Privacy Policy

Who we are

Our website address is: http://thinklytic.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

ThinkLytic – Privacy protection policy

About this document

This privacy protection policy describes information that we collect, process, share, and store, including personal information, for use within the Facet5 applications and any related services (collectively, the “Services”).

In this Privacy Policy the terms “ThinkLytic “we”, “us” and “our” refers to ThinkLytic and its affiliates.

The Services are intended for use by employees and hired workers of organisations and in accordance with the organisations’ instructions. You are using the Services on an account issued to your employer or another organisation (your “Organisation”), that Organisation is likely to have its own policies regarding storage, access, modification, deletion and retention of information that you submit or provide through the Services. This means that your Organisation has the right to (i) control and administer personal data on a dedicated ThinkLytic account (“An Account”) and (ii) access and process any data that you submit or provide through the Services, including, for example, your assessment results and communications.

Your Organisation is the data controller. ThinkLytic is the data processor, processing your personal data, including any personal data you provide by using the Services, on behalf of your Organisation or on request of your Organisation.

Please contact your Organisation with any privacy enquiries regarding policies, including any enterprise agreements with ThinkLytic, regarding your use of the Services. Complaints may be sent to your Organisation or to the Information Commissioners Office. Please refer below for full contact details.

If you have any enquiries regarding this privacy protection policy document, and the personal data processed as part of the Services, you may contact us at joel.davies@unsw.edu.au

Principles

ThinkLytic is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience.

By using the Services, you consent to the data practices described in this document, and you agree to allow us to collect and process information as described below.

Purpose – why we process the data

We rely on the collection of personal information to enable ThinkLytic to identify you for the creation of computer generated summary reports for purposes such as assessment, team building, development, coaching, and selection on behalf of your Organisation.

It is important that you read this, as you by taking the Services into use, gives us and your employer, your consent to process your personal data for the said purpose.

Legal basis for the processing

The legal basis for the processing of personal data is your consent and the data protection law. Part of the processing is required in order to fulfil the agreement we have with your Organisation.

Hereunder you have the right to request for:

• Access to your personal data.

• Rectification or erasure the personal data.

• Portability of your data, extracting the personal data for transferring it to other service providers.

Submitting your personal data is voluntary and you have the right to restrict our use of the personal data, but some basic information is needed to enable Services to operate.

What data we collect

ThinkLytic stores information which is provided by yourself or your company when you are registered and records that are generated when you use the service.

We collect:

• Contact information, such as Surname, Given name and email address

• Your responses to questionnaires and quizzes

• Gameplay Data: information and data collected from your behavior and actions in the course of playing our Games, including metadata about your real-time user interaction with the Games

The information mentioned above is either provided by you or your activity using the Services, or information we receive from your Organisation.

Special categories of personal data

Research Data may include personal data that reveals your racial or ethnic origin, which is classed as a “special category of personal data” under data protection law. Research Data does not form part of the Assessment and is only used for research purposes in order to monitor our tests and questionnaires for fairness and to maintain a high standard of Assessment.

Where an Assessment asks you to provide Research Data, we will ask for your explicit consent to collect and process such information as this will help us to monitor our tests and questionnaires for fairness and maintain a high standard of Assessment. You do not have to provide Research Data to us; however, we should be grateful if you would complete all the questions as this will help us to monitor our tests and questionnaires for fairness and maintain a high standard of Assessment. Your ability to complete an Assessment will not be affected by your choice not to provide such Research Data, nor will this choice affect your Assessment results.

Any Research Data that we collect will be processed in accordance with this Privacy Policy and applicable data protection laws, and we shall ensure that it is treated securely.

From time to time, Participants may volunteer additional personal information about themselves to us, which may include special categories of personal data. For example, Participants may inform us about a health issue or disability which may impact the way in which they undertake the Assessment. We will obtain explicit consent before further processing any special categories of personal data that a Participant provides. With your consent, this information will be communicated to the Client requesting the Assessment whose responsibility it is to take any decisions regarding the impact on the Assessment process as a result of the information. Please note that without such consent, we may not be able to address the needs of individual Participants.

