Privacy Policy

1. About Us

Our contact details are as follows:

Name: iMeasure Ltd

Email: info@imeasure-online.com

Address: Fairfields House, Bromsberrow Road, Redmarley, Gloucestershire, GL19 3JU

Where a company (the “Client”) using our products or services has instructed us to assess an individual (the “Candidate”), the Client is the Data Controller and iMeasure Ltd is a Data Processor. Where we process the personal data of an individual for the purposes of accessing or ordering our products or services, iMeasure is the Data Controller.

2. Scope of this Privacy Notice

This Privacy Notice explains how we collect and process personal information when we provide our psychological assessment and reporting services (“Services”). We collect personal information about:

• Clients that purchase our Services (“Clients”)
• Individuals that provide responses in any of our assessments at the request of a client (“Participants”)

This Privacy Notice applies to any individual about whom we process personal information in the course of providing our Services (“You” or the “Data Subject”).

3. Data Protection Principles

Article 5 of the GDPR sets out seven key principles that lie at the heart of the general data protection regime. To ensure that we comply with data protection law and principles, any personal data that we handle will be:

• Processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’)
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’)
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’)
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
• The Data Controller shall be responsible for, and be able to demonstrate compliance with, the previous six principles (‘accountability’).”

4. Personal Data: What we collect

You may provide personal information about yourself to us by:

• Filling in forms or registering on our website – www.imeasure-online.com
• Corresponding with us via phone, email or otherwise
• Through our Psychometric Assessment platform if you are invited by us or a Client to complete an assessment.

When you visit our Website, the personal information we collect may include your name, occupation, company for which you work, business address, home address, email address, phone number, financial and credit card information and biographical information. If you contact us we may also keep a record of that correspondence.

With our psychological assessments, a client may provide personal information about Participants that have been nominated to undertaken an assessment, or the Participant may also provide us with this information directly. This can include Participant name, email address and other contact details. When participating in an Assessment, we will ask the Participant to provide responses that may constitute personal information. This can include:

• Identification Data – e.g. name and email address. You must provide this Identification Data as this is required in order for us to administer the Assessment, provide the results to the Client who requested you complete the Assessment, and for the purposes set out in Section six of this Notice.
• Assessment Data – e.g. your responses in an Assessment. This may include or allow us to deduce information such as motives, talents, aptitudes, behaviour, interests and competencies. You will be required to provide a response to some, if not all, of the questions within the Assessments. Failure to respond to certain questions may inhibit your ability to proceed to the next section or may affect your Assessment score.
• Research Data – e.g. your responses to questions about you which can include such information as your gender, your age, your cultural background, your qualifications, your work experience and details regarding your employment, responsibilities and work. You do not need to provide Research Data to us. This information is entirely voluntary (see below).

4.1 Special categories of Personal Data

Research Data may include personal data that reveals your age, gender and racial or ethnic origin, which is classed as a “special category of personal data” under data protection law. Research Data does not form part of the Assessment and is only used for research purposes and statistical analyses in order to monitor our tests and questionnaires for fairness, to ensure there is no presence of unfair discrimination against legally protected groups, and to maintain a high standard of Assessment.

Where an Assessment asks you to provide Research Data, we will ask for your explicit consent to collect and process such information. You do not have to provide Research Data to us; however, we should be grateful if you would complete all the questions as this will help us to monitor our tests and questionnaires for fairness and maintain a high standard of Assessment. Your ability to complete an Assessment will not be affected by your choice not to provide such Research Data, nor will this choice affect your Assessment results.

Any Research Data that we collect will be processed in accordance with this Privacy Policy and applicable data protection laws, and we shall ensure that it is treated securely.

From time to time, Participants may volunteer additional personal information about themselves to us, which may include special categories of personal data. For example, Participants may inform us about a health issue or disability which may impact the way in which they undertake the Assessment. We will obtain explicit consent before further processing any special categories of personal data that a Participant provides. With your consent, this information will be communicated to the Client requesting the Assessment whose responsibility it is to take any decisions regarding the impact on the Assessment process as a result of the information. Please note that without such consent, we may not be able to address the needs of individual Participants.

