General Privacy and Data Protection Policy

Personal Data Privacy and Protection is subject to conditions laid down by the relevant provisions of the General Data Protection Regulation (GDPR) that has been adopted to protect the rights of all individuals within the European Union, superseding the already applicable EU Data Protection directives (95/46/EC and 97/66/EC). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

Some definitions:

• Personal data: data which relate to an individual who can be identified from such data, or from such data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller. Personal data refers both to data processed on a computer, and to certain kinds of manually processed data. Any information that data subject enters during these assessment tests is, therefore, personal data.
• Licence Holder: the company client which uses the services and software of Psycholate. Licence Holder is responsible for ensuring that the processing of personal data by him has been and will continue to be carried out in accordance with all legal requirements of the state or states within which the licensed software is being used. Licence Holder is responsible for identifying any such legal requirements.
• Data controller is the Licence Holder. Data Controller determines the purposes for which and the manner in which any personal data are, or are to be, processed and is ultimately responsible for observing all relevant legal requirements with regard to the processing of personal data in the state or state in which the licensed software or service is being used.
• Psycholate is the Data Processor. Data processor in relation to personal data, means any person who processes the data on behalf of the data controller. Psycholate processes the data on behalf of the Data Controller under the scope and the conditions laid down by the provisions of the applicable EU directives and Greek legislation. Also, provides the computing facilities with which personal data are processed, subject to an agreement between Psycholate and Licence Holder.
• By participating to any of these assessments, the Data Subject agrees to information provided by him/her being used by for the following purposes:
  • Psycholate may use personal data of the data subject to assist Licence Holder in the use and understanding of any service or product supplied to License Holder
  • Licence Holder and their prospective clients may use the results for human resources purposes only
  • The Personal Data of the Data Subject may not be used for any other purpose or use
  • After the time threshold set by the Licence Holder, all personal data will be anonymised.

Where are the data located/stored?
The data are located to a data server located in UK (Rackspace Ltd) under a security management model as recommended by the ISO 27001 standard and complied with the respective obligations applicable to personal data that it controls or processes as part of, or in connection with, its use or provision of the services supplied.

Who has access to them?
Personal data are processed by authorized personnel of Psycholate only in order to fulfill support and processing obligations to their Licence Holder.
Any data processing undertaken by an employee that he/she has not been authorized to carry out as part of his/her legitimate duties is prohibited. Psycholate does not disclose personal data to unaffiliated third parties except where such disclosures would be necessary for Psycholate’s provision of the service to their Licence Holder. Such necessary disclosures would occur in accordance with applicable data protection laws as described in the General Privacy and Data Protection Policy section and an NDA is signed between the two partners as well.

How the security of the personal data held is ensured?
Psycholate implements the appropriate technical and organizational security measures to protect personal information, including internal security procedures that restrict access to and disclosure of personal data. We also use encryption, firewalls and other technology and security procedures to help protect the accuracy and security of your personal information and prevent unauthorized access, unlawful processing disclosure or improper use. Since December 2016, Psycholate is certified and operates under the standard processes and procedures of the ISO 27001, for Information security management.

How long personal data records are retained?
The Data Protection Acts state that personal information held by Data Processor and Controllers should be retained for no longer than is necessary for the purpose or purposes for which it was obtained as long as they remain up-to-date. Psycholate determined that the data records should be stored securely for twelve months, after which are anonymised (i.e. all information that can be identifiable are removed). This process is considered appropriate since it allows Psycholate to fulfil support and agreed services, research or other data analysis purposes to their client companies whilst safeguarding privacy and data protection. When the Data Controller’s business requirements, legal obligations and purpose of use of such data requires differently, this retention period is extended following a respective agreement, in the manner of complying with the law.

For any issue related to Data Protection and Privacy, please contact: dpo@psycholate.com