Privacy

About this Privacy Statement

This Privacy Statement explains how and why your personal data is processed by SSESSMENTS, including each of its operating entities, (also referred to as “SSESSMENTS”, “we”, “our” and “us”) when we provide you products and/or services, when you use our websites and other digital platforms, when you supply goods or services to us and when we send you marketing communications.

SSESSMENTS is a "controller" in relation to its use of your personal data. This is a legal term – it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws. The controller in respect of personal data processed in connection with the www.ssessments.com website (the “Website”) is SSESSMENTS For the purposes of the other processing activities set out in this Privacy Statement, the controller will be the relevant SSESSMENTS entity providing you and/or your organization with products/services (or, in the case of suppliers/vendors, the SSESSMENTS entity receiving products/services from you) or any website or digital platform or sending you marketing communications.

In this Privacy Statement, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you.

The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.

You should read this Privacy Statement so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you that might apply to our use of your personal data in specific circumstances from time to time.

If you have any questions about this Privacy Statement, please contact personaldataprivacy@ssessments.com.

What types of personal data do we collect and where do we get it from?

The personal data we process about you broadly falls into five main categories: (i) Contact Information; (ii) Background and Identity Information; (iii) Customer / Supplier Information; (iv) Marketing Preferences; and (v) Website Information / Browsing and Device Usage Information. Just because these categories are noted below, that does not necessarily mean that we will collect all such personal data about you. What we collect will depend on how you engage with us, and thus the purpose which we have your personal data for.

We collect your personal data from various sources. The table below sets out the different types of personal data that we collect and the sources we collect it from.

Category	Types of personal data	Collected from
Contact Information	Name Address Telephone number Organization details (e.g. your place of work, job title and organization contact information)	You Publicly available resources (such as LinkedIn)
Background and Identity /RegulatoryInformation	Contact Information (see above) Date of birth Identification information (e.g. passport, utility bill and/or bank statement) Nationality	You Third party systems used for our regulatory checks
Customer / Supplier Information	Contact Information (see above) Order information for goods and services purchased or sold by you (or your organization) Digital signature Delivery details Any communications we have with you, whether related to a specific transaction or a separate inquiry (e.g. when you contact a SSESSMENTS Sales Representative through our website) Information about other people (e.g. your customers and/or staff) that you share with us in connection with a specific transaction or contract with us Any fraud checks or flags raised about your transactions/payment card refusals User IDs/log-ins and passwords used by you in relation to our platforms and services You/your organization’s billing, payment and banking details Criminal conviction data Sensitive information (see sub-categories below)	You Advisors and other third parties working with you
Marketing Preferences	Marketing communications preferences	You Publicly available information from online resources such as LinkedIn
Website Information / Browsing and Device Usage Information	Contact Information (see above) Information automatically generated through your use of our websites and other digital platforms Details of your online browsing activities on our website, such as the pages, products or areas of our website that you visit IP address and other online identifiers / web beacons User names, passwords, email, name and other log-in information Information revealing the location of your electronic device	You and your use of our digital platforms
Sensitive Information	Racial or ethnic origin (including your nationality and passport information) Information relating to actual or suspected criminal convictions and offenses (pursuant to anti-money laundering and identity checks)	You Third party systems used for our identity checks

Please note that if you do not provide us with your Contact Information we may not be able to provide you with any information you request, and if you do not provide us with your Contact Information, Background and Identity / Regulatory Information or certain Customer / Supplier Information, we may not be able to provide goods or services to you, or work with you as one of our suppliers (as applicable).

What do we do with your personal data, and why?

We use your personal data for a number of different purposes in connection with your use of the Website, the provision of services or goods from us to you, or from you to us, your communication or other engagement with us and the management and administration of our business. We must always have a “lawful basis” (i.e. a reason prescribed by law) for processing your personal data. The personal data purposes table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. The purposes applicable to you will vary according to the relevant SSESSMENTS controller of your personal data (as explained in the introductory paragraph above). For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

Please note that where our processing of your personal data is either:

necessary for us to comply with a legal obligation; or
necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.

and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.

