Privacy Statements for Bioss Tools

Bioss’s software tools put user privacy first.

Note: By the definition of a data controller under the GDPR, services within the Bioss network may be provided by a joint Data Controller comprising Bioss International Limited (BIL), and/or a Bioss Partner organisation, and/or an associate practitioner of either BIL or a Bioss partner organisation.

  1. Career Path Appreciation (CPA)
  2. Initial Recruitment Interview Schedule (IRIS)
  3. Organisational Role Appreciation (ORA)
  4. Working Relationships Appreciation (WRA)

Career Path Appreciation (CPA) Privacy Statement

Introduction

Bioss International Limited (BIL), our partner entities, our practitioners and our associate practitioners are committed to data privacy, that is to say the fair and lawful treatment of personal information in full compliance with the European Union General Data Protection Regulation 2018 (GDPR).

BIL’s data privacy contact is available at and this contact will route any questions to the appropriate person within Bioss.

When you undergo a Bioss Career Path Appreciation we will inevitably process personal information about you. This Privacy Statement therefore explains:

  • The lawful purposes for which we process your personal information.
  • What personal information we process about you.
  • How your personal information is retained.
  • To whom we may disclose your personal information.
  • The measures taken by us to help protect your personal information.
  • How to exercise your rights under data protection law.
The lawful purposes for which we may process your personal information

We process personal information for the following purposes only:

  • To develop a Career Path Appreciation report for you and your employer
  • To conduct over time, longitudinal research studies that continue to validate the CPA methodology
What personal information we process about you

When you participate in CPA, we will process personal information about you, including:

  • Your name
  • Your email address
  • Your employer’s details
  • Your job title
  • Your data of birth
  • Your age
  • Your gender
  • Information you provide during the CPA interview (some of which may be regarded as “Sensitive Personal Data” according the meaning defined within the GDPR)
  • A CPA Form used to collect information from you during a CPA
  • A CPA report prepared following your CPA interview
Retention of your personal information

Unless you notify us to the contrary, we will retain personal data and CPA reports indefinitely in order to conduct, over time, longitudinal research studies that continue to validate the CPA methodology.

To whom we may disclose your personal information

We will only disclose your personal information to you and the organisation requesting the CPA at the time of your CPA was conducted. We will not share your data with any external third party.

The measures taken by us to help protect your personal information

We implement appropriate technical and organisational security measure to protect your personal information.

We maintain secure data storage in the Republic of Cyprus. We are registered with the Data Protection authorities in the necessary countries as required.

CPA data are held in a secure environment the Republic of Cyprus in the Genie database which is administered by Bioss Southern Africa (BSA). BIL has a contract with BSA that ensures BSA meets the same data protection standards required of organisations based in the EU.

Further details of our server and network security can be provided on request.

How to exercise your rights under data protection law

Citizens in the European Union have numerous rights under data protection law, details of which can be located on the website of the relevant data protection authority. The most applicable rights in relation to the data we collect about you are:

  • The right to access a copy of the personal information we hold about you.
  • The right to withdraw your consent at any time.
  • The right to lodge a complaint with a supervisory authority.
  • The right in certain circumstances to have inaccurate personal information rectified, blocked, erased or destroyed.

If you wish to know more about exercising your rights in relation to the personal information we hold about you, or if you wish submit a complaint to us about how your personal information is handled, please address any queries to BIL’s data privacy contact, available at , who will route any query to the appropriate person within Bioss.

Initial Recruitment Interview Schedule (IRIS) Privacy Statement

Introduction

Bioss International Limited (BIL), our partner entities, our practitioners and our associate practitioners are committed to data privacy, that is to say the fair and lawful treatment of personal information in full compliance with the European Union General Data Protection Regulation 2018 (GDPR).

BIL’s data privacy contact is available at and this contact will route any questions to the appropriate person within Bioss.

When you undergo a Bioss Initial Recruitment Interview Schedule (IRIS) we will inevitably process personal information about you. This Privacy Statement therefore explains:

  • The lawful purposes for which we process your personal information.
  • What personal information we process about you.
  • How your personal information is retained.
  • To whom we may disclose your personal information.
  • The measures taken by us to help protect your personal information.
  • How to exercise your rights under data protection law.
The lawful purposes for which we may process your personal information

We process personal information for the following purposes only:

  • To develop an IRIS report for you and your employer
What personal information we process about you

When you participate in an IRIS, we will process personal information about you, including:

  • Your name
  • Your email address
  • Your employer’s details
  • Your job title
  • Your data of birth
  • Your age
  • Your gender
  • Information you provide during the IRIS interview
  • Capability data
  • Where required, an IRIS report prepared following your IRIS interview
Retention of your personal information

Unless you notify us to the contrary, we will retain personal data and IRIS reports indefinitely in order to conduct, over time, longitudinal research studies that continue to validate the IRIS methodology.

