Introduction
The new General EU Personal Data Protection Regulation (GDPR) enters into force on 25 May 2018 and introduces new obligations for any organization that stores or processes personal data. According to GDPR, “personal data” is any information that identifies a person (also referred to as a “data subject”). The new regulation will replace this data protection law and oblige organizations to implement the new rules. Failure to do so would result in significant sanctions.
Our obligations:
Our commitment to the clients of BPC – Business Psychological Consulting, which is a trademark of Synoptix Ltd for the following:
Personal Data and Consent
We will require explicit and unambiguous consent from respondents before collecting assessment data on behalf of our clients and partners. Each respondent will be shown a privacy statement, with links to more detailed information where appropriate, and require the selection of a checkbox signalling consent to continue. It will not be possible to submit assessment data to our systems without this consent.
Data Sharing
BPC does not share personal data with any third party nor do we host advertising for third parties. This means that we have no need to collect and process respondent data beyond what is required for the functioning of our products.
Data Retention and Right to Erasure
We will anonymize data on request from a client or partner or after 24 months at our discretion. Once data has been anonymized, we may use it for statistical purposes such as building norms, validation and ensuring that our tests are fair to all groups. Under these circumstances, data will be held in aggregated form and no personally identifiable data will be discernible. We will provide a means for complete erasure of data on request from a client or partner.
Data Portability
On request, ВРС will provide a basic report of any data held on our system for a given respondent. Clients or partners may want to provide additional data, perhaps in the form of a feedback report, at their discretion.
Where We Store Our Data
ВРС Online data is held on the secured and encryption protected hard drive and servers of Synoptics Consulting Ltd. For Psytech this service is held in Microsoft Azure’s ‘North Europe’ data centre, located in Dublin. Any access outside the Online application is restricted to key IT staff who will have the minimum access required to enable standard database maintenance operations and to provide technical support. All access is encrypted and IP restricted.The rest of the data from other suppliers of tests is strictly and securely held private on the companies servers ( Pearson-Talent Lens and MBTI) and information will be provided at request.
Cross Border Data Transfer
The data of all our European clients remains in our data centre and is not transferred outside of this location for any reason.
