Privacy Policy
SOVA Assessment Limited Privacy Notice
- Introduction
This Privacy Notice is made available for the benefit of the categories of individuals defined below. If you are a candidate (i.e. a person undertaking a Sova questionnaire) please see Sova’s Candidate Privacy Notice.
- Prospective clients/customers
Any individual respresenting a client who Sova Assessment are in discussions with regarding a potential contractual relationship.
- Clients/customers
Any individual representating a client who Sova Assessment are currently working with on a contractual basis and who instructs Sova on behalf of that client.
- Sub-contractors
Any individual who provides work on behalf of Sova Assessment.
- Suppliers
Any individual/company who provides products and services direct to Sova Assessment.
- Sova Assessment website users
Any individual who accesses the Sova Assessment website.
- Zapnito Community Platform users
Any individual who accesses the Zapnito Community Platform.
Sova Assessment is committed to acting in compliance with current data protection legislation including the UK Data Protection Act 2018 and the General Data Protection Regulation (Data Protection Legislation), and therefore, to protecting your privacy.
This Privacy Notice sets out how we process data, and includes:
- our status, for the purposes of Data Protection Legislation
- the scope and who the notice covers in terms of personal data
- who we are and who to contact
- the personal data that we collect and hold on you
- how we collect this data
- how we store and use personal data
- our legal bases for processing your personal data
- information on transfers to third parties and international transfers
- your rights as a data subject
- Data Processor and Data Controller relationship
For the purpose of Data Protection Legislation, Sova Assessment acts as both a Data Processor and a Data Controller.
Where we act as a Data Processor, this means that Sova processes your personal data on the instructions of you.
Where we act as a Data Controller, this means that Sova determines the purpose for why your personal data is to be used.
- Individuals representing prospective clients/customers
Sova Assessment acts as the Data Controller.
- Individuals representing clients/customers
Sova Assessment acts as the Data Controller.
- Individuals representing sub-contractors
Sova Assesment acts as the Data Controller.
- Individuals representing suppliers
Sova Assesment acts as the Data Controller.
- Sova Assessment website users
Sova Assessment acts as the Data Controller.
- Zapnito Community Platform users
Sova Assessment acts as the Data Controller.
- Candidates (individuals undertaking a Sova Assessment questionnaire)
Sova Assessment acts as the Data Processor – please see Sova’s Candidate Privacy Notice.
- Who we are and who to contact
- Who we are
We are Sova Assessment Limited, a company registered in England whose registered office is at Sterling House, 19/23 High Street, Kidlington, Oxfordshire, England, OX5 2DH.
We are online assessment specialists whose aim is to help employers make accurate and informed decisions; and ensure assessments deliver the best possible experience for candidates. We provide digital assessment solutions, talent management consultancy services alongside a range of bespoke training solutions.
- Responsibilities
At Sova Assessment we have a Data Protection representative who is responsible within our business for ensuring that this notice is made available to all individuals prior to Sova Assessment collecting/processing their personal data.
Our Data Protection representatives can be contacted directly here, using the below contact information.
- compliance@sovaassessment.com
- 0207 947 4330
Sova Assessment has contracted the services of GRCI Law to act as its Data Protection Officer (DPO). Accordingly, Sova Assessment will seek advice, guidance and input from the DPO where necessary.
- What personal data we process and the basis for processing it
The below table illustrates the personal data we process on each category of individuals, for what purpose and the legal basis for processing this data.
Prospective clients/customers
Personal data type: |
Source: |
Purpose |
Legal basis |
Client (company) name |
You - during initial contact/communications. |
To enable us to respond to your enquiry |
Performance of a contract |
Client contacts/points of reference, including name, email address, contact number and job title |
You - during initial contact/communications. |
To enable us to respond to your enquiry |
Performance of a contract |
Products and services you are interested in |
You - during initial contact/communications. |
To enable us to respond to your enquiry |
Performance of a contract |
Marketing data |
You - during initial contact/communications. |
To manage your preferences in relation to how we communicate with you. |
Consent |
Clients/Customers
Personal data type: |
Source: |
Purpose |
Legal basis |
Client Name, address and registered company number |
You - during contract negotiations. |
To enter into a contract with you as our client. |
Performance of a contract |
Client contacts/points of reference, including name, email address, contact number and job title |
You – during contract negotiations. Data may also be collected during commencement of additional projects. |
For administration purposes – to ensure we have a central point of contact during our business relationship. For administration purposes – to ensure we keep you updated about changes to our products and services. Data will also be collected to administer to you a computer-generated invitation which will allow you access to the Sova online platform. |
Performance of a contract |
Products and services you have purchased from us |
You – during contract negotiations. Data may also be collected during commencement of additional projects. |
To manage our ongoing business relationship with you. |
Performance of a contract |
Special terms relating to products and services you have purchased from us |
You – during contract negotiations. Data may also be collected during commencement of additional projects. |
For administration purposes – to ensure projects are managed in the way you have requested. |
Performance of a contract |
Feedback on the products and services provided to you |
You – during the completion of a project. |
To manage our ongoing business relationship with you and to ensure our products and services can be improved. |
Performance of a contract |
Financial details, such as a PO number |
You - during commencement of a project. |
To facilitate the smooth operation of payment. |
Performance of a contract |
Marketing data |
You – during contract negotiations. Data may also be collected during commencement of additional projects. |
To manage your preferences in relation to how we communicate with you. |
Legitimate Interests |
Username or similar identifier |
Automatically generated from our online assessment platform |
To administer to you a computer-generated invitation which will allow you access to the Sova online platform. |
