Privacy Policy

SOVA Assessment Limited Privacy Notice 

  1. Introduction

This Privacy Notice is made available for the benefit of the categories of individuals defined below. If you are a candidate (i.e. a person undertaking a Sova questionnaire) please see Sova’s Candidate Privacy Notice.

  • Prospective clients/customers 

Any individual respresenting a client who Sova Assessment are in discussions with regarding a potential contractual relationship. 

  • Clients/customers 

Any individual representating a client who Sova Assessment are currently working with on a contractual basis and who instructs Sova on behalf of that client. 

  • Sub-contractors 

Any individual who provides work on behalf of Sova Assessment.

  • Suppliers 

Any individual/company who provides products and services direct to Sova Assessment. 

  • Sova Assessment website users 

Any individual who accesses the Sova Assessment website.

  • Zapnito Community Platform users

Any individual who accesses the Zapnito Community Platform.

Sova Assessment is committed to acting in compliance with current data protection legislation including the UK Data Protection Act 2018 and the General Data Protection Regulation (Data Protection Legislation), and therefore, to protecting your privacy. 

This Privacy Notice sets out how we process data, and includes:

  • our status, for the purposes of Data Protection Legislation
  • the scope and who the notice covers in terms of personal data
  • who we are and who to contact 
  • the personal data that we collect and hold on you
  • how we collect this data
  • how we store and use personal data
  • our legal bases for processing your personal data
  • information on transfers to third parties and international transfers
  • your rights as a data subject
  1. Data Processor and Data Controller relationship

For the purpose of Data Protection Legislation, Sova Assessment acts as both a Data Processor and a Data Controller.

Where we act as a Data Processor, this means that Sova processes your personal data on the instructions of you. 

Where we act as a Data Controller, this means that Sova determines the purpose for why your personal data is to be used.

  • Individuals representing prospective clients/customers 

Sova Assessment acts as the Data Controller. 

  • Individuals representing clients/customers 

Sova Assessment acts as the Data Controller. 

  • Individuals representing sub-contractors 

Sova Assesment acts as the Data Controller. 

  • Individuals representing suppliers 

Sova Assesment acts as the Data Controller. 

  • Sova Assessment website users 

Sova Assessment acts as the Data Controller. 

  • Zapnito Community Platform users

Sova Assessment acts as the Data Controller.

  • Candidates (individuals undertaking a Sova Assessment questionnaire)

Sova Assessment acts as the Data Processor – please see Sova’s Candidate Privacy Notice.

  1. Who we are and who to contact 
  1. Who we are 

We are Sova Assessment Limited, a company registered in England whose registered office is at Sterling House, 19/23 High Street, Kidlington, Oxfordshire, England, OX5 2DH.

We are online assessment specialists whose aim is to help employers make accurate and informed decisions; and ensure assessments deliver the best possible experience for candidates. We provide digital assessment solutions, talent management consultancy services alongside a range of bespoke training solutions. 

    1. Responsibilities

At Sova Assessment we have a Data Protection representative who is responsible within our business for ensuring that this notice is made available to all individuals prior to Sova Assessment collecting/processing their personal data.

Our Data Protection representatives can be contacted directly here, using the below contact information.

  • compliance@sovaassessment.com
  • 0207 947 4330

Sova Assessment has contracted the services of GRCI Law to act as its Data Protection Officer (DPO). Accordingly, Sova Assessment will seek advice, guidance and input from the DPO where necessary.

  1. What personal data we process and the basis for processing it

The below table illustrates the personal data we process on each category of individuals, for what purpose and the legal basis for processing this data. 

Prospective clients/customers

Personal data type:

Source:

Purpose

Legal basis

Client (company) name

You - during initial contact/communications.

To enable us to respond to your enquiry 

Performance of a contract

Client contacts/points of reference, including name, email address, contact number and job title

You - during initial contact/communications. 

To enable us to respond to your enquiry

Performance of a contract

Products and services you are interested in  

You - during initial contact/communications.

To enable us to respond to your enquiry

Performance of a contract

Marketing data

You - during initial contact/communications.

To manage your preferences in relation to how we communicate with you.

Consent

Clients/Customers

Personal data type:

Source:

Purpose

Legal basis

Client Name, address and registered company number

You - during contract negotiations.

To enter into a contract with you as our client.

Performance of a contract

Client contacts/points of reference, including name, email address, contact number and job title

You – during contract negotiations.

Data may also be collected during commencement of additional projects. 

For administration purposes – to ensure we have a central point of contact during our business relationship.

For administration purposes – to ensure we keep you updated about changes to our products and services. 

Data will also be collected to administer to you a computer-generated invitation which will allow you access to the Sova online platform.

Performance of a contract

Products and services you have purchased from us  

You – during contract negotiations.

Data may also be collected during commencement of additional projects.

To manage our ongoing business relationship with you.

Performance of a contract

Special terms relating to products and services you have purchased from us 

You – during contract negotiations.

Data may also be collected during commencement of additional projects.