Purposes for processing personal data

	Lawful basis
Purposes of processing	Your consent	To perform a contract with you	To comply with a legal obligation	For our legitimate interests
Contact Information
Responding to your inquiries (including any contact you make via the Website that is not associated with a pre-existing relationship with us as customer/supplier or otherwise)		ü	ü	ü (It is important that we can identify you and respond to your inquiries)
Establishing you/your organization as a client on our systems		ü		ü
Confirming and processing orders for goods or services that you may make with us (either as customer or supplier)		ü
Sending you information (including direct marketing) as set out in the section “How do we communicate with you?”, below	ü			ü (It is important to keep you updated of orders made with us and notified of factual updates to our engagement with you)
Website Information
Ensure the operation and performance of the Website (PLEASE ALSO SEE THE COOKIES SECTION BELOW)				ü (We need to ensure the Website functions correctly)
To improve the functionality of the Website				ü (It is in our interest to keep the Website up to date and improve its functionality for the benefit of users)
Monitoring and producing statistical information regarding the use of our platforms, and analyzing and improving their functionality				ü (We need to perform this routine monitoring to make sure our platforms work properly, analyze how they are used and improve them)
To enable you to create accounts and log-in to them via the Website				ü (It is in our interests to grant you access to a private log-in where you can access information relevant to you and your relationship with SSESSMENTS. This additionally helps SSESSMENTS comply with certain applicable laws)
Customer / Supplier Information
Taking payment from you in respect of our goods and services		ü
Hosting you at our sites / offices and providing hospitality services				ü (We need to be able to host our customers and prospective customers effectively)
Conducting surveys for benchmarking, continuous improvement and marketing purposes	ü			ü (We need to collect your feedback in relation to our services, in order to resolve any problems or complaints and improve and innovate)
For our general recordkeeping and customer / supplier relationship management		ü		ü (We need to store customer/supplier related information so we can refer back to it)
Managing our business relationship with you, or any other after sales services, including for warranty purposes (where applicable)		ü
Managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly	ü			ü (We need to tailor our services in accordance with feedback and preferences)
Continuously reviewing and improving our products and services (including by seeking and obtaining your feedback) and developing new ones				ü (We have a legitimate interest in making sure that we are continuously improving our service offering)
Performing identity, financial and credit searches, screening and checks against third party sources for anti-money laundering and identity verification			ü	ü (It is important that we seek to limit incidents of fraud)
All Categories / General Business Requirements
Analyzing how our electronic marketing communications are used by you (including whether you open them and click through to access their contents)				ü (We need this information to ensure we are providing you with information that you are interested in)
Managing, planning and delivering our global business and marketing strategies (including recording and reporting on our business development activities)				ü (As a global company, we need to implement effective business development and marketing strategies)
Monitoring our systems and processes to identify, record and prevent fraudulent, criminal and/or otherwise illegal activity			ü	ü (We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity)
Purchasing, maintaining and claiming against our insurance policies			ü	ü (It is in our interests to protect our business against specified losses)
Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)			ü
Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law			ü
Obtaining legal advice and establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)				ü (We must be able to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them)
Training our staff			ü	ü (Sometimes, it is appropriate for us to use your personal data so that we can provide our staff with training to manage risk and improve the quality of our services)
Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organization			ü	ü (We have a legitimate interest in being able to sell any part of our business)
Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)		ü		ü (We need to make sure that our business processes are secure)
To keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws.			ü
Resolving any complaints from or disputes with you		ü		ü (We need to be able to try and resolve any complaint or dispute you might raise with us)
Managing, publicizing and participating in corporate social responsibility initiatives	ü			ü (We need to ensure our CSR initiatives are properly managed)

Aggregated / Anonymized Data

We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymized data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.

Sensitive Information

We also process certain ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information” – as set out in the table below). This refers to special categories of personal data and information relating to your criminal record where applicable, which we are required to process with more care, according to applicable laws. The Sensitive Information purposes table below sets out the different purposes for which we process Sensitive Information about you and the relevant lawful basis on which we rely for that processing.

The purposes applicable to you will vary according to the relevant SSESSMENTS controller of your personal data (as explained in the introductory paragraph above).

For some processing activities, we consider that more than one legal basis may be relevant – depending on the circumstances. We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of Sensitive Information.