Legitimate Interests |
Sub-contractors (Associates working on behalf of Sova)
Personal data type: |
Source: |
Purpose |
Legal basis |
Name, email address and contact number |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To enter into a contract with you. |
Performance of a contract |
Company address, registration number and VAT, or TI (Tax Identification) number |
You – during contract negotiations and/or submission of request for payment for services. |
To enter into a contract with you. |
Legal obligation |
Insurance Information |
You - when we begin initial communications regarding partnership. |
To enter into a contract with you. |
Performance of a contract |
Fees |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To enter into a contract with you. |
Performance of a contract |
Bank details |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To facilitate payment for the products and services provided by you. |
Performance of a contract |
Information gathered and entered into a CV |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project. |
Legitimate Interest |
Details on education and employment history |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project. |
Legitimate Interest |
Portfolio of work and confirmation of skills and expertise |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To provide to us an overview of your knowledge and experience which helps us to make accurate and informed decisions on your ability to work on a particular area of work or project. |
Legitimate Interest |
Information included in a biography, including a photograph |
You – once the contract is complete and prior to appointment of first project. |
To provide to our client an overview of your knowledge and experience which enables you to work on a particular project. |
Legitimate Interest |
Expense details and receipts |
You – upon completion of a project |
To facilitate payment for the products and services provided by you. |
Performance of a contract |
Suppliers
Personal data type: |
Source: |
Purpose |
Legal basis |
Company name and address |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To enter into a contract with you. |
Performance of a contract |
Company registration number and VAT number |
You – during contract negotiations and/or submission of request for payment for services. |
To enter into a contract with you. |
Performance of a contract |
Supplier contacts and points of reference, including name, email address and contact number |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
For administration purposes – to ensure we have a central point of contact during our business relationship. |
Performance of a contract |
Fees |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To enter into a contract with you. |
Performance of a contract |
Financial details, including bank details. |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To facilitate payment for the products and services provided by you. |
Performance of a contract |
Expense details and receipts |
You – upon completion of a project |
To facilitate payment for the products and services provided by you. |
Performance of a contract |
Details on products and services you provide to us |
You - when we begin initial communications regarding partnership. Data may also be collected during contract negotiations. |
To manage the ongoing business relationship and to help us identify whether any additional products and services will be beneficial to us. |
Legitimate Interest |
Sova Assessment website users
Personal data type: |
Source: |
Purpose |
Legal basis |
Name, email address and contact number |
You – when you request to make contact with us via our website. |
To enable us to respond to your website enquiry. |
Consent |
Job title |
You – when you request to make contact with us via our website. |
To enable us to respond to your website enquiry. |
Consent |
Company whom you work for or are associated with |
You – when you request to make contact with us via our website. |
To enable us to respond to your website enquiry. We also process this data so we are able to review if we have an existing relationship with you in order to assign the most relevant person to your query. |
Consent |
Details relating to a specific query around products and services provided by us |
You – when you request to make contact ith us via ur website. |
To enable us to respond to your website enquiry. |
Consent |
Technical data including IP address and any other data that is used to access our website |
You – when you access the Sova website. |
To enable the efficient functioning of our website. |
Consent |
Marketing data, including date of subscription and communication preferences |
You – when you opt-in to receive our newsletter and any other communications regarding our products and services. |
To manage your preferences in relation to how we communicate with you. |
Consent |
Zapnito Community Platform users
Personal data type: |
Source: |
Purpose |
Legal basis |
Name, email address and contact number |
You – when you subscribe to use the Platform. |
To enable you to register to use the Platform. |
Performance of a contract / Legitimate Interests |
Job Title |
You – when you subscribe to use the Platform. |
To enable you to register to use the Platform. |
Performance of a contract / Legitimate Interests |
Company whom you work for or are associated with |
You – when you subscribe to use the Platform. |
To enable you to register to use the Platform. |
Performance of a contract / Legitimate Interests |
Contributions you make to the Platform (this includes conversations you have with other users of the Platform in community forums and any content or materials you upload or add to the Platform). |
You – when you make contributions to the Platform. |
To enable you to use the interactive features within the Platform and to allow us to build the contributions and content within the Platform for the benefit of all current and future users. |
Performance of a contract / Legitimate Interests |
Information about which parts of the Platform and which resources you have accessed and used. |
You – when you access and use the Platform and its resources. |
To enable us to better understand the use of the Platform and its resources and to enable us to report usage information to the Company whom you work for or are associated with.
|
Legitimate Interests |
Technical data including IP address and any other data that is used to access the Platform |
You – when you access the Platform. |
To enable the efficient functioning of the Platform. |
Consent |
Marketing data, including date of subscription and communication preferences |
You – when you opt-in to receive our newsletter and any other communications regarding our products and services. |
To manage your preferences in relation to how we communicate with you. |
Consent |
- Special categories of data
Special category data is only that which is provided by you, the data subject. We do not process special categories of data .