How we use your data

The information we collect is also used to provide, develop and improve the Services, including information necessary to improve our service and security features. Your Organisation may use your contact details to send you information, or to ask you to

participate in surveys about their Services or to obtain permission for the use of your personal data outside of the scope of this policy.

We may also use this information in an aggregated, non-identified form for research purposes and to assist in ensuring the ongoing reliability and validity of our Services.

We use industry-standard methods to keep this information safe and secure while it is transmitted over your network connection and through the Internet to our servers located in the Untied Kingdom.

Where we process your data

The personal data we collect from you is stored and processed on our servers in Australia, under Australian Data Security and Privacy laws.

Disclosure of information

ThinkLytic does not share personal information for any commercial or marketing purpose unrelated to the delivery of ThinkLytic products and services. The personal information will to some extent be shared with your organisation as part the purpose of the Services.

The following are the limited situations where we may share personal information:

1. With your explicit consent: We may share personal information when we have your consent, for example providing certification information to a third party on your request.

2. Your personal information may be collected, processed and stored by ThinkLytic or its service providers within Australia, or locations regulated by Australian style privacy regulations. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.

3. Legal requests: If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity or litigant that seeks data relating to the Services, we will make reasonable attempts to direct the requesting party to seek the data directly from your Organisation. If we ask the requesting party to direct the request to the Organisation, we will provide your Organisation’s contact information to the requesting party. If legally compelled to produce information and unless legally prohibited, we will use reasonable efforts to notify your Organisation so that they can notify you pursuant to your Organisation’s policies and as permitted by law. We will direct any requests for information under data protection laws to your Organisation, unless prohibited by law.

4. Aggregate or de-identified data. We may share non-personal information (for example, aggregated or anonymized customer and client records), to improve, support and operate ThinkLytic software, products and services, and to create and distribute reports regarding use of such products and services. We take all steps to keep this non-personal information from being associated with you or your Organisation.

Safety and security

We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services on your Organisation’s behalf, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect your data using a team of system and security personnel, automated systems and advanced technology such as encryption and machine learning.

Accessing and modifying your information

You may access the information held on you by your Organisation, and as such may correct or delete information that you have provided. You should contact your Organisation directly to access or modify your information. You can find the representative of the organisation who issued the questionnaire or review in the invitation email or at the bottom of the Questionnaire welcome screen. You may also direct your initial request to Datasecurity@thinklytic.com. Your details will be forwarded to the appropriate organisation for actioning.

Right to Restrict and Delete Data

If you would like to restrict the processing or delete your personal data, you should contact your Organisation. All enquiries and requests will be direct to your Organisation as the Data Controller.

It typically takes upto 30 days to delete data on behalf of your Organisation after a request has been made, but some information may remain in backup copies for a reasonable period of time as directed by your Organisation.

How long we store your information ?

ThinkLytic generally stores your personal information on ThinkLytic’s servers for as long as you or your Organisation remains a ThinkLytic customer. To the extent there are legal requirements for duration of storage, such as for accounting purposes, we may store identified personal data for up to 5 years or under the direction of your Organisation.

As described above you have the right to request for the data to be deleted.

Who Will Have Access to Your Personal Information?

Information held by ThinkLytic is available only to the specific authorised practitioners within your Organisation. The information cannot be supplied to any other Organisation or body. We will not release your personal information to another party without your written permission, except where required by law or relevant professional codes of ethics. Authorised personnel from ThinkLytic may access your information at the request of your Organisation or yourself to support the delivery of our Services.

Changes to our Privacy protection policy

We may update this Privacy protection policy from time to time. When we update the Privacy protection policy, you will be asked to accept the new version of the Privacy protection policy the next time you use our Services.

For further information you can contact using the following information:

ThinkLytic

Floor 16, Matthews Building,

UNSW, Sydney,

Australia

2052

Tel: +61 425344907

Email: Datasecurity@thinklytic.com