Purposes for processing Sensitive Information

Purposes of processing	Sensitive Information lawful basis We are permitted to process your personal data because…
Purposes of processing	1. You have given your explicit consent to the processing	2. It is necessary to protect somebody’s vital interests or they are incapable of giving consent	3. It is necessary for the establishment, exercise or defence of legal claims		4. It is necessary for reasons of substantial public interest
Hosting you at our offices and providing hospitality services	ü (for your dietary and access requirements)	ü (in case of accidents or emergencies at our offices)
Investigating, evaluating, demonstrating, monitoring, improving and reporting on our compliance with relevant legal and regulatory requirements (such as anti-money laundering and customer verification checks)					ü
Complying with our general regulatory and statutory obligations					ü
Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same				ü	ü
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)				ü	ü

For California Residents

If you are a consumer as defined by the California Consumer Privacy Act of 2018, the personal information collected from you includes information within the below categories of data. These categories also represent the categories of personal information that we have collected over the past 12 months. The source of the information is set forth above in the section titled What types of personal data do we collect and where do we get it from? For information regarding who we disclose your information to, see the section below titled Who we do share your personal data with, and why? We do not sell personal information about you, as defined under California state law. We also have not done so in the last 12 months.

Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all our consumers, nor does it imply that California law applies to you.

Category	Purpose of processing
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers, including information about your vehicle.	This data is processed for a number of our operational functions, including responding to inquiries, providing customer service, establishing you/your organization as a client, confirming and processing orders for goods or services that you may make with us (either as customer or supplier), verifying customer information, processing payments, hosting you at our sites / offices and providing hospitality services, managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly.If you are an applicant, we use this information to open and administer your file.It is also processed in order to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, for compliance management, data analytics and technological development of our systems.It is also processed for advertising and marketing purposes.
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.	This data is processed for a number of our operational functions, including responding to inquiries, providing customer service, establishing you/your organization as a client, confirming or processing orders for goods or services than you may make with us (either as customer or supplier), verifying customer information, processing payments, hosting you at our sites / offices and providing hospitality services, managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly.If you are an applicant, we use this information to open and administer your file.It is also processed in order to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, for compliance management, data analytics and technological development of our systems.It is also processed for advertising and marketing purposes.
Characteristics of classes protected under federal or California law, including: familial status, disability, sex, national origin, religion, color, race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information.	This data is processed when hosting you at our sites / offices and providing hospitality services.It is also used for investigating, evaluating, demonstrating, monitoring, improving and reporting on our compliance with relevant legal and regulatory requirements (such as anti-money laundering and customer verification checks).
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	This data is processed managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly.It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, for compliance management, data analytics and technological development of our systems.It is also used for marketing and advertising purposes.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.	This data is used to help manage and administer the website, gather demographic information, as well as to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, for compliance management, data analytics and technological development of our systems.
Audio, electronic, visual, thermal, olfactory, or similar information.	This data is processed in connection with a number of our operational functions, including recording sales calls and other calls.
Professional or employment-related information, such as name, title, name of the employer, business address, business telephone number, and business email address.	This data is processed for a number of our operational functions, including responding to inquiries, providing customer service, establishing you/your organization as a client, confirming and processing orders for goods or services that you may make with us (either as customer or supplier), verifying customer information, processing payments, hosting you at our sites / offices and providing hospitality services, managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly.If you are an applicant, we use this information to open and administer your file.It is also processed in order to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, for compliance management, data analytics and technological development of our systems.It is also processed for advertising and marketing purposes.

Communicating with you

We will use your personal data to communicate with you:

in relation to any purchases you make with us;
to administer our relationship with you;
to respond to any questions or complaints that you may have; and
to invite you to take part in market research or request feedback on our products and services.

From time to time and with your opt-in consent (if required), we will provide you with information about our products, services, promotions and/or offers which may be of interest to you. Such communications will be sent either by email, text, post or telephone.

If you do not wish to receive such communications, you can refuse to give your consent (where your consent is required) or opt-out at any time by either following the instructions within the communication or by contacting us using the details below.

Cookies and similar technologies

Like most websites, our Website uses cookies and web beacons, which we deploy with your consent (if required), principally to enhance your viewing experience. Not all cookies require consent to be placed on your device. Essential cookies do not require consent. Non-essential cookies do require consent. This is governed by e-privacy law. A cookie is a piece of data that our Website automatically transfers to the hard drive of your PC or mobile device when your browser accesses our Website. Some cookies and similar technologies maintain personal data. Some do not. You can find out more about this type of technology through your internet browser.

