Intro

At Criterion Partnership Ltd., we are committed to protecting and respecting your privacy. Criterion Partnership (‘Criterion’, ‘our’, ‘we’ or ‘us’) will be what’s known as the ‘Data Processor’ of the personal information you provide to us as one of our clients, or for use by our clients (the ‘Data Controller’) as a respondent on the platform: Psycruit.

Please read through the Privacy Policy below to understand what the information you provide us with is, how we process that information and the purposes for which such processing is undertaken by Criterion. We also explain the conditions under which we may disclose it to others and how we keep it secure. This Privacy Policy is specific to the information you give to us when participating in an assessment on the Psycruit platform or when using Psycruit as a client. You can find Criterion’s Privacy Policy at https://www.criterion.co.uk/privacy-policy.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this Policy and our privacy processes can be sent by email to letterbox@criterion.co.uk or by post to Criterion, The Old Market, Upper Market Street, Hove, BN3 1AT or you can give us a ring on 01273 734 000.

Who are we?

We are Criterion, a leading provider of business psychology products, technologies and consultancy for more than 25 years. We specialise in delivering flexible psychometric technologies, versatile 360 feedback services and innovative assessment activities. Criterion Partnership is a company limited by guarantee (no. 3443538). The registered address is Suites 3 & 4, The Old Market, Upper Market Street, Hove, BN3 1AT.

The Criterion Online Assessment & Selection Technologies (Psycruit) is a flexible online platform that enables our clients to create bespoke assessment campaigns for recruitment and development purposes.

What type of information is collected from you?

Via the Psycruit platform, we process information about you which is necessary to provide psychometric assessment and reporting services. We may provide these services to you as the individual or organisation that has purchased the services (‘client’) or you may provide responses in any of our online psychometric exercises as a ‘participant’ (‘candidate’ or ‘respondent’). In either case, you are what is known as the ‘data subject’, or the ‘natural person’.

The data that we process on Psycruit falls under four categories:

  • Contact Data. This includes information such as your name, email address, phone number and other identification details. You may provide this yourself, or a client may provide this about you in relation to assessments they would like you to participate in.
  • Assessment Data.This includes all responses to any of our online psychometric exercises. For example,
    • Aptitudes
    • Competencies
    • Motivations
    • Working styles
    • Behavioural approaches
    • Thinking styles
    • Interests
  • Research Data.This includes any responses to questions regarding the following,
    • Your work history
    • Your qualifications
    • Your gender
    • Your age
    • You ethnicity/cultural background
  • Website Usage Data.This information is collected automatically by our servers and includes information such as your browser settings and IP address. For more information about this type of data please continue to the’ cookies’ section of this document.

Research data may include sensitive personal data (as defined by the General Data Protection Regulation (GDPR), 2018). Research data will never form part of the assessment for either recruitment or development campaigns on Psycruit and is only used for research purposes (once aggregated and anonymised) in order to check our exercises for fairness and ensure the highest quality of test standard.

You will always be asked to give your consent before providing this type of data. You have the right to refuse to provide research data, and doing so will not have any consequences on your progression through the participant journey, completing assessments or your results. You can find more information about your choices and rights in the sections below: ‘your choices’ and ‘how can you access and update your information’.

How is your information used?

We process the contact and assessment data that you provide us with for the purpose of providing services to our clients. We use your information to:

  • Identify you on Psycruit. The contact details you provide will be used to differentiate you from other participants or administrators on the system.
  • Assess your aptitudes. We collect, process and store the responses you provide to our range of online ability tests.
  • Measure you preferred working style. We collect, process and store the responses you provide to our online personality questionnaires.
  • Produce psychometric reports. We use the responses you provide to create individual reports to give to the client whom has requested you complete the assessment.
  • Improving our products and services. Once anonymised and aggregated, we may use your responses for the purpose of refining the exercises and analysis on the reliability and validity of the tools.

We may use the research data you provide us with to:

  • Conduct fairness research. Once anonymised and grouped we may use your data to investigate our exercises with regards to gender, age and ethnicity.

