Privacy
This is the Privacy Policy of The Myers-Briggs Company Limited, a company registered in England and Wales (registered number 2218212) whose registered offices are at Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP, UK (The Myers-Briggs Company) together with the European branch offices of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany and its European operations in Belgium and Ireland). When we refer to “The Myers-Briggs Company”, “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices, as the controller or processor of data, as applicable.
Introduction
The Myers-Briggs Company is committed to protecting and respecting your privacy, and to acting in compliance with current data protection legislation as applicable to our UK and European operations, including the UK Data Protection Act 2018 (UK DPA), UK GDPR (GDPR as incorporated into UK law pursuant to the European Union (Withdrawal Act) 2018) and EU GDPR (the General Data Protection Regulation (EU) 2016/ 679), together with any applicable enacting, successor, supplementing or amending legislation.
This Privacy Policy sets out how we handle data, including how we collect, store and use personal data, our legal bases for processing your personal data, information on transfers to third parties and international transfers, as well as your rights as a data subject. This Privacy Policy covers personal data processed by The Myers-Briggs Company Limited, including its European offices and European operations. Where we talk specifically about personal data of European Union data subjects, we refer to EU personal data, and where we refer to personal data, this includes all personal data from any jurisdiction, including EU personal data, as applicable.
This Privacy Policy has been drafted to reflect the strengthened rights of individuals under the UK DPA, UK GDPR and EU GDPR, as well as to make it easier to understand and to provide more fairness and transparency to you by making additional information available. There is a Contents section at the beginning with quick links and a Glossary of terms at the end, to help you to navigate through the Privacy Policy and find information more quickly and easily. There are also information boxes at the start of each section to summarise what is in each section.
Our approach to privacy
We adopt a layered approach to privacy and data protection:
- This Privacy Policy sets out how we handle personal data.
- We also use privacy notices at various points on our website and other systems where personal data is collected. These privacy notices appear as pop-ups or within forms for completion at data collection points.
- Our Data Protection Statement sets out our commitment to data protection and privacy and gives an overview of how we approach data protection and privacy generally, including the principles we adhere to.
- Our Cookies statement sets out information relating to our use of cookies and you can manage your cookie preferences via our Cookie Preferences page.
- You can manage your marketing preferences via our Manage your Marketing Preferences page which also enables you to opt-out of marketing communications.
Contents
This Privacy Policy comprises:
- Who we are and other important information
- What personal data we collect
- How and when we collect your personal data
- How and why we use your personal data
- Who we transfer your personal data to
- International transfers of personal data
- How we keep your data secure
- Data retention and anonymisation
- Your legal rights
- Changes to your personal data
- How you can obtain personal data we hold about you
- How you can contact us and your right to complain
- Governing law
- Status of this Privacy Policy and Changes
- Glossary of terms
1. Who we are and other important information
This section explains where this Privacy Policy is applicable and who we are and other important information including on our relevant supervisory authority and parent company.
This is the Privacy Policy of The Myers-Briggs Company Limited. It sets out how we collect and process personal data through use of our products and services, use of our website, completion of our psychometric assessments, and other collection of personal data related to our business as provider of business psychology services. Our psychometric assessments are designed for adults and therefore our assessments and websites are not intended for children (under 16 years of age) and we do not knowingly collect data relating to children.
This Privacy Policy also covers the European branch offices of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany) and our European operations in Belgium and Ireland. When we refer to “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices and operations, as the controller or processor of data, as applicable. Translated versions of this Privacy Policy are available in the following languages: French, Dutch, Flemish, Walloon, German, Danish and Russian.
The Myers-Briggs Company Limited has voluntarily appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection matters. Our DPO is a member of The Myers-Briggs Company Limited's Board of Directors. Section 12 tells you how you can contact The Myers-Briggs Company and the DPO. Our DPO is supported by a multi-functional data protection team.
The Myers-Briggs Company Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number Z7311902. Section 12 tells you how you can contact the ICO.
The Myers-Briggs Company Limited is part of the group of companies including our parent company, The Myers-Briggs Company in the United States. Our parent company’s Privacy Policy can be viewed at www.themyersbriggs.com.
We have appointed an EU Representative for The Myers-Briggs Company Limited and our parent company, The Myers-Briggs Company in the US, each in respect of its obligations under EU GDPR. Section 12 tells you how you can contact the EU Representative.
