Aalto Potential is fully committed to the Data Protection Principles established in the Data Protection Act 1988, the Data Protection (Amendment) Act 2003 and the General Data Protection Regulation (EU) 2016/679 (GDPR):
Personal Data: any data that can directly or indirectly identify a living individual
Special Category Data: personal data consisting of information relating to: Race or ethnic origin; Political opinions; Religious beliefs or other; Trade union member status; Physical or mental health; Sexual life; The commission or alleged commission of any offence; Any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence in court of such proceedings.
Data Subject: the individual who is the subject of the personal data collected
Candidate: the party undergoing the service by Aalto Potential
Client: the party requesting and paying for selected service from Aalto Potential, including recruitment agencies
“Us”, “We”, “Our”: Aalto Potential
“You”, “Your”: the candidate / coachee
Types of Information Collected
We retain three types of information:
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website through Google Analytics, a highly reputable and secure software. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.
All personal data collected from the data subject by Aalto Potential is necessary to fulfil the service selected by the candidate or client. All data collected shall not be excessive or unnecessary to the fulfilment of the service, and will be stored for an appropriate amount of time. By necessity, we require the following data to fulfil our services: your name, address, email address, telephone number, date of birth, and IP address. Bank details will be collected for payment of service by the client. Such information is only collected if voluntarily submitted to us by the data subject.
Special Category Data:
The Special Category Data we collect includes the results of psychometric assessments, such as personality profiles, aptitude test scores, and emotional intelligence scores. The data collected from these assessments will be subject to profiling and automated decision making. Consent will be required from the candidate prior to any psychometric assessment taking place. Data collected from psychometric assessments carried out online are managed by third-party test publishers, who we have written agreements in place with to ensure all reasonable data protection measures are taken by them to secure your data. Reports sent to us from test publishers and/or stored by us in the case of onsite assessments are stored on servers in Ireland and in the Cloud where the Data Centre is based in the EEA (UK) with all reasonable security measures in place. On completion of psychometric assessments, reports are generated with the following information visible to the client:
Name of candidate (unless we are requested to keep this confidential); position applied for; written narrative of the 16PF personality profile; Hogan Assessments; or Strong Interest Inventory results and explanations. Results and explanations of reasoning tests, which may include: The Watson Glaser Critical Thinking Appraisal; Raven’s Advanced Progressive Matrices; Profiling for Success – Numerical Reasoning and Abstract Reasoning.
Should you not consent to any or all of this data being exchanged with the client on your behalf, said data shall not be sent. Your consent to exchange collected data will be determined during the “validation interview” which will take place after your onsite assessment. If a candidate withdraws consent to process data during an assessment, that assessment will be closed and no processing activities or data exchange with the client will occur. We will store test results for the duration of their validity (two years) after which all traces of test results will be destroyed. If you wish to remove these test results prior to the two-year retention period, you can do so by submitting a written request via post or email. We may require you to confirm your identity prior to deleting these files, after which, all files in question will be deleted within 48 hours. You may also request a copy of your psychometric assessment results at any time once the recruitment process has been completed.
Who Controls the Data?
Aalto Potential controls all raw and interpreted data collected from all online and onsite psychometric assessments. Once a report has intentionally been sent to the client from Aalto Potential, it is owned and controlled by the client. Reports sent to the candidate are jointly controlled by the candidate and Aalto Potential. A joint controllership is necessary in instances where reports are sent to the candidate to pass to the client, but such an exchange does not occur.
How we collect your Information
Personal Data/Special Category Data:
We collect personal information from you in a number of ways:
If you provide it to us directly through our website
If you provide it directly to a member of staff
If one of our clients provides it to us in order for us to carry out a service for them, such as psychometric testing
If a third party, such as a recruitment agency, provides it to us on behalf of a client, in order for us to carry out a service for them, such as psychometric testing
Our clients and any third parties we receive personal information from are bound by the same privacy and data protection laws as we are, under GDPR.
Why we hold your Information
Personal Data/Special Category Data:
We will process any Personal Data or Special Category Data you provide to us for the following purposes only:
· To provide you with the services you have requested
· To provide our clients with services they have requested on you, for example, psychometric testing
· To contact you if required to respond to any communications you might send to us
We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our website.
Aalto Potential website (via Wix) collects cookies to decipher how effective the website is. For further information, please click here.
Material on this site is protected by copyright. The copyright owner is Aalto Potential. You may not make alterations or additions to the material on this site. Appropriate acknowledgement of the copyright owner is required if material is re-published in any format.
Retention of Data
Reports relating to selection work, along with any electronic data, such as a personality profile and/or the results of an aptitude test will be kept for their maximum validity period of up to 2 years, in order for us to carry out the service we have been contracted to do. Any hard copy materials will be confidentially shredded as soon as the selection process is complete.
Reports relating to development and coaching work, along with any electronic data, such as a personality profile and/or the results of an aptitude test will be kept for their maximum validity period of up to 2 years, in order for us to carry out the service we have been contracted to do. Any hard copy materials and written notes will be confidentially shredded as soon as the development/coaching assignment is completed
Your Information and Third Parties
We will not disclose your Personal Data to any third parties unless we need the third party to carry out a specific service such as the provision of online psychometric testing. Any third parties we send personal information from are bound by the same privacy and data protection laws as we are, under GDPR. We will only disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, regulation or lawful request, such as a court order.
We require your consent to process your personal data and sensitive personal data. An example of where we will gather consent it to send you our newsletter or further information about our services, which may be of interest to you.
Your Personal Information Rights
In accordance with our obligations under the Data Protection Act 1988, the Data Protection (Amendment) Act 2003 and GDPR, we can assist you with the following:
Updating and correcting your personal data
Removing consent. You can change your mind whenever you give us consent, such as for direct marketing
Deleting your information (your right to be forgotten). You can ask us to remove your personal data from our database
Moving your information (your right to portability). Whenever possible, we can share a digital copy of your personal data or with another organisation
To find out what Personal Data we hold on you or to have your Personal Data updated, corrected, to remove consent, to have a copy of all your data sent to you or to be removed from our database, please email us with a request to firstname.lastname@example.org – we may contact you to confirm your identity. This is to protect your personal data.
Sale of Business
We have always been fully committed to ensuring the security and integrity of personal data that we hold and have put in place appropriate technical and organisational measures to ensure this. In the event of a breach, we will notify any affected individuals immediately.
As with all electronic communication, when you give us personal data by that means, the data, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data. Data may be processed outside of Ireland but as Data Controllers we have ensured that any Data Processors we use are fully GDPR compliant.
This Data Protection Policy was last updated in January 2021. We reserve the right to amend or update the policy from time to time. Any changes will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.