Privacy Policy & GDPR

Privacy Policy & GDPR

ICO : CSN 9070617

Updated 20/01/2019

 

Sigma Polaris (Company Number 11754817) (“We”) are committed to protecting and respecting your privacy. This privacy policy applies to the website https://www.sigmapolaris.com/ owned and operated by Sigma Polaris Limited (“We”, “Us”, “Ours”), as well as the assessment technology known as “JOSHUA” (henceforward, “the Services”). This Privacy Policy covers our collection, use and disclosure of information we collect through https://www.sigmapolaris.com/ , third parties, and our services. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. The use of information collected through our Services shall be limited to the purpose of providing the service for which our customers have engaged Sigma Polaris Assessments.

Sigma Polaris – Our Commitment to GDPR

The EU General Data Protection Regulation (GDPR) came into effect in May 2018. The new legislation applies to all businesses processing the personal data of EU citizens, whether they are inside or outside of the EU.

Information Collection and Use

We collect the following personal information from our customers

  • Contact/User Information such as name, email address, mailing address, phone number
  • Unique Identifiers such as user name, account or assessment number, password
  • Information about your business such as company name and address

We use this information to

  • Assess the needs of your business to determine suitable products
  • Send you requested product or service information
  • Respond to customer service requests
  • Administer your account
  • Respond to your questions and concerns
  • Conduct research and analysis
  • Facilitate your interactions with other users

 

Analytics based anonymous data collection

As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyse trends, to administer the site, to track users´ movements around the site and to gather demographic information about our user base as a whole. We do not link this automated collected data to personally identifiable information.

Information Related to Data Collected through the Sigma Polaris assessments, matching and services

Sigma Polaris collects information under the direction of its customers through its various assessment technology services and when it has no direct relationship with the individuals whose personal data it processes. We work with clients to help them provide notice to their customers concerning the purpose for which personal information is collected.

Service Provider, Sub-Processors/Onward Transfer

Sigma Polaris may transfer personal information to companies that help us administer aspects of our business. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers.

Access and Choice regarding Data Controlled by our Clients

In instances where Sigma Polaris has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the Sigma Polaris support. This can be done by directly emailing support@sigmapolaris.com. If that Customer requests Sigma Polaris to remove the data, we will respond to their request within 30 days.

Data Retention

Sigma Polaris will retain personal data we process on behalf of our customers for as long as needed to provide services to our Customers and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

For job applicants and candidates using our careers, assessment and matching service

We advertise our and our clients’ vacancies within numerous job services. If you apply for a job with or through Us we will need to collect personal data from you. Personal data is any information about a living individual from which they can be identified. We collect personal data when you apply for a job through Sigma Polaris, such as:

  • Your name
  • Your address
  • Your email address
  • Your telephone number
  • CV/work history
  • Job preferences including role, geographical areas and salary
  • Whether you need permission to work in the UK
  • Whether you consider yourself disabled within the meaning of the Equality Act 2010
  • Anything else you have included in your CV

If we make an offer of employment, we may request further information such as:

  • Proof of identity and any relevant professional or academic certifications or qualifications
  • Bank details
  • Employment references

In some cases, we require extended background checks, if so we will ask for specific permission beforehand.

The information relating to whether you consider yourself as disabled is used for the purposes of considering whether there are any workplace adjustments that are reasonably required.

The information relating to whether you need permission to work in the UK is used to decide whether we are able to lawfully employ you to work in the UK.

 

How we use your personal information when you apply for a job with us via our own career service and assessment and matching service.

This information is used to help find you employment through Sigma Polaris.

For example, we may use your data to:

  • To find out more about your skills and experience and assess your suitability for employment at.
  • Where you agree that we may do so to retain your information to keep you informed of opportunities as they arise (job alerts).
  • To help make an offer of employment or enter into a working relationship with you.

How we hold your information when you apply for a job with us via our careers service

The personal information set out above is stored on our computer system and is accessed by authorised Sigma Polaris employees and authorised third parties for the purposes of recruitment. We use UK datacentres and your data is protected by multiple tier security.

Your duty to inform us of changes when you apply for a job with us via our careers service

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during our recruitment process, you can either do that by logging into your secure candidate portal or using the contact form.

Your rights when you apply for a job with us via our services

Under certain circumstances, you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of the personal information you’ve given us to another party, please contact support@sigmapolaris.com.
  • Right to withdraw consent You have the right to request withdrawing your consent for processing at any time. To withdraw your consent, please either log into your candidate profile or contact support@sigmapolaris.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

What we may need from you to carry out these requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Retention of your data

Your data will be retained for no longer than is necessary, normally no longer than 18 months unless you inform us otherwise, or we obliged to keep it for legal reasons.

Where we store your personal data

The personal information set out above is stored on our computer system and is accessed by authorised Sigma Polaris employees for the purposes of recruitment. We use UK datacentres and your data is protected by multiple tier security.

Information Sharing

We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell your personal information to third parties.

Service Providers

We may provide your personal information to companies that provide services to help us with our business activities (such as blog hosting). These companies are authorized to use your personal information only as necessary to provide these services to us.

Legal Disclaimer

We may also disclose your personal information:

  • as required by law, such as to comply with a court order, or similar legal process,
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
  • If Sigma Polaris Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
  • to any other third party with your prior consent to do so.

User Access and Choice

If your personal information changes, or if you no longer desire our services, you may correct, update or amend it by making a request to support@sigmapolaris.com. If you wish to suspend or deactivate your account, or request deletion of your information, you may email support at support@sigmapolaris.com or contact us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.