2. What personal data we collect
This section explains what types of personal data we might collect from you and the classification of this data (section 2.1). It includes information on any special category data (data which you might consider particularly sensitive) that might be collected (section 2.3).
2.1 Whether you are a customer, supplier or other business contact, respondent, or staff, we will collect and use your personal data in the manner and for the reasons set out in this Privacy Policy. We collect most personal data directly from you however if we collect personal data indirectly, we refer to this explicitly in this Privacy Policy. We have listed the types of personal data likely to be collected from persons according to the relationship that person has with us as follows:
Customers and suppliers (including individual contractors) and other business contacts
- Identity data (including full name, username or similar identifier, title/ gender, job title, role, seniority)
- Contact data (including billing address, delivery address, email address, telephone numbers)
- Financial data (including bank account, payment card details)
- Transaction data (including details about payments to and from you and/or your organisation and other details of products and services you have purchased from us)
- Technical data (including internet protocol (IP) address, login data, browser type and version and other technology on the device used to access our websites websites and other platforms, systems and technologies made available by us)
- Profile data (including username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses)
- Usage data (including information about how you use our websites, products and services)
- Marketing and communications data (including your preferences in receiving marketing from us and your communication and cookie preferences)
Data will be collected in order for customers, suppliers and other business contacts to receive or supply products and services, as applicable, to manage contractual relationships on an ongoing basis, for account administration, and to provide updates and news about our products and services, events and other information that we think may be of interest to you. We also collect data through the use of cookies. You can find more information on cookies in section 4.3 and our Cookies statement.
Respondents
Mandatory data:
- Identity data (including full name, username or similar identifier, title/ gender, region)
- Contact data (including email address)
Non-mandatory data:
- where provided within responses to optional questions on OPPassessment, our web-based scoring and delivery platform:
- age
- qualification
- nationality
- ethnic origin
- employment status
- occupational level
- job type
Data will be collected from respondents taking our psychometric assessment questionnaires to complete the questionnaire(s), and for scoring and report generation. Additionally, where feedback is given and/or where you participate in an assessment or development centre or other consultancy engagement run by our Professional Services team, additional data to that set out above may be provided by you and this will be collected by a practitioner and/or associated organisation or our Professional Services team, respectively, and used for the purposes of provision of services.
On occasion we collect special category data from respondents taking our questionnaires (where such optional information is given in response to non-mandatory questions prior to completion of the questionnaire e.g. ethnicity as above) and potentially within assessment centre or other consultancy engagements. Collection of such special category data is optional and is only provided by the data subject themselves. Special category data (on ethnicity) and other optional demographic information is collected in order to produce statistics of the type described in our technical product manuals, e.g. psychometric norms and validity data to statistically evaluate the fairness, validity and reliability of our assessments. Such statistics assist in ensuring our assessments remain ethical and neutral, and are fair in terms of differing nationalities, race and cultures, supporting diversity and equity. For further information on the research data we collect and why, please see our Explaining Demographics page. Such data is only used in aggregated and anonymised form for research and product development purposes (see sections 2.2 and 4.1).
Visitors to The Myers-Briggs Company website and other platforms and technologies made available by us
Data collected may include the following, where provided:
- Identity data (including full name, username or similar identifier, job title, title/ gender)
- Contact data (including email address, telephone numbers)
- Technical data (including internet protocol (IP) address, login data, browser type and version and other technology on the device used to access our websites)
- Usage data (including information about how you use our websites, products and services, and other platforms, systems and technologies made available by us)
- Marketing and communications data (including your preferences in receiving marketing from us and your communication and cookie preferences)
Simply visiting The Myers-Briggs Company's websites does not require you to reveal personal data although some cookies recording session data will be collected (see section 4.3 and our Cookies statement). If however you ask us for information, register with us, sign up to attend any of our events or receive our marketing material or otherwise express an interest in our products or services or report a problem, we collect any personal data you submit to us.
Recruitment candidates
- Identity data (including full name, title/ gender, job title, role, seniority, qualifications, education)
- Contact data (including address, email address, telephone numbers)
- Technical data (including internet protocol (IP) address, login data, browser type and version and other technology on the device used to access our websites)
- Other information where provided by the recruitment candidate
Data will be collected from recruitment candidates applying to us for employment. Where the application is not made online, the data may only include identity data and contact information, plus other information a candidate provides. Candidates may request, from the HR department of The Myers-Briggs Company Limited, a copy of our Privacy Statement, which is provided to all employees at commencement of employment and which sets out the types of personal data, collection, uses, transfers to third parties and internationally, and data subject rights.
