ICO : CSN 4341499
Sigma Polaris – Our Commitment to GDPR
The EU General Data Protection Regulation (GDPR) came into effect in May 2018. The new legislation applies to all businesses processing the personal data of EU citizens, whether they are inside or outside of the EU.
Information Collection and Use
We collect the following personal information from our customers
- Contact/User Information such as name, email address, mailing address, phone number
- Unique Identifiers such as user name, account or assessment number, password
- Information about your business such as company name and address
We use this information to
- Assess the needs of your business to determine suitable products
- Send you requested product or service information
- Respond to customer service requests
- Administer your account
- Respond to your questions and concerns
- Conduct research and analysis
- Facilitate your interactions with other users
Analytics based anonymous data collection
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyse trends, to administer the site, to track users´ movements around the site and to gather demographic information about our user base as a whole. We do not link this automated collected data to personally identifiable information.
Information Related to Data Collected through the Sigma Polaris assessments, matching and services
Sigma Polaris collects information under the direction of its customers through its various assessment technology services and when it has no direct relationship with the individuals whose personal data it processes. We work with clients to help them provide notice to their customers concerning the purpose for which personal information is collected.
Service Provider, Sub-Processors/Onward Transfer
Sigma Polaris may transfer personal information to companies that help us administer aspects of our business. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers.
Access and Choice regarding Data Controlled by our Clients
In instances where Sigma Polaris has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the Sigma Polaris support. This can be done by directly emailing email@example.com. If that Customer requests Sigma Polaris to remove the data, we will respond to their request within 30 days.
Sigma Polaris will retain personal data we process on behalf of our customers for as long as needed to provide services to our Customers and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
For job applicants and candidates using our careers, assessment and matching service
We advertise our and our clients’ vacancies within numerous job services. If you apply for a job with or through Us we will need to collect personal data from you. Personal data is any information about a living individual from which they can be identified. We collect personal data when you apply for a job through Sigma Polaris, such as:
- Your name
- Your address
- Your email address
- Your telephone number
- CV/work history
- Job preferences including role, geographical areas and salary
- Whether you need permission to work in the UK
- Whether you consider yourself disabled within the meaning of the Equality Act 2010
- Anything else you have included in your CV
If we make an offer of employment, we may request further information such as:
- Proof of identity and any relevant professional or academic certifications or qualifications
- Bank details
- Employment references
In some cases, we require extended background checks, if so we will ask for specific permission beforehand.
The information relating to whether you consider yourself as disabled is used for the purposes of considering whether there are any workplace adjustments that are reasonably required.
The information relating to whether you need permission to work in the UK is used to decide whether we are able to lawfully employ you to work in the UK.
How we use your personal information when you apply for a job with us via our own career service and assessment and matching service.
This information is used to help find you employment through Sigma Polaris.
For example, we may use your data to:
- To find out more about your skills and experience and assess your suitability for employment at.
- Where you agree that we may do so to retain your information to keep you informed of opportunities as they arise (job alerts).
- To help make an offer of employment or enter into a working relationship with you.
How we hold your information when you apply for a job with us via our careers service
The personal information set out above is stored on our computer system and is accessed by authorised Sigma Polaris employees and authorised third parties for the purposes of recruitment. We use UK datacentres and your data is protected by multiple tier security.
Your duty to inform us of changes when you apply for a job with us via our careers service
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during our recruitment process, you can either do that by logging into your secure candidate portal or using the contact form .
Your rights when you apply for a job with us via our services
Under certain circumstances, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of the personal information you’ve given us to another party, please contact firstname.lastname@example.org .
- Right to withdraw consent You have the right to request withdrawing your consent for processing at any time. To withdraw your consent, please either log into your candidate profile or contact email@example.com . Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
What we may need from you to carry out these requests
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Retention of your data
Your data will be retained for no longer than is necessary, normally no longer than 18 months unless you inform us otherwise, or we obliged to keep it for legal reasons.
Where we store your personal data
The personal information set out above is stored on our computer system and is accessed by authorised Sigma Polaris employees for the purposes of recruitment. We use UK datacentres and your data is protected by multiple tier security.
We may provide your personal information to companies that provide services to help us with our business activities (such as blog hosting). These companies are authorized to use your personal information only as necessary to provide these services to us.
We may also disclose your personal information:
- as required by law, such as to comply with a court order, or similar legal process,
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
- If Sigma Polaris Limited is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
- to any other third party with your prior consent to do so.
