testrungo

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our assessment platform. We are committed to processing personal data responsibly and in accordance with UK GDPR and the Data Protection Act 2018.

1. Data Controller

We are the data controller for personal data collected directly through our website and platform. Where our business customers use the platform to assess candidates, they are the data controller for that candidate data and we act as their data processor. Contact details for our data protection lead are available on our contact page.

2. Personal Data We Collect

  • Business customers and their users: name, work email address, job title, company name, billing information, usage data, and communications with us.
  • Candidates (on behalf of business customers): name, email address, assessment responses, scores, and any additional data requested by the customer within the limits of the platform.
  • Website visitors: IP address, browser type, pages visited, and cookie data (see our Cookie Policy).

3. How We Use Personal Data

  • To provide, maintain, and improve the platform and services.
  • To manage accounts, billing, and customer support.
  • To ensure platform security and prevent fraud or misuse.
  • To send service-related communications and, where consented, marketing updates.
  • To comply with legal obligations.
  • To analyse platform usage and improve user experience (with consent for analytics cookies).

4. Legal Bases for Processing

We process personal data on the basis of contract (to deliver services), legitimate interests (security, fraud prevention, improvement), legal obligation, and consent where applicable. For candidate data processed on behalf of business customers, our customers determine the legal basis.

5. Sharing Personal Data

We do not sell personal data. We may share data with:

  • Service providers: hosting, payment processing, analytics, and customer support — under data processing agreements.
  • Business customers: who receive candidate results and data they have collected using the platform.
  • Legal and regulatory bodies: where required by law or to protect the rights and safety of users.

6. International Transfers

Data is primarily processed within the UK. Any transfers outside the UK are subject to appropriate safeguards, including UK IDTAs or adequacy decisions, in compliance with UK GDPR Chapter V.

7. Retention

We retain personal data only as long as necessary for the purpose for which it was collected, or as required by applicable law. Customer account data is retained for the duration of the contract and a reasonable period thereafter for legal and audit purposes. Candidate assessment data is retained in line with our customers' instructions and our standard data processing terms.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction — including encryption, access controls, and regular security reviews.

9. Your Rights

You have rights under UK GDPR including access, rectification, erasure, restriction, portability, and objection. See our GDPR & Data Subject Rights page for full details and how to exercise them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify business customers by email or via the platform. Continued use of the platform after changes are published constitutes acceptance of the updated policy.

11. Contact

For privacy queries or to exercise your rights, please contact us via our contact page or write to our data protection lead at the address listed there.