You may refuse to accept cookies by changing the settings on your browser. Your browser will tell you in simple terms how to do this, usually through a ‘help’ section. If you are at all uncertain about how to do this, your browser manufacturer should be able to show you how. However, if you change the settings to refuse cookies, you may be unable to access certain parts of the site. Unless you have adjusted your browser settings so that the browser refuses cookies, our system will issue cookies when you log on to our site.

For cookies where we require consent (whether that requirement comes from privacy or data protection laws) we ask for this consent by a consent capture mechanism included in the banner you see when you first visit our Website. You are asked to take a positive action (such as click to “ACCEPT”, or through the continued use of our website) if you do wish to give your consent.

The system may also use web beacons which are similar but not identical to cookies in the way they operate.

If you are only browsing our website and have not logged in, we will not ask you to directly submit any personal data. However, certain information (which may be personal data) - including computer and connection information, browser type and version, operating system and platform details and the time of accessing the website – will be automatically collected. This information helps us to improve our site and to deliver a better and more personalized service. It helps us:

To estimate our audience size and usage patterns.
To store information about your preferences, so we can customize our site according to your individual interests.
To speed up your searches.
To recognize you when you return to our site.
We occasionally carry out market research and business development. A third party might help us to do this and they may send a cookie or web beacon.

The table below summarizes the different types of cookies we use on the Website, together with their respective purpose and duration (i.e. how long each cookie will remain on your device).

Two types of cookies may be used on the Website - "session cookies" and "persistent cookies". Session cookies are temporary cookies that remain on your device until you leave the Website. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings).

Cookies used on the Website:

Type of Cookie	What do they do?	Do these cookies collect my personal data / identify me?	Cookie used and details
Necessary	Cookies that are essential to making the Website work correctly. They enable visitors to move around our website and use our features. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session.	These cookies do not identify you as an individual.If you do not accept these cookies, it may affect the performance of our website.	ASP.NET_SessionId
Functionality	Cookies that allow our web properties to remember the choices you make (such as your user name, language or the region you are in) to provide a more personalized online experience.	The information these cookies collect may include personally identifiable information that you have disclosed, such as a username, for example. We shall always be transparent with you about what information we collect, what we do with it and with whom we share it. If you do not accept these cookies, it may affect Website performance and functionality and may restrict access to web content.	_gid _ga _dc_gtm_US-57747500-2

Please note that we do not currently use any targeting/advertising cookies.

If you use different devices to view and access the Website (e.g. your computer, smartphone, tablet, etc.), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.

Who do we share your personal data with, and why?

Sometimes we share your personal data with third parties where permitted by law, including the following:

Inside SSESSMENTS’s group:

We are part of the SSESSMENTS group, which includes a number of companies and operations globally. Therefore, we will need to share your personal data with other companies in the SSESSMENTS group for our general business management purposes and, in some cases, to meet our customer needs where providing services across branches/locations and/or for authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis. You can find out more about the group and companies in the group here: ssessments.com

Access rights between members of the SSESSMENTS group are limited and granted only on a need to know basis, depending on job functions and roles.

Where any SSESSMENTS group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.

Outside SSESSMENTS’s group:

From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our outsourced IT systems software and maintenance, back up, and server hosting providers.

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:

services provided to you or us by a third party acting independently to SSESSMENTS but which has a relationship with SSESSMENTS, for example certain payment fraud checking services;
the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors; and
the disclosure of your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.

We have set out below a list of the categories of recipients with whom we are likely to share your personal data:

IT support, website and data hosting providers and administrators;
payment processors in relation to purchases you make with us;
consultants and professional advisors including legal advisors and accountants;
courts, court-appointed persons/entities, receivers and liquidators;
business partners and joint ventures;
insurers; and
governmental departments, statutory and regulatory bodies (including tax authorities).

Where is your personal data transferred to?

Since SSESSMENTS operates globally, we will sometimes need to transfer your personal data to recipients (either internally or externally, as set out above) in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction.

If you are based in Europe and we transfer your personal data outside the European Economic Area, we will only make that transfer if:

that country ensures an adequate level of protection for your personal data;
the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States;
we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission;
the transfer is permitted by applicable laws; or
you explicitly consent to the transfer.

If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact personaldataprivacy@ssessments.com.

How do we keep your personal data secure?

We will put in place appropriate security measures to protect your personal data from unlawful or unauthorized processing and accidental loss, destruction or damage.

However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access SSESSMENTS platforms safe.

How long do we keep your personal data?