Survey Participants participating in surveys carried out for research and product development purposes
Personal data may be collected from individuals participating in our surveys, which are conducted on a voluntary basis as part of our research and product development activities. Surveys may involve the collection of personal data and in some cases may include special category data. Collection of such special category data is optional and is only provided by the survey participant themself. Special category data is only used in aggregated and anonymised form for research and product development purposes (see sections 2.2 and 4.1).
Staff
A Privacy Statement is provided to staff (employees and consultants) which sets out the types of personal data, collection, uses, transfers to third parties and internationally, and data subject rights. This is provided to all staff at commencement of employment/provision of services. Further information for staff will not be provided in this Privacy Policy; instead please contact the HR department of The Myers-Briggs Company Limited.
2.2 Special Category Data
Other than in respect of Respondents and Survey Participants as above and The Myers-Briggs Company staff, we do not collect special category data (which includes details about race or ethnicity, religious beliefs, sex life or sexual orientation, trade union membership, health and genetic and biometric data).
2.3 If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contractual arrangement, and you fail to provide that data when requested as being mandatory, we may not be able to fulfil the terms of the contract or relationship that we have with you.
3. How and when we collect your personal data
This section explains how and when we collect your personal data.
3.1 We may collect your personal data in the following direct ways:
Customers and suppliers (including individual contractors) and other business contacts
Data will be collected:
- prior to, at commencement, and during the term of a contractual relationship when you request our products and services
- when you complete forms on our site or for our products and services, including registering to use our site, subscribing to our services, posting material or using further services
- when you enter a competition or promotion sponsored by us
- when you contact us or report a problem to us, or provide feedback to us, or complete a survey
- when you transact with us through our website or when you place orders with us over the phone or by email
Respondents
Data will be collected when you complete a psychometric assessment questionnaire via OPPassessment or otherwise. Data may also be collected from your associated organisation. Where feedback is given and/ or where you participate in an assessment or development centre or other consultancy engagement run by our Professional Services team, additional data to that set out above may be provided by you to the practitioner and/or associated organisation or our Professional Services team respectively, at the time of such feedback, assessment or engagement.
Visitors to The Myers-Briggs Company website and other platforms and technologies made available by us
Simply visiting The Myers-Briggs Company's websites does not require you to submit personal data (although our cookies may collect certain personal data for statistical and analytical purposes). If however you ask us for information, register with us, sign up to attend any of our events or virtual offerings receive our marketing material or otherwise express an interest in our products or services or report a problem, via our website or other platforms and technologies made available by us, we collect any personal data submitted to us at that time.
We also collect data you share with us on blogs or chat forums at the time of submission of such data. This may be accessible to others and will be covered by our Acceptable Use Policy.
Recruitment candidates
Data will be collected from recruitment candidates at the time of applying to us for employment either online or by post or via an agency, and during any subsequent interactions as part of the recruitment process.
Survey Participants participating in surveys carried out for research and product development purposes
Personal data may be collected from individuals participating in our surveys, which are conducted on a voluntary basis as part of our research and product development activities. Surveys may be anonymous or involve the collection of personal data, and in each case, shall be categorised as such within a privacy notice forming part of the survey. For the purposes of such surveys, we may contact customers, questionnaire respondents or employees, and participants may also be visitors to our website or third parties who have seen our survey on a public platform, such as LinkedIn or other social media.
Automated technologies or interactions
When you visit our websites and access resources on our websites and other platforms and technologies made available by us, we may automatically collect Technical Data and Usage Data. We may collect this data via cookies including, where available, your IP address, operating system and browser type, for system administration. Our Cookies statement has more information on this. You can manage your cookies via our page.
Third parties or publicly available sources
We may also collect personal data about you from third parties or publicly available sources including:
- analytics providers (such as Google Analytics and Hotjar based outside the UK)
- event organisers or facilitators (such as BrightTALK, our webcast provider based in the UK, when you register for one of our events and third party video-conferencing software providers used to facilitate virtual delivery of our learning programmes and events).
4. How and why we use your personal data
This section explains how we use your personal data (section 4.1) and how you may opt-out of marketing communications and how you can manage cookies.
It includes the legal bases on which we rely to process your data (section 4.2).
It also provides information on cookies (section 4.3).
