Data Protection Statement
Purple Squirrel Psychometrics Ltd is a UK company and is registered with the Information Commissioner’s Office – ICO (Reference: ZA267541)
Under data protection legislation every individual has rights as to how their personal data is handled and we recognise the need to treat all such data in an appropriate and lawful manner, according to the nature and classification of such data. We are committed to complying with current legislation including the General Data Protection Regulation (EU) 2016/ 679 (GDPR), together with any applicable, enacting, successor or amending legislation. The GDPR has strengthened the rights that individuals have regarding their personal data and seeks to unify data protection laws across the European Union, governing the rights of EU citizen data subjects, regardless of where their data is processed or stored.
Our Approach to Data Protection and Privacy.
We are committed to global GDPR compliance, providing robust privacy and security protections which have been built into our services. We adhere to the following data protection principles:
lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent way
purpose limitation - personal data shall be collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
data minimisation - personal data shall be relevant to the purposes we have told you about and limited only to those purposes
accuracy - personal data shall be accurate and kept up to date
storage limitation - personal data shall be kept only as long as necessary for the purposes we have told you about (a data flow chart is available upon request)
integrity and confidentiality - personal data shall be kept securely, using appropriate technical and organisation measures.
In our role as a data controller, we are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR. Our data controller obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data, together with only using data processors that operate in such a manner that their data processing will also meet the requirements of GDPR.
In our role as a data processor, we are responsible for implementing appropriate technical and organisational measures to meet the requirements of GDPR, ensuring a level of information security appropriate to the risk, and acting in accordance with the relevant data controller’s instructions. We enter into contractual agreements as appropriate with the applicable data controller, and also with sub-processors, to provide sufficient representations to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR.