Please note: If you have completed or are completing an assessment as part of a selection or development procedure, you should direct all your requests and concerns to the organization that asked you to complete these assessments. They are the ones who decide what happens to your data, taking into account all your legal rights. The privacy policy that follows details how we (Psycholate) as a "Data Processor" do our part of the job, in keeping your data private and secure.
General Privacy and Data Protection Policy
Personal Data Privacy and Protection is subject to conditions laid down by the relevant provisions of the General Data Protection Regulation (GDPR) that has been adopted to protect the rights of all individuals within the European Union, superseding the already applicable EU Data Protection directives (95/46/EC and 97/66/EC). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
Some definitions:
Where are the data located/stored?
The data are located to a data server located in UK (Rackspace Ltd) under a security management
model as recommended by the ISO 27001 standard and complied with the respective obligations
applicable to personal data that it controls or processes as part of, or in connection with, its use
or provision of the services supplied.
Who has access to them?
Personal data are processed by authorized personnel of Psycholate only in order to fulfill support
and processing obligations to their Licence Holder.
Any data processing undertaken by an employee that he/she has not been authorized to carry out as
part of his/her legitimate duties is prohibited. Psycholate does not disclose personal data to
unaffiliated third parties except where such disclosures would be necessary for Psycholate’s
provision of the service to their Licence Holder. Such necessary disclosures would occur in
accordance with applicable data protection laws as described in the General Privacy and Data
Protection Policy section and an NDA is signed between the two partners as well.
How the security of the personal data held is ensured?
Psycholate implements the appropriate technical and organizational security measures to protect
personal information, including internal security procedures that restrict access to and disclosure
of personal data. We also use encryption, firewalls and other technology and security procedures to
help protect the accuracy and security of your personal information and prevent unauthorized access,
unlawful processing disclosure or improper use. Since December 2016, Psycholate is certified and
operates under the standard processes and procedures of the ISO 27001, for Information security
management.
How long personal data records are retained?
The Data Protection Acts state that personal information held by Data Processor and Controllers
should be retained for no longer than is necessary for the purpose or purposes for which it was
obtained as long as they remain up-to-date. Psycholate determined that the data records should be
stored securely for twelve months, after which are anonymised (i.e. all information that can be
identifiable are removed). This process is considered appropriate since it allows Psycholate to
fulfil support and agreed services, research or other data analysis purposes to their client
companies whilst safeguarding privacy and data protection. When the Data Controller’s business
requirements, legal obligations and purpose of use of such data requires differently, this retention
period is extended following a respective agreement, in the manner of complying with the law.
For any issue related to Data Protection and Privacy, please contact: dpo@psycholate.com