4.1 How and why we use your personal data
Customers and suppliers (including individual contractors) and other business contacts
Personal data of customers (including Identity, Contact, Technical, Usage and Profile Data) will be used:
- to provide you with products and services that you request from us
- to manage our contractual relationship on an ongoing basis
- for customer administration including carrying out our obligations arising from any contracts entered into between you and us and including retention of correspondence if you contact us
- for us to form a view on what we think you may want or need, or what products, services or offers may be of interest to you (referred to as marketing) in order to provide you with information about our other products and services in which you may be interested, including our catalogue and our regular newsletter Personality Matters, and, where relevant, information on organisations outside the UK who are authorised to offer The Myers-Briggs Company products and services, where you have not opted-out to be contacted for such purposes
- to personalise our service to you, including ensuring that content from our site is presented in the most effective manner for you and your computer
- to seek your views on products and services
- to enable you to participate in interactive features of our service, when you choose to do so, including live chat features
- for technical administration of our sites including notifying you about changes to our service
- with further information on our products and services
Personal data of suppliers and other business contacts (including Identity, Contact, Technical, Usage and Profile Data) will be used:
- to receive products and services
- to manage our contractual relationship on an ongoing basis
- for supplier administration including carrying out our obligations arising from any contracts entered into between you and us and including retention of correspondence if you contact us
- to provide updates and news about our products and services as such may be relevant to the services you provide
You can manage your marketing and other contact preferences through our Manage your Marketing Preferences page. You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us or one of our service providers (including event organisers such as BrightTALK (our webcast provider) and third party video-conference facility providers such as Zoom) with your details and, in each case, you have not opted out of receiving marketing. Where you opt-out of receiving marketing messages, we may need to communicate with you for administrative or operational reasons and therefore whilst you use our products and services and continue to wish to do so, it is not possible to opt-out of all communications with us, and therefore an opt-out may not apply to personal data provided to us as a result of purchase of products or services or other associated activities or transactions.
Respondents
Personal data collected from respondents taking our psychometric assessment questionnaires will be used, by us, as a data processor:
- to provide, on request from practitioners and/or your associated organisation, personalised computer-generated reports from completion by respondents of our psychometric assessment questionnaires, including via our web-based scoring and delivery platform, OPPassessment, or otherwise. Sometimes we may combine respondent data with that of other respondents, for example to create team reports
- where feedback is given, for the purposes of the feedback session between the respondent and practitioner
- where you participate in an assessment or development centre or other consultancy engagement run by our Professional Services team, additional data provided by you may be used for the purposes of provision of our services
- for research and product development purposes. Such information is collected through completion of our psychometric assessment questionnaires, including via OPPassessment or otherwise, for research and product development purposes in order to produce statistics of the type described in our technical product manuals, e.g. psychometric norms and validity data to statistically evaluate the fairness, validity and reliability of our assessments. Such statistics assist in ensuring our assessments remain ethical and neutral, and are fair in terms of differing nationalities, race and cultures, supporting diversity and equity. For further information on the research data we collect and why, please see our Explaining Demographics page. You may be asked, as part of the testing process, to give your consent to the use of your personal data for research and product development purposes, and to answer additional optional research questions. If you decline from doing so, certain data is not collected or used for research and product development purposes. If you do consent, the personal data collected may include special category data (as set out in section 2) where you have submitted such but this will only be disclosed to third parties or published in the form of aggregated data as also explained in section 2, so no person will be identified or identifiable.
Visitors to The Myers-Briggs Company website and other platforms and technologies made available by us
Personal data (including Identity, Contact, Technical and Usage) will be used to form a view on what we think you may want or need, or what products, services or offers may be of interest to you (referred to as marketing) in order to provide you with further information on our products and services. You can manage your marketing and other contact preferences through our Manage your Marketing Preferences page. You will receive marketing communications from us if you have requested information from us or if you provided us or one of our service providers (including event organisers such as BrightTALK (our webcast provider) and third party video-conference facility providers such as Zoom) with your details and, in each case, you have not opted-out of receiving marketing. Where you opt-out of receiving marketing messages, this will not apply to personal data provided subsequently if you then choose to purchase products or services and in relation to other subsequent associated activities or transactions.
Recruitment candidates
Recruitment candidate data will be used for the purposes of assessment of suitability to a role, as part of the recruitment process. If a candidate is then offered and accepts a position with The Myers-Briggs Company, any data collected prior to commencement of employment will then be dealt with in accordance with the staff Privacy Statement of The Myers-Briggs Company Limited.
