KinchLyons Ltd is fully committed to the Data Protection Principles established in the Data Protection Act 1988, the Data Protection (Amendment) Act 2003 and the General Data Protection Regulation (EU) 2016/679 (GDPR):
Personal Data: any data that can directly or indirectly identify a living individual
Special Category Data: personal data consisting of information relating to: Race or ethnic origin; Political opinions; Religious beliefs or other; Trade union member status; Physical or mental health; Sexual life; The commission or alleged commission of any offence; Any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence in court of such proceedings.
Data Subject: the individual who is the subject of the personal data collected
Candidate: the party undergoing the service by KinchLyons
Client: the party requesting and paying for selected service from KinchLyons, including recruitment agencies
“Us”, “We”, “Our”: KinchLyons
“You”, “Your”: the candidate
Types of Information Collected
We retain three types of information:
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website through Google Analytics, a highly reputable and secure software. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.
All personal data collected from the data subject by KinchLyons is necessary to fulfil the service selected by the candidate or client. Data collected will not be excessive or unnecessary to the fulfilment of the service, and will be stored for an appropriate amount of time. By necessity, we require the following data to fulfil our services: your name, address, email address, telephone number and IP address. Bank details may be collected for payment of service by the client. Such information is only collected if voluntarily submitted to us by the data subject.
Special Category Data:
The Special Category Data we collect includes the results of psychometric assessments, such as personality profiles, aptitude test scores and emotional intelligence scores. The data collected from these assessments will be subject to profiling and automated decision making. Consent will be required from the candidate prior to any psychometric assessment taking place. Data collected from psychometric assessments carried out online are managed by third-party test publishers, who we have written agreements in place with to ensure all reasonable data protection measures are taken by them to secure your data. Reports sent to us from test publishers and/or stored by us in the case of onsite assessments are stored on password protected devices in Ireland and in the Cloud where the Data Centre is based in Canada with all reasonable security measures in place (The European Commission has recognised Canada [commercial organisations] as providing an adequate level of data protection. This recognition means that personal data can flow from the EU to a recognised county without further safeguards being necessary).
On completion of psychometric assessments, reports are generated with the following information visible to the client:
Name of candidate (unless we are requested to keep this confidential); position applied for (where applicable); personality profile and corresponding written explanation; emotional intelligence scores and corresponding written explanation. Results and explanations of other tests, which may include: The Managerial Values Survey; The Watson Glaser Critical Thinking Appraisal; AH4 and AH5 Tests of Reasoning.
Should you not consent to any or all of this data being exchanged with the client on your behalf, said data shall not be sent. Your consent to exchange collected data will be determined during the “feedback session” which will take place after your assessment. If a candidate withdraws consent to process data during an assessment, that assessment will be closed and no processing activities or data exchange with the client will occur. We will store test results for the duration of their validity (two years) after which all traces of test results will be destroyed. If you wish to remove these test results prior to the two-year retention period, you can do so by submitting a written request via post or email. We may require you to confirm your identity prior to deleting these files, after which, all files in question will be deleted within 48 hours. You may also request a copy of your psychometric assessment results at any time once the testing process has been completed.
Who Controls the Data?
KinchLyons control all raw and interpreted data collected from all psychometric assessments. Once a report has intentionally been sent to the client from KinchLyons, it is owned and controlled by the client.
How we collect your Information
Personal Data/Special Category Data:
We collect personal information from you in a number of ways:
- If you provide it to us directly through our website
- If you provide it directly to a member of staff
- If one of our clients provides it to us in order for us to carry out a service for them, such as psychometric testing
- If a third party, such as a recruitment agency, provides it to us on behalf of a client, in order for us to carry out a service for them, such as psychometric testing
Our clients and any third parties we receive personal information from are bound by the same privacy and data protection laws as we are, under GDPR.
Why we hold your Information:
Personal Data/Special Category Data:
We will process any Personal Data or Special Category Data you provide to us for the following purposes only:
- To provide you with the services you have requested
- To provide our clients with services they have requested on you, for example, psychometric testing
- To contact you if required to respond to any communications you might send to us
We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our website.
Cookies are small text files that are placed on your computer by websites that you visit.
They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Retention of Data
- Reports relating to selection work, along with any electronic data, such as a personality profile and/or the results of an aptitude test will be kept for their maximum validity period of up to 18 months, in order for us to carry out the service we have been contracted to do. Any hard copy materials will be confidentially shredded as soon as the selection process is complete.
- Reports relating to development and coaching work, along with any electronic data, such as a personality profile and/or the results of an aptitude test will be kept for their maximum validity period of up to 18 months, in order for us to carry out the service we have been contracted to do. Any hard copy materials and written notes will be confidentially shredded as soon as the development/coaching assignment is completed
Your Information and Third Parties
We will not disclose your Personal Data to any third parties.
We require your consent to process your personal data and sensitive personal data. An example of where we will gather consent it to send you our newsletter or further information about our services, which may be of interest to you.
Your Personal Information Rights
In accordance with our obligations under the Data Protection Act 1988, the Data Protection (Amendment) Act 2003 and GDPR, we can assist you with the following:
- Updating and correcting your personal data
- Removing consent. You can change your mind whenever you give us consent, such as for direct marketing
- Deleting your information (your right to be forgotten). You can ask us to remove your personal data from our database
- Moving your information (your right to portability). Whenever possible, we can share a digital copy of your personal data or with another organisation
To find out what Personal Data we hold on you or to have your Personal Data updated, corrected, to remove consent, to have a copy of all your data sent to you or to be removed from our database, please email us with a request to firstname.lastname@example.org – we may contact you confirm your identity. This is to protect your personal data.
Sale of Business
We have always been fully committed to ensuring the security and integrity of personal data that we hold and have put in place appropriate technical and organisational measures to ensure this. In the event of a breach, we will notify any affected individuals immediately.
As with all electronic communication, when you give us personal data by that means, the data, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data. Data may be processed outside of Ireland but as Data Controllers we have ensured that any Data Processors we use are fully GDPR compliant.
This Data Protection Policy was last updated in May 2018. We reserve the right to amend or update the policy from time to time. Any changes will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.