We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it. This will depend on a number of factors, including:

any laws or regulations that we are required to follow;
whether we are in a legal or other type of dispute with each other or any third party;
the type of information that we hold about you; and
whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
the period of time during which any claims or proceedings can be brought against us or a member of the group to defend against any such claims.

For more information on our data retention practices, please contact personaldataprivacy@ssessments.com.

What are your privacy rights and how can you exercise them?

You may access the personal data about you that we store. You may also review or make certain corrections to the personal data we store about you. You may also request the deletion of personal data about you or object to its processing. In limited circumstances, you may have data portability rights in relation to certain personal data we hold about you. These rights are not unlimited and the exercise of these rights, and the limits upon them, are briefly set out in the table below.

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we need to rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Your rights in relation to personal data

Your right	What does it mean?	Limitations and conditions of your right
Right of access	Subject to certain conditions, you are entitled to access your personal data (this is also known as a “data subject access request.”). You may also be able to access the personal information we have collected about you, the categories of sources from which the information was collected, the purposes of collecting the information, the categories of third parties we have shared the information with, and the categories of personal information that have been shared with third parties for a business purpose.	If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Under certain laws we may refuse a data subject access request depending on the circumstances of the request. For example, access may not be provided where: the burden or expense of providing access would be disproportionate to the risks to you, the requester; the rights or interests of an individual other than you would be violated, such as where access would reveal another individual’s personal data; access would reveal information which we have taken steps to protect from disclosure because disclosure would help a competitor in the market (Confidential Commercial Information), such as where Confidential Commercial Information cannot be readily separated from the personal data; the execution or enforcement of the law, including prevention, investigation or detection of offences or the right to a fair trial would be interfered with; an investigation or grievance proceeding being conducted by us would be prejudiced; any confidentiality that may be necessary for limited periods in connection with our management of our workforce (e.g. succession planning and corporate re-organizations; or in connection with monitoring, inspections, or regulatory functions connected with sound economic or financial management); a court, or other authority of appropriate jurisdiction, determines that we are not required to provide access; a legal or other professional privilege or obligation would be breached; or there is no legal requirement for us to provide such access, including because local legal requirements for a valid data subject access request have not been met. We may charge an administrative fee to you where the data subject access request is excessive or significantly unfounded (limited to the actual cost required to provide access to the requested personal data in the required format).
Right to data portability	Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.	If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
Rights in relation to inaccurate personal or incomplete data	You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal data accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status.	Please always check first whether there are any available self-help tools to correct the personal data we process about you. This right only applies to your own personal data. When exercising this right, please beas specific as possible.
Right to object to or restrict our data processing	Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.	This right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
Right to erasure	Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where your personal data is no longer needed for the purposes it was collected for; where the relevant processing is unlawful, or there is an applicable law requiring erasure of the personal data; or where you have exercised a legitimate right to object to processing of your personal data.	We may not be in a position to erase your personal data, if for example: we need it to comply with a legal obligation; we need it to exercise or defend legal claims; we need it to exercise freedom of expression and information; we need it to carry out a task in the “public interest”; we need it to archive personal data in the public interest, or for scientific, historical, or statistical research purposes if those purposes would be seriously impaired by the erasure of the personal data; or there is an absence of a right to request erasure under any law applicable to our processing of your personal data.
Right to withdrawal of consent	Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.	If you withdraw your consent, this will only take effect for future processing.

Emailing us at personaldataprivacy@ssessments.com

We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request, certain requests may require us to obtain additional personal information from you.

In certain jurisdictions, you may be permitted to use an authorized agent to exercise your rights on your behalf. If you are making any of the requests above through an authorized agent, we will request written authorization from you and will seek to verify your identity or we will accept a legal Power of Attorney to the authorized agent. Please be advised that we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

In accordance with applicable law, we will not discriminate against you for exercising these rights.

Children’s Online Privacy Protection Act (COPPA)

The Website is not targeted at children under the age of 13, and we do not knowingly collect any personal data from children. We will delete any personal information we determine to have been collected from a child or user under the applicable age of consent. If you are a parent or guardian of a child under the relevant digital age of consent and believe he or she has disclosed personal data to us, please contact us at personaldataprivacy@ssessments.com.

Do Not Track

Some web browsers include a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. Our sites are not currently configured to respond to those signals.”

Updates to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. In the event of a material change which effects the processing of your personal data, we will contact you. We also encourage you to check this Privacy Statement on a regular basis.