Survey Participants participating in surveys carried out for research and product development purposes
In relation to any personal data collected from individuals participating in our surveys:
- it may be used for research and product development purposes in order to produce statistics of the type described in our technical product manuals, e.g. psychometric norms and validity data to statistically evaluate the fairness, validity and reliability of our assessments, to ensure our assessments remain ethical and neutral, and are fair in terms of differing nationalities, race and cultures, supporting diversity, equity and inclusion. Additionally, we may collect personal data through surveys for research studies supporting diversity, equity and inclusion, behavioural or other studies associated with our products, such as studies considering wellbeing, stress, and other personality or behavioural aspects related to type
- you will be asked, as part of the survey, to give your consent to the use of your personal data for research and product development. If you decline from doing so, the data will not be collected or used for research and product development purposes. If you do consent, the personal data collected may include special category data (as set out in section 2) where you have submitted such, but this will only be published or shared with third parties in the form of aggregated data as also explained in section 2, so no person will be identified or identifiable.
We will not contact you as a result of your participation in a survey, unless part of a follow-up action to the survey, or you request us to. You can manage your marketing and other contact preferences through our Manage your Marketing Preferences page. You will receive marketing communications from us if you have requested information from us and you have not opted-out of receiving marketing. Where you opt-out of receiving marketing messages, this will not apply to personal data provided subsequently if you then choose to purchase products or services and in relation to other subsequent associated activities or transactions.
Aggregated data
We also use aggregated data, including (i) cookies data (see s 4.3 and our Cookies statement) and (ii) respondent data taken from the respondent responses to our psychometric assessments and from the optional question responses completed prior to taking the questionnaires, and (iii) survey participant data, for the purposes of research and product development. Aggregated data used within our research and product development functions is derived from your personal data but no personal data will be published or disclosed since it is aggregated and anonymised for the purposes of research and product development, and therefore no person is identified or identifiable from such data.
Analytics
We also perform analytics, such as trends, sales intelligence, marketing effectiveness (such as click and open rates), uptake and progress, with providers such as Google Analytics and Hotjar. You can manage your cookie preferences through our Cookie Preferences page.
4.2 Legal basis for processing data
The purposes for which we use your data are set out below - these are commonly referred to as the legal bases which we rely on to process your data. We may process your personal data for more than one legal basis depending on the specific purpose for which we are using each element of data. Further information can be provided on request. Where legitimate interest is the legal basis, we identify what our legitimate interests are below.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to certain potential customers and where special category data is collected from respondents. Where consent is used as the legal basis for processing, you may withdraw consent at any time and section 9 has more information.
Consent:
Purpose | Lawful basis for processing (including basis of legitimate interest) |
Customers
|
Legitimate interest:
|
Customers
|
Performance of a contract with customers |
Potential customers
|
Legitimate interest:
Consent:
|
Respondents
|
Legitimate interest:
Consent:
|
Suppliers and other third parties
|
Legitimate interest:
|
Suppliers and other third parties
|
Performance of a contract with suppliers and other third parties |
Survey participants
|
Consent:
|
Staff
|
Performance of a contract with staff (relating to personal data generally) |
Recruitment candidates
|
Legitimate interest:
|
Generally:
|
Legitimate interest:
|
Generally:
|
Legitimate interest:
|
4.3 Cookies
We may use personal data collected by cookies for functional and analytical purposes, as set out in section 4.1. Please see our separate Cookies statement for more information, including relating to those cookies which are strictly necessary for the provision of products and services to you.
We use first party cookies set by ourselves only. Please note however that our website may include links to third party websites, plug-ins and applications. These websites, plug-ins and applications may use cookies over which we have no control. You may however restrict or block third party cookies through your browser settings and such blocking of cookies of third parties should not affect the functionality and use by you of our website. You can manage any cookies that The Myers-Briggs Company uses via our Cookie Preferences page.
5. Who we transfer your personal data to
This section explains who we might share your data with including where we transfer data to third parties for processing purposes.
5.1 We may have to share your personal data with third parties for processing or sub-processing purposes. We undertake a selection process and periodic review in relation to processors and sub-processors. We may also share your personal data with controllers. In general, our customers are controllers of both customer personal data and respondent personal data. Our customers may be practitioners or organisations as set out in section 5.2.3. We enter into data processing agreements with both processors and controllers, as applicable.
