GDPR & Data Protection Policy

Last updated: January 2026

1. Data Controller

We act as a Data Controller for employer account data and as a Data Processor for candidate assessment data.

2. Lawful Basis

• Contractual necessity
• Legitimate interest
• Legal obligation

3. Candidate Data

Employers are responsible for ensuring candidates are informed before their data is submitted.

4. Security Measures

We use encryption, access controls, and secure hosting to protect personal data.

5. Data Requests

Requests can be submitted to: gdpr@yourdomain.com