5. Personal Data: How we collect it

We collect personal information about you from the following sources:

• Yourself, as a Participant or Client
• From a Client who has invited you to complete the assessment
• Direct interactions we have when you correspond with us by post, phone, email or otherwise. This can include when you enquire, apply for or purchase any of our products and services, when you create an account on our website, complete our psychometric assessments or contact us regarding any queries or customer support requests.

6. Personal Data: Purpose of collection

We process Identification Data and Assessment Data provided in relation to your Participation in Assessments for the purpose of providing Services to our Clients. This may include processing this data in order to:

• Identify your Assessment and responses
• Assess your performance on the psychometrics assessments you have been invited to complete.
• To provide you with necessary credentials to access the testing platform, provide technical support and notify you upon receipt of completed assessments.
• Produce Assessment reports for our Client who has made this Assessment available to you
• Comply with legal or regulatory requirements.

We may process Research Data for research purposes. We research responses to our Assessments in the light of areas such as gender, age and cultural background over the longer term; this is considered best practice and allows us to monitor our Assessments for fairness in use. The Research Data that we collect goes through the process of aggregation and/or anonymization. The Research Data that is personally identifiable to you is not individually disclosed to any Client or any third parties.

If you complete the Assessment in a jurisdiction that prohibits completion of such Research Data, you should not complete those details to the extent such law prohibits doing so, though we would be grateful if other details were completed.

We may also process your personal information for the purposes of using and refining Assessment tools, analysis, accounting, billing and audit, credit or other payment card verification, security, administration, enforcing and defending legal rights, systems testing, maintenance and product development, customer relations, performing our obligations to Participants and Clients whether under contract or otherwise, and to help us in future dealings with you.

The Assessment reports and services we provide to our Clients may be used by them for purposes which may include the selection and development of individuals in an employment or human resources context. We may also provide a copy of the Assessment Data to our Clients for use by them for their own internal human resource management purposes.

Clients are entitled to use the personal information that we provide to them as part of our Services for their own purposes; however, such Clients are obliged to process such personal information in accordance with their own obligations under applicable data protection laws. You will have rights with respect to the manner in which our Clients process such personal information provided by us to them.

7. Profiling

Our Assessments are conducted, in part, on the basis of profiling, which means that we process your personal information using software that is able to process your responses to questions and provide estimates of different attributes including your personality, preferred behaviour, motivations, talents and abilities. Although we use statistical algorithms to score your assessments, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We have a legitimate interest in performing profiling because this is the most appropriate way to provide our service, and such processing is based on your test performance only. The profiling described is necessary for the provision of our psychometric assessments and forms part of our contractual obligation to the Data Controller, who has instructed us to provide the assessment service. We conduct Data Protection Impact Assessments (DPIA’s) to address any potential risks to the rights and freedoms if individuals before introducing new profiling activities. We regularly test our algorithms and processes for accuracy to ensure that they are fit for purpose.

If you are a Participant, you should note that it is our Clients that make decisions on the basis of our Assessments. If you have any questions about how Assessment results will be used in their decision-making process, you should ask the Client (i.e. your employer or potential employer) for further information. If you are a Client, it is your responsibility to ensure that your decision-making process – including how you interpret the Assessment results – complies with applicable laws.

8. Personal Data: Legal Basis for Processing

We must have a legal basis to process your personal information. In most cases, the legal basis will be one of the following:

• To fulfil our contractual obligations to Clients – e.g. to conduct the Assessments and deliver Assessment results that the Client has engaged us to provide.
• To comply with our legal obligations.
• To meet our legitimate interests – e.g. to provide the Services, to conduct analysis that helps us to improve our Services, to ensure that any complaints or concerns can be promptly dealt with and to ensure our records are kept up to date and accurate
• Your consent, when we process any special categories of personal data about you. You have the right to withdraw your consent at any time by contacting us using the contact details contained in this Notice.

