- Do you have a Data Protection Officer (DPO)?
- Do you process personal data and if so, of which persons?
- What personal data do you process?
- How long is the personal data collected retained?
- Do you process sensitive data?
- Do you do profiling?
- Who are the recipients of the personal data?
- Do you sell personal data?
- What technical and organisational security measures are in place at AssessFirst?
- In the event of a data breach, does AssessFirst have an obligation to inform the persons
concerned? - Can I change the confidentiality of my account?
- Is there a right of access to my personal data?
- Is there a right to rectify my personal data?
- Is there a right to erase my personal data?
- Is there a right to object to the processing of my personal data?
- Is there a right to the portability of my personal data?
- Does AssessFirst make automated individual decisions?
- Who should I contact to exercise my rights?
Do you have a Data Protection Officer (DPO)?
Yes.
AssessFirst has appointed a Data Protection Officer and notified it to the CNIL. You can contact the DPO at the following e-mail address: privacy@assessfirst.com.
Do you process personal data and if so, of which persons?
Yes, we process personal data.
In particular, we process the data of our Candidates (i.e. people who take AssessFirst questionnaires as part of their personal development, as part of a job application or as employees of our Clients in an internal mobility process).
What personal data do you process?
When Candidates complete AssessFirst questionnaires, AssessFirst processes the following personal data:
1. Data collected that is necessary for the provision of the service:- Identity and contact details (gender, first name, surname, e-mail, city);
- Professional data (diploma, position, sector of activity, years of experience
certifications, career level, skills and whether or not you work from home); - Identification data (IP address in particular);
- Connection data (logs, token in particular);
- Acceptance data (click);
- Contact details (telephone number) ;
- Professional data (CV, cover letter, professional experience);
- Profile picture;
- Links to social networks (LinkedIn, Twitter, Facebook, Instagram).
How long is the personal data collected retained?
Candidates' personal data can be deleted at any time by them. By default, it is deleted 2 years after the last activity of the Candidate on his/her account.
Technical data is kept for a maximum of 1 year following its collection.
Cookies are kept for 13 months following their collection if they are not subject to consent or 6 months if they are subject to consent.
If a user responds to a survey created by AssessFirst, the survey is processed and the data linked to this survey is either deleted or anonymised.
Do you process sensitive data?
No, AssessFirst does not process sensitive data within the meaning of Article 9 of the GDPR, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic or biometric data, data concerning health, sex life or sexual orientation.
Do you do profiling?
AssessFirst offers psychometric questionnaires that correspond to profiling as defined by the GDPR.
Who are the recipients of the personal data?
AssessFirst ensures that the personal data of Candidates for whom it is responsible is only accessible to authorised internal or external recipients.
Internal recipients |
External recipients |
Authorised staff of the support service, legal services, IT services and their line managers |
Clients and end clients when a Client uses Service providers (hosting, Applicant Management Tool -ATS-) Other Candidates (if the Candidate wishes to invite contacts to AssessFirst) Judicial authorities, court officials where applicable |
Do you sell personal data?
No.
We do not sell personal data to third parties. The provision of personal data to third parties only concerns our external service providers in the context of the provision of services, who are themselves subject to the same requirements under the GDPR.
What technical and organisational security measures are in place at AssessFirst?
AssessFirst has put in place a number of organisational and technical measures to protect the personal data in its care, including:
- training employees in IT security and the protection of personal data;
- managing access authorisations for data
- taking internal backup measures;
- managing identification processes;
- conducting security audits and penetration tests;
- adopt an information systems security policy;
- adopt a business continuity/disaster recovery plan;
- use security protocol and solutions.
In the event of a data breach, does AssessFirst have an obligation to inform the persons concerned?
AssessFirst undertakes to notify the CNIL within 72 hours following the discovery of a data breach.
If the said breach poses a high risk to Candidates' data and the data has not been protected, AssessFirst will:
- notify the Candidates concerned;
- provide the Candidates concerned with the necessary information and recommendations.
click on the option of your choice
My rights on my personal data
Can I change the confidentiality of my account?
Yes.
- Click on the top right corner of your account
- Click on the "privacy" tab
- Click on "change privacy"
- Click on "the option of your choice"
- Remember to save your changes
Is there a right of access to my personal data?
Yes.
Any user can request access to their personal data processed by AssessFirst, subject to the following rules:
- The request must be made by the person concerned who can prove his or her identity;
- The request must be made in writing to the e-mail address privacy@assessfirst.com.
Is there a right to rectify my personal data?
Yes.
AssessFirst fulfils requests for updates:
- Automatically for online changes to fields that can technically and legally be updated;
- Upon written request from the individual.
The right to rectification is conditional on compliance with the following rules:
- The request must be made by the person him/herself who is able to prove his/her identity;
- The request must be made in writing to the e-mail address privacy@assessfirst.com.
Is there a right to erase my personal data?
Yes.
AssessFirst users can request the deletion of their data in accordance with Article 17 of the GDPR if personal data has been processed unlawfully.
This request can be made :
- either directly from the Assessfirst platform via a dedicated interface ;
- or by contacting the DPO at the following address: privacy@assessfirst.com.
Is there a right to object to the processing of my personal data?
Yes.
AssessFirst Candidates have the right to object to the processing of their personal data for commercial prospecting.
This request can be made :
- either directly from the AssessFirst platform via a dedicated interface ("Confidentiality" tab of the settings, "Marketing and commercial processing") ;
- or by contacting the DPO at the following address: privacy@assessfirst.com
Is there a right to the portability of my personal data?
Yes.
In accordance with Article 20 of the GDPR, AssessFirst users have the possibility of requesting the portability of data when these have been obtained in the context of processing based on the consent of the individuals or the execution of a contract.
This request can be made:
- either directly from the Assessfirst platform via a dedicated interface ("Confidentiality" tab of the settings, choose "Right to portability") ;
- or by contacting the DPO at the following address: privacy@assessfirst.com.
Does AssessFirst make automated individual decisions?
No.
AssessFirst does not make automated individual decisions as referred to in Article 22 of the GDPR.
AssessFirst offers a decision support tool to target the most relevant applications.
However, the decision to hire or promote from within is the sole responsibility of the Client. The tools offered on the AssessFirst website are only tools to assist the Client and should not be considered otherwise. There is no automatic sorting or exclusion of Candidates.
Who should I contact to exercise my rights?
The persons concerned have several options:
- They can exercise their rights directly on the platform (right of access, deletion of their account and portability, directly integrated on the platform);
- Or contact our DPO at privacy@assessfirst.com.