User Access and Choice
If your personal information changes, or if you no longer desire our services, you may correct, update or amend it by making a request to firstname.lastname@example.org . If you wish to suspend or deactivate your account, or request deletion of your information, you may email support at email@example.com or contact us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
We will retain your information for as long as your account is active, as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We will use your name and email address to send marketing/ promotional emails to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at firstname.lastname@example.org
Tracking Technologies / Cookies
We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. Session ID cookies are used to maintain state, or simply to keep you logged in from page to page. A persistent cookie remains on your hard drive for an extended period of time. These may be used for analytics to understand traffic patterns such as how many unique visitors have been to our site. This is anonymous data though and is not personally identifiable. You can remove persistent cookies by following directions provided in your Internet browser´s ´help´ directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.
Web Beacons / Gifs
In the near future we will employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that will help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user´s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customers´ personally identifiable information.
3rd Party Tracking
Behavioural Targeting/ Re-Targeting
The security of the personal information of both our customers and the individuals whose data we process is important to us. When sensitive information is entered, (such as on the log-in page to our Services when this is enabled) we will encrypt the transmission of that information using secure socket layer technology (SSL).
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at email@example.com .
Links to 3rd Party Sites
Our website will shortly offer a publicly accessible blog. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog, contact us at firstname.lastname@example.org . In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com or using the information listed below.
Social Media Widgets
For users of Apps that may use the Sigma Polaris assessment and matching Software platform
Some of our customers also use a feature that allows you to log in with Linked-in, Google or Facebook- this saves time and reduces the number of passwords you have to remember. If you use this feature you might find an app called Sigma Polaris as a list of 3rd party tools you’ve downloaded. We don’t collect or use your personal information for any of our own purposes.
What is personal data?
In recruitment, we collect lots of data about our candidates – but which of it is deemed ‘personal’ or ‘sensitive’?
The GDPR applies to that data which could identify or make identifiable, a living individual – whether directly or indirectly by ‘all means reasonably likely to be used’.
So, names, addresses, email addresses etc. would automatically fall into the remit of GDPR.
But the recitals of the GDPR also highlight that certain categories of online data may be personal including:
- online identifiers
- device identifiers
- cookie IDs and
- IP addresses
Helping you meet your obligations as a Data Controller
Sigma Polaris are committed to complying with the GDPR as a data processor and helping you to comply with your obligations as a data controller. We have been, and are continuing to, work closely with our legal team to ensure we have an optimal understanding of the GDPR and the new responsibilities we share with you in protecting personal data.
How are we working toward best practice compliance?
Adopting the highest level of Information Security Standards
Our Information Security is based on ISO27001 and international best practice, the certification is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for SMEs by the UK Government.
Helping candidates to exercise their rights under GDPR
Many of the rights of data subjects are already supported by Sigma Polaris Limited
Secure, online self-service
Providing secure, online self-service is considered to be Best Practice by the EU.
We are committed to assisting our customers in meeting their requirements under the GDPR and, where possible, making the process easy to manage – particularly working towards enabling secure ‘self-service’ for candidates to access their GDPR rights.
Other GDPR compliant features of the Sigma Polaris System
Right to Erasure
A candidate should be able to request being deleted – System users with the appropriate access rights can delete candidates.
Right to Data Portability
A candidate should be able to request a copy of their data in a ‘machine readable’ format. This is possible via the Sigma Polaris System (Backend) by an Sigma Polaris system user running the Summary Information report against the candidate – this would allow them to put the data into a spreadsheet/CSV file.
Under GDPR consent needs to be freely given, specific, informed & granular, verifiable, easy to withdraw and time limited.
Encrypted Data in Transit
Sigma Polaris is accessed via https:// which means data is encrypted in transit between the browser and the server – this includes candidate portals as well as the Sigma Polaris System (back end)
Encrypted Data Backups
Customer backups are encrypted as per our Customer Backup Policy.
Sigma Polaris uses SSL with locked down SSL protocols and ciphers
Sigma Polaris use no non-EU Datacentres
GDPR imposes restrictions on the transfer of data outside of the EU.
Sigma Polaris only uses EU based datacentres and we have appropriate data processing agreements in place with our suppliers. Our Datacentre suppliers are ISO27001 certified.
Our ICO Data Protection Registration
Sigma Polaris is registered for Data Protection with the Information Commissioners Office (ICO) with our DATA protection officer being Nemo D’Qrill.
Changes to this Policy
Sigma Polaris Limited
27 Old Gloucester Street, London, WC1N 3AX