9. Personal Data: Disclosure / Sharing

Information about Participants will be disclosed to our Clients in the context of the provision of Services to them in connection with the Assessments undertaken. Individual responses may be disclosed to Clients, and an overall Assessment report will be provided to Clients, containing an overall Assessment result and additional comments about a Participant’s performance.

To facilitate the Assessment process, information about you may also be passed to other companies, which may include providers of:

• Systems to facilitate the service such as email services and enquiry response services;
• Cloud-based services;
• Human resource and other Assessment services;
• Web-based accounting systems; and
• Professional advisors and auditors.

We may also pass anonymised and/or statistically aggregated data to our approved agents as described above, and to current or future potential Clients or research institutions. Because this information cannot identify you as an individual, it does not constitute personal information.

We may disclose your personal information to third parties:

• In the event that we sell any part of our business or assets of our business, in which case we may disclose your personal data to the prospective buyer of the business or assets. We may also disclose your personal data to a vendor of another business or assets that we are acquiring or to a joint venture or merger partner.
• If our assets are acquired by a third party, personal information held about our Clients and Participants will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms of Use or our applicable Standard Terms and Conditions and other agreements; or to protect our rights, property, or safety or those of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

10. International Data Transfers

Due to the international nature of internet-based Assessment and training services, we may from time to time appoint third parties to process data containing information about you on our behalf as a data processor, or store such information in, or transfer it to persons located in, countries outside of the European Economic Area (“EEA”). These countries may not have data protection laws equivalent to those which are in force in the EEA to protect your information. Where we transfer your information to such third-party data processors and/or third parties outside of the EEA, we shall ensure that they provide sufficient guarantees in respect of the technical and organizational security measures, and take reasonable steps to ensure their compliance with those measures in order to ensure your information is adequately protected in accordance with applicable data protection laws. For more information on the appropriate safeguards in place, please contact us at the details provided in this Notice.

11. Personal Data: Protection

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on instruction from the data controller, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. Personal Data: Retention

We retain Participants’ personal information (including test results) for a period of 24 months, after which time we may anonymise the data and use it for research purposes. We will also anonymise data at the request of the Client or the Participant. If the Participant requests their data to be anonymized, we will first inform the Client who requested the Assessment be made available to the Participant.

We retain Clients’ personal information for as long as we maintain a relationship with Clients, and then for a reasonable period of time that allows us to assist with any queries, requests or complaints regarding the Assessments and/or the Services, to commence or defend legal claims, and to comply with our regulatory obligations (including record retention obligations).

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Your personal data will be held in line with iMeasure Ltd records management and data retention policy. After the minimum retention period, has elapsed we will review and securely destroy your personal information.

13. Your Rights

Under UK Data Protection legislation, you have individual rights with regards to your personal data. You are entitled to see the personal information we hold about you. You may ask us to make any necessary changes to ensure that personal information about you is accurate and kept up to date. You will not have the right to make changes to the Assessment Data however, as this would undermine the accuracy and value of the Assessment reports.

Further information on those rights can be found at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact info@imeasure-online.com.

• You will not usually have to pay a free to access your personal data or to exercise any of other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
• In order to comply with your request we may need to request additional specific information from you, to help us confirm your identity and to ensure your right exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
• We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made a number of requests. In this case, we will notify you and keep you updated.

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) https://ico.org.uk/global/contact-us/

14. Further Information

iMeasure Ltd are committed to ensuring all personal data that we collect and process is treated appropriately; we manage any information collected with great concern for privacy and confidentiality as well as professional and legal standards. The security of your personal data is continuously addressed through adherence to the British Psychological Society’s Code of Conduct in addition to the GDPR requirements. For further information about any of the information contained in this Privacy Policy, please contact info@imeasure-online.com.