We may also process your personal information for the purposes of accounting, billing and audit, credit or other payment card verification, security, administration, enforcing and defending legal rights, systems testing, maintenance and product development, customer relations, performing our obligations to you; our Participants and our Clients whether under contract or otherwise, and to help us in future dealings with you.

As part of the service we provide to our clients, the assessment data and psychometric reports created using the assessment data may be used by them for purposes of selection and development of individuals in an employment or human resources context. We do not have control over the decisions made by our clients, and emphasise that our products and services are to be used to aid their decisions and actions, not to decide for them.

Clients are entitled to use the personal information that we provide to them as part of our services for their own purposes; however, such clients are obliged to process such personal information in accordance with their own obligations under the GDPR, other data protection laws (if applicable) and our Standard Terms and Conditions. You will have rights with respect to the manner in which our clients process such personal information provided by us to them, so we advise you also read their privacy policy documents.

The personal information you provide may be used as part of a process to make selection or development decisions (see bullet points 2-4 above). However the responsibility for making these decisions and storing information about the decisions falls with our clients. For more information about this you should contact them directly.

Marketing

We will never send marketing communications to participants who are solely registered on the Psycruit system as participants. If you have a client account on Psycruit, we may use your contact details to update you with news or marketing information. Explicit consent for this type of communication will be asked for when you are set up with a client account.

You can opt-out of receiving marketing information at any time either by using the ‘unsubscribe’ link in the news letter, calling us on 01273 734 000, emailing letterbox@criterion.co.uk or writing to us at Criterion Partnership, The Old Market, Upper Market Street, Hove, BN3 1AT.

How long do we keep your information?

We review our retention periods for personal information on a regular basis. As a client on the Psycruit system your contact data will remain on the system all the time that you are an active user on the system. The contact data will remain on the system unless you request that your account be removed OR for 12 months after the last contact was made between you (the client) and Criterion.

As a participant, your contact data and assessment data is kept for a maximum of 6 months, after which time it is anonymised and archived. This means that you will no longer be identifiable from the archived data, we keep anonymised data for research purposes. This period of 6 months may be less if requested by the client, but will never be longer than 6 months.

Who has access to your information?

There may be times when the information described in this privacy policy may be shared by Criterion. However, we will never sell or rent your information to third parties, or share your information with third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order for the purposes of prevention of fraud or other crime.

If you have provided personal data as a participant on the system, your information will be available to our clients as part of the service we provide to them. Criterion is not responsible for how our clients use, store or share your personal information. We advise you read their privacy policy to check you are happy with their processes.

Other examples of times when Criterion may share personal information (this list is not exhaustive):

  • With third party service providers and agents. In order to ensure the highest quality services for our customers we sometimes engage third party companies, affiliates or individuals to process personal data for the purposes of completing tasks and providing services to you on our behalf (for example improving Psycruit exercises). When we use third party service providers we disclose only the personal information that is necessary to deliver the service and only use reputable organisations with their own Privacy Policies in place.
  • During changes to our business structure. We may be required to share personal information with third parties if we engage in a merger, acquisition, bankruptcy, dissolution or another type or reorganisation in our business structure.
  • To comply with laws and enforce our rights.We may share personal information as a response to lawful requests, court orders and legal processes, or to protect and defend the rights, property or safety of us, our customers and third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

We may disclose or use aggregate or anonymised information for other purposes. For example, we may share aggregated or anonymised information with our partners or others for business or research purposes. Criterion is not responsible for how third parties may use, share and store this information.

Your choices

As a client you have the right to choose whether or not you wish to receive information from us. We will not contact you for marketing purposes by email or phone unless you have given your prior consent. You can change your marketing preferences at any time by contacting us via email (letterbox@criterion.co.uk) or telephone (01273 734000).  

In addition, the browser you choose may provide you with the ability to control cookies or other types of local data storage. Your mobile device may provide you with choices around how and whether location or other data is collected and shared. Criterion does not control these choices, or default settings, which are offered by makers of your browser or mobile device operating system.

How can you access and update your information?

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please email, call or write to us using the contact information at the top of this document. Where appropriate you also have the right to data portability, this means that we will endeavour to provide you with your personal information in a format that is commonly used and machine readable.

