by the controls defined in WiseAthena's Information Security programme, which include:

ControlDescription
Access controlAccess to data assets is granted on a least-privilege basis and reviewed periodically
Multi-factor authenticationMFA is required for all remote access to systems holding sensitive data
EncryptionData is protected with appropriate encryption in transit and at rest
Monitoring & loggingSecurity events are monitored and anomalous activity is investigated
Vendor oversightThird-party providers that process data on our behalf are subject to formal security assessment and ongoing review
Incident responseA documented incident response process governs the detection, containment and notification of data security events

5. Regulatory Compliance

WiseAthena operates as a B2B data processor and analytics provider. Our data protection practices are designed to be compatible with applicable regulations in the jurisdictions in which we operate. Relevant considerations include:

  • Data processing agreements (DPAs) are available for clients who require them
  • In the event of a security incident affecting personal data, the organisation has defined procedures for timely notification to relevant regulatory authorities and affected parties
  • Workforce personal data is processed in compliance with applicable employment and data protection law

Clients who operate in regulated sectors (financial services, healthcare, etc.) and have sector-specific compliance requirements are encouraged to contact us to discuss their needs.

6. Data Processed on Behalf of Clients

When WiseAthena processes data on behalf of a client as part of service delivery, the following principles apply:

  • Data is processed solely according to the client's instructions and the terms of the agreed contract
  • Client data is not used for any purpose other than the delivery of the contracted service
  • Access to client data is restricted to personnel who require it to perform their role
  • Client data is not shared with third parties except where required for service delivery, and subject to appropriate contractual protections
  • Upon contract termination, data retention and deletion are handled according to the terms agreed in the contract

7. Contact

For questions about WiseAthena's data protection practices, or to request a Data Processing Agreement, please contact:

Data protection enquiries