To whom we may disclose your personal information

We will only disclose your personal information to you, and the organisation requesting the IRIS at the time of your IRIS was conducted. We will not share your data with any external third party.

The measures taken by us to help protect your personal information

We implement appropriate technical and organisational security measure to protect your personal information.

We maintain secure data storage in the Republic of Cyprus. We are registered with the Data Protection authorities in the necessary countries as required.

IRIS data are held in a secure environment the Republic of Cyprus in the Genie database which is administered by Bioss Southern Africa (BSA). BIL has a contract with BSA that ensures BSA meets the same data protection standards required of organisations based in the EU.

Further details of our server and network security can be provided on request.

How to exercise your rights under data protection law

Citizens in the European Union have numerous rights under data protection law, details of which can be located on the website of the relevant data protection authority. The most applicable rights in relation to the data we collect about you are:

  • The right to access a copy of the personal information we hold about you.
  • The right to withdraw your consent at any time.
  • The right to lodge a complaint with a supervisory authority.
  • The right in certain circumstances to have inaccurate personal information rectified, blocked, erased or destroyed.

If you wish to know more about exercising your rights in relation to the personal information we hold about you, or if you wish submit a complaint to us about how your personal information is handled, please address any queries to BIL’s data privacy contact, available at who will route any query to the appropriate person within Bioss.

Organisational Role Appreciation (ORA) Privacy Statement

Introduction

Bioss International Limited (BIL), our partners, our practitioners and our associate practitioners are committed to data privacy, that is to say the fair and lawful treatment of personal information in full compliance with the European Union General Data Protection Regulation 2018 (GDPR).

BIL’s data privacy contact is available at and this contact will route any questions to the appropriate person within Bioss.

When you participate in a Bioss Organisational Role Appreciation we will inevitably process personal information about you. This Privacy Statement therefore explains:

  • The lawful purposes for which we process your personal information.
  • What personal information we process about you.
  • How your personal information is retained.
  • To whom we may disclose your personal information.
  • The measures taken by us to help protect your personal information.
  • How to exercise your rights under data protection law.
The lawful purposes for which we may process your personal information

The purpose of processing is to set up and create job role profiles for jobs within the client organization. Processing is required only as part of a customer-initiated and contracted programmes of work.

We process personal information for the following purposes only:

  • To enable set-up of the Bioss ORA Software-as-a-Service (SaaS) environment for access by participants nominated by Bioss client organisations.
  • To enable set-up of secure UserIDs for all participants.
  • Personal data (consisting only of name and email address) are used to authenticate users to the system. No personal data are stored with a job role profile.
What personal information we process about you

When you participate in an ORA, we will process personal information about you, including:

  • Your name
  • Your email address
Retention of your personal information

Unless you notify us to the contrary, Bioss will retain personal data (consisting of names and email addresses of system users) and ORA data indefinitely.

To whom we may disclose your personal information

We will only disclose your personal information to the following parties directly involved in the programme of work:

  • The ORA systems administrators involved in the programme, to administer system user accounts.
  • The ORA system developers for the purpose of troubleshooting any user access issues.

We will not release your personal information to any other person or entity without first obtaining your permission. We will not share your data with any external third party.

The measures taken by us to help protect your personal information

We implement appropriate technical and organisational security measures to protect your personal information.

We maintain secure data storage in the UK. We are registered with the Data Protection authorities in the necessary countries as required.

Our Software as a Services (SaaS) systems are hosted in the UK in a secure environment, and are accessed via a secure SSL-certified https:// internet connection.

Further details of our server and network security can be provided on request.

How to exercise your rights under data protection law

Citizens in the European Union have numerous rights under data protection law, details of which can be located on the website of the relevant data protection authority. The most applicable rights in relation to the data we collect about you are:

  • The right to access a copy of the personal information we hold about you.
  • The right to withdraw your consent at any time.
  • The right to lodge a complaint with a supervisory authority.
  • The right in certain circumstances to have inaccurate personal information rectified, blocked, erased or destroyed.