We want to make sure that your personal information is accurate and up to date. You have the right to ask us to correct any information about you that is incorrect on our system. You also have the right to erasure, which means the withdrawal of all of the personal data we hold about you. You have the right to withdraw your consent at any time, we will always comply unless forced by reasons of law not to.

Security precautions in place to protect the loss, misuse or alteration of your information

We take the security of your personal information very seriously. The Psycruit System is located on a Peer1 Mission Critical Cloud facility within a physically secure UK based data-centre. The website and database is continuously backed-up. There is also a second version held at a different location which is also continuously backed up. We provide a triple level of resilience by performing nightly back-ups of Psycruit’s database to our local network servers, in two separate locations. In terms of information security our hosting provider works to ISO27001 guidelines, which is the updated version of BS7799. No data is transferred outside of the EU, unless the client for whom you are completing the assessments operates outside of the EU (see outside EU transfer section below). More information about the infrastructure and security of Psycruit and its host is available on request. 

Ownership of all client-specific data, such as candidate scores, reports, personal data, assessment campaign design, and CAL scale selections remains with the client. All Psycruit users are responsible for the protection and retention of this data. Clients are advised to ensure that they store local back-ups of all user data.

Whilst we take measures to protect the information we hold, these steps take into account the sensitivity of the information and the current state of technology. Thus, non-sensitive details (i.e. not credit or debit card details) are transmitted normally over the internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Where we have given, or you have created a password which enables you to access certain parts of Psycruit, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Profiling

As part of the service Psycruit provides to clients, your responses may be used to create profile reports that describe your preferences, approaches to work and may predict future behaviour. Criterion’s clients may use these to inform them during selection and/or development decisions. By providing these responses you are agreeing to this type of profiling. Remember, you can withdraw your consent at any time.

All profiling is undertaken by suitable algorithms that act in the same way for every individual. The mathematical processes are grounded in over 25 years of research here at Criterion and draw on decades of research from other business psychologists. The only information used to create profiles is the information you as a participant provide, we do not include information from third parties.

Use of ‘cookies’

Like the majority of other websites, our site uses cookies. Psycruit uses cookies and other similar technologies (such as single-pixel gifs and web beacons), to record data. We use both session-based and persistent cookies.

Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website. Cookies are unique to your browser. Session-based cookies last while your browser is open and are automatically deleted when your browser is closed. Persistent cookies last until you or your browser deletes them or until they expire.

Cookies allow us to carry out site analytics and personalisation, which helps us to improve our website and deliver a better, more streamlined service. If you access our website from your browser, you can manage your cookie settings. Please note, if you disable some or all cookies in a few cases some of our website features may not function as a result.

Criterion use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on their website. We do not currently recognise browser-initiated Do Not Track signals as currently there is no consistent industry standard for compliance.

Links to other websites

Psycruit may contain links to other websites run by other organisations. This Privacy Policy applies to Psycruit only, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you link to Psycruit from a third party site, we cannot be responsible for the privacy policies and practises of the owners and operators of that third party site and recommend that you check the policy of that third party site.

16 or under

Criterion websites do not publish content or collect data that is targeted at children. However, if you are aged 16 or under and visiting our website, please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

Some of Criterion’s clients may operate from outside of the European Union (EU). If you are asked to provide personal information as a response to a request from an organisation outside of the EU, the information will be available in countries which may not have the same data protection laws as governed by the GDPR. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. We will only work with clients who pledge to handle personal data in accordance with this Privacy Policy and the wider GDPR regulations.

Review of this Policy

We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy. This policy was last reviewed January 2018.

Contacting us

Please feel free to contact us if you have any questions about Criterion’s Psycruit Platform Privacy Policy. You may contact us using the office number 01273 734 000 or the email address letterbox@criterion.co.uk or send us a letter at:

Criterion Partnership

The Old Market

Upper Market Street

Hove

BN3 1AT

If you wish to raise a complaint on how we have handled your personal data, you can contact us directly and a member of the team will investigate the matter (letterbox@criterion.co.uk). If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).