We will retain your information for as long as your account is active, as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We will use your name and email address to send marketing/ promotional emails to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at support@sigmapolaris.com

Tracking Technologies / Cookies

A cookie is a small text file that is stored on a user´s computer for record-keeping purposes. We use cookies on this site. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.

We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. Session ID cookies are used to maintain state, or simply to keep you logged in from page to page. A persistent cookie remains on your hard drive for an extended period of time. These may be used for analytics to understand traffic patterns such as how many unique visitors have been to our site. This is anonymous data though and is not personally identifiable. You can remove persistent cookies by following directions provided in your Internet browser´s ´help´ directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.

Web Beacons / Gifs

In the near future we will employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that will help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user´s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customers´ personally identifiable information.

 

3rd Party Tracking

The use of tracking technologies by our technology partners and other 3rd party assets (such as Facebook or Twitter) on the site is not covered by our privacy policy. These 3rd parties may use cookies, clear gifs, images, and scripts to help them better manage content on our site. We do not have access or control over these technologies. We do not tie the information gathered to our Customers´ or Users´ personally identifiable information.


Behavioural Targeting/ Re-Targeting

We partner with a third party ad network to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personally identifiable information about your activities on this and other Web sites to provide you targeted advertising based upon your interests.

 

Security

The security of the personal information of both our customers and the individuals whose data we process is important to us. When sensitive information is entered, (such as on the log-in page to our Services when this is enabled) we will encrypt the transmission of that information using secure socket layer technology (SSL).

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at support@sigmapolaris.com.

Links to 3rd Party Sites

Our Site includes links to other Web sites whose privacy practices may differ from those of Sigma Polaris. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Web site you visit.

Blog

Our website will shortly offer a publicly accessible blog. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog, contact us at support@sigmapolaris.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at support@sigmapolaris.com or using the information listed below.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

For users of Apps that may use the Sigma Polaris assessment and matching Software platform

Sigma Polaris is a software product used by companies to manage their recruitment. You might have seen our logo on a website and come here to read our privacy policy, but if you have applied for a job with one of our customers and want to exercise your right as a data subject you will need to contact them directly, there will be contact details on the website you applied through.

Some of our customers also use a feature that allows you to log in with Linked-in, Google or Facebook- this saves time and reduces the number of passwords you have to remember. If you use this feature you might find an app called Sigma Polaris as a list of 3rd party tools you’ve downloaded.  We don’t collect or use your personal information for any of our own purposes.

 

What is personal data?

In recruitment, we collect lots of data about our candidates – but which of it is deemed ‘personal’ or ‘sensitive’?

The GDPR applies to that data which could identify or make identifiable, a living individual – whether directly or indirectly by ‘all means reasonably likely to be used’.

So, names, addresses, email addresses etc. would automatically fall into the remit of GDPR.

But the recitals of the GDPR also highlight that certain categories of online data may be personal including:

  • online identifiers
  • device identifiers
  • cookie IDs and
  • IP addresses

Helping you meet your obligations as a Data Controller

Sigma Polaris are committed to complying with the GDPR as a data processor and helping you to comply with your obligations as a data controller. We have been, and are continuing to, work closely with our legal team to ensure we have an optimal understanding of the GDPR and the new responsibilities we share with you in protecting personal data.

How are we working toward best practice compliance?

Adopting the highest level of Information Security Standards

Our Information Security is based on ISO27001 and international best practice, the certification is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for SMEs by the UK Government.

Helping candidates to exercise their rights under GDPR

Many of the rights of data subjects are already supported by Sigma Ltd

Secure, online self-service

Providing secure, online self-service is considered to be Best Practice by the EU.

We are committed to assisting our customers in meeting their requirements under the GDPR and, where possible, making the process easy to manage – particularly working towards enabling secure ‘self-service’ for candidates to access their GDPR rights.

Other GDPR compliant features of the Sigma Polaris System

Right to Erasure

A candidate should be able to request being deleted – System users with the appropriate access rights can delete candidates.

Right to Data Portability

A candidate should be able to request a copy of their data in a ‘machine readable’ format. This is possible via the Sigma Polaris System (Backend) by an Sigma Polaris system user running the Summary Information report against the candidate – this would allow them to put the data into a spreadsheet/CSV file.

Under GDPR consent needs to be freely given, specific, informed & granular, verifiable, easy to withdraw and time limited.

Encrypted Data in Transit

Sigma Polaris is accessed via https:// which means data is encrypted in transit between the browser and the server – this includes candidate portals as well as the Sigma Polaris System (back end)

Encrypted Data Backups

Customer backups are encrypted as per our Customer Backup Policy.

Sigma Polaris uses SSL with locked down SSL protocols and ciphers

Sigma Polaris use no non-EU Datacentres

GDPR imposes restrictions on the transfer of data outside of the EU.

Sigma Polaris only uses EU based datacentres and we have appropriate data processing agreements in place with our suppliers. Our Datacentre suppliers are ISO27001 certified.

Our ICO Data Protection Registration

Sigma Polaris is registered for Data Protection with the Information Commissioners Office (ICO) with our DATA protection officer being Nemo D’Qrill.

 

Changes to this Policy

We may update this privacy policy to reflect changes to our information practices and services. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If there are any questions regarding this privacy policy, you may contact us using the information below:

Sigma Polaris Limited

The Engine Shed

Bristol

or

support@sigmapolaris.com