5.2 We share your personal data with third parties and for the purposes as set out below:
5.2.1 Group affiliates (acting as processors):
- other companies in our group of companies including our parent company and licensor, The Myers-Briggs Company, which is based in the US and which (i) provides resources in relation to IT, legal, HR, finance, marketing and Professional Services functions; (ii) contracts for shared IT and system administration services; as well as (iii) to fulfil internal reporting requirements
5.2.2 Third parties (acting as processors):
- suppliers based in the US and EU who provide IT, database and system administration services as well as suppliers providing web, logistics, event organisation, video-conference facilities and other technologies or services to you connected to the service we provide
- licensors in the US and EU for scoring and report generation (including our parent company, The Myers-Briggs Company) in relation to our psychometric assessments
- associates and partners based in Europe who provide training services on our behalf
- enquirers requiring information about practitioners’ certification
- professional advisers including lawyers, bankers, auditors, debt collection agencies and insurers based in the Europe who provide banking, legal, insurance and accounting services
- HM Revenue & Customs, regulators and other authorities based in Europe who require reporting of processing activities in certain circumstances
- suppliers based in Europe who provide analytics services
- potential acquirers to whom our business or business assets may be transferred
- law enforcement agencies or regulators where we believe, in good faith, that it is necessary to comply with the law or regulatory obligation or to protect the safety of The Myers-Briggs Company, our customers or their clients, or the public or to enforce or apply our terms of business or other contracts
5.2.3 Third parties (acting as controllers):
- where a respondent completes one of our psychometric assessments under the direction of a practitioner, we will share the respondent’s results with that practitioner in order that they may give appropriate feedback to the respondent. The practitioner may also share the results or a summary, with another practitioner within the same organisation employing the respondent, as applicable and with the organisation employing the respondent as applicable
- where a respondent also attends an assessment or development centre and/or consultancy engagement run by our Professional Services team, personal data may be shared with the practitioner from our Professional Services team, with another practitioner within the same organisation employing the respondent, as applicable, and with the organisation employing the respondent as applicable
- where respondent data is combined with that of other respondents, for example for the purposes of team reports, this may be similarly shared
- enquirers requiring information about practitioners’ certification (including customer organisations by whom practitioners are employed)
5.3 We require all third party suppliers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our suppliers to use your data for their own purposes, and we require that processing is in accordance with our instructions. We enter into written data processing agreements with suppliers that receive personal data from us.
A list of third party suppliers to whom we transfer personal data can be seen here.
6. International transfers of personal data
This section explains where we transfer data internationally, including outside the European Economic Area (EEA) and what safeguards are in place for those transfers.
6.1 We share your personal data with third parties as set out in section 5, some of whom may be located internationally, including outside the EEA as follows:
- other companies in our group of companies including our affiliates, one of which is our parent company and licensor, The Myers-Briggs Company, which is based in the US
- other offices than our UK headquarters of our European operations, including our European branch offices and operations in France, The Netherlands, Germany, Belgium and Ireland and
- suppliers who provide IT, database and system administration services, based in the US and elsewhere
Where EU personal data is transferred internationally, including with respect to EU personal data outside the EEA, we take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy and the requirements of the law. Such measures include, where applicable, by ensuring that the recipients to which it is sent are (i) within countries deemed adequate with respect to the data protection laws, or (ii) covered through the entering into data processing agreements and EU standard contractual clauses for transfers of data (also referred to as model contracts) or binding corporate rules, and monitoring such protections to ensure the adequacy of such measures.
One such third party located internationally and outside the EEA that receives personal data from us is The Myers-Briggs Company, our parent company and licensor. The Myers-Briggs Company is located in the US and receives personal data for business operational and administration purposes, including customer, supplier, partner, employee and other third-party data. In addition, The Myers-Briggs Company receives personal data that has been collected from the completion by respondents of certain of our psychometric assessment questionnaires, via our computer-scoring services (including our web-based scoring and delivery platform, OPPassessment), or otherwise, for the purpose of scoring the questionnaire. In this event, only mandatory data (as set out in section 2.1) is transferred to The Myers-Briggs Company. The Myers-Briggs Company has entered into EU standard contractual clauses (also referred to as a model contract) for transfers of data with The Myers-Briggs Company Limited, ensuring appropriate safeguards.
