Data Protection Policy Statement
1. Conexus aims to comply with all legislation arising from the EU General Data Protection Regulation (GDPR), which takes effect in May 2018.
2. The Client authorises the Consultancy to process personal data that the Client provides to the Consultancy in the course of all assignments undertaken for the Client in accordance with applicable Irish data protection laws and the EU General Data Protection Regulation (EU 2016/679). The Consultancy shall take appropriate technical, security or other organisational measures designed to protect against unauthorised access, alternation, disclosure, destruction or other unlawful processing of personal data. The Consultancy may also process or arrange for processing of personal data in order to support the maintenance of quality and standards in the Consultancy's work or to facilitate the administration of the Consultancy's business or to support their infrastructure. The Consultancy shall answer the Client's reasonable enquiries to enable the Client to monitor the Consultancy’s compliance with this clause. The Consultants shall not sub-contract their processing of personal data without the Client's prior written consent. The Client confirms that it acknowledges and accepts that any personal data it provides shall be used in the manner outlined above.
About the Data We Control
3. The data that we control is principally in the form of test results arising from psychometric assessments taken by candidates. Typically, that data is 'raw', meaning that it requires some kind of processing for it to be meaningful.
4. The personal data collected as part of the assessment process is minimal. By necessity, we require the name and gender of the candidate (see below: 'How We Identify Candidates'). We also require the email address of candidates in order to communicate with them and issue administration instructions.
5. Some online systems require the candidate's email address as a means of ensuring system security (ie: username with a password set by the candidate).
6. Any other information which may be requested by systems, including age, occupation, educational background etc. is optional.
7. The raw data is held on secure servers which are managed by third-party test publishers. We take all reasonable steps to ensure data protection. We only use test publishers of the highest professional standing, who also comply with Data Protection legislation. Ultimately, the raw data is processed to generate meaningful reports for both clients and candidates.
How Data is Collected and Processed
7. Candidates are invited to complete one or more psychometric assessments, usually via an online platform but sometimes in a face-to-face setting. The data collected from assessments is held in a raw state until processing occurs.
8. A meaningful report is generated and provided to the client company or to the contracting individual, or both, depending on explicit consent and agreement with the client company.
Who Controls the Data?
9. Raw Data: We control both the raw data and the personal data collected from the assessments.
10. Final Report: Once the final report has been compiled, it is owned and controlled by the client who requested and paid for the services. We retain a copy of the final report for a period of time so that we can deal with any queries. Our advice to clients is that reports / spreadsheet results have a 'shelf-life' of no more than 12 months.
11. When generating final reports for clients we use three pieces of information / personal data:
- Candidate Name (the Person undertaking the assessment)
- Candidate Gender
- Date of the Report
No other candidate information is included in reports.
The right to be informed / The right to object
12. Whenever a client undertakes an assessment, whether online or in a face-to-face setting, information is provided to the client relating to: General data protection; How the information is stored; How the information is used. Clients are asked to give consent before proceeding to the actual assessment. If consent is not given, no assessment is presented and no data is collected.
13. Before any assessment takes place, clients are advised of the reason for the assessment (Examples are: For use in a selection assignment for a particular job role; as part of a professional development initiative; to support other development projects such as team building). This fulfils the principle of informed consent. Unless we have explicit consent from the client, we will not process data for reasons other than those given as part of the original assessment.
14. Clients are entirely free to choose whether or not to take an assessment. If an objection occurs during an assessment (i.e. after giving original consent but prior to completing the assessment), then the client can close the assessment and no processing will occur. If the objection occurs after assessment (i.e. once the assessment process is completed), clients have a right to deletion.
The right of access; the right to rectification; the right to erase; the right to restrict processing.
15. Clients have a right to contact us at any time following the assessment process regarding: Rights of access, rectification, erasure and restriction of processing. We will act promptly upon such requests and confirm our actions in writing.