If you wish to know more about exercising your rights in relation to the personal information we hold about you, or if you wish submit a complaint to us about how your personal information is handled, please address any queries to BIL’s data privacy contact, available at who will route any query to the appropriate person within Bioss.

Working Relationships Appreciation (WRA) Privacy Statement

Introduction

Bioss International Limited (BIL), our partner entities, our, practitioners and our associate practitioners are committed to data privacy, that is to say the fair and lawful treatment of personal information in full compliance with the European Union General Data Protection Regulation 2018 (GDPR).

BIL’s data privacy contact is available at and this contact will route any questions to the appropriate person within Bioss.

When you participate in a Bioss Working Relationship Appreciation we will inevitably process personal information about you. This Privacy Statement therefore explains:

  • The lawful purposes for which we process your personal information.
  • What personal information we process about you.
  • How your personal information is retained.
  • To whom we may disclose your personal information.
  • The measures taken by us to help protect your personal information.
  • How to exercise your rights under data protection law.
The lawful purposes for which we may process your personal information

For the purposes of the WRA, participants can be: a Person in Focus (PIF); their direct reports; their manager(s); their peers or colleagues; their clients, suppliers or other third party contacts; other employees of the organisation.

We process personal information for the following purposes only:

  • To enable set-up of the Bioss WRA Software-as-a-Service (SaaS) environment for access by participants nominated by Bioss client organisations.
  • To enable set-up of secure UserIDs for all participants.
  • To collect data provided by participants during a WRA engagement.
  • To provide information, analysis and feedback to each PIF. This is provided by trained and accredited Bioss practitioners.
  • To provide information, analysis and feedback to the Bioss client organisation. This is provided by trained and accredited Bioss practitioners.
  • If requested by the Bioss client organisation, to enable ongoing analysis and comparisons to be made over time.
  • To enable ongoing analysis and comparisons to be made between different organisations over time. Such use of your data will only be made anonymously.
What personal information we process about you

When you participate in a WRA, we will process personal information about you, including:

  • Your name
  • Your email address
  • Your job title
  • Your telephone number
  • The responses you give to questions about your working relationships and your organization
Retention of your personal information

Unless you notify us to the contrary, Bioss will retain personal data and WRA data indefinitely.

To whom we may disclose your personal information

We will only disclose your personal information and associated analyses to the following parties directly involved in the programme of work:

  • The Bioss Partner organisation(s) involved in the programme, all of whom are bound by contract to comply with the GDPR.
  • Trained and accredited Bioss practitioners, associated with BIL or the Bioss Partner organisation(s) involved in the programme
  • WRA administrators involved in the programme
  • Other users and administrators of the WRA system as nominated by the Bioss client organization
  • The WRA system developers, for the purpose of troubleshooting any user access issues

Bioss Practitioners may disclose your personal information and analyses to the organisation you work for under contractual arrangements made between Bioss and the organisation you work for.

We will not release your personal information and any analyses or feedback to any other person or entity without first obtaining your permission. We will not share your data with any external third party.

The measures taken by us to help protect your personal information

We implement appropriate technical and organisational security measure to protect your personal information.

We maintain secure data storage in the UK. We are registered with the Data Protection authorities in the necessary countries as required.

Our Software as a Services (SaaS) systems are hosted in the UK in a secure environment, and are accessed via a secure SSL-certified https:// internet connection.

Further details of our server and network security can be provided on request.

How to exercise your rights under data protection law

Citizens in the European Union have numerous rights under data protection law, details of which can be located on the website of the relevant data protection authority. The most applicable rights in relation to the data we collect about you are:

  • The right to access a copy of the personal information we hold about you.
  • The right to withdraw your consent at any time.
  • The right to lodge a complaint with a supervisory authority.
  • The right in certain circumstances to have inaccurate personal information rectified, blocked, erased or destroyed.

If you wish to know more about exercising your rights in relation to the personal information we hold about you, or if you wish submit a complaint to us about how your personal information is handled, please address any queries to BIL’s data privacy contact, available at who will route any query to the appropriate person within Bioss.

Bioss International Ltd, Registered in England No. 02575635
Registered address: c/o Haines Watts, New Derwent House, 69-73 Theobalds Road, London, WC1X 8TA