Furthermore, specifically in respect of EU personal data, all such EU personal data processed by The Myers-Briggs Company Limited is processed in the UK, the headquarters of our UK and European operations therefore constitutes a transfer outside the EEA to the UK. The Myers-Briggs Company Limited has entered into EU standard contractual clauses (also referred to as a model contract) for transfers of data from its European offices to the UK and with respect to its European operations, ensuring appropriate safeguards
7. How we keep your data secure
This section explains how we keep your data secure (section 7.1).
It also explains how you can help keep your own data secure by not sharing your username and passwords with others (section 7.3).
It also explains that third party sites linked to via our website are not covered by this Privacy Policy (section 7.4).
7.1 We are committed to ensuring the security of processing and the ongoing confidentiality, integrity, availability and resilience of systems and services as such relate to personal data that we hold, in order to prevent accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.
In our roles as both controller and processor, we implement appropriate technical and organisational measures to ensure a level of information security appropriate to the risk. Our IT infrastructure and software applications are built to provide secure deployment of services, encrypted storage of back-up data with end-user privacy safeguards, encrypted communications between services, and safe operation by customers.
Respondent data is only accessible by certain The Myers-Briggs Company staff that support and administer the scoring and report-generation systems including our web-based scoring and delivery platform, OPPassessment. Respondent data access is based on a need to know basis.
7.2 Additionally, our staff, associates and consultants are bound to comply with confidentiality provisions and Privacy Statements, in addition to completing mandatory privacy and data protection training. We have various policies that specifically address responsibilities and expected behaviour with respect to the protection of confidential information.
7.3 We have procedures for incident and breach investigation and notification. Where our assessment of the likely risk to the individuals involved concludes a breach of personal data may result in risk to the rights and freedoms of individuals, we shall promptly inform individuals (and associated controllers and the relevant supervisory authority where applicable) of any such breach, as required by law and in accordance with any contractual terms.
7.4 You should note that where we have given you (or where you have chosen) a username and/or password which enables you to access certain parts of our websites, or use our products and services, you are responsible for keeping the username and password confidential. You should not share these details with anyone.
7.5 This Privacy Policy applies only to information collected by The Myers-Briggs Company Limited (including our European branch offices and other European operations). Links within our website to third party sites, plug-ins and applications are not covered by this Privacy Policy. If you link to other websites, we encourage you to read their own privacy policies. We are not responsible or liable for those policies.
8. Data retention and anonymisation
This section explains how long we retain data for (section 8.1) including specific information on respondent data retention periods (section 8.2) and where we may anonymise data and retain it in the form of aggregated data (section 8.3).
8.1 We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected the data, including for the purposes of satisfying any legal, accounting or reporting requirements.
The periods that we retain data for are set out in our internal Data Retention and Destruction Policy. This sets out the types of data that The Myers-Briggs Company collects and the retention periods and destruction methods for such data.
To determine the appropriate retention periods for personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the personal data and whether we can achieve those purposes through other means, together with applicable legal requirements, including certain statutory retention periods. For example, by law, we have to keep: (i) certain customer and supplier information for seven years for tax and audit requirements (this period is 10 years in relation to The Myers-Briggs Company - France and The Myers-Briggs Company - Germany).
If you require further information on specific retention periods, please contact us (see section 12 for how to contact us).
8.2 In relation to personal data collected as a result of completion of our psychometric assessments by respondents (comprising personal data collected through our web-based scoring and delivery platform, OPPassessment, or other means) and as set out in section 2.1, such is retained for a period of 18 months, after which it is periodically anonymised (unless otherwise agreed with a customer in writing in which event the period may be shorter or longer than 18 months but in no event longer than 36 months) and aggregated and thereafter used for research and development purposes. We act as a data controller in respect of such anonymisation and aggregation.
After such anonymisation, it is not possible to order new reports or reprints of previously ordered reports, since the personal data from the originating questionnaire and the report will have been deleted. If you require a report for any candidate who completed a questionnaire more than 18 months previously, the candidate must complete a new questionnaire and submit it to for scoring and report generation in the usual manner.
8.3 Any research data from respondents retained thereafter (in order to produce statistics of the type described in our technical product manuals, e.g. psychometric norms and validity data) and from any surveys no longer constitutes personal data as it is anonymised and aggregated on The Myers-Briggs Company systems prior to use for research and product development purposes. This aggregated data is used for research and product development to improve our products and services, as well as for marketing, to develop and improve our products and services, and for strategic or other research purposes. This aggregated data is derived from your personal data but does not represent personal data since it is aggregated and anonymised and therefore no person is identified or identifiable from such data. Aggregated data may be used indefinitely without further notice to you.