For administration purposes – to ensure projects are managed in the way you have requested.

Performance of a contract

Feedback on the products and services provided to you

You – during the completion of a project.

To manage our ongoing business relationship with you and to ensure our products and services can be improved.

Performance of a contract

Financial details, such as a PO number

You - during commencement of a project.

To facilitate the smooth operation of payment.

Performance of a contract

Marketing data

You – during contract negotiations.

Data may also be collected during commencement of additional projects.

To manage your preferences in relation to how we communicate with you.

Legitimate Interests

Username or similar identifier

Automatically generated from our online assessment platform

To administer to you a computer-generated invitation which will allow you access to the Sova online platform. 

Legitimate Interests 

Sub-contractors (Associates working on behalf of Sova)

Personal data type:

Source:

Purpose

Legal basis

Name, email address and contact number

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To enter into a contract with you.

Performance of a contract

Company address, registration number and VAT, or TI (Tax Identification) number

You – during contract negotiations and/or submission of request for payment for services.

To enter into a contract with you.

Legal obligation

Insurance Information

You - when we begin initial communications regarding partnership.

To enter into a contract with you.

Performance of a contract

Fees

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To enter into a contract with you.

Performance of a contract

Bank details

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To facilitate payment for the products and services provided by you. 

Performance of a contract

Information gathered and entered into a CV

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project.

Legitimate Interest

Details on education and employment history  

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project.

Legitimate Interest

Portfolio of work and confirmation of skills and expertise 

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project.

Legitimate Interest

Information included in a biography, including a photograph

You – once the contract is complete and prior to appointment of first project.

To provide to our client an overview of your knowledge and experience which enables you to work on a particular project. 

Legitimate Interest

Expense details and receipts

You – upon completion of a project

To facilitate payment for the products and services provided by you.

Performance of a contract

Suppliers

Personal data type:

Source:

Purpose

Legal basis

Company name and address

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To enter into a contract with you.

Performance of a contract

Company registration number and VAT number

You – during contract negotiations and/or submission of request for payment for services.

To enter into a contract with you.

Performance of a contract

Supplier contacts and points of reference, including name, email address and contact number

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

For administration purposes – to ensure we have a central point of contact during our business relationship.

Performance of a contract

Fees

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To enter into a contract with you.

Performance of a contract

Financial details, including bank details.

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To facilitate payment for the products and services provided by you.

Performance of a contract

Expense details and receipts

You – upon completion of a project

To facilitate payment for the products and services provided by you.

Performance of a contract

Details on products and services you provide to us

You - when we begin initial communications regarding partnership.

Data may also be collected during contract negotiations.

To manage the ongoing business relationship and to help us identify whether any additional products and services will be beneficial to us. 

Legitimate Interest

Sova Assessment website users

Personal data type:

Source:

Purpose

Legal basis

Name, email address and contact number

You – when you request to make contact with us via our website. 

To enable us to respond to your website enquiry.

Consent

Job title

You – when you request to make contact with us via our website.

To enable us to respond to your website enquiry.

Consent

Company whom you work for or are associated with

You – when you request to make contact with us via our website.

To enable us to respond to your website enquiry.

We also process this data so we are able to review if we have an existing relationship with you in order to assign the most relevant person to your query. 

Consent

Details relating to a specific query around products and services provided by us 

You – when you request to make contact ith us via ur website.

To enable us to respond to your website enquiry.

Consent

Technical data including IP address and any other data that is used to access our website

You – when you access the Sova website.

To enable the efficient functioning of our website.

Consent

Marketing data, including date of subscription and communication preferences

You – when you opt-in to receive our newsletter and any other communications regarding our products and services.

To manage your preferences in relation to how we communicate with you.

Consent

Zapnito Community Platform users

Personal data type:

Source:

Purpose

Legal basis

Name, email address and contact number

You – when you subscribe to use the Platform. 

To enable you to register to use the Platform.

Performance of a contract / Legitimate Interests

Job Title

You – when you subscribe to use the Platform.

To enable you to register to use the Platform.

Performance of a contract / Legitimate Interests

Company whom you work for or are associated with

You – when you subscribe to use the Platform.

To enable you to register to use the Platform.

Performance of a contract / Legitimate Interests

Contributions you make to the Platform (this includes conversations you have with other users of the Platform in community forums and any content or materials you upload or add to the Platform).

You – when you make contributions to the Platform.

To enable you to use the interactive features within the Platform and to allow us to build the contributions and content within the Platform for the benefit of all current and future users.

Performance of a contract / Legitimate Interests

Information about which parts of the Platform and which resources you have accessed and used.

You – when you access and use the Platform and its resources.

To enable us to better understand the use of the Platform and its resources and to enable us to report usage information to the  Company whom you work for or are associated with.

 

Legitimate Interests

Technical data including IP address and any other data that is used to access the Platform

You – when you access the Platform.

To enable the efficient functioning of the Platform.

Consent

Marketing data, including date of subscription and communication preferences

You – when you opt-in to receive our newsletter and any other communications regarding our products and services.