- Consent
Consent is required where we process technical data including your IP address and any other associated technical information. Such consent is obtained when you provide consent via our website and/or online platform.
Consent is also required for the processing of marketing data. Such consent is obtained during the beginning of our business relationship and/or when you provide consent via our website.
You may withdraw consent at any time by contacting our Data Protection representatives, using the below contact information.
- compliance@sovaassessment.com
- 0207 947 4330
- Disclosure
Sova Assessment may share your data with third parties and for the purposes set out below:
Subsidiaries of Sova Assessment
- any of our subsidiaries whereby products and services have been rendered for utilisation outside the scope of Sova UK
- any of our subsidiaries whereby products and services are required for the purpose of completing a particular project which is outside of the UK
- any of our subsidiaries whereby an enquiry is most suited to business operations outside of the UK
Third parties (acting as sub-processors)
- sub-contractors who provide services on our behalf
- suppliers who provide IT, system administration and platform services to us, as well as suppliers providing any other services connected to the service we provide
As required by Data Protection Legislation, any sharing of personal data is subject to appropriate confidentiality obligations and safeguards, as per the below;
- relevant contractual clauses are in operation to ensure third party due diligence in relation to data security
- third party processes are checked to ensure appropriate safeguards are adopted
Personal data type: |
Legal basis for processing: |
Subsidiaries of Sova Assessment |
Performance of a contract Legitimate Interest |
Third parties (acting as sub-processors) |
Performance of a contract |
- International transfers of personal data
Where personal data is transferred outside the UK and EEA (which includes all EU countries plus Iceland, Liechtenstein and Norway), we take all reasonably necessary measures to ensure that the protection offered by the GDPR will travel with the data and, that your data is treated securely and in accordance with this Privacy Notice and the requirements of Data Protection Legislation. This means that when exporting data abroad, we will ensure one of the following measures are adhered to:
- the non-UK/non-EU country's protections are deemed adequate by the EU
- relevant contractual clauses are in operation to ensure third party due diligence in relation to data security
- third party processes are checked to ensure appropriate safeguards are adopted
- specific grounds for the transfer (derogations) such as the consent of the individual are applicable
- Retention period
Sova Assessment will process personal data for as long as necessary to fulfil the purposes for which the data was collected.
Record |
Retention Period |
Client Contracts, agreements and other arrangements |
For the length of the contract or agreement and 6 years afterwards |
All other Contracts, agreements and other arrangements |
For the length of the contract or agreement and 6 years afterwards |
Correspondence |
Emails are archived and then permanently deleted after 10 years |
Customer and client records |
These records are kept for as long as they are relevant to the operations of the business. |
All other records (supplier, sub-contractor records) |
These records are kept for as long as they are relevant to the operations of the business. |
Opt-in and out agreements |
For as long as necessary. |
Contributions to the Zapnito Community Platform. |
For as long as we consider they are useful for the Platform. |
If you require further information on specific retention periods, please contact us (see section 4.2 for how to contact us).
- Automated Decision-Making
Automated decision-making means making decisions about you using no human involvement. No decision will be made using Automated-decision making.
- How we keep your data secure
Sova Assessment are committed to ensuring the security of your data. As the data processor, we ensure that all necessary steps are taken to protect against the potential loss, unauthorised disclosure of, or access to, the personal data we process or use. Sova Assessment adopts the following safeguards to ensure the security of your data.
- personal data will only be kept for as long as necessary to fulfil the purposes for which the data was collected, unless otherwise directed by you
- access to personal data is restricted to authorised individuals
- secure encryption policies are in operation
- all the provisions of ISO 27001 certification
- Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation in certain situations.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling.
- Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 17 below.
You can exercise your right by contacting us at the following email address – compliance@sovaassessment.com
All of the above requests will be forwarded on to the third parties involved (as stated in 8 above) in the processing of your personal data.
- Changes
We may update and vary this Privacy Notice from time to time. Any updates will be published on our website.
- Complaints
In the event that you wish to make a complaint about how your personal data is being processed by Sova Assessment (or third parties as described in 10 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Sova Assessment’s data protection representatives.
Sova Assessment has contracted the services of GRCI Law to act as its Data Protection Officer (DPO). Accordingly, Sova Assessment will seek advice, guidance and input from the DPO where necessary.
The details for each of these contacts are:
Contact name |
Supervisory authority |
DPO |
Address line 1: |
UK Informtion Commissioner’s Office (ICO |
GRCI Law |
Address line 2: |
Wycliffe House, Water Lane |
GRC International Group Plc Unit 3, Clive Court |
Address line 3: |
Wilmslow |
Bartholomew’s Walk Cambridgeshire Business Park |
Address line 4: |
Cheshire |
Ely Cambridgeshire |
Postcode: |
SK9 5AF |
CB7 4EA |
Email: |
casework@ico.org.uk |
compliance@sovaassessment.com |