8.4 In some circumstances, you can ask us to delete your data (see section 9 on your right to erasure).
9. Your legal rights
This section explains your legal rights in relation to your personal data held by us, including your right to:
It also explains how you can opt-out of direct communications and the consequences of this. |
You have the right to:
- Request access to your personal data (commonly known as a “subject access request” or “SAR”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We have a Subject Access Request policy which sets out in brief our process for dealing with SARs.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data. This enables you to object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. You may withdraw consent at any time where we are relying on consent as the legal basis on which we process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Where we are a processor in respect of your personal data, we will inform the relevant controller of your request and assist and co-operate with the controller for them to fulfil the request.
9.2 No fee
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, if a request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, in certain circumstances, we may refuse to comply with your request.
9.3 Further information
We may need to request specific information from you to help us confirm your identity or verify your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
10. Changes to your personal data
This section explains what you should do if any of your data provided to us changes.
It is important that the personal data we hold about you is accurate and current. In order for us to ensure this, please keep us informed of any changes at any time to the personal data that we hold about you.
11. How you can obtain personal data we hold about you
This section explains your rights to obtain information we hold on you and the process for doing so.
If you wish to request access to the personal data we hold about you, you can request this by writing to or emailing our Data Protection Officer – see Section 12 for details on how you can contact us.
12. How you can contact us and your right to complain
This section explains how you can get in touch with us if you have any query about data protection or privacy matters.
It tells you who to contact if you have a complaint about how The Myers-Briggs Company handles data protection and privacy matters.
This is the Privacy Policy of The Myers-Briggs Company Limited including our European branch offices (The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany) and its European operations in Belgium and Ireland.
If you have any questions about this Privacy Policy or data protection or privacy matters generally, please contact The Myers-Briggs Company Limited Data Protection Officer:
Email: dpo@themyersbriggs.com
Telephone: +44 1865 404500
or write to us at:
The Myers-Briggs Company Limited
Elsfield Hall, 15–17 Elsfield Way
Oxford OX2 8EP, UK
Our EU Representative for The Myers-Briggs Company Limited and The Myers-Briggs Company (US) in respect of EU personal data, can be contacted at dleurep@themyersbriggs.com
Whilst we hope that you will not need to, if you do wish to complain about how we handle personal data, you may contact our Data Protection Officer as above.
You also have the right to complain to the relevant data protection Supervisory Authority. The UK Information Commissioner’s Office (ICO) is the relevant Supervisory Authority for The Myers-Briggs Company Limited in respect of its UK operations. In respect of our European branch offices, the relevant Supervisory Authorities are listed here, together with their contact details. We would appreciate the chance to deal with your concerns before you approach the ICO. You can however contact the ICO as follows:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Email: casework@ico.org.uk
Telephone: +44 303 123 1113
Website: www.ico.org.uk
13. Governing law
This section explains the governing law which applies to this Privacy Policy and any changes according to applicable local laws.
This Privacy Policy is governed by English law and the place of performance of obligations will be England. Certain local laws may be different to English law, the UK DPA, UK GDPR and EU GDPR. Please contact us for any local variations.
14. Status of this Privacy Policy and Changes
This section explains when this Privacy Policy became effective and our right to change it from time to time.
This Privacy Policy is effective from 25th May 2018 and was updated on 29th April 2020 and 31st December 2020. It covers The Myers-Briggs Company Limited and its European branch offices in Europe (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). We may change it from time to time so please check regularly to keep informed of updates.
15. Glossary of terms
This section explains the meaning of certain terms used within this Privacy Policy.
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. EU personal data means personal data of EU data subjects
Special category data means personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms, including those revealing racial or ethnic origin, political opinions or trade union membership, genetic data, biometric data, data concerning health or a person’s sex life or sexual orientation
Controller means the natural or legal person, public authority, agency of body which alone, or jointly with others, determines the purposes and means of the processing of personal data
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law)
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to
Customer means the organisation or individual who has contracted with The Myers-Briggs Company Limited for provision of products and services
Practitioner means an individual who is registered with The Myers-Briggs Company Limited as qualified to administer one or more of our psychometric assessments to respondents, to interpret reports compiled from respondent responses and to provide feedback to respondents
Respondent means an individual who will take or has taken one of our psychometric assessments via OPPassessment or otherwise, through a practitioner and where applicable, associated organisation.