To manage your preferences in relation to how we communicate with you.

Consent
  1. Special categories of data

Special category data is only that which is provided by you, the data subject. We do not process special categories of data . 

  1. Consent

Consent is required where we process technical data including your IP address and any other associated technical information. Such consent is obtained when you provide consent via our website and/or online platform. 

Consent is also required for the processing of marketing data. Such consent is obtained during the beginning of our business relationship and/or when you provide consent via our website. 

You may withdraw consent at any time by contacting our Data Protection representatives, using the below contact information.

  • compliance@sovaassessment.com
  • 0207 947 4330
  1. Disclosure

Sova Assessment may share your data with third parties and for the purposes set out below: 

Subsidiaries of Sova Assessment 

  • any of our subsidiaries whereby products and services have been rendered for utilisation outside the scope of Sova UK 
  • any of our subsidiaries whereby products and services are required for the purpose of completing a particular project which is outside of the UK
  • any of our subsidiaries whereby an enquiry is most suited to business operations outside of the UK 

Third parties (acting as sub-processors)

  • sub-contractors who provide services on our behalf
  • suppliers who provide IT, system administration and platform services to us, as well as suppliers providing any other services connected to the service we provide

As required by Data Protection Legislation, any sharing of personal data is subject to appropriate confidentiality obligations and safeguards, as per the below; 

  • relevant contractual clauses are in operation to ensure third party due diligence in relation to data security
  • third party processes are checked to ensure appropriate safeguards are adopted

Personal data type:

Legal basis for processing:

Subsidiaries of Sova Assessment 

Performance of a contract

Legitimate Interest

Third parties (acting as sub-processors)

Performance of a contract
  1. International transfers of personal data

Where personal data is transferred outside the UK and EEA (which includes all EU countries plus Iceland, Liechtenstein and Norway), we take all reasonably necessary measures to ensure that the protection offered by the GDPR will travel with the data and, that your data is treated securely and in accordance with this Privacy Notice and the requirements of Data Protection Legislation. This means that when exporting data abroad, we will ensure one of the following measures are adhered to:

  • the non-UK/non-EU country's protections are deemed adequate by the EU
  • relevant contractual clauses are in operation to ensure third party due diligence in relation to data security
  • third party processes are checked to ensure appropriate safeguards are adopted
  • specific grounds for the transfer (derogations) such as the consent of the individual are applicable
  1. Retention period

Sova Assessment will process personal data for as long as necessary to fulfil the purposes for which the data was collected. 

Record

Retention Period

Client Contracts, agreements and other arrangements

For the length of the contract or agreement and 6 years afterwards

All other Contracts, agreements and other arrangements

For the length of the contract or agreement and 6 years afterwards

Correspondence

Emails are archived and then permanently deleted after 10 years

Customer and client records

These records are kept for as long as they are relevant to the operations of the

business.

All other records (supplier, sub-contractor records)

These records are kept for as long as they are relevant to the operations of the

business.

Opt-in and out agreements

For as long as necessary.

Contributions to the Zapnito Community Platform.

For as long as we consider they are useful for the Platform.

If you require further information on specific retention periods, please contact us (see section 4.2 for how to contact us).

  1. Automated Decision-Making

Automated decision-making means making decisions about you using no human involvement. No decision will be made using Automated-decision making. 

  1. How we keep your data secure

Sova Assessment are committed to ensuring the security of your data. As the data processor, we ensure that all necessary steps are taken to protect against the potential loss, unauthorised disclosure of, or access to, the personal data we process or use. Sova Assessment adopts the following safeguards to ensure the security of your data. 

  • personal data will only be kept for as long as necessary to fulfil the purposes for which the data was collected, unless otherwise directed by you
  • access to personal data is restricted to authorised individuals 
  • secure encryption policies are in operation 
  • all the provisions of ISO 27001 certification
  1. Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation in certain situations.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling. 
  • Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 17 below.

You can exercise your right by contacting us at the following email address – compliance@sovaassessment.com

All of the above requests will be forwarded on to the third parties involved (as stated in 8 above) in the processing of your personal data.

  1. Changes

We may update and vary this Privacy Notice from time to time.  Any updates will be published on our website.

  1. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Sova Assessment (or third parties as described in 10 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Sova Assessment’s data protection representatives. 

Sova Assessment has contracted the services of GRCI Law to act as its Data Protection Officer (DPO). Accordingly, Sova Assessment will seek advice, guidance and input from the DPO where necessary.

The details for each of these contacts are: 

Contact name

Supervisory authority

DPO

Address line 1:

UK Informtion Commissioner’s Office (ICO

GRCI Law

Address line 2:

Wycliffe House, Water Lane

GRC International Group Plc

Unit 3, Clive Court

Address line 3:

Wilmslow

Bartholomew’s Walk

Cambridgeshire Business Park

Address line 4:

Cheshire

Ely

Cambridgeshire

Postcode:

SK9 5AF

CB7 4EA

Email:

casework@ico.org.uk

compliance@sovaassessment.com