Privacy & Data Protection

The purpose of this privacy policy is to describe clearly what information we gather about you while you access Podium's sites and platform, how we use and process that data, who we disclose this information to, and how you can find out what data we hold about you together with how you can request changes or removal of that data.

Podium Systems Limited complies with both the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 (DPA 2018). We process all personal data in accordance with the data protection principles outlined in these regulations, ensuring that personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept for no longer than necessary
• Processed securely and protected against unauthorized access

Our ISO 27001:2022 certification demonstrates our commitment to maintaining robust information security controls that protect your personal data.

Personal data should be processed lawfully, fairly and in a transparent manner.

We currently collect and process the following information:

• Name
• Email Address
• Biographical information
• Sex
• Age
• Level of education
• Ethnicity
• First language
• Job area or current employment area
• Facial images

We collect only the necessary information about you for the purposes of psychometric, skills, 360 or other online assessments and the subsequent reporting of these assessments to our clients. Our clients may provide your personal information to us in order for us to setup your personalised invitations.

You may also be asked to volunteer this information to us via a form before you start your assigned assessments or other online exercises.

While you complete your assessments or other online exercises, we will also be collecting specific assessment data in the form of your responses to specific questions.

When providing any personal information we will specifically ask your consent to collect and process this information. You will have the choice whether to provide this information or not, and where a response is required, there is always a "Rather Not Say" option.

We offer the option of Facial Validation which is an advanced add-on feature designed to enhance the security and validity of un-proctored, remotely administered assessments. It uses a combination of artificial intelligence (AI) and common hardware that is available to most end-users. It is important to note that Facial Validation is not the same as Facial Recognition.

We store and process your data in order to provide a service to our clients. Your data or responses therefore could be used to help identify you and your responses for our client who has supplied your information to us. It may be used to produce reports for this client detailing areas of your personality, your ability, or your performance at specific skills. Additionally we may use this data to produce feedback reports for you which will summarise the information we have provided to our client.

Our clients may use these reports for the purposes of selection or development of individuals or teams/departments within their or for other organisations.

We may also provide a copy of the assessment data to our clients for use by them for their own use and management purposes.

Our clients are entitled to the use of the information you provide at their request for their own purposes. They are however obliged to process your information in accordance with their own obligations to data security policy, the Data Protection Act, or other data protections laws where applicable.

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• Legitimate interests in providing assessment and reporting services
• Contractual necessity for delivering our services
• Consent where specifically required
• Legal obligations under applicable law

Your information is securely stored. We have strong technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We are ISO 27001:2022 registered and have an ongoing security training program in place for our employees on the proper handling of personal information.

We will retain personal data for as long as is required for the purposes it was collected. As a general rule, we will anonymise data after a period of 18 months at our discretion.

Under data protection law, including both the UK GDPR and DPA 2018, you have rights including:

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you have any questions or if you wish to contact us, please email us at privacy@podium365.com

If you have any concerns about our use of your personal information, you can make a complaint by emailing us at privacy@podium365.com

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO's address:

ICO website: Information Commissioner's Office (ICO)